mabi.tar.to Open in urlscan Pro
3.39.16.32 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://mabi.tar.to/
Effective URL:
https://mabi.tar.to/
Submission: On November 19 via api (November 19th 2023, 3:13:48 pm UTC) from US — Scanned from DE

Summary HTTP 178 Redirects Links 2 Behaviour Indicators

Summary

This website contacted 26 IPs in 5 countries across 15 domains to perform 178 HTTP transactions. The main IP is 3.39.16.32, located in Incheon, Korea, Republic Of and belongs to AMAZON-02, US. The main domain is mabi.tar.to.
TLS certificate: Issued by R3 on November 9th 2023. Valid for: 3 months.

This is the only time mabi.tar.to was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 12	3.39.16.32 3.39.16.32	16509 (AMAZON-02) (AMAZON-02)
2	2a00:1450:400... 2a00:1450:4001:82b::200a	15169 (GOOGLE) (GOOGLE)
36	2a00:1450:400... 2a00:1450:4001:813::2002	15169 (GOOGLE) (GOOGLE)
2	2001:4860:480... 2001:4860:4802:34::178	15169 (GOOGLE) (GOOGLE)
18	2606:2800:234... 2606:2800:234:59:254c:406:2366:268c	15133 (EDGECAST) (EDGECAST)
1	2a00:1450:400... 2a00:1450:4001:806::2001	15169 (GOOGLE) (GOOGLE)
14	2a00:1450:400... 2a00:1450:4001:82a::2002	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:400c:c06::9d	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:830::2008	15169 (GOOGLE) (GOOGLE)
3	104.244.42.136 104.244.42.136	13414 (TWITTER) (TWITTER)
1	2001:4860:480... 2001:4860:4802:32::36	15169 (GOOGLE) (GOOGLE)
21	2a00:1450:400... 2a00:1450:4001:81c::2001	15169 (GOOGLE) (GOOGLE)
4	2a00:1450:400... 2a00:1450:4001:830::2002	15169 (GOOGLE) (GOOGLE)
9 12	142.250.185.226 142.250.185.226	15169 (GOOGLE) (GOOGLE)
4 10	172.64.151.101 172.64.151.101	13335 (CLOUDFLAR...) (CLOUDFLARENET)
5 8	37.252.171.85 37.252.171.85	29990 (ASN-APPNEX) (ASN-APPNEX)
2 4	34.250.116.222 34.250.116.222	16509 (AMAZON-02) (AMAZON-02)
19	2a00:1450:400... 2a00:1450:4001:80b::2006	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:828::200a	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:829::2003	15169 (GOOGLE) (GOOGLE)
4	142.250.181.226 142.250.181.226	15169 (GOOGLE) (GOOGLE)
4	2600:9000:20a... 2600:9000:20ab:de00:8:48e:53c0:93a1	16509 (AMAZON-02) (AMAZON-02)
15	2600:1f13:800... 2600:1f13:800:7782:14df:363:a706:6a6f	16509 (AMAZON-02) (AMAZON-02)
1 2	2a00:1450:400... 2a00:1450:4001:80f::2004	15169 (GOOGLE) (GOOGLE)
1	142.250.185.70 142.250.185.70	15169 (GOOGLE) (GOOGLE)
178	26

12 3.39.16.32 (Incheon, Korea, Republic Of) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-3-39-16-32.ap-northeast-2.compute.amazonaws.com

mabi.tar.to	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:82b::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

ajax.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

36 2a00:1450:4001:813::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2001:4860:4802:34::178 (United States)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

18 2606:2800:234:59:254c:406:2366:268c (United States)

ASN15133 (EDGECAST, US)

platform.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:806::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

themes.googleusercontent.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

14 2a00:1450:4001:82a::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400c:c06::9d (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:830::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 104.244.42.136 (United States)

ASN13414 (TWITTER, US)

syndication.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4860:4802:32::36 (United States)

ASN15169 (GOOGLE, US)

region1.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

21 2a00:1450:4001:81c::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:830::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 142.250.185.226 (United States) 9 redirects

ASN15169 (GOOGLE, US)
PTR: fra16s53-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 172.64.151.101 (United States) 4 redirects

ASN13335 (CLOUDFLARENET, US)

dsum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 37.252.171.85 (Frankfurt am Main, Germany) 5 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 1006.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 34.250.116.222 (Dublin, Ireland) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-34-250-116-222.eu-west-1.compute.amazonaws.com

fw.adsafeprotected.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

19 2a00:1450:4001:80b::2006 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

s0.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:828::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:829::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 142.250.181.226 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s56-in-f2.1e100.net

googleads4.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2600:9000:20ab:de00:8:48e:53c0:93a1 (United States)

ASN16509 (AMAZON-02, US)

static.adsafeprotected.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

15 2600:1f13:800:7782:14df:363:a706:6a6f (Boardman, United States)

ASN16509 (AMAZON-02, US)

dt.adsafeprotected.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:80f::2004 (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.185.70 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s48-in-f6.1e100.net

ad.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
57	googlesyndication.com pagead2.googlesyndication.com — Cisco Umbrella Rank: 97 tpc.googlesyndication.com — Cisco Umbrella Rank: 149	591 KB
32	doubleclick.net 9 redirects googleads.g.doubleclick.net — Cisco Umbrella Rank: 33 stats.g.doubleclick.net — Cisco Umbrella Rank: 78 cm.g.doubleclick.net — Cisco Umbrella Rank: 245 googleads4.g.doubleclick.net — Cisco Umbrella Rank: 439 ad.doubleclick.net — Cisco Umbrella Rank: 154	204 KB
23	adsafeprotected.com 2 redirects fw.adsafeprotected.com — Cisco Umbrella Rank: 898 static.adsafeprotected.com — Cisco Umbrella Rank: 587 dt.adsafeprotected.com — Cisco Umbrella Rank: 570	205 KB
21	twitter.com platform.twitter.com — Cisco Umbrella Rank: 1186 syndication.twitter.com — Cisco Umbrella Rank: 1447	615 KB
19	2mdn.net s0.2mdn.net — Cisco Umbrella Rank: 300	282 KB
12	tar.to 1 redirects mabi.tar.to	212 KB
10	casalemedia.com 4 redirects dsum-sec.casalemedia.com — Cisco Umbrella Rank: 625	7 KB
8	adnxs.com 5 redirects ib.adnxs.com — Cisco Umbrella Rank: 246	6 KB
4	googletagservices.com www.googletagservices.com — Cisco Umbrella Rank: 212	255 KB
4	googleapis.com ajax.googleapis.com — Cisco Umbrella Rank: 364 fonts.googleapis.com — Cisco Umbrella Rank: 31	94 KB
3	gstatic.com www.gstatic.com	17 KB
3	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 27 region1.google-analytics.com — Cisco Umbrella Rank: 2462	21 KB
2	google.com 1 redirects www.google.com — Cisco Umbrella Rank: 2	1 KB
1	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 35	82 KB
1	googleusercontent.com themes.googleusercontent.com — Cisco Umbrella Rank: 10331	58 KB
178	15

