payment.meshotet.co.il Open in urlscan Pro
212.150.101.186 Public Scan

Go To Rescan
Add Verdict Report

URL:
http://payment.meshotet.co.il/
Submission: On November 28 via manual (November 28th 2022, 11:51:18 am UTC) from BR — Scanned from DE

Summary HTTP 76 Redirects Behaviour Indicators

Summary

This website contacted 21 IPs in 5 countries across 21 domains to perform 76 HTTP transactions. The main IP is 212.150.101.186, located in Jerusalem, Israel and belongs to NV-ASN CELLCOM ltd., IL. The main domain is payment.meshotet.co.il.

This is the only time payment.meshotet.co.il was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
9	212.150.101.186 212.150.101.186	1680 (NV-ASN CE...) (NV-ASN CELLCOM ltd.)
11	2a00:1450:400... 2a00:1450:4001:82b::2002	15169 (GOOGLE) (GOOGLE)
1 2	207.241.237.3 207.241.237.3	7941 (INTERNET-...) (INTERNET-ARCHIVE)
1	2a03:2880:f12... 2a03:2880:f12d:83:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
2	2a03:2880:f02... 2a03:2880:f02d:12:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
10	2a00:1450:400... 2a00:1450:4001:806::2002	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:827::2002	15169 (GOOGLE) (GOOGLE)
7	2a00:1450:400... 2a00:1450:4001:80e::2001	15169 (GOOGLE) (GOOGLE)
15	2a00:1450:400... 2a00:1450:4001:828::2001	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:80f::2004	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:80b::2002	15169 (GOOGLE) (GOOGLE)
2	172.217.16.130 172.217.16.130	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:810::2006	15169 (GOOGLE) (GOOGLE)
3 7	142.250.185.66 142.250.185.66	15169 (GOOGLE) (GOOGLE)
2 4	185.80.39.216 185.80.39.216	27381 (CASALE-MEDIA) (CASALE-MEDIA)
2 3	37.252.171.84 37.252.171.84	29990 (ASN-APPNEX) (ASN-APPNEX)
1 1	3.74.33.199 3.74.33.199	16509 (AMAZON-02) (AMAZON-02)
1	35.244.174.68 35.244.174.68	15169 (GOOGLE) (GOOGLE)
2 2	104.76.200.221 104.76.200.221	16625 (AKAMAI-AS) (AKAMAI-AS)
1	34.98.67.61 34.98.67.61	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1	35.227.252.103 35.227.252.103	15169 (GOOGLE) (GOOGLE)
1	2a05:d01c:1d8... 2a05:d01c:1d8:8102:ae06:c39a:c9e8:4832	16509 (AMAZON-02) (AMAZON-02)
76	21

9 212.150.101.186 (Jerusalem, Israel)

ASN1680 (NV-ASN CELLCOM ltd., IL)
PTR: resight.raid.co.il

payment.meshotet.co.il	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 2a00:1450:4001:82b::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 207.241.237.3 (United States) 1 redirects

ASN7941 (INTERNET-ARCHIVE, US)

web.archive.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a03:2880:f12d:83:face:b00c:0:25de (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f02d:12:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

static.xx.fbcdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 2a00:1450:4001:806::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:827::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

partner.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2a00:1450:4001:80e::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

cdn.ampproject.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

15 2a00:1450:4001:828::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:80f::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:80b::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 172.217.16.130 (United States)

ASN15169 (GOOGLE, US)
PTR: zrh04s06-in-f130.1e100.net

googleads4.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:810::2006 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

s0.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 142.250.185.66 (United States) 3 redirects

ASN15169 (GOOGLE, US)
PTR: fra16s48-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 185.80.39.216 (Canada) 2 redirects

ASN27381 (CASALE-MEDIA, CA)

dsum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 37.252.171.84 (Frankfurt am Main, Germany) 2 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 1002.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 3.74.33.199 (Frankfurt am Main, Germany) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-3-74-33-199.eu-central-1.compute.amazonaws.com

d.agkn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.244.174.68 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 68.174.244.35.bc.googleusercontent.com

id.rlcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.76.200.221 (Frankfurt am Main, Germany) 2 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a104-76-200-221.deploy.static.akamaitechnologies.com

e.dlx.addthis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.98.67.61 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 61.67.98.34.bc.googleusercontent.com

odr.mookie1.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.227.252.103 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 103.252.227.35.bc.googleusercontent.com

rtb.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a05:d01c:1d8:8102:ae06:c39a:c9e8:4832 (London, United Kingdom)

ASN16509 (AMAZON-02, US)

ag.innovid.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
26	googlesyndication.com pagead2.googlesyndication.com — Cisco Umbrella Rank: 131 tpc.googlesyndication.com — Cisco Umbrella Rank: 182	368 KB
17	doubleclick.net 3 redirects googleads.g.doubleclick.net — Cisco Umbrella Rank: 64 googleads4.g.doubleclick.net — Cisco Umbrella Rank: 356 cm.g.doubleclick.net — Cisco Umbrella Rank: 271	78 KB
9	meshotet.co.il payment.meshotet.co.il	40 KB
7	ampproject.org cdn.ampproject.org — Cisco Umbrella Rank: 370	133 KB
4	casalemedia.com 2 redirects dsum-sec.casalemedia.com — Cisco Umbrella Rank: 705	3 KB
3	adnxs.com 2 redirects ib.adnxs.com — Cisco Umbrella Rank: 276	3 KB
3	google.com adservice.google.com — Cisco Umbrella Rank: 121 www.google.com — Cisco Umbrella Rank: 16	671 B
2	addthis.com 2 redirects e.dlx.addthis.com — Cisco Umbrella Rank: 2489	1 KB
2	google.de adservice.google.de — Cisco Umbrella Rank: 5200	914 B
2	fbcdn.net static.xx.fbcdn.net — Cisco Umbrella Rank: 564	142 KB
2	archive.org 1 redirects web.archive.org — Cisco Umbrella Rank: 16433	30 KB
1	innovid.com ag.innovid.com — Cisco Umbrella Rank: 2331	297 B
1	openx.net rtb.openx.net — Cisco Umbrella Rank: 1980	351 B
1	mookie1.com odr.mookie1.com — Cisco Umbrella Rank: 1265	356 B
1	rlcdn.com id.rlcdn.com — Cisco Umbrella Rank: 787	98 B
1	agkn.com 1 redirects d.agkn.com — Cisco Umbrella Rank: 940	818 B
1	2mdn.net s0.2mdn.net — Cisco Umbrella Rank: 332	29 KB
1	googletagservices.com www.googletagservices.com — Cisco Umbrella Rank: 219	48 KB
1	googleadservices.com partner.googleadservices.com — Cisco Umbrella Rank: 961	700 B
1	facebook.com www.facebook.com — Cisco Umbrella Rank: 102	17 KB
0	gemius.pl Failed googlecm.hit.gemius.pl Failed
76	21

	Domain	Requested by
15	tpc.googlesyndication.com	googleads.g.doubleclick.net cdn.ampproject.org tpc.googlesyndication.com
11	pagead2.googlesyndication.com	payment.meshotet.co.il pagead2.googlesyndication.com web.archive.org googleads.g.doubleclick.net tpc.googlesyndication.com
9	payment.meshotet.co.il	payment.meshotet.co.il
8	googleads.g.doubleclick.net	pagead2.googlesyndication.com googleads.g.doubleclick.net
7	cm.g.doubleclick.net	3 redirects googleads.g.doubleclick.net payment.meshotet.co.il
7	cdn.ampproject.org	googleads.g.doubleclick.net pagead2.googlesyndication.com
4	dsum-sec.casalemedia.com	2 redirects googleads.g.doubleclick.net
3	ib.adnxs.com	2 redirects googleads.g.doubleclick.net
2	e.dlx.addthis.com	2 redirects
2	googleads4.g.doubleclick.net	googleads.g.doubleclick.net
2	adservice.google.com	pagead2.googlesyndication.com
2	adservice.google.de	pagead2.googlesyndication.com
2	static.xx.fbcdn.net	www.facebook.com
2	web.archive.org	1 redirects payment.meshotet.co.il
1	ag.innovid.com	googleads.g.doubleclick.net
1	rtb.openx.net	googleads.g.doubleclick.net
1	odr.mookie1.com	googleads.g.doubleclick.net
1	id.rlcdn.com	googleads.g.doubleclick.net
1	d.agkn.com	1 redirects
1	s0.2mdn.net	googleads.g.doubleclick.net
1	www.googletagservices.com	googleads.g.doubleclick.net
1	www.google.com	googleads.g.doubleclick.net
1	partner.googleadservices.com	pagead2.googlesyndication.com
1	www.facebook.com	payment.meshotet.co.il
0	googlecm.hit.gemius.pl Failed	googleads.g.doubleclick.net
76	25

This site contains no links.

Subject Issuer	Validity	Valid
meshotet.co.il R3	`2022-10-26` - `2023-01-24`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2022-11-02` - `2023-01-25`	3 months	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2022-09-06` - `2022-12-05`	3 months	crt.sh
*.googleadservices.com GTS CA 1C3	`2022-11-02` - `2023-01-25`	3 months	crt.sh
*.google.de GTS CA 1C3	`2022-11-02` - `2023-01-25`	3 months	crt.sh
*.google.com GTS CA 1C3	`2022-11-02` - `2023-01-25`	3 months	crt.sh
misc-sni.google.com GTS CA 1C3	`2022-11-02` - `2023-01-25`	3 months	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2022-11-02` - `2023-01-25`	3 months	crt.sh
www.google.com GTS CA 1C3	`2022-11-02` - `2023-01-25`	3 months	crt.sh
*.doubleclick.net GTS CA 1C3	`2022-11-02` - `2023-01-25`	3 months	crt.sh
*.rlcdn.com Sectigo RSA Domain Validation Secure Server CA	`2022-02-03` - `2023-02-25`	a year	crt.sh
*.mookie1.com DigiCert TLS RSA SHA256 2020 CA1	`2022-02-24` - `2023-03-27`	a year	crt.sh
*.openx.net GeoTrust RSA CA 2018	`2022-07-21` - `2023-08-21`	a year	crt.sh
*.innovid.com RapidSSL TLS DV RSA Mixed SHA256 2020 CA-1	`2022-03-15` - `2023-04-15`	a year	crt.sh

This page contains 11 frames:

Primary Page: http://payment.meshotet.co.il/
Frame ID: 4B31F4408F65CA0424C4EF25B6831ACE
Requests: 19 HTTP requests in this frame

Frame: https://www.facebook.com/plugins/like.php?href=https%3A%2F%2Fpayment.meshotet.co.il%2F&width=200&layout=button&action=like&show_faces=true&share=true&height=80&appId=405620709480777
Frame ID: D465EA671600346FA12EFDE1607B1FF8
Requests: 3 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20221110/r20190131/zrt_lookup.html
Frame ID: 7CF66D4F6487CE738877597621CBCBCA
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8330060489921088&output=html&h=90&slotname=9307384039&adk=3654359874&adf=4054489202&pi=t.ma~as.9307384039&w=728&lmt=1669636271&url=http%3A%2F%2Fpayment.meshotet.co.il%2F&wgl=1&dt=1669636271691&bpp=15&bdt=454&idt=209&shv=r20221110&mjsv=m202211100101&ptt=5&saldr=sa&abxe=1&correlator=7516434026866&frm=20&pv=2&ga_vid=1490776202.1669636272&ga_sid=1669636272&ga_hid=722696231&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=552&ady=84&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C42531706%2C44777508%2C31070762%2C31070923%2C21066431&oid=2&pvsid=458249336796641&tmod=711656564&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CleE%7C&abl=CS&pfx=0&fu=0&bc=23&ifi=1&uci=a!1&fsb=1&xpc=pRRXk1cD5A&p=http%3A//payment.meshotet.co.il&dtd=229
Frame ID: A3C0501010A29723668E50EDAF6B2F1B
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8330060489921088&output=html&h=280&slotname=6057269641&adk=2369290022&adf=2714337636&pi=t.ma~as.6057269641&w=700&fwrn=4&fwrnh=100&lmt=1669636271&rafmt=1&format=700x280&url=http%3A%2F%2Fpayment.meshotet.co.il%2F&fwr=0&rpe=1&resp_fmts=3&wgl=1&dt=1669636271717&bpp=2&bdt=480&idt=209&shv=r20221110&mjsv=m202211100101&ptt=9&saldr=aa&abxe=1&prev_slotnames=9307384039&correlator=7516434026866&frm=20&pv=1&ga_vid=1490776202.1669636272&ga_sid=1669636272&ga_hid=722696231&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=570&ady=727&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C42531706%2C44777508%2C31070762%2C31070923%2C21066431&oid=2&pvsid=458249336796641&tmod=711656564&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=23&ifi=2&uci=a!2&fsb=1&xpc=SwGjd5DRxm&p=http%3A//payment.meshotet.co.il&dtd=213
Frame ID: 074E013C0E0BBC5A48A1CF07E8C041CA
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8330060489921088&output=html&h=600&slotname=5779015096&adk=2105329952&adf=2664654941&pi=t.ma~as.5779015096&w=160&lmt=1669636271&url=http%3A%2F%2Fpayment.meshotet.co.il%2F&wgl=1&dt=1669636271731&bpp=3&bdt=495&idt=202&shv=r20221110&mjsv=m202211100101&ptt=5&saldr=sa&abxe=1&prev_fmts=700x280&prev_slotnames=9307384039&correlator=7516434026866&frm=20&pv=1&ga_vid=1490776202.1669636272&ga_sid=1669636272&ga_hid=722696231&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=320&ady=177&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C42531706%2C44777508%2C31070762%2C31070923%2C21066431&oid=2&pvsid=458249336796641&tmod=711656564&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CleE%7C&abl=CS&pfx=0&fu=0&bc=23&ifi=3&uci=a!3&fsb=1&xpc=hkyGWz2hAe&p=http%3A//payment.meshotet.co.il&dtd=206
Frame ID: 086BC2E04A9A34B0896B21146D3BDC31
Requests: 21 HTTP requests in this frame

Frame: http://pagead2.googlesyndication.com/pagead/js/r20160816/r20160727/show_ads_impl.js
Frame ID: 8AD6BD74C9C9A0B875A9E58EA8C160B6
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8330060489921088&output=html&h=90&slotname=7481696310&adk=1358332770&adf=2681553333&pi=t.ma~as.7481696310&w=728&lmt=1669636273&url=http%3A%2F%2Fpayment.meshotet.co.il%2F&wgl=1&dt=1669636273752&bpp=3&bdt=2515&idt=3&shv=r20221110&mjsv=m202211100101&ptt=5&saldr=sa&abxe=1&cookie=ID%3De5c2b8f32d271535-22c557059ad700e7%3AT%3D1669636271%3ART%3D1669636271%3AS%3DALNI_MarO7yPojqC77Iw02rEIjhGEaZYqw&gpic=UID%3D00000b894bfbdd44%3AT%3D1669636271%3ART%3D1669636271%3AS%3DALNI_MZzhC403IJiX8T6VzSTaXufM6EWTA&prev_fmts=700x280&prev_slotnames=9307384039%2C5779015096&correlator=7516434026866&frm=20&pv=1&ga_vid=1490776202.1669636272&ga_sid=1669636272&ga_hid=722696231&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=552&ady=1580&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C42531706%2C44777508%2C31070762%2C31070923%2C21066431&oid=2&psts=AMjMPc37YFYYDxAymnmnyIYOqDkWdOlBV5XXXnDoBtSV4VE2l3UAhnCPI8veVjz_EeKvdqaHDK_k5eiiD_o3Un8&pvsid=458249336796641&tmod=711656564&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cebr%7C&abl=CS&pfx=0&fu=0&bc=23&ifi=5&uci=a!5&btvi=1&fsb=1&xpc=5GAK8v6DTR&p=http%3A//payment.meshotet.co.il&dtd=8
Frame ID: 63131F1A7F977556B23C270E385DB739
Requests: 14 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CLbFxQEQq9bcARir-IvGATAB&v=APEucNU_vf2gkIdVkuuOzc3y6gZdmw2XdpnX4E_JNEFnVS562JdPQDXHRtAWJunqvv8OcXH3hinZp4EmmzfpWRxqkFV7ZgT9EBCqvFm3Go80PRI3OhJ_s7pUaUH66_yNIcPcmSrhtMvnqOs3l_eRNUifGO5DtLKUQVnTNOo3iogpuwNdWUYAGU4
Frame ID: 4E9508B3801717818C40731E7734E1FD
Requests: 5 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 8280578B48CC1B5B2B9CF121808B5142
Requests: 9 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 2D7E21CA3443FC27F8B5BA8C3E6A417D
Requests: 3 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

AppNexus (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.(?:net|com)

DoubleClick Ad Exchange (AdX) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/pagead/show_ads\.js

DoubleClick Campaign Manager (DCM) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

2mdn\.net

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/
2mdn\.net

OpenX (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.openx\.net

Page Statistics

76
Requests

87 %
HTTPS

50 %
IPv6

21
Domains

25
Subdomains

21
IPs

5
Countries

889 kB
Transfer

2627 kB
Size

21
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 6

https://web.archive.org/web/20160820144930js_/http://pagead2.googlesyndication.com/pagead/show_ads.js HTTP 302
https://web.archive.org/web/20160820145002js_/http://pagead2.googlesyndication.com/pagead/show_ads.js

Request Chain 59

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEH4FgB93hJ9Wa0uNau-_x_s&google_cver=1

Request Chain 60

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=Y4SgsjYLQlfEz.FfsQgUNgAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEH4FgB93hJ9Wa0uNau-_x_s&google_cver=1&google_hm=2