	Domain	Requested by
36	pagead2.googlesyndication.com	mabi.tar.to pagead2.googlesyndication.com googleads.g.doubleclick.net tpc.googlesyndication.com www.googletagservices.com
21	tpc.googlesyndication.com	googleads.g.doubleclick.net mabi.tar.to tpc.googlesyndication.com pagead2.googlesyndication.com
19	s0.2mdn.net	mabi.tar.to googleads.g.doubleclick.net s0.2mdn.net
18	platform.twitter.com	mabi.tar.to platform.twitter.com syndication.twitter.com
15	dt.adsafeprotected.com	googleads.g.doubleclick.net
14	googleads.g.doubleclick.net	pagead2.googlesyndication.com googleads.g.doubleclick.net mabi.tar.to
12	cm.g.doubleclick.net	9 redirects googleads.g.doubleclick.net
12	mabi.tar.to	1 redirects mabi.tar.to
10	dsum-sec.casalemedia.com	4 redirects googleads.g.doubleclick.net
8	ib.adnxs.com	5 redirects googleads.g.doubleclick.net
4	static.adsafeprotected.com	googleads.g.doubleclick.net
4	googleads4.g.doubleclick.net	mabi.tar.to
4	fw.adsafeprotected.com	2 redirects mabi.tar.to
4	www.googletagservices.com	googleads.g.doubleclick.net mabi.tar.to
3	www.gstatic.com	googleads.g.doubleclick.net
3	syndication.twitter.com	platform.twitter.com syndication.twitter.com
2	www.google.com	1 redirects tpc.googlesyndication.com
2	fonts.googleapis.com	googleads.g.doubleclick.net
2	www.google-analytics.com	mabi.tar.to www.google-analytics.com
2	ajax.googleapis.com	mabi.tar.to
1	ad.doubleclick.net	mabi.tar.to
1	region1.google-analytics.com	www.googletagmanager.com
1	www.googletagmanager.com	www.google-analytics.com
1	stats.g.doubleclick.net	www.google-analytics.com
1	themes.googleusercontent.com	mabi.tar.to
178	25

This site contains links to these domains. Also see Links.

Domain
mabi.labanyu.com
docs.google.com

Subject Issuer	Validity	Valid
mabi.tar.to R3	`2023-11-09` - `2024-02-07`	3 months	crt.sh
upload.video.google.com GTS CA 1C3	`2023-10-23` - `2024-01-15`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2023-10-23` - `2024-01-15`	3 months	crt.sh
*.google-analytics.com GTS CA 1C3	`2023-10-23` - `2024-01-15`	3 months	crt.sh
*.twimg.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-07-28` - `2024-07-26`	a year	crt.sh
*.googleusercontent.com GTS CA 1C3	`2023-10-23` - `2024-01-15`	3 months	crt.sh
syndication.twitter.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-11-01` - `2024-10-31`	a year	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2023-10-23` - `2024-01-15`	3 months	crt.sh
fw.adsafeprotected.com Amazon RSA 2048 M02	`2023-03-29` - `2024-04-27`	a year	crt.sh
*.doubleclick.net GTS CA 1C3	`2023-10-23` - `2024-01-15`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2023-10-23` - `2024-01-15`	3 months	crt.sh
static.adsafeprotected.com Amazon RSA 2048 M02	`2023-07-07` - `2024-08-04`	a year	crt.sh
dt.adsafeprotected.com Amazon RSA 2048 M01	`2023-05-09` - `2024-06-06`	a year	crt.sh
www.google.com GTS CA 1C3	`2023-10-23` - `2024-01-15`	3 months	crt.sh

This page contains 27 frames:

Primary Page: https://mabi.tar.to/
Frame ID: CC44AE558767E1AE7B6557E083139D8C
Requests: 27 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20190131/zrt_lookup_fy2021.html
Frame ID: 0195B2CFE440499C0265DDCA7E3B2CB7
Requests: 1 HTTP requests in this frame

Frame: https://platform.twitter.com/widgets/widget_iframe.d37472b4a6622d0b1fff46ad904f6896.html?origin=https%3A%2F%2Fmabi.tar.to
Frame ID: 4EE3A9B8E16701E93DFA86E4C2A3E6F6
Requests: 2 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3088185226594785&output=html&h=600&slotname=4244427159&adk=2845068819&adf=1795251393&pi=t.ma~as.4244427159&w=160&fwrn=4&fwrnh=100&lmt=1700406821&rafmt=1&format=160x600&url=https%3A%2F%2Fmabi.tar.to%2F&ea=0&fwr=0&rpe=1&resp_fmts=4&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1700406821692&bpp=4&bdt=1272&idt=265&shv=r20231109&mjsv=m202311140101&ptt=9&saldr=aa&abxe=1&correlator=575093355090&frm=20&pv=2&ga_vid=1121403278.1700406822&ga_sid=1700406822&ga_hid=1518721436&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=15&ady=115&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C31079759%2C42531706%2C44809316%2C31078297%2C31079756%2C44807763%2C44808148%2C44808285%2C44809056%2C318512602&oid=2&pvsid=2499941510308167&tmod=706454881&uas=0&nvt=1&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CfE%7C&abl=CF&pfx=0&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=1&uci=a!1&fsb=1&dtd=279
Frame ID: C34054A06F13A48B64514BCD3ACC06E2
Requests: 28 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3088185226594785&output=html&h=280&slotname=1302207157&adk=1673042071&adf=3132389021&pi=t.ma~as.1302207157&w=1200&fwrn=4&fwrnh=100&lmt=1700406821&rafmt=1&format=1200x280&url=https%3A%2F%2Fmabi.tar.to%2F&ea=0&fwr=0&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1700406821696&bpp=1&bdt=1275&idt=285&shv=r20231109&mjsv=m202311140101&ptt=9&saldr=aa&abxe=1&prev_fmts=160x600&correlator=575093355090&frm=20&pv=1&ga_vid=1121403278.1700406822&ga_sid=1700406822&ga_hid=1518721436&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=1387&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C31079759%2C42531706%2C44809316%2C31078297%2C31079756%2C44807763%2C44808148%2C44808285%2C44809056%2C318512602&oid=2&pvsid=2499941510308167&tmod=706454881&uas=0&nvt=1&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CEebr%7C&abl=CS&pfx=0&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&btvi=1&fsb=1&dtd=289
Frame ID: ACDC26648DA1CC7FB700A4EBA7605CA9
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3088185226594785&output=html&adk=1812271804&adf=3025194257&lmt=1700406821&plat=3%3A16%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C41%3A32%2C42%3A32&plas=212x1080_r&format=0x0&url=https%3A%2F%2Fmabi.tar.to%2F&ea=0&pra=7&wgl=1&easpi=0&asro=0&asiscm=1&aslmt=0.4&asamt=-1&asedf=0&asefa=1&aseiel=1~2&ascmds=1&aslcwct=150&asacwct=25&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1700406821735&bpp=2&bdt=1315&idt=253&shv=r20231109&mjsv=m202311140101&ptt=9&saldr=aa&abxe=1&prev_fmts=160x600%2C1200x280&nras=1&correlator=575093355090&frm=20&pv=1&ga_vid=1121403278.1700406822&ga_sid=1700406822&ga_hid=1518721436&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C31079759%2C42531706%2C44809316%2C31078297%2C31079756%2C44807763%2C44808148%2C44808285%2C44809056%2C318512602&oid=2&pvsid=2499941510308167&tmod=706454881&uas=0&nvt=1&fsapi=1&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=3&uci=a!3&fsb=1&dtd=262
Frame ID: FC66C1D5A3C3AC9A55F7345EC8D9A4B4
Requests: 1 HTTP requests in this frame

Frame: https://syndication.twitter.com/srv/timeline-profile/screen-name/mabiapsimulator?dnt=false&embedId=twitter-widget-0&features=eyJ0ZndfdGltZWxpbmVfbGlzdCI6eyJidWNrZXQiOltdLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X2ZvbGxvd2VyX2NvdW50X3N1bnNldCI6eyJidWNrZXQiOnRydWUsInZlcnNpb24iOm51bGx9LCJ0ZndfdHdlZXRfZWRpdF9iYWNrZW5kIjp7ImJ1Y2tldCI6Im9uIiwidmVyc2lvbiI6bnVsbH0sInRmd19yZWZzcmNfc2Vzc2lvbiI6eyJidWNrZXQiOiJvbiIsInZlcnNpb24iOm51bGx9LCJ0ZndfZm9zbnJfc29mdF9pbnRlcnZlbnRpb25zX2VuYWJsZWQiOnsiYnVja2V0Ijoib24iLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X21peGVkX21lZGlhXzE1ODk3Ijp7ImJ1Y2tldCI6InRyZWF0bWVudCIsInZlcnNpb24iOm51bGx9LCJ0ZndfZXhwZXJpbWVudHNfY29va2llX2V4cGlyYXRpb24iOnsiYnVja2V0IjoxMjA5NjAwLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X3Nob3dfYmlyZHdhdGNoX3Bpdm90c19lbmFibGVkIjp7ImJ1Y2tldCI6Im9uIiwidmVyc2lvbiI6bnVsbH0sInRmd19kdXBsaWNhdGVfc2NyaWJlc190b19zZXR0aW5ncyI6eyJidWNrZXQiOiJvbiIsInZlcnNpb24iOm51bGx9LCJ0ZndfdXNlX3Byb2ZpbGVfaW1hZ2Vfc2hhcGVfZW5hYmxlZCI6eyJidWNrZXQiOiJvbiIsInZlcnNpb24iOm51bGx9LCJ0ZndfdmlkZW9faGxzX2R5bmFtaWNfbWFuaWZlc3RzXzE1MDgyIjp7ImJ1Y2tldCI6InRydWVfYml0cmF0ZSIsInZlcnNpb24iOm51bGx9LCJ0ZndfbGVnYWN5X3RpbWVsaW5lX3N1bnNldCI6eyJidWNrZXQiOnRydWUsInZlcnNpb24iOm51bGx9LCJ0ZndfdHdlZXRfZWRpdF9mcm9udGVuZCI6eyJidWNrZXQiOiJvbiIsInZlcnNpb24iOm51bGx9fQ%3D%3D&frame=false&hideBorder=false&hideFooter=false&hideHeader=false&hideScrollBar=false&lang=en&maxHeight=600px&origin=https%3A%2F%2Fmabi.tar.to%2F&sessionId=411fb75154840616a2831a73ac39d72318f6e232&showHeader=true&showReplies=false&transparent=false&widgetsVersion=01917f4d1d4cb%3A1696883169554
Frame ID: 5353ECA1C14029D1A0C0226F6C1EC353
Requests: 17 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CNKOMxDkyTkY6vrNxQEwAQ&v=APEucNXmCTHwG4FcgdC6OG1UeIaceGiKWwDJydV65-w3QLWGXppd-nwnoX5pXG9C9PSsN3ekNKAvkNV7dmo1109fFn_s9CsXPZspt72nGHY1KiAA5xH1xtzsqPWr0nyrv3jixqAL8cDUAI8rbxRLdZleGkhKw-aY7FxjtJoslTXW3x4RYr8e0p0
Frame ID: 1086D5A8EC67B1D1BE7F4843D409E43A
Requests: 5 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_fy2021.html?fsb=1
Frame ID: 4D0A3A94CFFD790770DE4770926D9637
Requests: 6 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_fy2021.html?fsb=1
Frame ID: 8D94F8B3D335612C7C8CCA789E49B849
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_fy2021.html?fsb=1
Frame ID: 6ACAF6AEDB1EAD1B38663AAF899C8FBD
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CLbFxQEQq9bcARiD977cATAB&v=APEucNWP03gk7vbVkIPt6PKaIi7aolKzhHexzxvVvw-5t_NieZzi4h4UY3ZEaF7jgbi24lQzbdXdqIqBoDkgPm-i31Vcjlwlv0hLAre-KggcuayknxG1k81-8-hVsY879EN-YkNtaxNgKzw--ChcuPVUAlqhPVOZkLDAIDFfk9rHagcLDNSPQrg
Frame ID: 5293FC4E33F9ACA08DBBA6C8E20B5A1C
Requests: 5 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/js/r20231109/r20110914/abg_lite_fy2021.js
Frame ID: F2ACEE10FA0948A1B94C9264DFB7F028
Requests: 11 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CNKOMxDkyTkY1O7NxQEwAQ&v=APEucNVtfw0yiT_Ecvc4V1Qzj4DOQSpK5IhgSCk6CWteLsJUeaQAdip2azD8OGAngNPmx64FaxIy6jOvEs-nTDhiMYZQ8b7VCgV4Sl7CNORqqfWylAnE7EnR4mJ68eP61Qm9Y_NEiGcIX1-XFXKBA36gxkLVQFn5GWL6i8zCpG6UbSE269ESyh0
Frame ID: 6BE8C9DEC6C2521FCC6ED4196873AF7A
Requests: 5 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/js/dv3.js
Frame ID: 84AB0B7B5FEBB10A28072A849F1DC949
Requests: 28 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/10256918388168393334/index.html?ev=01_250
Frame ID: 9E639D45FE4C6FE56042CC04B4C078BE
Requests: 8 HTTP requests in this frame

Frame: https://fonts.googleapis.com/css?family=Google%20Sans%3A400
Frame ID: F817EEB8AA6B173E9AFCF1AD866439E0
Requests: 7 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Frame ID: 8D915583A05779644637A7F6E7AFF15C
Requests: 2 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/62bHydCX.html
Frame ID: 1A2A2F5B63CB6D00AAD1C11FB358355E
Requests: 3 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/62bHydCX.html
Frame ID: C48AA4DC2DD2A16789827D00FF3D61AE
Requests: 3 HTTP requests in this frame

Frame: https://static.adsafeprotected.com/sca.17.6.2.js
Frame ID: D90386F769BB0568AB86511E37FB924A
Requests: 1 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/17990266662471768200/index.html?ev=01_250
Frame ID: 5511204E90E551106E9DD7CC2AF942BA
Requests: 8 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/62bHydCX.html
Frame ID: 75EBFF100F4D3657D47D8F1CB9C49D3D
Requests: 3 HTTP requests in this frame

Frame: https://static.adsafeprotected.com/sca.17.6.2.js
Frame ID: 33126F8FFA07557F0F4E4189432CB8BE
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/unVwOGQH9SsIcJBr4Xp3HcCvUJyc_uBy8Ir4YHk_V1Y.js
Frame ID: BE888E36608138B44AE60D7C77AB9986
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 5084CDAC463656ABB8098C6035521230
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: EF36C56E857AD5958B7B7F94B0EC598E
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

타르토의 마비노기 AP 시뮬레이터

Page URL History Show full URLs

http://mabi.tar.to/ HTTP 301
https://mabi.tar.to/ Page URL

Detected technologies

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

CodeIgniter (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

AppNexus (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.(?:net|com)

DoubleClick Campaign Manager (DCM) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

2mdn\.net

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/
2mdn\.net

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtag/js

Twitter (Widgets) Expand

Overall confidence: 100%
Detected patterns

//platform\.twitter\.com/widgets\.js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

/([\d.]+)/jquery(?:\.min)?\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

jQuery UI (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

([\d.]+)/jquery-ui(?:\.min)?\.js
jquery-ui.*\.js

Page Statistics

178
Requests

92 %
HTTPS

68 %
IPv6

15
Domains

25
Subdomains

26
IPs

5
Countries

2642 kB
Transfer

7822 kB
Size

15
Cookies

2 Outgoing links

These are links going to different origins than the main page.