Request Chain 61

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESEBWTwihGpyFdFzgXW6vrQTA&google_cver=1

Request Chain 62

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=Njk2MzQ3Mjk1NzIxMTgxMDA3NA%3D%3D

Request Chain 66

https://d.agkn.com/pixel/2175/?google_gid=CAESEJTeaKCS1DhbNW6CWoElQQI&google_cver=1&google_push=ASkJ3FZ-DOAS4YPZFaEjBnqYVZLPvxr4aHnYVIbTbGDA_V7FxwsYzQBTKPB7EJIcFvyoDbL3iJZ9GvUVcMXPz--FV8-OWhdUMrxOATJziuMMWArNPT2BTWMkclBYDRkV8GIa5wpen4A2JxYVEd2HQzN03Vg HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=ak_dmp&google_push=ASkJ3FZ-DOAS4YPZFaEjBnqYVZLPvxr4aHnYVIbTbGDA_V7FxwsYzQBTKPB7EJIcFvyoDbL3iJZ9GvUVcMXPz--FV8-OWhdUMrxOATJziuMMWArNPT2BTWMkclBYDRkV8GIa5wpen4A2JxYVEd2HQzN03Vg&google_hm=Q0FFU0VKVGVhS0NTMURoYk5XNkNXb0VsUVFJ

Request Chain 68

https://e.dlx.addthis.com/e/a-1189/s-3614?redirect_provider_id=3614&ru=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Ddatalogix_dmp%26google_hm%3D%3CNA_ID%3E%26google_push%3DASkJ3FbCyul3sCiPbCNyTui162JsvmellWXk1h0cn0VDZSwA24tjHbRRESv6AsZtVQEJ4kRUWAqm7MfLNcrwYapY9b47fdZ_MDg4IzMC85kIP9tFnBsfnZuD_lNxlbdwejWIUDOcksUMVSICOOxaEoNLdIw&google_gid=CAESEGw_7XH4QBNOvbbS62BtNtg&google_cver=1 HTTP 302
https://e.dlx.addthis.com/e/a-1189/s-3614?redirect_provider_id=3614&ru=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Ddatalogix_dmp%26google_hm%3D%3CNA_ID%3E%26google_push%3DASkJ3FbCyul3sCiPbCNyTui162JsvmellWXk1h0cn0VDZSwA24tjHbRRESv6AsZtVQEJ4kRUWAqm7MfLNcrwYapY9b47fdZ_MDg4IzMC85kIP9tFnBsfnZuD_lNxlbdwejWIUDOcksUMVSICOOxaEoNLdIw&google_gid=CAESEGw_7XH4QBNOvbbS62BtNtg&google_cver=1&rd=Y HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=datalogix_dmp&google_hm=MjAyMjExMjgxMTUxMTUwMDAxMzM2ODEwODE0OQ%3D%3D&google_push=ASkJ3FbCyul3sCiPbCNyTui162JsvmellWXk1h0cn0VDZSwA24tjHbRRESv6AsZtVQEJ4kRUWAqm7MfLNcrwYapY9b47fdZ_MDg4IzMC85kIP9tFnBsfnZuD_lNxlbdwejWIUDOcksUMVSICOOxaEoNLdIw

76 HTTP transactions
2 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request / Show response
payment.meshotet.co.il/ 11 KB
3 KB 443ms
148ms Document
text/html 212.150.101.186
NV-ASN CELLCOM ltd.

General

Check archive.org

Show headers Download Go to

Full URL: http://payment.meshotet.co.il/
Protocol: HTTP/1.1
Server: 212.150.101.186 Jerusalem, Israel, ASN1680 (NV-ASN CELLCOM ltd., IL),
Reverse DNS: resight.raid.co.il
Software: nginx /
Resource Hash: 48a7084de552d0e9b77697068f169fc1839592230c0070af99a3a0320e37a26f

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.121 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Cache-Control: no-store, no-cache, must-revalidate public
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 2826
Content-Type: text/html; charset=UTF-8
Date: Mon, 28 Nov 2022 11:51:11 GMT
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Pragma: no-cache
Server: nginx
Vary: Accept-Encoding,User-Agent

GET
H2 200 site.php
payment.meshotet.co.il/css/ 4 KB
1 KB 337ms
179ms Stylesheet
text/css 212.150.101.186
NV-ASN CELLCOM ltd.

General

Check archive.org

Show headers Download Go to

Full URL: https://payment.meshotet.co.il/css/site.php
Requested by: Host: payment.meshotet.co.il
URL: http://payment.meshotet.co.il/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 212.150.101.186 Jerusalem, Israel, ASN1680 (NV-ASN CELLCOM ltd., IL),
Reverse DNS: resight.raid.co.il
Software: nginx /
Resource Hash: 55d8fc52238a44b40deef0d9b1db3e4c0fecd8d69bc1eea1852af7fb9e432f0a

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://payment.meshotet.co.il/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.121 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 28 Nov 2022 11:51:11 GMT
content-encoding: gzip
server: nginx
vary: Accept-Encoding,User-Agent
content-type: text/css;charset=UTF-8
cache-control: no-store, no-cache, must-revalidate, public
content-length: 1266
expires: Thu, 19 Nov 1981 08:52:00 GMT

GET
H2 200 slider.css
payment.meshotet.co.il/css/ 0
220 B 337ms
178ms Stylesheet
text/html 212.150.101.186
NV-ASN CELLCOM ltd.

General

Check archive.org

Show headers Download Go to

Full URL: https://payment.meshotet.co.il/css/slider.css
Requested by: Host: payment.meshotet.co.il
URL: http://payment.meshotet.co.il/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 212.150.101.186 Jerusalem, Israel, ASN1680 (NV-ASN CELLCOM ltd., IL),
Reverse DNS: resight.raid.co.il
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://payment.meshotet.co.il/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.121 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 28 Nov 2022 11:51:11 GMT
server: nginx
vary: User-Agent
content-type: text/html; charset=UTF-8
cache-control: no-store, no-cache, must-revalidate, public
content-length: 0
expires: Thu, 19 Nov 1981 08:52:00 GMT

GET
H2 200 logo.png
payment.meshotet.co.il/images/ 3 KB
4 KB 254ms
111ms Image
image/png 212.150.101.186
NV-ASN CELLCOM ltd.

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://payment.meshotet.co.il/images/logo.png
Requested by: Host: payment.meshotet.co.il
URL: http://payment.meshotet.co.il/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 212.150.101.186 Jerusalem, Israel, ASN1680 (NV-ASN CELLCOM ltd., IL),
Reverse DNS: resight.raid.co.il
Software: nginx /
Resource Hash: 40c361328f9928215ac5a6e82d40380caa33766097e5fa778735b3dde6de844d

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://payment.meshotet.co.il/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.121 Safari/537.36

Response headers

date: Mon, 28 Nov 2022 11:51:11 GMT
last-modified: Thu, 25 Oct 2012 12:40:20 GMT
server: nginx
etag: "50893334-d92"
content-type: image/png
cache-control: max-age=2592000, public
accept-ranges: bytes
content-length: 3474
expires: Wed, 28 Dec 2022 11:51:11 GMT

GET
H2 200 show_ads.js Show response
pagead2.googlesyndication.com/pagead/ 99 KB
34 KB 100ms
73ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/show_ads.js

Requested by

Host: payment.meshotet.co.il
URL: http://payment.meshotet.co.il/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f7258426940269c8b97f23c0e9000dd3553bd327995cd2f6036fa776976398cb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://payment.meshotet.co.il/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.121 Safari/537.36

Response headers

date: Mon, 28 Nov 2022 11:51:11 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 34255
x-xss-protection: 0
server: cafe
etag: 12155389566078010096
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Mon, 28 Nov 2022 11:51:11 GMT

GET
H2 200 payment_website_ext.png
payment.meshotet.co.il/images/ 23 KB
23 KB 317ms
174ms Image
image/png 212.150.101.186
NV-ASN CELLCOM ltd.

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://payment.meshotet.co.il/images/payment_website_ext.png
Requested by: Host: payment.meshotet.co.il
URL: http://payment.meshotet.co.il/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 212.150.101.186 Jerusalem, Israel, ASN1680 (NV-ASN CELLCOM ltd., IL),
Reverse DNS: resight.raid.co.il
Software: nginx /
Resource Hash: 33953d06239abdbd561a85c109e97629b1b01bbcfc01b910b0fc423c76f27f25

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://payment.meshotet.co.il/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.121 Safari/537.36

Response headers

date: Mon, 28 Nov 2022 11:51:11 GMT
last-modified: Sun, 28 Oct 2012 17:26:42 GMT
server: nginx
etag: "508d6ad2-5c05"
content-type: image/png
cache-control: max-age=2592000, public
accept-ranges: bytes
content-length: 23557
expires: Wed, 28 Dec 2022 11:51:11 GMT

GET
H2 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ 143 KB
48 KB 133ms
107ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Requested by

Host: payment.meshotet.co.il
URL: http://payment.meshotet.co.il/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

41124b41b3cb5495c3b94b4cf57f6e20133d00bc0788b712ed008f6dab493162

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://payment.meshotet.co.il/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.121 Safari/537.36

Response headers

date: Mon, 28 Nov 2022 11:51:11 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 49130
x-xss-protection: 0
server: cafe
etag: 4185429545604854188
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Mon, 28 Nov 2022 11:51:11 GMT

GET
H2

200

show_ads.js Show response
web.archive.org/web/20160820145002js_/http://pagead2.googlesyndication.com/pagead/
Redirect Chain

https://web.archive.org/web/20160820144930js_/http://pagead2.googlesyndication.com/pagead/show_ads.js
https://web.archive.org/web/20160820145002js_/http://pagead2.googlesyndication.com/pagead/show_ads.js

27 KB
29 KB

1471ms
1471ms

Script
text/javascript

207.241.237.3
INTERNET-ARCHIVE

General

Check archive.org

Show headers Download Go to

Full URL

https://web.archive.org/web/20160820145002js_/http://pagead2.googlesyndication.com/pagead/show_ads.js

Requested by

Host: payment.meshotet.co.il
URL: http://payment.meshotet.co.il/

Protocol

Server

207.241.237.3 , United States, ASN7941 (INTERNET-ARCHIVE, US),

Reverse DNS

Software

nginx/1.19.5 /

Resource Hash

e8c18e5da8b235162afd1e4837b35c42a013b4232467b0a4973315644440e81d

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' 'unsafe-eval' 'unsafe-inline' data: blob: archive.org web.archive.org analytics.archive.org pragma.archivelab.org

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://payment.meshotet.co.il/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.121 Safari/537.36

Response headers

content-security-policy: default-src 'self' 'unsafe-eval' 'unsafe-inline' data: blob: archive.org web.archive.org analytics.archive.org pragma.archivelab.org
x-rl: 0
x-archive-orig-vary: Accept-Encoding
content-disposition: attachment; filename="f.txt"
memento-datetime: Sat, 20 Aug 2016 14:50:02 GMT
server-timing: exclusion.robots;dur=1.003843, exclusion.robots.policy;dur=0.939112, RedisCDXSource;dur=22.625789, esindex;dur=0.049323, LoadShardBlock;dur=509.812698, PetaboxLoader3.datanode;dur=306.215052, CDXLines.iter;dur=411.317270, load_resource;dur=62.382173, PetaboxLoader3.resolve;dur=48.241459
x-archive-orig-transfer-encoding: chunked
referrer-policy: no-referrer-when-downgrade
x-archive-orig-accept-ranges: none
x-archive-orig-x-content-type-options: nosniff
x-archive-orig-cache-control: public, max-age=3600
content-type: text/javascript; charset=UTF-8
x-archive-orig-p3p: policyref="http://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
link: <http://pagead2.googlesyndication.com/pagead/show_ads.js>; rel="original", <https://web.archive.org/web/timemap/link/http://pagead2.googlesyndication.com/pagead/show_ads.js>; rel="timemap"; type="application/link-format", <https://web.archive.org/web/http://pagead2.googlesyndication.com/pagead/show_ads.js>; rel="timegate", <https://web.archive.org/web/20031117205125/http://pagead2.googlesyndication.com:80/pagead/show_ads.js>; rel="first memento"; datetime="Mon, 17 Nov 2003 20:51:25 GMT", <https://web.archive.org/web/20160820144600/http://pagead2.googlesyndication.com/pagead/show_ads.js>; rel="prev memento"; datetime="Sat, 20 Aug 2016 14:46:00 GMT", <https://web.archive.org/web/20160820145002/http://pagead2.googlesyndication.com/pagead/show_ads.js>; rel="memento"; datetime="Sat, 20 Aug 2016 14:50:02 GMT", <https://web.archive.org/web/20160820145116/https://pagead2.googlesyndication.com/pagead/show_ads.js>; rel="next memento"; datetime="Sat, 20 Aug 2016 14:51:16 GMT", <https://web.archive.org/web/20221127223825/http://pagead2.googlesyndication.com/pagead/show_ads.js>; rel="last memento"; datetime="Sun, 27 Nov 2022 22:38:25 GMT"
date: Mon, 28 Nov 2022 11:51:13 GMT
x-app-server: wwwb-app227
x-location: All
x-nid: -
x-archive-orig-age: 1186
content-length: 27930
x-archive-src: archiveteam_newssites_20160820_0073/news3xrtzuuprmk-2016-08-20-8562fd6b-00000.warc.gz
x-ts: 200
x-archive-guessed-content-type: text/javascript
x-archive-orig-server: cafe
server: nginx/1.19.5
x-tr: 1136
x-archive-guessed-charset: utf-8
x-na: 0
x-archive-orig-x-xss-protection: 1; mode=block
x-page-cache: MISS
permissions-policy: interest-cohort=()
x-archive-orig-date: Sat, 20 Aug 2016 14:30:15 GMT
x-archive-orig-expires: Sat, 20 Aug 2016 15:30:15 GMT

Redirect headers

date: Mon, 28 Nov 2022 11:51:12 GMT
x-rl: 0
x-app-server: wwwb-app221
x-location: All
x-nid: -
server-timing: exclusion.robots;dur=0.137612, exclusion.robots.policy;dur=0.125915, RedisCDXSource;dur=0.512619, esindex;dur=0.010811, LoadShardBlock;dur=334.465005, PetaboxLoader3.datanode;dur=262.385469, CDXLines.iter;dur=159.580529
content-length: 0
x-archive-redirect-reason: found capture at 20160820145002
x-ts: 302
referrer-policy: no-referrer-when-downgrade
server: nginx/1.19.5
x-tr: 533
x-na: 0
content-type: text/plain; charset=utf-8
location: https://web.archive.org/web/20160820145002js_/http://pagead2.googlesyndication.com/pagead/show_ads.js
x-page-cache: MISS
permissions-policy: interest-cohort=()

GET
H2 200 like.php Show response
www.facebook.com/plugins/ Frame D465 47 KB
17 KB 165ms
141ms Document
text/html 2a03:2880:f12d:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/plugins/like.php?href=https%3A%2F%2Fpayment.meshotet.co.il%2F&width=200&layout=button&action=like&show_faces=true&share=true&height=80&appId=405620709480777

Requested by

Host: payment.meshotet.co.il
URL: http://payment.meshotet.co.il/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f12d:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

6ab2961ae08ddc9dc46998a2a704a436aa378575f1c2e9283352c1f721c4b4d6

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com 'unsafe-eval' .fbcdn.net;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: .cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com;font-src data: .gstatic.com .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com .tenor.co media.tenor.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net .giphy.com connect.facebook.net .carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com .whatsapp.net .fb.com .oculuscdn.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com https://.giphy.com data:;frame-src .doubleclick.net .google.com .facebook.com www.googleadservices.com .fbsbx.com fbsbx.com data: www.instagram.com .fbcdn.net https://paywithmybank.com;worker-src blob: .facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://payment.meshotet.co.il/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.121 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: private, no-cache, no-store, must-revalidate
content-encoding: br
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
content-type: text/html; charset="utf-8"
cross-origin-opener-policy: unsafe-none
date: Mon, 28 Nov 2022 11:51:11 GMT
document-policy: force-load-at-top
expires: Sat, 01 Jan 2000 00:00:00 GMT
pragma: no-cache
report-to: {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}
strict-transport-security: max-age=15552000; preload
vary: Accept-Encoding
x-content-type-options: nosniff
x-fb-debug: Y+JWGeKd0hTzSLvvdLMrlXv2x7Dr7wc0kM9MCZ4QWo1C5tPWRMzPBBVvRY5KiQ2nhUuVjlQKXVszuPxp1k1NqQ==
x-fb-rlafr: 0
x-xss-protection: 0

GET
H2 200 NXl17KkqDoN.js Show response
static.xx.fbcdn.net/rsrc.php/v3iAxA4/yo/l/de_DE/ Frame D465 541 KB
141 KB 24ms
8ms XHR
application/x-javascript 2a03:2880:f02d:12:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3iAxA4/yo/l/de_DE/NXl17KkqDoN.js?_nc_x=Ij3Wp8lg5Kz

Requested by

Host: www.facebook.com
URL: https://www.facebook.com/plugins/like.php?href=https%3A%2F%2Fpayment.meshotet.co.il%2F&width=200&layout=button&action=like&show_faces=true&share=true&height=80&appId=405620709480777

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f02d:12:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

38cb5323d7e45643d2d74a8bf5f64553d4138a8e844d83d7311144dc35dfee18

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.facebook.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.121 Safari/537.36

Response headers

date: Mon, 28 Nov 2022 11:51:11 GMT
content-encoding: br
x-content-type-options: nosniff
content-md5: xngKQgI9TZmoTD4i+LnRoA==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 144027
x-fb-rlafr: 0
x-fb-debug: kkzNZHNHk/bVm117nXcipgSKmNf+/xtW6Z9jTU/ac96ltamjFuApQ8h2XMRyJIKTt1GToSvbMBPbNw14TuHHEg==
x-fb-trip-id: 917726464
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
vary: Origin
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: https://www.facebook.com
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
priority: u=3,i
expires: Tue, 28 Nov 2023 06:13:07 GMT

GET
H2 200 FEppCFCt76d.png
static.xx.fbcdn.net/rsrc.php/v3/yD/r/ Frame D465 299 B
720 B 23ms
8ms Image
image/png 2a03:2880:f02d:12:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3/yD/r/FEppCFCt76d.png

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f02d:12:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

d65f4b2e8eee94ddc7f762d098de19558d879a3b597c8913b4d075532e3ed4b4

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.facebook.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.121 Safari/537.36

Response headers

date: Mon, 28 Nov 2022 11:51:11 GMT
x-content-type-options: nosniff
content-md5: OIlAxCmR79nrM/Ez4ygGlg==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 299
x-fb-rlafr: 0
x-fb-debug: H6ZmHrW18xYBaPnF4TZbLV3zn7uQBE/24EM1N4vyLv0qWOX2WhSE0ceaZf6LI6Sa41DTwj5nkmEuk1zNFC7qgg==
x-fb-trip-id: 917726464
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
content-type: image/png
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
priority: u=3,i
expires: Mon, 27 Nov 2023 07:02:50 GMT

GET
H2 200 browsers.css
payment.meshotet.co.il/css/ 351 B
491 B 82ms
82ms Stylesheet
text/css 212.150.101.186
NV-ASN CELLCOM ltd.