URL: http://mabi.labanyu.com/skill/training
Title: 라바뉴의 마비노기 - 재료계산기

Search URL Search Domain Scan URL

URL: https://docs.google.com/forms/d/1oaYMzxKrfR4g-lWMxU4X4qJ2XaBQ96GJUWQuFbQt1d0/viewform
Title: 문의는 여기로!

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://mabi.tar.to/ HTTP 301
https://mabi.tar.to/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 52

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEKAdcv33jFdYnM8V4boETPQ&google_cver=1

Request Chain 53

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZVomJnpqD6mHfM4IhJ5tHAAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEKAdcv33jFdYnM8V4boETPQ&google_cver=1

Request Chain 54

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESEBL1eLTV3GTvU6MhWqjGExs&google_cver=1 HTTP 307
https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESEBL1eLTV3GTvU6MhWqjGExs%26google_cver%3D1

Request Chain 55

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MTE1MjY5MDQyNjcwMDI4NjMyMw%3D%3D

Request Chain 90

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEKAdcv33jFdYnM8V4boETPQ&google_cver=1

Request Chain 91

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZVomJnpqD6mHfM4IhJ5tHAAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEKAdcv33jFdYnM8V4boETPQ&google_cver=1

Request Chain 92

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESEBL1eLTV3GTvU6MhWqjGExs&google_cver=1

Request Chain 93

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MTE1MjY5MDQyNjcwMDI4NjMyMw%3D%3D

Request Chain 105

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEKAdcv33jFdYnM8V4boETPQ&google_cver=1

Request Chain 106

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZVomJnpqD6mHfM4IhJ5tHAAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEKAdcv33jFdYnM8V4boETPQ&google_cver=1

Request Chain 107

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESEBL1eLTV3GTvU6MhWqjGExs&google_cver=1

Request Chain 108

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MTE1MjY5MDQyNjcwMDI4NjMyMw%3D%3D

Request Chain 114

https://fw.adsafeprotected.com/rfw/st/990511/61634098/4.js?ias_dspID=3&ias_campId=1013669275&ias_pubId=pub-3088185226594785&ias_chanId=1&ias_placementId=20343398390&bidurl=https://mabi.tar.to/&ias_dealId=&adsafe_par&ias_impId=v4~~ABAjH0jQK4q0aTx1QYDt925j-qQn&adContainerId=brand_safety_JiZaZa7uOd-ojuwP-_GlmA4&cbFunctionName=goog_wrapCb_JiZaZa7uOd-ojuwP-_GlmA4&true_pb=https%3A%2F%2Fstatic.adsafeprotected.com%2Fpassback_160x600.js&adsafe_pb=https%3A%2F%2Fstatic.adsafeprotected.com%2F4a.js&adsafe_url=https%3A%2F%2Fmabi.tar.to&adsafe_type=y&adsafe_url=https%3A%2F%2Fmabi.tar.to%2F&adsafe_type=e&adsafe_url=https%3A%2F%2Fgoogleads.g.doubleclick.net%2F&adsafe_type=f&adsafe_url=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fpagead%2Fads%3Fclient%3Dca-pub-3088185226594785%26output%3Dhtml%26h%3D600%26slotname%3D4244427159%26adk%3D2845068819%26adf%3D1795251393%26pi%3Dt.ma~as.4244427159%26w%3D160%26fwrn%3D4%26fwrnh%3D100%26lmt%3D1700406821%26rafmt%3D1%26format%3D160x600%26url%3Dhttps%253A%252F%252Fmabi.tar.to%252F%26ea%3D0%26fwr%3D0%26rpe%3D1%26resp_fmts%3D4%26wgl%3D1%26uach%3DWyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.%26dt%3D1700406821692%26bpp%3D4%26bdt%3D1272%26idt%3D265%26shv%3Dr20231109%26mjsv%3Dm202311140101%26ptt%3D9%26saldr%3Daa%26abxe%3D1%26correlator%3D575093355090%26frm%3D20%26pv%3D2%26ga_vid%3D1121403278.1700406822%26ga_sid%3D1700406822%26ga_hid%3D1518721436%26ga_fc%3D1%26u_tz%3D60%26u_his%3D2%26u_h%3D1200%26u_w%3D1600%26u_ah%3D1200%26u_aw%3D1600%26u_cd%3D24%26u_sd%3D1%26dmc%3D8%26adx%3D15%26ady%3D115%26biw%3D1600%26bih%3D1200%26scr_x%3D0%26scr_y%3D0%26eid%3D44759875%252C44759926%252C31079759%252C42531706%252C44809316%252C31078297%252C31079756%252C44807763%252C44808148%252C44808285%252C44809056%252C318512602%26oid%3D2%26pvsid%3D2499941510308167%26tmod%3D706454881%26uas%3D0%26nvt%3D1%26fc%3D896%26brdim%3D0%252C0%252C0%252C0%252C1600%252C0%252C1600%252C1200%252C1600%252C1200%26vis%3D1%26rsz%3D%257C%257CfE%257C%26abl%3DCF%26pfx%3D0%26fu%3D128%26bc%3D31%26psd%3DW251bGwsbnVsbCxudWxsLDNd%26ifi%3D1%26uci%3Da!1%26fsb%3D1%26dtd%3D279&adsafe_type=d&adsafe_jsinfo=,id:2bcb91b1-d599-725b-261e-00ea8122ce24,c:uqKnAH,sl:outOfView,em:true,fr:false,thd:1,mn:jsserver-primary-7bc8d8d488-gcr9j,rg:ie,pt:1-5-15,wc:0.0.1600.1200,ac:NaN.NaN.160.600,am:sp,cc:0.0.160.600,piv:0,obst:0,th:0,reas:r,mu:10000,br:c,bru:c,an:n,oam:0,scm:grpm1,mtim:5,mot:0,app:0,maw:0,fm:tW4lK3b+11%7C12%7C13*.990511-61634098%7C131%7C132%7C133%7C14%7C15%7C16%7C1711%7C1811%7C1812%7C1911%7C1a,idMap:13*,ex:e2,pl:CV8L.VEBo.0YtC,rmeas:1,rend:0,renddet:na,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:1,tt:rjss,et:27,oid:3a3627d0-86ee-11ee-963b-2eca29d05269,v:19.8.460,sp:0,st:0,fwm:0,wr:1600.1200,sr:1600.1200,ov:0 HTTP 302
https://static.adsafeprotected.com/4.js?adContainerId=brand_safety_JiZaZa7uOd-ojuwP-_GlmA4&cbFunctionName=goog_wrapCb_JiZaZa7uOd-ojuwP-_GlmA4&true_pb=https%3A%2F%2Fstatic.adsafeprotected.com%2Fpassback_160x600.js