General

Check archive.org

Show headers Download Go to

Full URL: https://payment.meshotet.co.il/css/browsers.css
Requested by: Host: payment.meshotet.co.il
URL: https://payment.meshotet.co.il/css/site.php
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 212.150.101.186 Jerusalem, Israel, ASN1680 (NV-ASN CELLCOM ltd., IL),
Reverse DNS: resight.raid.co.il
Software: nginx /
Resource Hash: cfbb08f37e3ee4b7f0fed7f11bc875f01212f87932f2513ac3f112f20fca44b7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://payment.meshotet.co.il/css/site.php
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.121 Safari/537.36

Response headers

date: Mon, 28 Nov 2022 11:51:11 GMT
content-encoding: gzip
last-modified: Tue, 15 Nov 2011 13:44:18 GMT
server: nginx
x-accel-version: 0.01
etag: "15f-4b1c62f0f1080-gzip"
vary: Accept-Encoding,User-Agent
content-type: text/css
cache-control: max-age=31536000, public
accept-ranges: bytes
content-length: 226
expires: Tue, 28 Nov 2023 11:51:11 GMT

GET
H2 200 menu.php
payment.meshotet.co.il/css/ 2 KB
990 B 100ms
100ms Stylesheet
text/css 212.150.101.186
NV-ASN CELLCOM ltd.

General

Check archive.org

Show headers Download Go to

Full URL: https://payment.meshotet.co.il/css/menu.php
Requested by: Host: payment.meshotet.co.il
URL: https://payment.meshotet.co.il/css/site.php
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 212.150.101.186 Jerusalem, Israel, ASN1680 (NV-ASN CELLCOM ltd., IL),
Reverse DNS: resight.raid.co.il
Software: nginx /
Resource Hash: 5fa4c8526fbcf45dbe2cf7f27d6bda6c3bf9d0bafbf29d356f2d7d126e91754f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://payment.meshotet.co.il/css/site.php
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.121 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 28 Nov 2022 11:51:11 GMT
content-encoding: gzip
server: nginx
vary: Accept-Encoding,User-Agent
content-type: text/css;charset=UTF-8
cache-control: no-store, no-cache, must-revalidate, public
content-length: 724
expires: Thu, 19 Nov 1981 08:52:00 GMT

GET
H2 200 headerBG.png
payment.meshotet.co.il/images/ 3 KB
3 KB 73ms
73ms Image
image/png 212.150.101.186
NV-ASN CELLCOM ltd.

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://payment.meshotet.co.il/images/headerBG.png
Requested by: Host: payment.meshotet.co.il
URL: https://payment.meshotet.co.il/css/site.php
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 212.150.101.186 Jerusalem, Israel, ASN1680 (NV-ASN CELLCOM ltd., IL),
Reverse DNS: resight.raid.co.il
Software: nginx /
Resource Hash: bed15b50fbf91f9873f5ede25e400ea120be329eb3252ced96aa0e9357b5f413

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://payment.meshotet.co.il/css/site.php
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.121 Safari/537.36

Response headers

date: Mon, 28 Nov 2022 11:51:11 GMT
last-modified: Thu, 25 Oct 2012 12:42:22 GMT
server: nginx
etag: "508933ae-b29"
content-type: image/png
cache-control: max-age=2592000, public
accept-ranges: bytes
content-length: 2857
expires: Wed, 28 Dec 2022 11:51:11 GMT

GET
H2 200 searchSubmit.png
payment.meshotet.co.il/images/ 3 KB
4 KB 74ms
73ms Image
image/png 212.150.101.186
NV-ASN CELLCOM ltd.

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://payment.meshotet.co.il/images/searchSubmit.png
Requested by: Host: payment.meshotet.co.il
URL: https://payment.meshotet.co.il/css/site.php
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 212.150.101.186 Jerusalem, Israel, ASN1680 (NV-ASN CELLCOM ltd., IL),
Reverse DNS: resight.raid.co.il
Software: nginx /
Resource Hash: f5f0c42fa13f46ee21f52fe2d05a7fa05ba53c1e0149129d168444e801523c80

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://payment.meshotet.co.il/css/site.php
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.121 Safari/537.36

Response headers

date: Mon, 28 Nov 2022 11:51:11 GMT
last-modified: Thu, 25 Oct 2012 12:51:30 GMT
server: nginx
etag: "508935d2-dba"
content-type: image/png
cache-control: max-age=2592000, public
accept-ranges: bytes
content-length: 3514
expires: Wed, 28 Dec 2022 11:51:11 GMT

GET
H2 200 show_ads_impl_with_ama_fy2021.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202211100101/ 355 KB
117 KB 69ms
68ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202211100101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-8330060489921088&plah=payment.meshotet.co.il&bust=31070923

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/show_ads.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

5c6269d98660443db9f9578af480b83a1c511c5a3a24602492fec3fd3dde2b62

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://payment.meshotet.co.il/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.121 Safari/537.36

Response headers

date: Mon, 28 Nov 2022 11:51:11 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 119607
x-xss-protection: 0
server: cafe
etag: 15994130142540813998
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Mon, 28 Nov 2022 11:51:11 GMT

GET
H2 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20221110/r20190131/ Frame 7CF6 10 KB
5 KB 28ms
6ms Document
text/html 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20221110/r20190131/zrt_lookup.html

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9da238ca619f3bf71312de3c9c913c653941ada56cb5e1601aafb6094ae51cdc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://payment.meshotet.co.il/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.121 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 83441
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4242
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sun, 27 Nov 2022 12:40:30 GMT
etag: 10353107486223812946
expires: Sun, 11 Dec 2022 12:40:30 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 cookie.js Show response
partner.googleadservices.com/gampad/ 395 B
700 B 38ms
15ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://partner.googleadservices.com/gampad/cookie.js?domain=payment.meshotet.co.il&callback=_gfp_s_&client=ca-pub-8330060489921088&gpid_exp=1

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202211100101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-8330060489921088&plah=payment.meshotet.co.il&bust=31070923

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3fffcfaa5d35234346f0a66e8c50a6c6720337b15a08a896412ff4a059007c75

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://payment.meshotet.co.il/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.121 Safari/537.36

Response headers

date: Mon, 28 Nov 2022 11:51:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: text/javascript; charset=UTF-8
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 255
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
792 B 66ms
15ms Script
application/javascript 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=payment.meshotet.co.il

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://payment.meshotet.co.il/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.121 Safari/537.36

Response headers

date: Mon, 28 Nov 2022 11:51:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
549 B 52ms
15ms Script
application/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=payment.meshotet.co.il

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://payment.meshotet.co.il/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.121 Safari/537.36

Response headers

date: Mon, 28 Nov 2022 11:51:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame A3C0 436 B
236 B 167ms
151ms Document
text/html 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8330060489921088&output=html&h=90&slotname=9307384039&adk=3654359874&adf=4054489202&pi=t.ma~as.9307384039&w=728&lmt=1669636271&url=http%3A%2F%2Fpayment.meshotet.co.il%2F&wgl=1&dt=1669636271691&bpp=15&bdt=454&idt=209&shv=r20221110&mjsv=m202211100101&ptt=5&saldr=sa&abxe=1&correlator=7516434026866&frm=20&pv=2&ga_vid=1490776202.1669636272&ga_sid=1669636272&ga_hid=722696231&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=552&ady=84&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C42531706%2C44777508%2C31070762%2C31070923%2C21066431&oid=2&pvsid=458249336796641&tmod=711656564&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CleE%7C&abl=CS&pfx=0&fu=0&bc=23&ifi=1&uci=a!1&fsb=1&xpc=pRRXk1cD5A&p=http%3A//payment.meshotet.co.il&dtd=229

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

cf25afc263eea9c8d1f0e9050209cb4df663380d707ae9753c557487cee4f3a2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://payment.meshotet.co.il/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.121 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-encoding: br
content-length: 213
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 28 Nov 2022 11:51:12 GMT
expires: Mon, 28 Nov 2022 11:51:12 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 074E 436 B
235 B 166ms
159ms Document
text/html 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8330060489921088&output=html&h=280&slotname=6057269641&adk=2369290022&adf=2714337636&pi=t.ma~as.6057269641&w=700&fwrn=4&fwrnh=100&lmt=1669636271&rafmt=1&format=700x280&url=http%3A%2F%2Fpayment.meshotet.co.il%2F&fwr=0&rpe=1&resp_fmts=3&wgl=1&dt=1669636271717&bpp=2&bdt=480&idt=209&shv=r20221110&mjsv=m202211100101&ptt=9&saldr=aa&abxe=1&prev_slotnames=9307384039&correlator=7516434026866&frm=20&pv=1&ga_vid=1490776202.1669636272&ga_sid=1669636272&ga_hid=722696231&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=570&ady=727&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C42531706%2C44777508%2C31070762%2C31070923%2C21066431&oid=2&pvsid=458249336796641&tmod=711656564&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=23&ifi=2&uci=a!2&fsb=1&xpc=SwGjd5DRxm&p=http%3A//payment.meshotet.co.il&dtd=213

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e52ff1340506f7c925cde1b8a784f0f409364d743ae4b0f0a2dddedc9a479479

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://payment.meshotet.co.il/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.121 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-encoding: br
content-length: 212
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 28 Nov 2022 11:51:12 GMT
expires: Mon, 28 Nov 2022 11:51:12 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 086B 352 KB
28 KB 839ms
838ms Document
text/html 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8330060489921088&output=html&h=600&slotname=5779015096&adk=2105329952&adf=2664654941&pi=t.ma~as.5779015096&w=160&lmt=1669636271&url=http%3A%2F%2Fpayment.meshotet.co.il%2F&wgl=1&dt=1669636271731&bpp=3&bdt=495&idt=202&shv=r20221110&mjsv=m202211100101&ptt=5&saldr=sa&abxe=1&prev_fmts=700x280&prev_slotnames=9307384039&correlator=7516434026866&frm=20&pv=1&ga_vid=1490776202.1669636272&ga_sid=1669636272&ga_hid=722696231&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=320&ady=177&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C42531706%2C44777508%2C31070762%2C31070923%2C21066431&oid=2&pvsid=458249336796641&tmod=711656564&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CleE%7C&abl=CS&pfx=0&fu=0&bc=23&ifi=3&uci=a!3&fsb=1&xpc=hkyGWz2hAe&p=http%3A//payment.meshotet.co.il&dtd=206

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

6d0cf67c0099fa7a9f4689e57f05ef913f8e73361977af9d7cc051518acfe2c2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://payment.meshotet.co.il/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.121 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-expose-headers: x-google-amp-ad-validated-version
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-encoding: br
content-length: 28947
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 28 Nov 2022 11:51:12 GMT
expires: Mon, 28 Nov 2022 11:51:12 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 amp4ads-v0.mjs Show response
cdn.ampproject.org/rtv/012211060024000/ Frame 086B 221 KB
61 KB 74ms
8ms Script
text/javascript 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012211060024000/amp4ads-v0.mjs

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8330060489921088&output=html&h=600&slotname=5779015096&adk=2105329952&adf=2664654941&pi=t.ma~as.5779015096&w=160&lmt=1669636271&url=http%3A%2F%2Fpayment.meshotet.co.il%2F&wgl=1&dt=1669636271731&bpp=3&bdt=495&idt=202&shv=r20221110&mjsv=m202211100101&ptt=5&saldr=sa&abxe=1&prev_fmts=700x280&prev_slotnames=9307384039&correlator=7516434026866&frm=20&pv=1&ga_vid=1490776202.1669636272&ga_sid=1669636272&ga_hid=722696231&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=320&ady=177&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C42531706%2C44777508%2C31070762%2C31070923%2C21066431&oid=2&pvsid=458249336796641&tmod=711656564&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CleE%7C&abl=CS&pfx=0&fu=0&bc=23&ifi=3&uci=a!3&fsb=1&xpc=hkyGWz2hAe&p=http%3A//payment.meshotet.co.il&dtd=206

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a01f9f2f5ba1812441a49f7f1dc0b04fb56a18b486005289b8df4212381f10ce

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.121 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Mon, 28 Nov 2022 09:52:43 GMT
age: 7109
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 61592
x-xss-protection: 0
server: sffe
etag: "a2fca7132416d151"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Tue, 28 Nov 2023 09:52:43 GMT

GET
H2 200 amp-ad-exit-0.1.mjs Show response
cdn.ampproject.org/rtv/012211060024000/v0/ Frame 086B 14 KB
5 KB 84ms
18ms Script
text/javascript 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012211060024000/v0/amp-ad-exit-0.1.mjs

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d89cb9800cc62dcc44a0ba866b4a080ad06f735f60a6afecbd6d691d2e8939dd

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.121 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Mon, 28 Nov 2022 09:52:42 GMT
age: 7110
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5218
x-xss-protection: 0
server: sffe
etag: "abd4378f71571d78"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Tue, 28 Nov 2023 09:52:42 GMT

GET
H2 200 amp-analytics-0.1.mjs Show response
cdn.ampproject.org/rtv/012211060024000/v0/ Frame 086B 94 KB
28 KB 82ms
19ms Script
text/javascript 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012211060024000/v0/amp-analytics-0.1.mjs

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8ee5f53d3752309af021002b2199a06523b1fd03f3ea1cdaf5d59e911d4d8178

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.121 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Mon, 28 Nov 2022 09:52:43 GMT
age: 7109
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 28809
x-xss-protection: 0
server: sffe
etag: "dd6615029de85e23"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Tue, 28 Nov 2023 09:52:43 GMT

GET
H2 200 amp-animation-0.1.mjs Show response
cdn.ampproject.org/rtv/012211060024000/v0/ Frame 086B 72 KB
16 KB 88ms
25ms Script
text/javascript 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012211060024000/v0/amp-animation-0.1.mjs

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5fe75d0fb01c62e14b75d418f8e5bb6e413e49610f564e90248669d7e3513403

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.121 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Mon, 21 Nov 2022 18:08:54 GMT
age: 582138
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 16659
x-xss-protection: 0
server: sffe
etag: "94fac542ca9cc297"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Tue, 21 Nov 2023 18:08:54 GMT

GET
H2 200 amp-fit-text-0.1.mjs Show response
cdn.ampproject.org/rtv/012211060024000/v0/ Frame 086B 5 KB
2 KB 86ms
23ms Script
text/javascript 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012211060024000/v0/amp-fit-text-0.1.mjs

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c3f73b989e0620a4d2e12ed57a0d538e4580b8fefaa1fefbad73e0abad6d227f

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.121 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Mon, 28 Nov 2022 09:52:43 GMT
age: 7109
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1913
x-xss-protection: 0
server: sffe
etag: "403438c4d550ee88"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Tue, 28 Nov 2023 09:52:43 GMT

GET
H2 200 amp-form-0.1.mjs Show response
cdn.ampproject.org/rtv/012211060024000/v0/ Frame 086B 40 KB
13 KB 87ms
24ms Script
text/javascript 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012211060024000/v0/amp-form-0.1.mjs

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1b1c3ea8b3d9fec1913ac70c81c83f2172acc41988e747bd24d22bf779fd19a0

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.121 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Mon, 28 Nov 2022 09:52:42 GMT
age: 7110
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12946
x-xss-protection: 0
server: sffe
etag: "0bacd3f1ce38a7db"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Tue, 28 Nov 2023 09:52:42 GMT

GET
H2 200 iw.png
tpc.googlesyndication.com/pagead/images/abg/ Frame 086B 3 KB
3 KB 44ms
22ms Image
image/png 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/abg/iw.png

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

19b49a74b4e17a37abe04b94bd3a67665f92b8368004c73a1112cf142fb9da1c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.121 Safari/537.36

Response headers

date: Mon, 28 Nov 2022 04:39:36 GMT
x-content-type-options: nosniff
server: cafe
age: 25896
etag: 415739381108731362
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: image/png
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2712
x-xss-protection: 0
expires: Tue, 29 Nov 2022 04:39:36 GMT

GET
H2 200 icon.png
tpc.googlesyndication.com/pagead/images/abg/ Frame 086B 344 B
448 B 44ms
22ms Image
image/png 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/abg/icon.png

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

53b99e4bde7498900885e58f9d6c383258f8a59b04389d6b54d3d4b89537b6f2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.121 Safari/537.36

Response headers

date: Mon, 28 Nov 2022 11:46:04 GMT
x-content-type-options: nosniff
server: cafe
age: 308
etag: 6766994032117382215
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: image/png
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 344
x-xss-protection: 0
expires: Tue, 29 Nov 2022 11:46:04 GMT

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame 086B 0
21 B 51ms
51ms Image
text/html 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=CBUJesKCEY5hi1-HG1g_buZGIAr-T9sht2629_ugQh8i0n9IYEAEgkcXmCWCV4pCCoAegAer5ltwDyAEJqQL4LJ8SIWexPqgDAcgDCKoE-gFP0IHuNleUQb6Lcf9tI0muvdzxGVIEd-fAvH0srYwKTgaZfiyq0gtYhJliQ87u3APTFg-pXG_tLcG-waTiUQaDkjShc4qtl7UNGxPtiwYO7229SVk8TOJGKobwrN9kQ9KpYMev1VoLTzJKBNNJZ_0NzBa3TmgHNeQBmQNxJIorsAgbUrvRa0W6CDxYK9wSGT4MdkOT576D0oDBWJIyVC6VnMH97aj8D3C1leACAQuJdyzDpl4GCFMXu7kBR6VhUnlWxU6Me2f-d_guFnfcw2rvItTCEpUmZkphXZyNjlmQhQmqJH5hcxq3WprF2jNWeRXjV1s2oD2BKzwWwASzw_jrogSSBQQIBBgBkgUECAUYBKAGLoAH_oXpI6gHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4b2AcA8gcEEIqSItIIEQiA4YAQEAEYHzICqgI6AoBAgAoByAsB2BMN0BUBgBcBshccChoIABIUcHViLTgzMzAwNjA0ODk5MjEwODgYAA&sigh=rWYd9d0sVCI&uach_m=[UACH]&cid=CAQSGwDq26N91roRqWH9zipWv1D9xNXoyQ5iRTTLxxgBIBM&template_id=419

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8330060489921088&output=html&h=600&slotname=5779015096&adk=2105329952&adf=2664654941&pi=t.ma~as.5779015096&w=160&lmt=1669636271&url=http%3A%2F%2Fpayment.meshotet.co.il%2F&wgl=1&dt=1669636271731&bpp=3&bdt=495&idt=202&shv=r20221110&mjsv=m202211100101&ptt=5&saldr=sa&abxe=1&prev_fmts=700x280&prev_slotnames=9307384039&correlator=7516434026866&frm=20&pv=1&ga_vid=1490776202.1669636272&ga_sid=1669636272&ga_hid=722696231&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=320&ady=177&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C42531706%2C44777508%2C31070762%2C31070923%2C21066431&oid=2&pvsid=458249336796641&tmod=711656564&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CleE%7C&abl=CS&pfx=0&fu=0&bc=23&ifi=3&uci=a!3&fsb=1&xpc=hkyGWz2hAe&p=http%3A//payment.meshotet.co.il&dtd=206
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.121 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Mon, 28 Nov 2022 11:51:12 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Mon, 28 Nov 2022 11:51:12 GMT

GET
DATA 200
OK truncated
/ Frame 086B 213 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 96e7a82dc77cc64cbfab815ba786a7b8282f1d9b7f0f9c4cb9c4e91295096014

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.121 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 pic1.jpg
tpc.googlesyndication.com/sadbundle/7401350265756326189/ Frame 086B 29 KB
29 KB 29ms
10ms Image
image/jpeg 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/7401350265756326189/pic1.jpg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

34e1048d2c9df47c8680ae0e6c7c4669b00088eb27977506e35a6233b031da6b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.121 Safari/537.36

Response headers

date: Wed, 23 Nov 2022 01:09:44 GMT
x-content-type-options: nosniff
age: 470488
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 29475
x-xss-protection: 0
last-modified: Tue, 22 Nov 2022 14:19:36 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Thu, 23 Nov 2023 01:09:44 GMT

GET
H2 200 pic2.jpg
tpc.googlesyndication.com/sadbundle/7401350265756326189/ Frame 086B 18 KB
18 KB 41ms
22ms Image
image/jpeg 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/7401350265756326189/pic2.jpg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f60a137866f0b427a8fc3407ce6a35acf7a2e07634b7368c80e08cc6d40a5eb2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.121 Safari/537.36

Response headers

date: Wed, 23 Nov 2022 01:09:44 GMT
x-content-type-options: nosniff
age: 470488
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 18794
x-xss-protection: 0
last-modified: Tue, 22 Nov 2022 14:19:36 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Thu, 23 Nov 2023 01:09:44 GMT

GET
H2 200 pic3.jpg
tpc.googlesyndication.com/sadbundle/7401350265756326189/ Frame 086B 22 KB
22 KB 35ms
16ms Image
image/jpeg 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/7401350265756326189/pic3.jpg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7a2b200e3aa84703623251ca1da42a53e2cc510fa65d837dd8fb80b1a02367a9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.121 Safari/537.36

Response headers

date: Wed, 23 Nov 2022 23:41:16 GMT
x-content-type-options: nosniff
age: 389396
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 22523
x-xss-protection: 0
last-modified: Tue, 22 Nov 2022 14:19:36 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Thu, 23 Nov 2023 23:41:16 GMT

GET
H2 200 pic4.jpg
tpc.googlesyndication.com/sadbundle/7401350265756326189/ Frame 086B 20 KB
20 KB 36ms
20ms Image
image/jpeg 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/7401350265756326189/pic4.jpg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7c74307a1aaa68d81d931a4e8991362c068d109dd717917a35f9b82ae08566ed

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.121 Safari/537.36

Response headers

date: Wed, 23 Nov 2022 01:09:44 GMT
x-content-type-options: nosniff
age: 470488
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20662
x-xss-protection: 0
last-modified: Tue, 22 Nov 2022 14:19:36 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Thu, 23 Nov 2023 01:09:44 GMT

GET
H2 200 Text1.png
tpc.googlesyndication.com/sadbundle/7401350265756326189/ Frame 086B 7 KB
8 KB 26ms
9ms Image
image/png 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/7401350265756326189/Text1.png

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2de587905a85204ad8d036fea2270d86db075c3e6c2dcab98fd857702dd44c31

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.121 Safari/537.36

Response headers

date: Wed, 23 Nov 2022 23:41:16 GMT
x-content-type-options: nosniff
age: 389396
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7527
x-xss-protection: 0
last-modified: Tue, 22 Nov 2022 14:19:36 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Thu, 23 Nov 2023 23:41:16 GMT

GET
H2 200 cta.png
tpc.googlesyndication.com/sadbundle/7401350265756326189/ Frame 086B 2 KB
2 KB 27ms
10ms Image
image/png 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/7401350265756326189/cta.png

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8d6210ee52159502f022758e029c9589c2a9af10f8d821316400a2ed1152ef6f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.121 Safari/537.36

Response headers

date: Wed, 23 Nov 2022 23:41:16 GMT
x-content-type-options: nosniff
age: 389396
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1902
x-xss-protection: 0
last-modified: Tue, 22 Nov 2022 14:19:36 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Thu, 23 Nov 2023 23:41:16 GMT

GET
H2 200 logo.png
tpc.googlesyndication.com/sadbundle/7401350265756326189/ Frame 086B 1 KB
1 KB 38ms
21ms Image
image/png 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/7401350265756326189/logo.png

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ca41a217b8e94ee7343130a5cc909cc874d79f64abe878d7d98559da05e4b029

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.121 Safari/537.36

Response headers

date: Wed, 23 Nov 2022 23:41:16 GMT
x-content-type-options: nosniff
age: 389396
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1084
x-xss-protection: 0
last-modified: Tue, 22 Nov 2022 14:19:36 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Thu, 23 Nov 2023 23:41:16 GMT

GET
H3 200 amp4ads-host-v0.js Show response
cdn.ampproject.org/rtv/012211060024000/ 23 KB
8 KB 26ms
10ms Script
text/javascript 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012211060024000/amp4ads-host-v0.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b7054618d6d88e0ec7d1065f8dcc60911c9ad2cdb1ab832f3a2d4602a9dc5a34

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://payment.meshotet.co.il/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.121 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Mon, 21 Nov 2022 18:08:57 GMT
age: 582135
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7860
x-xss-protection: 0
server: sffe
etag: "a403c481d3db7074"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Tue, 21 Nov 2023 18:08:57 GMT

GET
H3 200 iw.png
tpc.googlesyndication.com/pagead/images/abg/ Frame 086B 3 KB
3 KB 23ms
7ms Image
image/png 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/abg/iw.png

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/012211060024000/amp4ads-v0.mjs

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

19b49a74b4e17a37abe04b94bd3a67665f92b8368004c73a1112cf142fb9da1c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.121 Safari/537.36

Response headers

date: Mon, 28 Nov 2022 04:39:36 GMT
x-content-type-options: nosniff
server: cafe
age: 25896
etag: 415739381108731362
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: image/png
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2712
x-xss-protection: 0
expires: Tue, 29 Nov 2022 04:39:36 GMT

GET
H3 200 icon.png
tpc.googlesyndication.com/pagead/images/abg/ Frame 086B 344 B
368 B 22ms
6ms Image
image/png 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/abg/icon.png

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/012211060024000/amp4ads-v0.mjs

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

53b99e4bde7498900885e58f9d6c383258f8a59b04389d6b54d3d4b89537b6f2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.121 Safari/537.36

Response headers

date: Mon, 28 Nov 2022 11:46:04 GMT
x-content-type-options: nosniff
server: cafe
age: 308
etag: 6766994032117382215
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: image/png
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 344
x-xss-protection: 0
expires: Tue, 29 Nov 2022 11:46:04 GMT

GET
H/1.1 404
Not Found show_ads_impl.js
pagead2.googlesyndication.com/pagead/js/r20160816/r20160727/ Frame 8AD6 0
0 47ms
41ms Script
text/html 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: http://pagead2.googlesyndication.com/pagead/js/r20160816/r20160727/show_ads_impl.js
Requested by: Host: web.archive.org
URL: https://web.archive.org/web/20160820144930js_/http://pagead2.googlesyndication.com/pagead/show_ads.js
Protocol: HTTP/1.1
Server: 2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://payment.meshotet.co.il/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.121 Safari/537.36

Response headers

GET
H3 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
122 B 32ms
17ms Script
application/javascript 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=payment.meshotet.co.il

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://payment.meshotet.co.il/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.121 Safari/537.36

Response headers

date: Mon, 28 Nov 2022 11:51:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
122 B 30ms
16ms Script
application/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=payment.meshotet.co.il

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://payment.meshotet.co.il/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.121 Safari/537.36

Response headers

date: Mon, 28 Nov 2022 11:51:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 6313 18 KB
10 KB 780ms
779ms Document
text/html 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8330060489921088&output=html&h=90&slotname=7481696310&adk=1358332770&adf=2681553333&pi=t.ma~as.7481696310&w=728&lmt=1669636273&url=http%3A%2F%2Fpayment.meshotet.co.il%2F&wgl=1&dt=1669636273752&bpp=3&bdt=2515&idt=3&shv=r20221110&mjsv=m202211100101&ptt=5&saldr=sa&abxe=1&cookie=ID%3De5c2b8f32d271535-22c557059ad700e7%3AT%3D1669636271%3ART%3D1669636271%3AS%3DALNI_MarO7yPojqC77Iw02rEIjhGEaZYqw&gpic=UID%3D00000b894bfbdd44%3AT%3D1669636271%3ART%3D1669636271%3AS%3DALNI_MZzhC403IJiX8T6VzSTaXufM6EWTA&prev_fmts=700x280&prev_slotnames=9307384039%2C5779015096&correlator=7516434026866&frm=20&pv=1&ga_vid=1490776202.1669636272&ga_sid=1669636272&ga_hid=722696231&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=552&ady=1580&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C42531706%2C44777508%2C31070762%2C31070923%2C21066431&oid=2&psts=AMjMPc37YFYYDxAymnmnyIYOqDkWdOlBV5XXXnDoBtSV4VE2l3UAhnCPI8veVjz_EeKvdqaHDK_k5eiiD_o3Un8&pvsid=458249336796641&tmod=711656564&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cebr%7C&abl=CS&pfx=0&fu=0&bc=23&ifi=5&uci=a!5&btvi=1&fsb=1&xpc=5GAK8v6DTR&p=http%3A//payment.meshotet.co.il&dtd=8

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9117bc496a479dc8b84a5724ac5e38c127362f84039adc23bb3fd8909d9ea1d9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://payment.meshotet.co.il/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.121 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-encoding: br
content-length: 10236
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 28 Nov 2022 11:51:14 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 activeview
pagead2.googlesyndication.com/pcs/ Frame 086B 42 B
64 B 44ms
43ms Image
image/gif 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjstTqZMiRaUY7dLi8qzqTG_BVqH-mQJa1Ld1RUIYZxS9xBTEFJQAtmQJiyBeV64x8uqRkOSHn2gncZUb_gFxSu0SwCmBDU1gqLLahVUa4g1_qUkOmi3-KAxmPec8KySkshwvrZEIeQ&sai=AMfl-YT_oZaZrE8KO9fJTHOgO5PwX4ZXTsOw51R-gS4LRzX7XlZ4EB5Q_sFcLVVJ3zf2WH6vY3vWK7GS6RgZVVI&sig=Cg0ArKJSzGwHPb3DUu8kEAE&cid=CAQSGwDq26N91roRqWH9zipWv1D9xNXoyQ5iRTTLxxgBIBM&id=ampim&o=320,177&d=160,600&ss=1600,1200&bs=1600,1200&mcvt=1000&mtos=0,0,1000,1000,1000&tos=0,0,1000,0,0&tfs=1057&tls=2057&g=100&h=100&tt=2058&r=v&avms=ampa&uap=&uapv=&uaa=&uam=&uafv=&uab=&uafvl=&uaw=&adk=0

Requested by

Host: payment.meshotet.co.il
URL: http://payment.meshotet.co.il/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.121 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 28 Nov 2022 11:51:14 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 6313 42 B
63 B 42ms
41ms Image
image/gif 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-DYsyOorOJmpufg4mxda21T4jp4WQB_BXO2XepaaZjYgLBOTSSTXcEuDYcYs79w78YIfoduNkZAVpI7Ul0dLH_kdH4p9zrD-uAnIWK67x0XIDM_yhk

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8330060489921088&output=html&h=90&slotname=7481696310&adk=1358332770&adf=2681553333&pi=t.ma~as.7481696310&w=728&lmt=1669636273&url=http%3A%2F%2Fpayment.meshotet.co.il%2F&wgl=1&dt=1669636273752&bpp=3&bdt=2515&idt=3&shv=r20221110&mjsv=m202211100101&ptt=5&saldr=sa&abxe=1&cookie=ID%3De5c2b8f32d271535-22c557059ad700e7%3AT%3D1669636271%3ART%3D1669636271%3AS%3DALNI_MarO7yPojqC77Iw02rEIjhGEaZYqw&gpic=UID%3D00000b894bfbdd44%3AT%3D1669636271%3ART%3D1669636271%3AS%3DALNI_MZzhC403IJiX8T6VzSTaXufM6EWTA&prev_fmts=700x280&prev_slotnames=9307384039%2C5779015096&correlator=7516434026866&frm=20&pv=1&ga_vid=1490776202.1669636272&ga_sid=1669636272&ga_hid=722696231&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=552&ady=1580&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C42531706%2C44777508%2C31070762%2C31070923%2C21066431&oid=2&psts=AMjMPc37YFYYDxAymnmnyIYOqDkWdOlBV5XXXnDoBtSV4VE2l3UAhnCPI8veVjz_EeKvdqaHDK_k5eiiD_o3Un8&pvsid=458249336796641&tmod=711656564&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cebr%7C&abl=CS&pfx=0&fu=0&bc=23&ifi=5&uci=a!5&btvi=1&fsb=1&xpc=5GAK8v6DTR&p=http%3A//payment.meshotet.co.il&dtd=8

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.121 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 28 Nov 2022 11:51:14 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20221110/r20110914/client/ Frame 6313 3 KB
1 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20221110/r20110914/client/window_focus_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.121 Safari/537.36

Response headers

date: Mon, 28 Nov 2022 11:07:11 GMT
content-encoding: br
x-content-type-options: nosniff
age: 2643
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 12 Dec 2022 11:07:11 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20221110/r20110914/client/ Frame 6313 18 KB
7 KB 10ms
9ms Script
text/javascript 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20221110/r20110914/client/qs_click_protection_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

78f24ab4db72c7344d41ebc97ace3f7bb0ad6198999d180b4ba473b6651cbe53

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.121 Safari/537.36

Response headers

date: Mon, 28 Nov 2022 10:41:27 GMT
content-encoding: br
x-content-type-options: nosniff
age: 4187
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7458
x-xss-protection: 0
server: cafe
etag: 16870613375306414947
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 12 Dec 2022 10:41:27 GMT