Request Chain 118

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Request Chain 141

https://fw.adsafeprotected.com/rfw/st/990511/61634096/4.js?ias_dspID=3&ias_campId=1013669275&ias_pubId=pub-3088185226594785&ias_chanId=1&ias_placementId=20343398390&bidurl=https://mabi.tar.to/&ias_dealId=&adsafe_par&ias_impId=v4~~ABAjH0hSWjzXjI6xiDq6xX-u9HI8&adContainerId=brand_safety_JyZaZY-_GOCRjuwP5MCNsAw&cbFunctionName=goog_wrapCb_JyZaZY-_GOCRjuwP5MCNsAw&true_pb=https%3A%2F%2Fstatic.adsafeprotected.com%2Fpassback_728x90.js&adsafe_pb=https%3A%2F%2Fstatic.adsafeprotected.com%2F4a.js&adsafe_url=https%3A%2F%2Fmabi.tar.to&adsafe_type=g&adsafe_url=https%3A%2F%2Fmabi.tar.to%2F&adsafe_type=c&adsafe_url=https%3A%2F%2Fgoogleads.g.doubleclick.net%2F&adsafe_type=f&adsafe_url=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fpagead%2Fhtml%2Fr20231109%2Fr20110914%2Fzrt_lookup_fy2021.html%3Ffsb%3D1&adsafe_type=d&adsafe_url=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fpagead%2Fhtml%2Fr20231109%2Fr20110914%2Fzrt_lookup_fy2021.html%3Ffsb%3D1%23RS-2-%26adk%3D1812271801%26client%3Dca-pub-3088185226594785%26fa%3D1%26ifi%3D6%26uci%3Da!6%26btvi%3D3&adsafe_type=be&adsafe_jsinfo=,id:ceae0055-11b4-ed6b-ed38-d907f6dacbbe,c:uqKnG0,sl:outOfView,em:true,fr:false,thd:1,mn:jsserver-primary-7bc8d8d488-q8hsz,rg:ie,pt:1-5-15,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:sp,cc:0.0.728.90,piv:0,obst:0,th:0,reas:r,mu:10000,br:c,bru:c,an:n,oam:0,scm:grpm1,mtim:5,mot:0,app:0,maw:0,fm:tW4lK8m+11%7C12%7C131%7C132%7C1331%7C134%7C14%7C15%7C16%7C1711%7C1811%7C18121%7C191*.990511-61634096%7C1911%7C1912%7C1913%7C1a,idMap:191*,ex:e2,pl:CV8L.VEBo.0YtC,rmeas:1,rend:0,renddet:DIV,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:1,tt:rjss,et:35,oid:3a7309e4-86ee-11ee-b829-5a8e69b47878,v:19.8.460,sp:0,st:0,fwm:0,wr:1600.1200,sr:1600.1200,ov:0 HTTP 302
https://static.adsafeprotected.com/4.js?adContainerId=brand_safety_JyZaZY-_GOCRjuwP5MCNsAw&cbFunctionName=goog_wrapCb_JyZaZY-_GOCRjuwP5MCNsAw&true_pb=https%3A%2F%2Fstatic.adsafeprotected.com%2Fpassback_728x90.js

178 HTTP transactions
3 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1

200
OK

Primary Request / Show response
mabi.tar.to/
Redirect Chain

http://mabi.tar.to/
https://mabi.tar.to/

25 KB
9 KB

903ms
302ms

Document
text/html

3.39.16.32
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://mabi.tar.to/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server: 3.39.16.32 Incheon, Korea, Republic Of, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-39-16-32.ap-northeast-2.compute.amazonaws.com
Software: nginx/1.14.0 (Ubuntu) /
Resource Hash: ec0063451ec59faa489384094811c6e842855557c01611ace09f1667ac19c433

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Cache-Control: no-store, no-cache, must-revalidate
Connection: keep-alive
Content-Encoding: gzip
Content-Type: text/html; charset=UTF-8
Date: Sun, 19 Nov 2023 15:13:40 GMT
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Pragma: no-cache
Server: nginx/1.14.0 (Ubuntu)
Transfer-Encoding: chunked
Vary: Accept-Encoding

Redirect headers

Connection: keep-alive
Content-Length: 194
Content-Type: text/html
Date: Sun, 19 Nov 2023 15:13:39 GMT
Location: https://mabi.tar.to/
Server: nginx/1.14.0 (Ubuntu)

GET
H/1.1 200
OK bootstrap.css
mabi.tar.to/assets/css/ 135 KB
20 KB 307ms
303ms Stylesheet
text/css 3.39.16.32
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://mabi.tar.to/assets/css/bootstrap.css?v=1
Requested by: Host: mabi.tar.to
URL: https://mabi.tar.to/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server: 3.39.16.32 Incheon, Korea, Republic Of, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-39-16-32.ap-northeast-2.compute.amazonaws.com
Software: nginx/1.14.0 (Ubuntu) /
Resource Hash: 10ecb6d7d96791443e5a269b9fde78e8f7630da3d058c5e04ca26a235d00a10c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mabi.tar.to/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date: Sun, 19 Nov 2023 15:13:40 GMT
Content-Encoding: gzip
Last-Modified: Thu, 16 Jun 2022 10:28:27 GMT
Server: nginx/1.14.0 (Ubuntu)
ETag: W/"62ab05cb-21afa"
Transfer-Encoding: chunked
Vary: Accept-Encoding
Content-Type: text/css
Connection: keep-alive

GET
H/1.1 200
OK custom.css
mabi.tar.to/assets/css/ 5 KB
2 KB 301ms
297ms Stylesheet
text/css 3.39.16.32
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://mabi.tar.to/assets/css/custom.css?v=1
Requested by: Host: mabi.tar.to
URL: https://mabi.tar.to/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server: 3.39.16.32 Incheon, Korea, Republic Of, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-39-16-32.ap-northeast-2.compute.amazonaws.com
Software: nginx/1.14.0 (Ubuntu) /
Resource Hash: 2014aeb1ca2156fe2bfdb3ee251a672c482e8b9dafff8c6bb4290641aebcb793

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mabi.tar.to/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date: Sun, 19 Nov 2023 15:13:40 GMT
Content-Encoding: gzip
Last-Modified: Thu, 16 Jun 2022 10:29:01 GMT
Server: nginx/1.14.0 (Ubuntu)
ETag: W/"62ab05ed-1312"
Transfer-Encoding: chunked
Vary: Accept-Encoding
Content-Type: text/css
Connection: keep-alive

GET
H/1.1 200
OK jquery.pageslide.css
mabi.tar.to/assets/css/ 535 B
589 B 598ms
295ms Stylesheet
text/css 3.39.16.32
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://mabi.tar.to/assets/css/jquery.pageslide.css?v=1
Requested by: Host: mabi.tar.to
URL: https://mabi.tar.to/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server: 3.39.16.32 Incheon, Korea, Republic Of, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-39-16-32.ap-northeast-2.compute.amazonaws.com
Software: nginx/1.14.0 (Ubuntu) /
Resource Hash: 68e54cbda39ba0425fe9e891d51763941daa79d731a28f3486b0daf9cfade450

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mabi.tar.to/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date: Sun, 19 Nov 2023 15:13:40 GMT
Content-Encoding: gzip
Last-Modified: Wed, 24 Oct 2018 14:42:55 GMT
Server: nginx/1.14.0 (Ubuntu)
ETag: W/"5bd084ef-217"
Transfer-Encoding: chunked
Vary: Accept-Encoding
Content-Type: text/css
Connection: keep-alive