GET
H2 204 l
www.google.com/ads/measurement/ Frame 6313 0
0 40ms
18ms Image
text/html 2a00:1450:4001:80f::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaTEbr4k5vHfIVMtxOeDfXLz8LR04sYCwSYKahcSK6T8djxgJT5U5h2GcyPpGkXWbiCPvZwwzbstJfAVzbBV13LdkjT1Zw
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8330060489921088&output=html&h=90&slotname=7481696310&adk=1358332770&adf=2681553333&pi=t.ma~as.7481696310&w=728&lmt=1669636273&url=http%3A%2F%2Fpayment.meshotet.co.il%2F&wgl=1&dt=1669636273752&bpp=3&bdt=2515&idt=3&shv=r20221110&mjsv=m202211100101&ptt=5&saldr=sa&abxe=1&cookie=ID%3De5c2b8f32d271535-22c557059ad700e7%3AT%3D1669636271%3ART%3D1669636271%3AS%3DALNI_MarO7yPojqC77Iw02rEIjhGEaZYqw&gpic=UID%3D00000b894bfbdd44%3AT%3D1669636271%3ART%3D1669636271%3AS%3DALNI_MZzhC403IJiX8T6VzSTaXufM6EWTA&prev_fmts=700x280&prev_slotnames=9307384039%2C5779015096&correlator=7516434026866&frm=20&pv=1&ga_vid=1490776202.1669636272&ga_sid=1669636272&ga_hid=722696231&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=552&ady=1580&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C42531706%2C44777508%2C31070762%2C31070923%2C21066431&oid=2&psts=AMjMPc37YFYYDxAymnmnyIYOqDkWdOlBV5XXXnDoBtSV4VE2l3UAhnCPI8veVjz_EeKvdqaHDK_k5eiiD_o3Un8&pvsid=458249336796641&tmod=711656564&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cebr%7C&abl=CS&pfx=0&fu=0&bc=23&ifi=5&uci=a!5&btvi=1&fsb=1&xpc=5GAK8v6DTR&p=http%3A//payment.meshotet.co.il&dtd=8
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:80f::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.121 Safari/537.36

Response headers

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 6313 154 KB
48 KB 65ms
30ms Script
text/javascript 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8563a9d08eecbb41965521ca0bc40e33a394e4c55789ae383e2a8168fdc5590d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.121 Safari/537.36

Response headers

date: Mon, 28 Nov 2022 11:51:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 48265
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1668095300071091"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Mon, 28 Nov 2022 11:51:14 GMT

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 4E95 624 B
242 B 46ms
44ms Document
text/html 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CLbFxQEQq9bcARir-IvGATAB&v=APEucNU_vf2gkIdVkuuOzc3y6gZdmw2XdpnX4E_JNEFnVS562JdPQDXHRtAWJunqvv8OcXH3hinZp4EmmzfpWRxqkFV7ZgT9EBCqvFm3Go80PRI3OhJ_s7pUaUH66_yNIcPcmSrhtMvnqOs3l_eRNUifGO5DtLKUQVnTNOo3iogpuwNdWUYAGU4

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8330060489921088&output=html&h=90&slotname=7481696310&adk=1358332770&adf=2681553333&pi=t.ma~as.7481696310&w=728&lmt=1669636273&url=http%3A%2F%2Fpayment.meshotet.co.il%2F&wgl=1&dt=1669636273752&bpp=3&bdt=2515&idt=3&shv=r20221110&mjsv=m202211100101&ptt=5&saldr=sa&abxe=1&cookie=ID%3De5c2b8f32d271535-22c557059ad700e7%3AT%3D1669636271%3ART%3D1669636271%3AS%3DALNI_MarO7yPojqC77Iw02rEIjhGEaZYqw&gpic=UID%3D00000b894bfbdd44%3AT%3D1669636271%3ART%3D1669636271%3AS%3DALNI_MZzhC403IJiX8T6VzSTaXufM6EWTA&prev_fmts=700x280&prev_slotnames=9307384039%2C5779015096&correlator=7516434026866&frm=20&pv=1&ga_vid=1490776202.1669636272&ga_sid=1669636272&ga_hid=722696231&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=552&ady=1580&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C42531706%2C44777508%2C31070762%2C31070923%2C21066431&oid=2&psts=AMjMPc37YFYYDxAymnmnyIYOqDkWdOlBV5XXXnDoBtSV4VE2l3UAhnCPI8veVjz_EeKvdqaHDK_k5eiiD_o3Un8&pvsid=458249336796641&tmod=711656564&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cebr%7C&abl=CS&pfx=0&fu=0&bc=23&ifi=5&uci=a!5&btvi=1&fsb=1&xpc=5GAK8v6DTR&p=http%3A//payment.meshotet.co.il&dtd=8
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.121 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-encoding: br
content-length: 222
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 28 Nov 2022 11:51:14 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 6313 68 KB
33 KB 39ms
38ms Script
text/javascript 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-A9SKwnr-iLr1RdU5FHta2HS46GYBcglc95xocNb95_dWSeumkaJqG-nonKPdFR1YZCP2KwkDoqD96vWzneTiZKSfw6Cw&cry=1&dbm_d=AKAmf-ABKS_HxZ6cCe8EwL09ACuvwwI5uotLWPv9d54Le9cPiFWu2D4W5_n1yeKkvXxc3aW9Ip8uTMHjSAyB3pYuO0G745ZTyivpQfZQQ6dCna-R_jMMQ-0MV9kIjWHr93M-i2O4_EtrjmhoCdvB_o4rl4jRzR9FB73i3syRIwkxwLiYrqXwpdqCWKYFggPecqEC0dK6tZrgBF7_PvYB7ehrWOQ_ZikN3THElPyvwXbv5SYPy3TWR2h1zE9Cq-9aV0hp7eK6JMbRxlqulJCPJZNmHyPvYAQQry4yNz2iIlvJe4MkCmmC5XjWABzO9bsQRwT_C7pZ2AH9zWJJPx1T3pZRdJLTJ3dKaXepQVv-7KCFYsiyVsZIAG3ErSiDMsp11GDpoBEqW9fc0tgx1Ni0ZR8zO1qXELBi-LurZmGD1ROp2ogfdMcnFGe8tTVTGMoQW8C9wqje3ZXWPWweqJKVohb2oSmLK_Vi19zAN3v4vi5_blyr4sIG-su9UFdvfHny5RPOpoROqi6XYAr9BBYy7ctqR8_xHzNO8Gm0GyCKYoVs_Kiip80KjyTKJVW3k52RMUl7aE_dlvNaUNwiLno79ImcX2g7m_X1WvgKjLFRSRWwmrEvQkB5Ikn0f6iLhvq9BU1plJKD-6AgGuCT_2t5cEOa9nOnpJsTKkEAKFDXHX_eShWEVWukZ8_lcidyr_ZP9jqAOHnva3vccTHx0ZpwWQukYcjOOPCKbpqkHptKEoU6K7elZ4Titc8FiY2OAm1-6IRzAL4inznZ5zKJXHkUJblDmJN0ApTZ7aHKKZNQjzxVmF14w2rlN9EGuLeb-fPETKiFdOYd22gnKNB0kQF-MMowtutqI3cEKVmYnGoXVcGSt_sDJ9SOQmCS9FEWuVCvMVytZqQJaMff2t6gpsAcn6sMR0l4T-ystI0YtMDRrC4zCPaE4jbYKmVZj3l_7vweIuVG0MZbJ4dpz2_-jb1y4vwNFzyVOYfPWuKo1nwJGMsB0divmMblP7LmyZlrykkRn8lnoQgsMUKgpZr2JtMbmsSUplmwg1kiCrnSmpUmVrrj4jqf7vKMsPfa9cgpMqppkI7um9Qp3ylmrrSXEcBrt90BWAndS8pGxRBPfq-kcrCaMJmcHbyjCLKcNQnYjl9pRM6lD75CI-P-xa5YcKu4anT5i6pQ0nnNrwqCq5NFWOvIyMbYXIzQKjZOvqYhPmTP4Wzh454dpGJOo7aRgQD8--z-h_vWSEKv2yCLEAfnM9SseHnzLrvKkcnoxoVDY54q9RME251XpC98A_qosxbbrs62jkA6umd0A2VrqiCHgMGPYfOHh4KWUgfG8fVtzXGFnNi8l6K9JLlhJu7ozA8-zKWytYhFyGQSpJYIDmXUYJQs-QFKfA1m22ZvAFBTcaILX3swpEgzEX-0IuvIol0zFYaoyFQX0vg_Q16linNjOHHQBKefEn4gmEA7P_-q59OsWHM-ojftm5rGFztSowCDejFP09H9D63hroC8aLdvWY7lOkqr6KAdXih2qQ44jJqAzWAUn10GzViHwIRuWr4BLlimAzG4sPn8aXqTt3Kpg4Zl_Px9aOR4SVDe11F0Vv0mZM1c65aZGCDBukVUz5e-ZBEBEBHGI2spfXmlLw7yYKPvxTHw7GzmmH1UrTNL9hhBJTx0a7mkeRsYQOKX9a-4VHETEsuBzg7LxeSxK3jB6SHl9GPaud2-tTsDJVj28eWX5t-O5ehWGrOsFesIf6QUOPkfi0IWrlA9emRduizf9ZZG9YtK7xLI_1wDiCmEhJhdzr9DQviwmWSuZ9QH_RwzzP_l3XuBRHo6i4nG5UP73K16nXW30tjfOfA6_N1MPH7dHJrG7f8K9-jjrmYoQ8MfiXbX3HEwVZ8j0N055pv1ZbRQxIL6d54as2cthbQFDka36XrfUlXiap04KoTVvfU9quanJ6Kndu4mZ4JPMbR_ikL01tRyXg-40qUTkFMotahv4d9rE3VSrE25fB9LmxdaARbC3Jz128IaWFTxvUe_O-7ZRn8L2TKEaYPY3N8iIMN6Scb6onQnlArCZGm6IK_5fuEbNQPku2mEw2a1TwEwQubbY3R4RgY1YjVmDwkxzJCDMURkJZB9kkd__q5U6onkPKftw0IVWiA7lbmk_Qviw9WNQn3Pu6yN8MQg3oEhLA6Vm_hzFWdkQ4BBZ0NqooNPRMbWx3gRsUKJQMjnEyMb3RKhwZp066pxE7sInSTbDWzZIV2wHk5zhI-qhF7h9ozmY75SwrL3AYf_WVpHa8pKC3NukKpfVhLFbAFw0F94T-3Pib6m_DLH6_D07QEsDIQy1nvShVS3nziyXc5qrYrhhLbJrhoKfT1SJ08NrZ3UtnctMJKfgNTcl5tVsZLN7m1amj68rtOAP96NJfBiFLFGJE39wsphUetU3FcurgmZBiTDkwprzoiE89r9Zvj48QBItsA-AgAFM0tfSlDaK1Cq8Us9RNXZ7WKNUjR8Z9AUrHluR8f__UTn3HkK9aZbqaJX0_Bo78SxX6lWrqUmRc07kBu9lbJpc3JDPgevdTf5_WO07DVfF-f6_CYOt_VD0IQOD5T2OlgFBOBlHdYWpZhyNtmN0s2HMLfygS-r8Er43KyN35QC5FNN_rvobRwHzd5S5uR7M_-lN_pkF5NDg-IWsV96YbL4phzlExz7LFEl4t5IUAo__GFGdkHqRuUFzCgo2EBHJk-_GVxZ09JIq65KPpJEq44pakG6PvWKciSHNPxd2MswD8V4ywqHQuOybPN9ocPqgKK6L_1nOQ02nMK9cQ3Mz3nzJEMqpO1tRAuWi6CC4WS9qhV5wJdYWyqPkWkOxCAvjjuZ9XNggM_fFG2oUIjVxkjbEhlX_lD9eApmkRkz4c-jiKlXO9_eodGj75Vf_p6gaOX30sBt-WYyjQHQWkYL-N7HX2E6f6kERPAMaXWg-TCfWFGML02u3NqrTiWDUakmPORXZiO7OOJhAOKiWiwXT1sfc1JB1AGs3lyr9XI7y6xemNPWXU2t2k_x96CMDW6eWFODqi9Gav3DztsH_khSs8Q6dMKSL79QNWTn5_qfKneEgfC01eP1zeyxC8AVGc6EO22T7NRoPLduUeitGXkUpIzQrYPEfRTQj-Baa8sjH9hMCC6w1bcbTuAAkPL7LYzmR8hFJ6_x7WX22yvgBvirQIfGBsgSE2p9TlQq8tgt8cWu9hTqALJQfVGsSuxX9TTumfdM6jINGy4OQpb0EggYzlSq9eOaHM1is6UghO9WGWpD-LtU9QKKHBy9Zg7unzfayncs-7OSWuje_80DieJZ3IoAi0zcolV8r9xVdm28cz_IkHfQ9krZS9Awd9b3tUAUJLhhviQYFrQtWNmzG2cuVrb8-LxOCULNdAAGpE3zLtQPV8D-h8LtHUgfodHQqjCfO5kaQ2RKdyerdKt5Wo8NrTEGOenRlsA&cid=CAQSPADq26N9HR0UildFBjhse2ayAtbqcHN1kx2kNY1zhLjyUgu_mLcjrVxA0YouIHIgm-SZEgDbYVi-sLFMehgBIBM&rfl=1%2Chttp%253A%252F%252Fpayment.meshotet.co.il%252F%240

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

00cc46b43af6758dcfa7624e06a7693c06a798e9b7914892a6bd4b31d4bf82fe

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8330060489921088&output=html&h=90&slotname=7481696310&adk=1358332770&adf=2681553333&pi=t.ma~as.7481696310&w=728&lmt=1669636273&url=http%3A%2F%2Fpayment.meshotet.co.il%2F&wgl=1&dt=1669636273752&bpp=3&bdt=2515&idt=3&shv=r20221110&mjsv=m202211100101&ptt=5&saldr=sa&abxe=1&cookie=ID%3De5c2b8f32d271535-22c557059ad700e7%3AT%3D1669636271%3ART%3D1669636271%3AS%3DALNI_MarO7yPojqC77Iw02rEIjhGEaZYqw&gpic=UID%3D00000b894bfbdd44%3AT%3D1669636271%3ART%3D1669636271%3AS%3DALNI_MZzhC403IJiX8T6VzSTaXufM6EWTA&prev_fmts=700x280&prev_slotnames=9307384039%2C5779015096&correlator=7516434026866&frm=20&pv=1&ga_vid=1490776202.1669636272&ga_sid=1669636272&ga_hid=722696231&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=552&ady=1580&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C42531706%2C44777508%2C31070762%2C31070923%2C21066431&oid=2&psts=AMjMPc37YFYYDxAymnmnyIYOqDkWdOlBV5XXXnDoBtSV4VE2l3UAhnCPI8veVjz_EeKvdqaHDK_k5eiiD_o3Un8&pvsid=458249336796641&tmod=711656564&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cebr%7C&abl=CS&pfx=0&fu=0&bc=23&ifi=5&uci=a!5&btvi=1&fsb=1&xpc=5GAK8v6DTR&p=http%3A//payment.meshotet.co.il&dtd=8
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.121 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 28 Nov 2022 11:51:14 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 33369
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20221110/r20110914/ Frame 6313 29 KB
11 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20221110/r20110914/abg_lite.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-A9SKwnr-iLr1RdU5FHta2HS46GYBcglc95xocNb95_dWSeumkaJqG-nonKPdFR1YZCP2KwkDoqD96vWzneTiZKSfw6Cw&cry=1&dbm_d=AKAmf-ABKS_HxZ6cCe8EwL09ACuvwwI5uotLWPv9d54Le9cPiFWu2D4W5_n1yeKkvXxc3aW9Ip8uTMHjSAyB3pYuO0G745ZTyivpQfZQQ6dCna-R_jMMQ-0MV9kIjWHr93M-i2O4_EtrjmhoCdvB_o4rl4jRzR9FB73i3syRIwkxwLiYrqXwpdqCWKYFggPecqEC0dK6tZrgBF7_PvYB7ehrWOQ_ZikN3THElPyvwXbv5SYPy3TWR2h1zE9Cq-9aV0hp7eK6JMbRxlqulJCPJZNmHyPvYAQQry4yNz2iIlvJe4MkCmmC5XjWABzO9bsQRwT_C7pZ2AH9zWJJPx1T3pZRdJLTJ3dKaXepQVv-7KCFYsiyVsZIAG3ErSiDMsp11GDpoBEqW9fc0tgx1Ni0ZR8zO1qXELBi-LurZmGD1ROp2ogfdMcnFGe8tTVTGMoQW8C9wqje3ZXWPWweqJKVohb2oSmLK_Vi19zAN3v4vi5_blyr4sIG-su9UFdvfHny5RPOpoROqi6XYAr9BBYy7ctqR8_xHzNO8Gm0GyCKYoVs_Kiip80KjyTKJVW3k52RMUl7aE_dlvNaUNwiLno79ImcX2g7m_X1WvgKjLFRSRWwmrEvQkB5Ikn0f6iLhvq9BU1plJKD-6AgGuCT_2t5cEOa9nOnpJsTKkEAKFDXHX_eShWEVWukZ8_lcidyr_ZP9jqAOHnva3vccTHx0ZpwWQukYcjOOPCKbpqkHptKEoU6K7elZ4Titc8FiY2OAm1-6IRzAL4inznZ5zKJXHkUJblDmJN0ApTZ7aHKKZNQjzxVmF14w2rlN9EGuLeb-fPETKiFdOYd22gnKNB0kQF-MMowtutqI3cEKVmYnGoXVcGSt_sDJ9SOQmCS9FEWuVCvMVytZqQJaMff2t6gpsAcn6sMR0l4T-ystI0YtMDRrC4zCPaE4jbYKmVZj3l_7vweIuVG0MZbJ4dpz2_-jb1y4vwNFzyVOYfPWuKo1nwJGMsB0divmMblP7LmyZlrykkRn8lnoQgsMUKgpZr2JtMbmsSUplmwg1kiCrnSmpUmVrrj4jqf7vKMsPfa9cgpMqppkI7um9Qp3ylmrrSXEcBrt90BWAndS8pGxRBPfq-kcrCaMJmcHbyjCLKcNQnYjl9pRM6lD75CI-P-xa5YcKu4anT5i6pQ0nnNrwqCq5NFWOvIyMbYXIzQKjZOvqYhPmTP4Wzh454dpGJOo7aRgQD8--z-h_vWSEKv2yCLEAfnM9SseHnzLrvKkcnoxoVDY54q9RME251XpC98A_qosxbbrs62jkA6umd0A2VrqiCHgMGPYfOHh4KWUgfG8fVtzXGFnNi8l6K9JLlhJu7ozA8-zKWytYhFyGQSpJYIDmXUYJQs-QFKfA1m22ZvAFBTcaILX3swpEgzEX-0IuvIol0zFYaoyFQX0vg_Q16linNjOHHQBKefEn4gmEA7P_-q59OsWHM-ojftm5rGFztSowCDejFP09H9D63hroC8aLdvWY7lOkqr6KAdXih2qQ44jJqAzWAUn10GzViHwIRuWr4BLlimAzG4sPn8aXqTt3Kpg4Zl_Px9aOR4SVDe11F0Vv0mZM1c65aZGCDBukVUz5e-ZBEBEBHGI2spfXmlLw7yYKPvxTHw7GzmmH1UrTNL9hhBJTx0a7mkeRsYQOKX9a-4VHETEsuBzg7LxeSxK3jB6SHl9GPaud2-tTsDJVj28eWX5t-O5ehWGrOsFesIf6QUOPkfi0IWrlA9emRduizf9ZZG9YtK7xLI_1wDiCmEhJhdzr9DQviwmWSuZ9QH_RwzzP_l3XuBRHo6i4nG5UP73K16nXW30tjfOfA6_N1MPH7dHJrG7f8K9-jjrmYoQ8MfiXbX3HEwVZ8j0N055pv1ZbRQxIL6d54as2cthbQFDka36XrfUlXiap04KoTVvfU9quanJ6Kndu4mZ4JPMbR_ikL01tRyXg-40qUTkFMotahv4d9rE3VSrE25fB9LmxdaARbC3Jz128IaWFTxvUe_O-7ZRn8L2TKEaYPY3N8iIMN6Scb6onQnlArCZGm6IK_5fuEbNQPku2mEw2a1TwEwQubbY3R4RgY1YjVmDwkxzJCDMURkJZB9kkd__q5U6onkPKftw0IVWiA7lbmk_Qviw9WNQn3Pu6yN8MQg3oEhLA6Vm_hzFWdkQ4BBZ0NqooNPRMbWx3gRsUKJQMjnEyMb3RKhwZp066pxE7sInSTbDWzZIV2wHk5zhI-qhF7h9ozmY75SwrL3AYf_WVpHa8pKC3NukKpfVhLFbAFw0F94T-3Pib6m_DLH6_D07QEsDIQy1nvShVS3nziyXc5qrYrhhLbJrhoKfT1SJ08NrZ3UtnctMJKfgNTcl5tVsZLN7m1amj68rtOAP96NJfBiFLFGJE39wsphUetU3FcurgmZBiTDkwprzoiE89r9Zvj48QBItsA-AgAFM0tfSlDaK1Cq8Us9RNXZ7WKNUjR8Z9AUrHluR8f__UTn3HkK9aZbqaJX0_Bo78SxX6lWrqUmRc07kBu9lbJpc3JDPgevdTf5_WO07DVfF-f6_CYOt_VD0IQOD5T2OlgFBOBlHdYWpZhyNtmN0s2HMLfygS-r8Er43KyN35QC5FNN_rvobRwHzd5S5uR7M_-lN_pkF5NDg-IWsV96YbL4phzlExz7LFEl4t5IUAo__GFGdkHqRuUFzCgo2EBHJk-_GVxZ09JIq65KPpJEq44pakG6PvWKciSHNPxd2MswD8V4ywqHQuOybPN9ocPqgKK6L_1nOQ02nMK9cQ3Mz3nzJEMqpO1tRAuWi6CC4WS9qhV5wJdYWyqPkWkOxCAvjjuZ9XNggM_fFG2oUIjVxkjbEhlX_lD9eApmkRkz4c-jiKlXO9_eodGj75Vf_p6gaOX30sBt-WYyjQHQWkYL-N7HX2E6f6kERPAMaXWg-TCfWFGML02u3NqrTiWDUakmPORXZiO7OOJhAOKiWiwXT1sfc1JB1AGs3lyr9XI7y6xemNPWXU2t2k_x96CMDW6eWFODqi9Gav3DztsH_khSs8Q6dMKSL79QNWTn5_qfKneEgfC01eP1zeyxC8AVGc6EO22T7NRoPLduUeitGXkUpIzQrYPEfRTQj-Baa8sjH9hMCC6w1bcbTuAAkPL7LYzmR8hFJ6_x7WX22yvgBvirQIfGBsgSE2p9TlQq8tgt8cWu9hTqALJQfVGsSuxX9TTumfdM6jINGy4OQpb0EggYzlSq9eOaHM1is6UghO9WGWpD-LtU9QKKHBy9Zg7unzfayncs-7OSWuje_80DieJZ3IoAi0zcolV8r9xVdm28cz_IkHfQ9krZS9Awd9b3tUAUJLhhviQYFrQtWNmzG2cuVrb8-LxOCULNdAAGpE3zLtQPV8D-h8LtHUgfodHQqjCfO5kaQ2RKdyerdKt5Wo8NrTEGOenRlsA&cid=CAQSPADq26N9HR0UildFBjhse2ayAtbqcHN1kx2kNY1zhLjyUgu_mLcjrVxA0YouIHIgm-SZEgDbYVi-sLFMehgBIBM&rfl=1%2Chttp%253A%252F%252Fpayment.meshotet.co.il%252F%240

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

2c19d105106bf6f55dd15da3523b88f88921e03cf54e1efaa138922fc12397c5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.121 Safari/537.36

Response headers

date: Sun, 27 Nov 2022 16:51:11 GMT
content-encoding: br
x-content-type-options: nosniff
age: 68403
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11206
x-xss-protection: 0
server: cafe
etag: 16690196781007480285
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 11 Dec 2022 16:51:11 GMT

GET
H3 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20221110/r20110914/elements/html/ Frame 6313 8 KB
3 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20221110/r20110914/elements/html/omrhp.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

1d84738c2afaf595ff5d4921d8dc6bb5ce19a7b9c33a6c02d8a35ff80611cc87

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.121 Safari/537.36

Response headers

date: Sun, 27 Nov 2022 11:55:20 GMT
content-encoding: br
x-content-type-options: nosniff
age: 86154
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2986
x-xss-protection: 0
server: cafe
etag: 3296546412363819624
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 11 Dec 2022 11:55:20 GMT

GET
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame 6313 0
0 91ms
54ms Fetch
image/gif 172.217.16.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjstoCxsn8H41xIIzcj8P8eKj9ZpPHTp7sVscqwvYDclLkCrPDf0TVPuaAK8FTfHmPYa44TQx411xGj8SDlNqVzLq90kW1-ezXrki5UD2OFUZUa_F1qNmGDipf82f01z0_mzaHXx4qVOP0bMMTP3-wffueVQyUKzGzaOcVbtzdjLROd-qOz3cPv6HOragQ4VyIhVVcjSBePle2jA8leC5yOUfE4fSCPlAQELbnVpgOI7O9qy3higwx4SMh12u8BT8auOqpjXGuh_3DpNBGnllceTPAvrAmdRzOg0286Ioalx0lyLNtOqjBQCu7DFM2LZ6_vcxjHQpqFO6pVzJ8q9zMHgBZVFyuYRpAp_mDD6_TzR00GY_Ux84OBXwD3gwzqR9NmWikWr-Q3wHPqzCT9n6URWuj9dfjrN-RnDuS8DEqB--ppFqIAh9tfUJKyHiUVYs869ooTF-yTIqPr7SPReQZHZ9NuUhpnCO-lOCaKn4NSRQn-oewvlDpEsvLOPnzvjrPq76BWJnIA0RVufSbAEAPl4Ck7pNVidjXMjeAoehmtPoeOA-PonsnZD0RkGVACLdnOSQEGV6IB71ktM-TxXrNCnJYfiO3nZvmi4Ka2_1TP3zE8cmrSi0zYhaeY5_rbaI-V2hwZ5AJGv0OwjyFgS7lES9bbegourN9tfR0BgLQNwJ2YJ8nFBsQt3BAlBv0wLK3eHsNAZELm9g7I78CCn-uvpvt3Sdv4lgrWVvnd1Zo6qYS5G_BL7xXmjtupQpWhliPyL26_ADhJC1aeL2BfdECzYRD44OTGB9o-fXBXzey6sxyhn_JKIvZ3AKCUBl5JPEp1bp-pwF-WeyuvCSHtRHSj_XiHTO5bLXy0vm8tdI0qMi2NJb875-bBm5E8ND67CpUkx7JUipY-gLfQOTKyv_HD_P3gECScciU0wnbe5i0wrpq94_4i-18wNbqpt7oaEcTgknP11tSyGzt6eKWDR5C29mIeFvrTb78bbW-cHdBBfWn0-mEZ9gVJRaFV2afeO2Y4UrumnFAFF-84ZweriVkncjSFQkMXkEWoNeLJmslY7i2AsamOdLBwQ4Z9vG4HhM5BrH2l2AVBqyBUf_Wp7BnRVdWuC1FBcupKcjoMm7EpdgjBF6QYNjuuPDBYKYhxbJcRDTOFfPBTQsMuElKti9t1AmAkwCtIYoQBZDuigSmlPkxnbqEnnKWpLlbMhhoxRIb8Cke9dg8O_ul_9VyeOb3ZxSAdnC8xt6lfU41v5Vm2TnS3QH5n4UK6kb7oGPGf7IH-sXR-GCRL5tb5KuzfvxwrN1eWvYs8ai9VCuRdrkH9zvzYZztk2E1Vu7cZYdg3l5KfpHuw50vsXUydhTysYAnrgX-4gDjRgazd9H&sai=AMfl-YQiTXlWrbaCLzCMt2GqV9vrrxoyT1z1otxO_sAk2hY2CZ6ewBdhyGHVQsjgp8AlVqiuYEWN-9eQZFacpRYyqqum-M_cfwirHPfVVgN-bL1DbD0fe1F_-vG5rhqpFf9Z4R7yxCZqLaONYGjHv_jCRr79laW6-v5qQ6XjjP63lCSiZfyoJB6cqAlFpYxrndSC91dxJRFsFOQEQ24lDEyxbg5dQwIrjAgAXOqe2oKxbslTDcZ8nS9l3FbpqeYBx1w-ohpRkNM9uNq55Q&sig=Cg0ArKJSzOol86i0UEbtEAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=1&cbvp=1&cstd=0&cisv=r20221110.93612&arae=0&ftch=1&adurl=

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.16.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

zrh04s06-in-f130.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.121 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Mon, 28 Nov 2022 11:51:14 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Mon, 28 Nov 2022 11:51:14 GMT

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame 6313 41 KB
15 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.121 Safari/537.36

Response headers

date: Fri, 25 Nov 2022 12:06:40 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 258274
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 25 Nov 2023 12:06:40 GMT

GET
H2 200 310851675294947668
s0.2mdn.net/simgad/ Frame 6313 29 KB
29 KB 44ms
7ms Image
image/jpeg 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/simgad/310851675294947668

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1a9b3e23f35af365a985db07784220086853f3a447b67eae4112f700bd4f1872

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.121 Safari/537.36

Response headers

date: Fri, 25 Nov 2022 03:25:57 GMT
x-content-type-options: nosniff
age: 289517
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 29203
x-xss-protection: 0
last-modified: Wed, 23 Mar 2022 17:15:05 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 25 Nov 2023 03:25:57 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 4E95
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEH4FgB93hJ9Wa0uNau-_x_s&google_cver=1

43 B
766 B

8ms
8ms

Image
image/gif

185.80.39.216
CASALE-MEDIA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEH4FgB93hJ9Wa0uNau-_x_s&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CLbFxQEQq9bcARir-IvGATAB&v=APEucNU_vf2gkIdVkuuOzc3y6gZdmw2XdpnX4E_JNEFnVS562JdPQDXHRtAWJunqvv8OcXH3hinZp4EmmzfpWRxqkFV7ZgT9EBCqvFm3Go80PRI3OhJ_s7pUaUH66_yNIcPcmSrhtMvnqOs3l_eRNUifGO5DtLKUQVnTNOo3iogpuwNdWUYAGU4
Protocol: HTTP/1.1
Server: 185.80.39.216 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.121 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 28 Nov 2022 11:51:14 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: image/gif
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=499
Content-Length: 43
Expires: 0

Redirect headers

pragma: no-cache
date: Mon, 28 Nov 2022 11:51:14 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEH4FgB93hJ9Wa0uNau-_x_s&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 4E95
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=Y4SgsjYLQlfEz.FfsQgUNgAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEH4FgB93hJ9Wa0uNau-_x_s&google_cver=1&google_hm=2

43 B
766 B

10ms
9ms

Image
image/gif

185.80.39.216
CASALE-MEDIA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEH4FgB93hJ9Wa0uNau-_x_s&google_cver=1&google_hm=2
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CLbFxQEQq9bcARir-IvGATAB&v=APEucNU_vf2gkIdVkuuOzc3y6gZdmw2XdpnX4E_JNEFnVS562JdPQDXHRtAWJunqvv8OcXH3hinZp4EmmzfpWRxqkFV7ZgT9EBCqvFm3Go80PRI3OhJ_s7pUaUH66_yNIcPcmSrhtMvnqOs3l_eRNUifGO5DtLKUQVnTNOo3iogpuwNdWUYAGU4
Protocol: HTTP/1.1
Server: 185.80.39.216 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.121 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 28 Nov 2022 11:51:14 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: image/gif
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=497
Content-Length: 43
Expires: 0

Redirect headers

pragma: no-cache
date: Mon, 28 Nov 2022 11:51:14 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEH4FgB93hJ9Wa0uNau-_x_s&google_cver=1&google_hm=2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 329
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

setuid
ib.adnxs.com/ Frame 4E95
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEBWTwihGpyFdFzgXW6vrQTA&google_cver=1

43 B
1019 B

14ms
6ms

Image
image/gif

37.252.171.84
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=101&code=CAESEBWTwihGpyFdFzgXW6vrQTA&google_cver=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CLbFxQEQq9bcARir-IvGATAB&v=APEucNU_vf2gkIdVkuuOzc3y6gZdmw2XdpnX4E_JNEFnVS562JdPQDXHRtAWJunqvv8OcXH3hinZp4EmmzfpWRxqkFV7ZgT9EBCqvFm3Go80PRI3OhJ_s7pUaUH66_yNIcPcmSrhtMvnqOs3l_eRNUifGO5DtLKUQVnTNOo3iogpuwNdWUYAGU4

Protocol

HTTP/1.1

Server

37.252.171.84 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

1002.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.121 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 28 Nov 2022 11:51:14 GMT
AN-X-Request-Uuid: a4ac2bb5-17e2-4001-a149-4177c9e046e3
Server: nginx/1.21.3
Content-Type: image/gif
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
X-Proxy-Origin: 146.70.117.101; 146.70.117.101; 1002.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 28 Nov 2022 11:51:14 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://ib.adnxs.com/setuid?entity=101&code=CAESEBWTwihGpyFdFzgXW6vrQTA&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 290
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 4E95
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=Njk2MzQ3Mjk1NzIxMTgxMDA3NA%3D%3D

170 B
188 B

37ms
24ms

Image
image/png

142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=Njk2MzQ3Mjk1NzIxMTgxMDA3NA%3D%3D

Requested by

Protocol

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.121 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 28 Nov 2022 11:51:14 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Mon, 28 Nov 2022 11:51:14 GMT
AN-X-Request-Uuid: 3e7f07b1-8a06-43ea-a75c-846b59713ae6
Server: nginx/1.21.3
Content-Type: text/html; charset=utf-8
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=Njk2MzQ3Mjk1NzIxMTgxMDA3NA%3D%3D
Connection: keep-alive
X-Proxy-Origin: 146.70.117.101; 146.70.117.101; 1002.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 8280 1 KB
643 B 7ms
6ms Document
text/html 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.121 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 4028
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=86400
content-encoding: br
content-length: 618
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 28 Nov 2022 10:44:06 GMT
etag: 48472445140208031
expires: Tue, 29 Nov 2022 10:44:06 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 2D7E 22 KB
8 KB 7ms
7ms Document
text/html 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.121 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 258161
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 8395
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Fri, 25 Nov 2022 12:08:33 GMT
expires: Sat, 25 Nov 2023 12:08:33 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame 6313 212 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: d3998eff8cebd186145a6090a4bdcd0d45c4ecb75bfc6f992febc97e263237d9

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.121 Safari/537.36

Response headers

Content-Type: image/png

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 8280
Redirect Chain

https://d.agkn.com/pixel/2175/?google_gid=CAESEJTeaKCS1DhbNW6CWoElQQI&google_cver=1&google_push=ASkJ3FZ-DOAS4YPZFaEjBnqYVZLPvxr4aHnYVIbTbGDA_V7FxwsYzQBTKPB7EJIcFvyoDbL3iJZ9GvUVcMXPz--FV8-OWhdUMrxOA...
https://cm.g.doubleclick.net/pixel?google_nid=ak_dmp&google_push=ASkJ3FZ-DOAS4YPZFaEjBnqYVZLPvxr4aHnYVIbTbGDA_V7FxwsYzQBTKPB7EJIcFvyoDbL3iJZ9GvUVcMXPz--FV8-OWhdUMrxOATJziuMMWArNPT2BTWMkclBYDRkV8GIa...