GET
H2 200 jquery.min.js Show response
ajax.googleapis.com/ajax/libs/jquery/1.10.1/ 91 KB
33 KB 102ms
22ms Script
text/javascript 2a00:1450:4001:82b::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ajax.googleapis.com/ajax/libs/jquery/1.10.1/jquery.min.js

Requested by

Host: mabi.tar.to
URL: https://mabi.tar.to/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8bf150f6b29d6c9337de6c945a8f63c929b203442040688878bc2753fe13e007

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mabi.tar.to/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Sat, 18 Nov 2023 13:09:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 93873
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 32984
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
vary: Accept-Encoding
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 17 Nov 2024 13:09:07 GMT

GET
H2 200 jquery-ui.min.js Show response
ajax.googleapis.com/ajax/libs/jqueryui/1.10.3/ 223 KB
59 KB 127ms
47ms Script
text/javascript 2a00:1450:4001:82b::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ajax.googleapis.com/ajax/libs/jqueryui/1.10.3/jquery-ui.min.js

Requested by

Host: mabi.tar.to
URL: https://mabi.tar.to/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9671f8be70ad94a5362e60f4656d5d53ba214d32ab70a3f9d1603d7dadf9d1c1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mabi.tar.to/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 14 Nov 2023 15:02:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 432669
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 60529
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
vary: Accept-Encoding
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 13 Nov 2024 15:02:31 GMT

GET
H/1.1 200
OK bootstrap.min.js Show response
mabi.tar.to/assets/js/ 117 KB
27 KB 610ms
303ms Script
application/javascript 3.39.16.32
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://mabi.tar.to/assets/js/bootstrap.min.js?v=1
Requested by: Host: mabi.tar.to
URL: https://mabi.tar.to/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server: 3.39.16.32 Incheon, Korea, Republic Of, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-39-16-32.ap-northeast-2.compute.amazonaws.com
Software: nginx/1.14.0 (Ubuntu) /
Resource Hash: 8b4786c11ba42334f0414dabecb5f476eff4999438bf58c663668fe5ec31c0df

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mabi.tar.to/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date: Sun, 19 Nov 2023 15:13:40 GMT
Content-Encoding: gzip
Last-Modified: Wed, 24 Oct 2018 14:42:57 GMT
Server: nginx/1.14.0 (Ubuntu)
ETag: W/"5bd084f1-1d4d5"
Transfer-Encoding: chunked
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: max-age=315360000
Connection: keep-alive
Expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H/1.1 200
OK jquery.pageslide.js Show response
mabi.tar.to/assets/js/ 0
330 B 864ms
288ms Script
application/javascript 3.39.16.32
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://mabi.tar.to/assets/js/jquery.pageslide.js?v=1
Requested by: Host: mabi.tar.to
URL: https://mabi.tar.to/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server: 3.39.16.32 Incheon, Korea, Republic Of, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-39-16-32.ap-northeast-2.compute.amazonaws.com
Software: nginx/1.14.0 (Ubuntu) /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mabi.tar.to/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date: Sun, 19 Nov 2023 15:13:41 GMT
Last-Modified: Wed, 24 Oct 2018 14:42:57 GMT
Server: nginx/1.14.0 (Ubuntu)
ETag: "5bd084f1-0"
Content-Type: application/javascript
Cache-Control: max-age=315360000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 0
Expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H/1.1 200
OK html2canvas.js Show response
mabi.tar.to/assets/js/ 89 KB
21 KB 1191ms
594ms Script
application/javascript 3.39.16.32
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://mabi.tar.to/assets/js/html2canvas.js?v=1
Requested by: Host: mabi.tar.to
URL: https://mabi.tar.to/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server: 3.39.16.32 Incheon, Korea, Republic Of, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-39-16-32.ap-northeast-2.compute.amazonaws.com
Software: nginx/1.14.0 (Ubuntu) /
Resource Hash: 2714621584c9b8ff6c02c831ffc27e309e8f7c6e17073b355ed3eb33ecec02c0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mabi.tar.to/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date: Sun, 19 Nov 2023 15:13:41 GMT
Content-Encoding: gzip
Last-Modified: Wed, 24 Oct 2018 14:42:57 GMT
Server: nginx/1.14.0 (Ubuntu)
ETag: W/"5bd084f1-1655f"
Transfer-Encoding: chunked
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: max-age=315360000
Connection: keep-alive
Expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H/1.1 200
OK custom.js Show response
mabi.tar.to/assets/js/ 10 KB
4 KB 900ms
299ms Script
application/javascript 3.39.16.32
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://mabi.tar.to/assets/js/custom.js?v=3
Requested by: Host: mabi.tar.to
URL: https://mabi.tar.to/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server: 3.39.16.32 Incheon, Korea, Republic Of, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-39-16-32.ap-northeast-2.compute.amazonaws.com
Software: nginx/1.14.0 (Ubuntu) /
Resource Hash: a5093d293aa2880bc70a30c0c6965c4e3d28eab21c6e3e93701a9e2dd5ed5722

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mabi.tar.to/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date: Sun, 19 Nov 2023 15:13:41 GMT
Content-Encoding: gzip
Last-Modified: Sun, 28 Oct 2018 11:34:01 GMT
Server: nginx/1.14.0 (Ubuntu)
ETag: W/"5bd59ea9-2820"
Transfer-Encoding: chunked
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: max-age=315360000
Connection: keep-alive
Expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H/1.1 200
OK APS_white.svg
mabi.tar.to/assets/img/ 4 KB
4 KB 598ms
300ms Image
image/svg+xml 3.39.16.32
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mabi.tar.to/assets/img/APS_white.svg
Requested by: Host: mabi.tar.to
URL: https://mabi.tar.to/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server: 3.39.16.32 Incheon, Korea, Republic Of, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-39-16-32.ap-northeast-2.compute.amazonaws.com
Software: nginx/1.14.0 (Ubuntu) /
Resource Hash: 6da9221553a746a764cd91b6ed0878ceb8e85bf266af63b4b2cd9265ff38ae82

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mabi.tar.to/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date: Sun, 19 Nov 2023 15:13:41 GMT
Last-Modified: Tue, 17 Dec 2019 13:16:27 GMT
Server: nginx/1.14.0 (Ubuntu)
ETag: "5df8d52b-1032"
Content-Type: image/svg+xml
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 4146

GET
H2 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ 153 KB
52 KB 158ms
83ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Requested by

Host: mabi.tar.to
URL: https://mabi.tar.to/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

4b53e40e08eed8b4c11151e3354e320fafa9629435373757d04e7c729d7b939d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mabi.tar.to/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Sun, 19 Nov 2023 15:13:41 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 52924
x-xss-protection: 0
server: cafe
etag: 8962033154387585631
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Sun, 19 Nov 2023 15:13:41 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 52 KB
21 KB 70ms
20ms Script
text/javascript 2001:4860:4802:34::178
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: mabi.tar.to
URL: https://mabi.tar.to/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2001:4860:4802:34::178 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mabi.tar.to/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Sun, 19 Nov 2023 13:19:54 GMT
last-modified: Mon, 12 Jun 2023 18:23:07 GMT
server: Golfe2
age: 6827
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20994
expires: Sun, 19 Nov 2023 15:19:54 GMT

GET
H/1.1 200
OK widgets.js Show response
platform.twitter.com/ 91 KB
28 KB 110ms
21ms Script
application/javascript 2606:2800:234:59:254c:406:2366:268c
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/widgets.js
Requested by: Host: mabi.tar.to
URL: https://mabi.tar.to/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (frb/67DF) /
Resource Hash: 9521629b75431599b69d208c8de1e08c4fc023401b118973cbb4abbc8189b182