170 B
188 B

16ms
16ms

Image
image/png

142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=ak_dmp&google_push=ASkJ3FZ-DOAS4YPZFaEjBnqYVZLPvxr4aHnYVIbTbGDA_V7FxwsYzQBTKPB7EJIcFvyoDbL3iJZ9GvUVcMXPz--FV8-OWhdUMrxOATJziuMMWArNPT2BTWMkclBYDRkV8GIa5wpen4A2JxYVEd2HQzN03Vg&google_hm=Q0FFU0VKVGVhS0NTMURoYk5XNkNXb0VsUVFJ

Requested by

Host: payment.meshotet.co.il
URL: http://payment.meshotet.co.il/

Protocol

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.121 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 28 Nov 2022 11:51:14 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Mon, 28 Nov 2022 11:51:14 GMT
Server: Apache-Coyote/1.1
P3P: CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Location: https://cm.g.doubleclick.net/pixel?google_nid=ak_dmp&google_push=ASkJ3FZ-DOAS4YPZFaEjBnqYVZLPvxr4aHnYVIbTbGDA_V7FxwsYzQBTKPB7EJIcFvyoDbL3iJZ9GvUVcMXPz--FV8-OWhdUMrxOATJziuMMWArNPT2BTWMkclBYDRkV8GIa5wpen4A2JxYVEd2HQzN03Vg&google_hm=Q0FFU0VKVGVhS0NTMURoYk5XNkNXb0VsUVFJ
Cache-Control: no-cache, must-revalidate
Connection: keep-alive
Content-Length: 0
Expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 451 466606.gif
id.rlcdn.com/ Frame 8280 0
98 B 39ms
16ms Image
text/plain 35.244.174.68
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://id.rlcdn.com/466606.gif?cparams=google_push%3DASkJ3FYB2mgB7WQUFIv1Qn0zicl9TQn39d40wkQ3DlIxJ7vtgAMbu-7zsyea8RydTykQEZzZi-AJj_HTVozBokJo87yI_8EU6SQFFlEFk9lA0rs6HCAwLf3stD6uQQF_lBSNCVsmqvQUMU8wyl4UXr8kTjI&google_gid=CAESEGBTPwvzgil5ePpMQ0j6egk&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8330060489921088&output=html&h=90&slotname=7481696310&adk=1358332770&adf=2681553333&pi=t.ma~as.7481696310&w=728&lmt=1669636273&url=http%3A%2F%2Fpayment.meshotet.co.il%2F&wgl=1&dt=1669636273752&bpp=3&bdt=2515&idt=3&shv=r20221110&mjsv=m202211100101&ptt=5&saldr=sa&abxe=1&cookie=ID%3De5c2b8f32d271535-22c557059ad700e7%3AT%3D1669636271%3ART%3D1669636271%3AS%3DALNI_MarO7yPojqC77Iw02rEIjhGEaZYqw&gpic=UID%3D00000b894bfbdd44%3AT%3D1669636271%3ART%3D1669636271%3AS%3DALNI_MZzhC403IJiX8T6VzSTaXufM6EWTA&prev_fmts=700x280&prev_slotnames=9307384039%2C5779015096&correlator=7516434026866&frm=20&pv=1&ga_vid=1490776202.1669636272&ga_sid=1669636272&ga_hid=722696231&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=552&ady=1580&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C42531706%2C44777508%2C31070762%2C31070923%2C21066431&oid=2&psts=AMjMPc37YFYYDxAymnmnyIYOqDkWdOlBV5XXXnDoBtSV4VE2l3UAhnCPI8veVjz_EeKvdqaHDK_k5eiiD_o3Un8&pvsid=458249336796641&tmod=711656564&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cebr%7C&abl=CS&pfx=0&fu=0&bc=23&ifi=5&uci=a!5&btvi=1&fsb=1&xpc=5GAK8v6DTR&p=http%3A//payment.meshotet.co.il&dtd=8
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.174.68 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 68.174.244.35.bc.googleusercontent.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.121 Safari/537.36

Response headers

date: Mon, 28 Nov 2022 11:51:14 GMT
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 8280
Redirect Chain

https://e.dlx.addthis.com/e/a-1189/s-3614?redirect_provider_id=3614&ru=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Ddatalogix_dmp%26google_hm%3D%3CNA_ID%3E%26google_push%3DASkJ3FbCyul3...
https://e.dlx.addthis.com/e/a-1189/s-3614?redirect_provider_id=3614&ru=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Ddatalogix_dmp%26google_hm%3D%3CNA_ID%3E%26google_push%3DASkJ3FbCyul3...
https://cm.g.doubleclick.net/pixel?google_nid=datalogix_dmp&google_hm=MjAyMjExMjgxMTUxMTUwMDAxMzM2ODEwODE0OQ%3D%3D&google_push=ASkJ3FbCyul3sCiPbCNyTui162JsvmellWXk1h0cn0VDZSwA24tjHbRRESv6AsZtVQEJ4k...

170 B
188 B

18ms
18ms

Image
image/png

142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=datalogix_dmp&google_hm=MjAyMjExMjgxMTUxMTUwMDAxMzM2ODEwODE0OQ%3D%3D&google_push=ASkJ3FbCyul3sCiPbCNyTui162JsvmellWXk1h0cn0VDZSwA24tjHbRRESv6AsZtVQEJ4kRUWAqm7MfLNcrwYapY9b47fdZ_MDg4IzMC85kIP9tFnBsfnZuD_lNxlbdwejWIUDOcksUMVSICOOxaEoNLdIw

Requested by

Host: payment.meshotet.co.il
URL: http://payment.meshotet.co.il/

Protocol

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.121 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 28 Nov 2022 11:51:15 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=datalogix_dmp&google_hm=MjAyMjExMjgxMTUxMTUwMDAxMzM2ODEwODE0OQ%3D%3D&google_push=ASkJ3FbCyul3sCiPbCNyTui162JsvmellWXk1h0cn0VDZSwA24tjHbRRESv6AsZtVQEJ4kRUWAqm7MfLNcrwYapY9b47fdZ_MDg4IzMC85kIP9tFnBsfnZuD_lNxlbdwejWIUDOcksUMVSICOOxaEoNLdIw
pragma: no-cache
date: Mon, 28 Nov 2022 11:51:15 GMT
cache-control: max-age=0, no-cache, no-store
strict-transport-security: max-age=2628000
content-length: 0
expires: Mon, 28 Nov 2022 11:51:15 GMT

GET
H2 200 sync
odr.mookie1.com/t/v2/ Frame 8280 43 B
356 B 48ms
18ms Image
image/gif 34.98.67.61
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://odr.mookie1.com/t/v2/sync?tagid=V2_4531&src.visitorid=CAESEF9rIYIpM6wA_vfeaxNKKSg&google_push=ASkJ3Fbh_yN4jenJYGPD_XZDJv4KvWBJ7x_L_Wi7Q5HNuiqnbpKim2E-QPjHzVgYZ3466qrZ2B6iyNn05RM_wW7gNPjDL6LpvBKBa0tDEqt6TGqhYoY9ZXuTKBFKHE0dFlgxR490zDqtEU_AoAtUJWBZ7K8&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8330060489921088&output=html&h=90&slotname=7481696310&adk=1358332770&adf=2681553333&pi=t.ma~as.7481696310&w=728&lmt=1669636273&url=http%3A%2F%2Fpayment.meshotet.co.il%2F&wgl=1&dt=1669636273752&bpp=3&bdt=2515&idt=3&shv=r20221110&mjsv=m202211100101&ptt=5&saldr=sa&abxe=1&cookie=ID%3De5c2b8f32d271535-22c557059ad700e7%3AT%3D1669636271%3ART%3D1669636271%3AS%3DALNI_MarO7yPojqC77Iw02rEIjhGEaZYqw&gpic=UID%3D00000b894bfbdd44%3AT%3D1669636271%3ART%3D1669636271%3AS%3DALNI_MZzhC403IJiX8T6VzSTaXufM6EWTA&prev_fmts=700x280&prev_slotnames=9307384039%2C5779015096&correlator=7516434026866&frm=20&pv=1&ga_vid=1490776202.1669636272&ga_sid=1669636272&ga_hid=722696231&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=552&ady=1580&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C42531706%2C44777508%2C31070762%2C31070923%2C21066431&oid=2&psts=AMjMPc37YFYYDxAymnmnyIYOqDkWdOlBV5XXXnDoBtSV4VE2l3UAhnCPI8veVjz_EeKvdqaHDK_k5eiiD_o3Un8&pvsid=458249336796641&tmod=711656564&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cebr%7C&abl=CS&pfx=0&fu=0&bc=23&ifi=5&uci=a!5&btvi=1&fsb=1&xpc=5GAK8v6DTR&p=http%3A//payment.meshotet.co.il&dtd=8
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.98.67.61 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 61.67.98.34.bc.googleusercontent.com
Software: Apache /
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.121 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 28 Nov 2022 11:51:14 GMT
via: 1.1 google
server: Apache
content-type: image/gif;charset=UTF-8
p3p: CP="NON DSP COR NID CURa PSAa PSDa OUR STP UNI COM NAV STA LOC OTC",policyref="/w3c/p3p.xml"
cache-control: no-cache, no-store, must-revalidate
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
x-application-context: application
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 dds
rtb.openx.net/sync/ Frame 8280 43 B
351 B 55ms
33ms Image
image/gif 35.227.252.103
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb.openx.net/sync/dds?google_gid=CAESEIwn8N3BZIHq7rikjo0xhk4&google_cver=1&google_push=ASkJ3FbbKshJreyPU46n89m-YSolAb0LoCg6N8pr82j-Eqr5JotTwY2LffwHhD_TGASWeZ4p-STEEHANToUyQMIqwjVNk8HCL5oorVQ1bLtmSfQDljaVUYNN-T2g9PB1Tg7b4M6nc2hXNM2JAQlVgoQtxw
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8330060489921088&output=html&h=90&slotname=7481696310&adk=1358332770&adf=2681553333&pi=t.ma~as.7481696310&w=728&lmt=1669636273&url=http%3A%2F%2Fpayment.meshotet.co.il%2F&wgl=1&dt=1669636273752&bpp=3&bdt=2515&idt=3&shv=r20221110&mjsv=m202211100101&ptt=5&saldr=sa&abxe=1&cookie=ID%3De5c2b8f32d271535-22c557059ad700e7%3AT%3D1669636271%3ART%3D1669636271%3AS%3DALNI_MarO7yPojqC77Iw02rEIjhGEaZYqw&gpic=UID%3D00000b894bfbdd44%3AT%3D1669636271%3ART%3D1669636271%3AS%3DALNI_MZzhC403IJiX8T6VzSTaXufM6EWTA&prev_fmts=700x280&prev_slotnames=9307384039%2C5779015096&correlator=7516434026866&frm=20&pv=1&ga_vid=1490776202.1669636272&ga_sid=1669636272&ga_hid=722696231&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=552&ady=1580&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C42531706%2C44777508%2C31070762%2C31070923%2C21066431&oid=2&psts=AMjMPc37YFYYDxAymnmnyIYOqDkWdOlBV5XXXnDoBtSV4VE2l3UAhnCPI8veVjz_EeKvdqaHDK_k5eiiD_o3Un8&pvsid=458249336796641&tmod=711656564&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cebr%7C&abl=CS&pfx=0&fu=0&bc=23&ifi=5&uci=a!5&btvi=1&fsb=1&xpc=5GAK8v6DTR&p=http%3A//payment.meshotet.co.il&dtd=8
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.227.252.103 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 103.252.227.35.bc.googleusercontent.com
Software: Cowboy /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.121 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 28 Nov 2022 11:51:14 GMT
via: 1.1 google
server: Cowboy
vary: Origin
p3p: CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin: null
access-control-expose-headers
cache-control: private, max-age=0, no-cache, must-revalidate
access-control-allow-credentials: true
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
x-request-id: iknrfuch97rolr2qddhdptpkad7eqna5

GET
H2 200 trk
ag.innovid.com/ Frame 8280 43 B
297 B 164ms
20ms Image
image/gif 2a05:d01c:1d8:8102:ae06:c39a:c9e8:4832
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ag.innovid.com/trk?tid=11711&google_gid=CAESEO-T_gyPCIdypna8TKfLZxE&google_cver=1&google_push=ASkJ3FYAivgIiYb_RveJ-6W8LfYnOGwsEyn047XqA9uNz1w8A09O1K0ouSDiKucL6dX6uOqL2WgUr16VMB_sv0Dtpyd9Cr5FucidB6FLi7I0cLCBq8mvrskffEoTZoQjQ6LhraktgKNnqMj11-FsTROuf_8
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8330060489921088&output=html&h=90&slotname=7481696310&adk=1358332770&adf=2681553333&pi=t.ma~as.7481696310&w=728&lmt=1669636273&url=http%3A%2F%2Fpayment.meshotet.co.il%2F&wgl=1&dt=1669636273752&bpp=3&bdt=2515&idt=3&shv=r20221110&mjsv=m202211100101&ptt=5&saldr=sa&abxe=1&cookie=ID%3De5c2b8f32d271535-22c557059ad700e7%3AT%3D1669636271%3ART%3D1669636271%3AS%3DALNI_MarO7yPojqC77Iw02rEIjhGEaZYqw&gpic=UID%3D00000b894bfbdd44%3AT%3D1669636271%3ART%3D1669636271%3AS%3DALNI_MZzhC403IJiX8T6VzSTaXufM6EWTA&prev_fmts=700x280&prev_slotnames=9307384039%2C5779015096&correlator=7516434026866&frm=20&pv=1&ga_vid=1490776202.1669636272&ga_sid=1669636272&ga_hid=722696231&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=552&ady=1580&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C42531706%2C44777508%2C31070762%2C31070923%2C21066431&oid=2&psts=AMjMPc37YFYYDxAymnmnyIYOqDkWdOlBV5XXXnDoBtSV4VE2l3UAhnCPI8veVjz_EeKvdqaHDK_k5eiiD_o3Un8&pvsid=458249336796641&tmod=711656564&uas=0&nvt=1&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cebr%7C&abl=CS&pfx=0&fu=0&bc=23&ifi=5&uci=a!5&btvi=1&fsb=1&xpc=5GAK8v6DTR&p=http%3A//payment.meshotet.co.il&dtd=8
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a05:d01c:1d8:8102:ae06:c39a:c9e8:4832 London, United Kingdom, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.121 Safari/537.36

Response headers

content-type: image/gif
pragma: no-cache
date: Mon, 28 Nov 2022 11:51:14 GMT
cache-control: no-cache
content-length: 43
request-time: 0
expires: -1

GET googleredir
googlecm.hit.gemius.pl/ Frame 8280 0
0

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame 8280 0
12 B 38ms
22ms Image
text/html 142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13JJhw-CFJXI6d0rnwqqUpDPAlu4HHi3ITSJxKLNSSDWB2NMONucx8REUbdIBDg9i6vrFmvCdQ

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.121 Safari/537.36

Response headers

date: Mon, 28 Nov 2022 11:51:14 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame 6313 0
0 48ms
46ms Fetch
image/gif 172.217.16.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjstoCxsn8H41xIIzcj8P8eKj9ZpPHTp7sVscqwvYDclLkCrPDf0TVPuaAK8FTfHmPYa44TQx411xGj8SDlNqVzLq90kW1-ezXrki5UD2OFUZUa_F1qNmGDipf82f01z0_mzaHXx4qVOP0bMMTP3-wffueVQyUKzGzaOcVbtzdjLROd-qOz3cPv6HOragQ4VyIhVVcjSBePle2jA8leC5yOUfE4fSCPlAQELbnVpgOI7O9qy3higwx4SMh12u8BT8auOqpjXGuh_3DpNBGnllceTPAvrAmdRzOg0286Ioalx0lyLNtOqjBQCu7DFM2LZ6_vcxjHQpqFO6pVzJ8q9zMHgBZVFyuYRpAp_mDD6_TzR00GY_Ux84OBXwD3gwzqR9NmWikWr-Q3wHPqzCT9n6URWuj9dfjrN-RnDuS8DEqB--ppFqIAh9tfUJKyHiUVYs869ooTF-yTIqPr7SPReQZHZ9NuUhpnCO-lOCaKn4NSRQn-oewvlDpEsvLOPnzvjrPq76BWJnIA0RVufSbAEAPl4Ck7pNVidjXMjeAoehmtPoeOA-PonsnZD0RkGVACLdnOSQEGV6IB71ktM-TxXrNCnJYfiO3nZvmi4Ka2_1TP3zE8cmrSi0zYhaeY5_rbaI-V2hwZ5AJGv0OwjyFgS7lES9bbegourN9tfR0BgLQNwJ2YJ8nFBsQt3BAlBv0wLK3eHsNAZELm9g7I78CCn-uvpvt3Sdv4lgrWVvnd1Zo6qYS5G_BL7xXmjtupQpWhliPyL26_ADhJC1aeL2BfdECzYRD44OTGB9o-fXBXzey6sxyhn_JKIvZ3AKCUBl5JPEp1bp-pwF-WeyuvCSHtRHSj_XiHTO5bLXy0vm8tdI0qMi2NJb875-bBm5E8ND67CpUkx7JUipY-gLfQOTKyv_HD_P3gECScciU0wnbe5i0wrpq94_4i-18wNbqpt7oaEcTgknP11tSyGzt6eKWDR5C29mIeFvrTb78bbW-cHdBBfWn0-mEZ9gVJRaFV2afeO2Y4UrumnFAFF-84ZweriVkncjSFQkMXkEWoNeLJmslY7i2AsamOdLBwQ4Z9vG4HhM5BrH2l2AVBqyBUf_Wp7BnRVdWuC1FBcupKcjoMm7EpdgjBF6QYNjuuPDBYKYhxbJcRDTOFfPBTQsMuElKti9t1AmAkwCtIYoQBZDuigSmlPkxnbqEnnKWpLlbMhhoxRIb8Cke9dg8O_ul_9VyeOb3ZxSAdnC8xt6lfU41v5Vm2TnS3QH5n4UK6kb7oGPGf7IH-sXR-GCRL5tb5KuzfvxwrN1eWvYs8ai9VCuRdrkH9zvzYZztk2E1Vu7cZYdg3l5KfpHuw50vsXUydhTysYAnrgX-4gDjRgazd9H&sai=AMfl-YQiTXlWrbaCLzCMt2GqV9vrrxoyT1z1otxO_sAk2hY2CZ6ewBdhyGHVQsjgp8AlVqiuYEWN-9eQZFacpRYyqqum-M_cfwirHPfVVgN-bL1DbD0fe1F_-vG5rhqpFf9Z4R7yxCZqLaONYGjHv_jCRr79laW6-v5qQ6XjjP63lCSiZfyoJB6cqAlFpYxrndSC91dxJRFsFOQEQ24lDEyxbg5dQwIrjAgAXOqe2oKxbslTDcZ8nS9l3FbpqeYBx1w-ohpRkNM9uNq55Q&sig=Cg0ArKJSzOol86i0UEbtEAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=88&vt=11&dtpt=87&dett=2&cstd=0&cisv=r20221110.93612&arae=0&ftch=1&adurl=