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mabi.tar.to/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date: Sun, 19 Nov 2023 15:13:41 GMT
Content-Encoding: gzip
Age: 1175
x-amz-server-side-encryption: AES256
X-Cache: HIT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server-Timing: x-cache;desc= HIT,x-tw-cdn;desc=VZ
Content-Length: 27598
Last-Modified: Mon, 09 Oct 2023 20:29:49 GMT
Server: ECS (frb/67DF)
Etag: "391b7fdf0c468036f27102529636f0ca+gzip"
Access-Control-Max-Age: 3000
Access-Control-Allow-Methods: GET
Content-Type: application/javascript; charset=utf-8
Access-Control-Allow-Origin: *
x-tw-cdn: VZ
Cache-Control: public, max-age=1800
Vary: Accept-Encoding

GET
H2 200 DXI1ORHCpsQm3Vp6mXoaTZ1r3JsPcQLi8jytr04NNhU.woff
themes.googleusercontent.com/static/fonts/opensans/v8/ 58 KB
58 KB 100ms
22ms Font
font/woff 2a00:1450:4001:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://themes.googleusercontent.com/static/fonts/opensans/v8/DXI1ORHCpsQm3Vp6mXoaTZ1r3JsPcQLi8jytr04NNhU.woff

Requested by

Host: mabi.tar.to
URL: https://mabi.tar.to/assets/css/bootstrap.css?v=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

09fd48874849a3dfa4a496483dd50687a91062ed0f57c9f00d3b73a394f50337

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://mabi.tar.to/
Origin: https://mabi.tar.to
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Fri, 17 Nov 2023 22:13:35 GMT
x-content-type-options: nosniff
age: 147606
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 59284
x-xss-protection: 0
last-modified: Tue, 22 Oct 2019 18:15:00 GMT
server: sffe
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type: font/woff
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
expires: Sat, 16 Nov 2024 22:13:35 GMT

GET
H/1.1 200
OK Mabinogi_Classic.woff2
mabi.tar.to/assets/fonts/ 120 KB
121 KB 306ms
306ms Font
application/octet-stream 3.39.16.32
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://mabi.tar.to/assets/fonts/Mabinogi_Classic.woff2
Requested by: Host: mabi.tar.to
URL: https://mabi.tar.to/assets/css/custom.css?v=1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server: 3.39.16.32 Incheon, Korea, Republic Of, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-39-16-32.ap-northeast-2.compute.amazonaws.com
Software: nginx/1.14.0 (Ubuntu) /
Resource Hash: 7de35e5043b027a1b4ec0f9d1a5ab2e465093c3f7a937df62ded161466c6c049

Request headers

Referer: https://mabi.tar.to/assets/css/custom.css?v=1
Origin: https://mabi.tar.to
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date: Sun, 19 Nov 2023 15:13:41 GMT
Last-Modified: Thu, 16 Jun 2022 10:24:29 GMT
Server: nginx/1.14.0 (Ubuntu)
ETag: "62ab04dd-1e1f4"
Content-Type: application/octet-stream
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 123380

GET
H/1.1 200
OK metroSysIcons.woff
mabi.tar.to/assets/fonts/ 3 KB
4 KB 307ms
306ms Font
application/font-woff 3.39.16.32
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://mabi.tar.to/assets/fonts/metroSysIcons.woff
Requested by: Host: mabi.tar.to
URL: https://mabi.tar.to/assets/css/bootstrap.css?v=1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server: 3.39.16.32 Incheon, Korea, Republic Of, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-39-16-32.ap-northeast-2.compute.amazonaws.com
Software: nginx/1.14.0 (Ubuntu) /
Resource Hash: 3a34035b5dd2ef449631220bc173e53521d08c31255d19e946cc4463aa84ec2c

Request headers

Referer: https://mabi.tar.to/assets/css/bootstrap.css?v=1
Origin: https://mabi.tar.to
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date: Sun, 19 Nov 2023 15:13:41 GMT
Last-Modified: Wed, 24 Oct 2018 14:42:57 GMT
Server: nginx/1.14.0 (Ubuntu)
ETag: "5bd084f1-d2c"
Content-Type: application/font-woff
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 3372

GET
H2 200 show_ads_impl_with_ama_fy2021.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202311140101/ 397 KB
134 KB 92ms
91ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202311140101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-3088185226594785&plah=mabi.tar.to&bust=31079756

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

61fa1058f3030533d639903fb5877ac717723ab65c8dcb91583c1f741a093d7e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mabi.tar.to/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Sun, 19 Nov 2023 15:13:41 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 137295
x-xss-protection: 0
server: cafe
etag: 5993420857034375255
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Sun, 19 Nov 2023 15:13:41 GMT

GET
H2 200 zrt_lookup_fy2021.html Show response
googleads.g.doubleclick.net/pagead/html/r20231109/r20190131/ Frame 0195 9 KB
4 KB 73ms
19ms Document
text/html 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20231109/r20190131/zrt_lookup_fy2021.html

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

623c81b092a6116d4d60ff89b14803818efb0b9aebf6e4e2c50241e802f6e016

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://mabi.tar.to/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 62181
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4118
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sat, 18 Nov 2023 21:57:20 GMT
etag: 16674218716276178799
expires: Sat, 02 Dec 2023 21:57:20 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

POST
H2 200 collect Show response
www.google-analytics.com/j/ 15 B
218 B 29ms
28ms XHR
text/plain 2001:4860:4802:34::178
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j101&a=1518721436&t=pageview&_s=1&dl=https%3A%2F%2Fmabi.tar.to%2F&ul=en-us&de=UTF-8&dt=%ED%83%80%EB%A5%B4%ED%86%A0%EC%9D%98%20%EB%A7%88%EB%B9%84%EB%85%B8%EA%B8%B0%20AP%20%EC%8B%9C%EB%AE%AC%EB%A0%88%EC%9D%B4%ED%84%B0&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IGBAgAABAAAAACAAI~&jid=1981691980&gjid=714291440&cid=1121403278.1700406822&tid=UA-39740393-2&_gid=1446111362.1700406822&_slc=1&z=793204523

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2001:4860:4802:34::178 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

6a10aeb1d49bf113e429444dac318287da0ebf1a22dbba71ff2763d103cf004e

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://mabi.tar.to/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Sun, 19 Nov 2023 15:13:41 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://mabi.tar.to
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 1 B
343 B 84ms
27ms XHR
text/plain 2a00:1450:400c:c06::9d
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j101&tid=UA-39740393-2&cid=1121403278.1700406822&jid=1981691980&gjid=714291440&_gid=1446111362.1700406822&_u=IGBAgAABAAAAAGAAI~&z=95871922

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c06::9d Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://mabi.tar.to/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Sun, 19 Nov 2023 15:13:41 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://mabi.tar.to
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK widget_iframe.d37472b4a6622d0b1fff46ad904f6896.html Show response
platform.twitter.com/widgets/ Frame 4EE3 319 KB
104 KB 21ms
21ms Document
text/html 2606:2800:234:59:254c:406:2366:268c
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/widgets/widget_iframe.d37472b4a6622d0b1fff46ad904f6896.html?origin=https%3A%2F%2Fmabi.tar.to
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (frb/67DF) /
Resource Hash: 70c00445d6632039ed99af760731daf3bf60eb12061863ee61e2cd7276a54d18