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.16.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

zrh04s06-in-f130.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.121 Safari/537.36

Response headers

date: Mon, 28 Nov 2022 11:51:14 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Mon, 28 Nov 2022 11:51:14 GMT

GET
H3 200 Cy76TGYNwlBdeFKzRh_Qc2a075RKB_J9dWAUlCdaUYI.js Show response
pagead2.googlesyndication.com/bg/ Frame 2D7E 36 KB
16 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/Cy76TGYNwlBdeFKzRh_Qc2a075RKB_J9dWAUlCdaUYI.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0b2efa4c660dc2505d7852b3461fd07366b4ef944a07f27d75601494275a5182

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.121 Safari/537.36

Response headers

date: Mon, 28 Nov 2022 11:09:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 2486
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15969
x-xss-protection: 0
last-modified: Thu, 03 Nov 2022 09:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 28 Nov 2023 11:09:48 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 2D7E 0
20 B 44ms
44ms Image
image/gif 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BhHOVsqCEY6DhIpTD7_UPtpeRwAwAAAAAOAHgBAI&bg=!m5ilmNzNAAbvMpMzzzI7ACkAdvg8WpaxSvmdGbSl-wtuOJP5fB6ggst0Tls2OKAizRZqoq2e8nshdwIAAABcUgAAAAJoAQeZAtTHtybZHGdK5uSV3EEsJmOeTHRY8fkd8bXXmoQ3qjLY6DkF-KIgWRjHFcsCFOii7s837Btb-iZB6jqD4yGCSzNBuC29bQURlX57RCMFJKgqa3LvQmhn8zssQpiVjuCEFmxjQTMq5gSVA8dz7X1i8xp-Tuod5aBYumKhJT1PIVByqrVQoWfQ9Rr2R38-En1P9VF_-ps-NOrfuaeddCKMQoLR6UQo2vjqdsu68vMHAJdmN1QPNwe9mD9wOeXM4HqXDP9ZsV4G3sHBLq4J3nn9xaObUUkunmc2wm5kqZTDFd8mbvLSGJW1uPgqTCiggs9MdjtEZsAH6sxMt0JWUGeNfHrfFvX090kbkkziPEJwd04SHpecT1wD5kjYdPsiQkR_NqtNi0K7DnZI_1fUB0P6kyAYnHkIwAejDPk0BlK2FvDocue7qt9t_0GS0BjFNxm2BoPr5edt1ezj0rgjXLQXRh0TW8xj8PZsWbyh4iNb8lnxxE09HBHUiTLKylE6x1Y1ibAeg2BCzNT4hCk0JZcr4ppJdGx4z6kvsoEnJCJOytoHQd-T4qXM7VaYqz2rRgroY5X9y2PyLFEK632kV_4qu4uPAwk4LKTmmp_qSUyq11j9YAC837j4baF3uqsUd8AK5ex0ncqZKrvFW92zZZeZKLNKhgi8rwEpHH-AZ5wUNMemopYnmvPeBQMCOWotkU2eL-b3nLy_S8Vqh9LGOajjjoL0ukjt3D86aUOLdTUJ6jOU0NEQ4E_OTliJTll6NEkqDkfogrmcjX-3OVXev4KGbTC3bmvMDsobZlNfMUvgI7Iz4-MxnIpkuHN_H183BKQLt9Bmfsk4-MynhWviLycwKNDdu_tfjAOwTjHjaegpdyl7brbeS6MIxKvEzKrft76RI7in8OqZQdI_F4_mfeYp1qwdCH7TtvSY2LBdrkFbSPytzNj8mgaU6h-8iXBA31eCXq_0ZDd4

Requested by

Host: payment.meshotet.co.il
URL: http://payment.meshotet.co.il/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.121 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 28 Nov 2022 11:51:14 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: googlecm.hit.gemius.pl
URL: https://googlecm.hit.gemius.pl/googleredir?rid=tknhntsqez&id=ndBK6L_fzwx7rssCbe8.iLes3yi8eMbF6r2JE6Xu.b7.N7&google_gid=CAESEAXd9UySjTl-4zZbXi_L95M&google_cver=1&google_push=ASkJ3FaUWREZBUEyTR9IzoxW20UGQTs3bsJ5fZiBU7YGw_-CMsbagFwjTCV_74O6skBH7FSXqBi4H7MsWX-_IkU2Ctc4NpilkK4KVZgbbG2-jsSmRpYNOGTH7qfm4_Go8Y02FTHfTuy4hx7tP0N95yFVHnM

Verdicts & Comments Add Verdict or Comment

223 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

21 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
payment.meshotet.co.il/	1969-12-31 23:59:59	Name: PHPSESSID Value: 60588nd6s9ogsv25bgf6q9e55k
.meshotet.co.il/	1970-01-20 17:08:52	Name: __gads Value: ID=e5c2b8f32d271535-22c557059ad700e7:T=1669636271:RT=1669636271:S=ALNI_MarO7yPojqC77Iw02rEIjhGEaZYqw
.meshotet.co.il/	1970-01-20 17:08:52	Name: __gpi Value: UID=00000b894bfbdd44:T=1669636271:RT=1669636271:S=ALNI_MZzhC403IJiX8T6VzSTaXufM6EWTA
.doubleclick.net/	1970-01-20 17:08:52	Name: IDE Value: AHWqTUlGs5Lo5eDxUWZU9nrzRHqm5nxu_W1HgjEkomCWM0zymjoxJlw8nIddAgO4E-A
.adnxs.com/	1970-01-20 09:56:52	Name: uuid2 Value: 6963472957211810074
.casalemedia.com/	1970-01-20 16:32:52	Name: CMID Value: Y4SgsjYLQlfEz.FfsQgUNgAA
.casalemedia.com/	1970-01-20 09:56:52	Name: CMPS Value: 5158
.casalemedia.com/	1970-01-20 09:56:52	Name: CMPRO Value: 5158
.adnxs.com/	1970-01-20 09:56:52	Name: anj Value: dTM7k!M41.D>6NRF']wIg2ImKG%C-O!@wnfH8K6pQK`!5=E<L5?%K17N^vdsHdp2bJmE7]2`d]A/iD?11pm<X[R3bpRzqF1`b_Ok.tVj
.agkn.com/	1970-01-20 16:32:52	Name: ab Value: 0001%3Aie69XW%2BCgVREg%2Bz5ad08TiVLXvyYvvEE
.agkn.com/	1970-01-20 16:32:52	Name: u Value: C\|0CEArF10yKxddMgAAAAAAAQ13AQCAAQpAAAAAAA
.innovid.com/	1970-01-20 09:56:52	Name: uuid Value: b25f6d05-6f14-4f71-ae56-f59177c51f2e-20221128 06:51:14
.e.dlx.addthis.com/	1970-01-20 17:17:30	Name: na_tc Value: Y
.addthis.com/	1970-01-20 17:17:30	Name: na_id Value: 2022112811511500013368108149
.addthis.com/	1970-01-20 17:17:30	Name: na_tc Value: Y
.addthis.com/	1970-01-20 17:17:30	Name: uid Value: 6384a0b3e24c2838
.addthis.com/	1970-01-20 17:17:30	Name: ouid Value: 6384a0b300010685c7a17a31ab12a7842c527896f3a842e9f4b7
.dlx.addthis.com/	1970-01-20 08:30:28	Name: na_rn Value: 0
.dlx.addthis.com/	1970-01-20 08:30:28	Name: na_sr Value: 20221128
.dlx.addthis.com/	1970-01-20 07:47:16	Name: na_srp Value: 3614
.dlx.addthis.com/	1970-01-20 08:30:28	Name: na_sc_e Value: 0

4 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
other	warning	URL: https://cdn.ampproject.org/rtv/012211060024000/v0/amp-ad-exit-0.1.mjs(Line 1) Message: Unrecognized feature: 'attribution-reporting'.
network	error	URL: http://pagead2.googlesyndication.com/pagead/js/r20160816/r20160727/show_ads_impl.js Message: Failed to load resource: the server responded with a status of 404 (Not Found)
network	error	URL: https://googlecm.hit.gemius.pl/googleredir?rid=tknhntsqez&id=ndBK6L_fzwx7rssCbe8.iLes3yi8eMbF6r2JE6Xu.b7.N7&google_gid=CAESEAXd9UySjTl-4zZbXi_L95M&google_cver=1&google_push=ASkJ3FaUWREZBUEyTR9IzoxW20UGQTs3bsJ5fZiBU7YGw_-CMsbagFwjTCV_74O6skBH7FSXqBi4H7MsWX-_IkU2Ctc4NpilkK4KVZgbbG2-jsSmRpYNOGTH7qfm4_Go8Y02FTHfTuy4hx7tP0N95yFVHnM Message: Failed to load resource: net::ERR_ADDRESS_UNREACHABLE
network	error	URL: https://id.rlcdn.com/466606.gif?cparams=google_push%3DASkJ3FYB2mgB7WQUFIv1Qn0zicl9TQn39d40wkQ3DlIxJ7vtgAMbu-7zsyea8RydTykQEZzZi-AJj_HTVozBokJo87yI_8EU6SQFFlEFk9lA0rs6HCAwLf3stD6uQQF_lBSNCVsmqvQUMU8wyl4UXr8kTjI&google_gid=CAESEGBTPwvzgil5ePpMQ0j6egk&google_cver=1 Message: Failed to load resource: the server responded with a status of 451 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

adservice.google.com
adservice.google.de
ag.innovid.com
cdn.ampproject.org
cm.g.doubleclick.net
d.agkn.com
dsum-sec.casalemedia.com
e.dlx.addthis.com
googleads.g.doubleclick.net
googleads4.g.doubleclick.net
googlecm.hit.gemius.pl
ib.adnxs.com
id.rlcdn.com
odr.mookie1.com
pagead2.googlesyndication.com
partner.googleadservices.com
payment.meshotet.co.il
rtb.openx.net
s0.2mdn.net
static.xx.fbcdn.net
tpc.googlesyndication.com
web.archive.org
www.facebook.com
www.google.com
www.googletagservices.com
googlecm.hit.gemius.pl
104.76.200.221
142.250.185.66
172.217.16.130
185.80.39.216
207.241.237.3
212.150.101.186
2a00:1450:4001:806::2002
2a00:1450:4001:80b::2002
2a00:1450:4001:80e::2001
2a00:1450:4001:80f::2004
2a00:1450:4001:810::2006
2a00:1450:4001:827::2002
2a00:1450:4001:828::2001
2a00:1450:4001:82b::2002
2a03:2880:f02d:12:face:b00c:0:3
2a03:2880:f12d:83:face:b00c:0:25de
2a05:d01c:1d8:8102:ae06:c39a:c9e8:4832
3.74.33.199
34.98.67.61
35.227.252.103
35.244.174.68
37.252.171.84
00cc46b43af6758dcfa7624e06a7693c06a798e9b7914892a6bd4b31d4bf82fe
0b2efa4c660dc2505d7852b3461fd07366b4ef944a07f27d75601494275a5182
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b
19b49a74b4e17a37abe04b94bd3a67665f92b8368004c73a1112cf142fb9da1c
1a9b3e23f35af365a985db07784220086853f3a447b67eae4112f700bd4f1872
1b1c3ea8b3d9fec1913ac70c81c83f2172acc41988e747bd24d22bf779fd19a0
1d84738c2afaf595ff5d4921d8dc6bb5ce19a7b9c33a6c02d8a35ff80611cc87
2c19d105106bf6f55dd15da3523b88f88921e03cf54e1efaa138922fc12397c5
2de587905a85204ad8d036fea2270d86db075c3e6c2dcab98fd857702dd44c31
3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5
33953d06239abdbd561a85c109e97629b1b01bbcfc01b910b0fc423c76f27f25
34e1048d2c9df47c8680ae0e6c7c4669b00088eb27977506e35a6233b031da6b
38cb5323d7e45643d2d74a8bf5f64553d4138a8e844d83d7311144dc35dfee18
3fffcfaa5d35234346f0a66e8c50a6c6720337b15a08a896412ff4a059007c75
40c361328f9928215ac5a6e82d40380caa33766097e5fa778735b3dde6de844d
41124b41b3cb5495c3b94b4cf57f6e20133d00bc0788b712ed008f6dab493162
48a7084de552d0e9b77697068f169fc1839592230c0070af99a3a0320e37a26f
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f
53b99e4bde7498900885e58f9d6c383258f8a59b04389d6b54d3d4b89537b6f2
55d8fc52238a44b40deef0d9b1db3e4c0fecd8d69bc1eea1852af7fb9e432f0a
5c6269d98660443db9f9578af480b83a1c511c5a3a24602492fec3fd3dde2b62
5fa4c8526fbcf45dbe2cf7f27d6bda6c3bf9d0bafbf29d356f2d7d126e91754f
5fe75d0fb01c62e14b75d418f8e5bb6e413e49610f564e90248669d7e3513403
6ab2961ae08ddc9dc46998a2a704a436aa378575f1c2e9283352c1f721c4b4d6
6d0cf67c0099fa7a9f4689e57f05ef913f8e73361977af9d7cc051518acfe2c2
78f24ab4db72c7344d41ebc97ace3f7bb0ad6198999d180b4ba473b6651cbe53
7a2b200e3aa84703623251ca1da42a53e2cc510fa65d837dd8fb80b1a02367a9
7c74307a1aaa68d81d931a4e8991362c068d109dd717917a35f9b82ae08566ed
8563a9d08eecbb41965521ca0bc40e33a394e4c55789ae383e2a8168fdc5590d
8d6210ee52159502f022758e029c9589c2a9af10f8d821316400a2ed1152ef6f
8ee5f53d3752309af021002b2199a06523b1fd03f3ea1cdaf5d59e911d4d8178
9117bc496a479dc8b84a5724ac5e38c127362f84039adc23bb3fd8909d9ea1d9
96e7a82dc77cc64cbfab815ba786a7b8282f1d9b7f0f9c4cb9c4e91295096014
9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062
9da238ca619f3bf71312de3c9c913c653941ada56cb5e1601aafb6094ae51cdc
9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120
a01f9f2f5ba1812441a49f7f1dc0b04fb56a18b486005289b8df4212381f10ce
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b7054618d6d88e0ec7d1065f8dcc60911c9ad2cdb1ab832f3a2d4602a9dc5a34
bed15b50fbf91f9873f5ede25e400ea120be329eb3252ced96aa0e9357b5f413
c3f73b989e0620a4d2e12ed57a0d538e4580b8fefaa1fefbad73e0abad6d227f
ca41a217b8e94ee7343130a5cc909cc874d79f64abe878d7d98559da05e4b029
cf25afc263eea9c8d1f0e9050209cb4df663380d707ae9753c557487cee4f3a2
cfbb08f37e3ee4b7f0fed7f11bc875f01212f87932f2513ac3f112f20fca44b7
d3998eff8cebd186145a6090a4bdcd0d45c4ecb75bfc6f992febc97e263237d9
d65f4b2e8eee94ddc7f762d098de19558d879a3b597c8913b4d075532e3ed4b4
d89cb9800cc62dcc44a0ba866b4a080ad06f735f60a6afecbd6d691d2e8939dd
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e52ff1340506f7c925cde1b8a784f0f409364d743ae4b0f0a2dddedc9a479479
e8c18e5da8b235162afd1e4837b35c42a013b4232467b0a4973315644440e81d
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f5f0c42fa13f46ee21f52fe2d05a7fa05ba53c1e0149129d168444e801523c80
f60a137866f0b427a8fc3407ce6a35acf7a2e07634b7368c80e08cc6d40a5eb2
f7258426940269c8b97f23c0e9000dd3553bd327995cd2f6036fa776976398cb

payment.meshotet.co.il Open in urlscan Pro 212.150.101.186 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

76 Requests

87 %HTTPS

50 %IPv6

21 Domains

25 Subdomains

21 IPs

5 Countries

889 kBTransfer

2627 kBSize

21 Cookies

0 Outgoing links

Redirected requests

76 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 2 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

payment.meshotet.co.il Open in urlscan Pro
212.150.101.186 Public Scan

Screenshot
Live screenshot

Full Image

76
Requests

87 %
HTTPS

50 %
IPv6

21
Domains

25
Subdomains

21
IPs

5
Countries

889 kB
Transfer

2627 kB
Size

21
Cookies

76 HTTP transactions
2 data transactions