Request headers

Referer: https://mabi.tar.to/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Access-Control-Allow-Methods: GET
Access-Control-Allow-Origin: *
Age: 3287430
Cache-Control: public, max-age=315360000
Content-Encoding: gzip
Content-Length: 105429
Content-Type: text/html; charset=utf-8
Date: Sun, 19 Nov 2023 15:13:41 GMT
Etag: "81267302efdfb3e4524a22631a8fc99e+gzip"
Last-Modified: Mon, 09 Oct 2023 20:29:18 GMT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server: ECS (frb/67DF)
Server-Timing: x-cache;desc= HIT,x-tw-cdn;desc=VZ
Vary: Accept-Encoding
X-Cache: HIT
x-amz-server-side-encryption: AES256
x-tw-cdn: VZ

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 230 KB
82 KB 99ms
50ms Script
application/javascript 2a00:1450:4001:830::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-P3XQGQESZS&cx=c&_slc=1

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

e1b1f24d8534e6caadaea97189e6389842c7037a55eff537fddf217c41b7a372

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mabi.tar.to/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Sun, 19 Nov 2023 15:13:41 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 83333
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Sun, 19 Nov 2023 15:13:41 GMT

GET
H2 200 settings Show response
syndication.twitter.com/ Frame 4EE3 869 B
657 B 195ms
134ms Fetch
application/json 104.244.42.136
TWITTER

General

Check archive.org

Show headers Download Go to

Full URL

https://syndication.twitter.com/settings?session_id=411fb75154840616a2831a73ac39d72318f6e232

Requested by

Host: platform.twitter.com
URL: https://platform.twitter.com/widgets/widget_iframe.d37472b4a6622d0b1fff46ad904f6896.html?origin=https%3A%2F%2Fmabi.tar.to

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.136 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

302da628a6afc3e93f1b86bf7c65e4d6536d8283d78266964822a76d1c645aa4

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://platform.twitter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

x-response-time: 111
date: Sun, 19 Nov 2023 15:13:41 GMT
content-encoding: gzip
strict-transport-security: max-age=631138519
last-modified: Sun, 19 Nov 2023 15:13:42 GMT
server: tsa_o
vary: Origin
content-type: application/json; charset=utf-8
access-control-allow-origin: https://platform.twitter.com
x-transaction-id: 57ae8ce9e000bf3c
cache-control: must-revalidate, max-age=600
access-control-allow-credentials: true
perf: 7626143928
x-connection-hash: c9ee0606bc05ad6ea88f6bef04f4ef651e23cd004a97ddfb8ecc1696a1697ee3
content-length: 337

GET
H2 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame C340 22 KB
10 KB 787ms
785ms Document
text/html 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3088185226594785&output=html&h=600&slotname=4244427159&adk=2845068819&adf=1795251393&pi=t.ma~as.4244427159&w=160&fwrn=4&fwrnh=100&lmt=1700406821&rafmt=1&format=160x600&url=https%3A%2F%2Fmabi.tar.to%2F&ea=0&fwr=0&rpe=1&resp_fmts=4&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1700406821692&bpp=4&bdt=1272&idt=265&shv=r20231109&mjsv=m202311140101&ptt=9&saldr=aa&abxe=1&correlator=575093355090&frm=20&pv=2&ga_vid=1121403278.1700406822&ga_sid=1700406822&ga_hid=1518721436&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=15&ady=115&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C31079759%2C42531706%2C44809316%2C31078297%2C31079756%2C44807763%2C44808148%2C44808285%2C44809056%2C318512602&oid=2&pvsid=2499941510308167&tmod=706454881&uas=0&nvt=1&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CfE%7C&abl=CF&pfx=0&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=1&uci=a!1&fsb=1&dtd=279

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202311140101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-3088185226594785&plah=mabi.tar.to&bust=31079756

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b65c814fd684fcacb9b1309b2310fbd22ced78eb7222ebbe1d717bb42f5b997f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://mabi.tar.to/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 10179
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sun, 19 Nov 2023 15:13:42 GMT
expires: Sun, 19 Nov 2023 15:13:42 GMT
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame ACDC 708 B
572 B 627ms
627ms Document
text/html 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3088185226594785&output=html&h=280&slotname=1302207157&adk=1673042071&adf=3132389021&pi=t.ma~as.1302207157&w=1200&fwrn=4&fwrnh=100&lmt=1700406821&rafmt=1&format=1200x280&url=https%3A%2F%2Fmabi.tar.to%2F&ea=0&fwr=0&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1700406821696&bpp=1&bdt=1275&idt=285&shv=r20231109&mjsv=m202311140101&ptt=9&saldr=aa&abxe=1&prev_fmts=160x600&correlator=575093355090&frm=20&pv=1&ga_vid=1121403278.1700406822&ga_sid=1700406822&ga_hid=1518721436&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=1387&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C31079759%2C42531706%2C44809316%2C31078297%2C31079756%2C44807763%2C44808148%2C44808285%2C44809056%2C318512602&oid=2&pvsid=2499941510308167&tmod=706454881&uas=0&nvt=1&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CEebr%7C&abl=CS&pfx=0&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&btvi=1&fsb=1&dtd=289

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e405af5cbe31bfd4a58d7c21a8bbdc78716079b462731874eba4be3452c55500

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://mabi.tar.to/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 351
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sun, 19 Nov 2023 15:13:42 GMT
expires: Sun, 19 Nov 2023 15:13:42 GMT
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame FC66 353 KB
92 KB 827ms
827ms Document
text/html 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3088185226594785&output=html&adk=1812271804&adf=3025194257&lmt=1700406821&plat=3%3A16%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C41%3A32%2C42%3A32&plas=212x1080_r&format=0x0&url=https%3A%2F%2Fmabi.tar.to%2F&ea=0&pra=7&wgl=1&easpi=0&asro=0&asiscm=1&aslmt=0.4&asamt=-1&asedf=0&asefa=1&aseiel=1~2&ascmds=1&aslcwct=150&asacwct=25&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1700406821735&bpp=2&bdt=1315&idt=253&shv=r20231109&mjsv=m202311140101&ptt=9&saldr=aa&abxe=1&prev_fmts=160x600%2C1200x280&nras=1&correlator=575093355090&frm=20&pv=1&ga_vid=1121403278.1700406822&ga_sid=1700406822&ga_hid=1518721436&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C31079759%2C42531706%2C44809316%2C31078297%2C31079756%2C44807763%2C44808148%2C44808285%2C44809056%2C318512602&oid=2&pvsid=2499941510308167&tmod=706454881&uas=0&nvt=1&fsapi=1&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=3&uci=a!3&fsb=1&dtd=262

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ea4e8a9250124a721a0eaeac04d0d9bbb6ef45678f7cff3d143e5072f9c485c4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://mabi.tar.to/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 94259
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sun, 19 Nov 2023 15:13:42 GMT
expires: Sun, 19 Nov 2023 15:13:42 GMT
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

POST
H2 204 collect
region1.google-analytics.com/g/ 0
242 B 80ms
28ms Ping
text/plain 2001:4860:4802:32::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.google-analytics.com/g/collect?v=2&tid=G-P3XQGQESZS&gtm=45je3b81v9134549140&_p=1700406821834&gcd=11l1l1l1l2&dma_cps=sypham&dma=1&ul=en-us&sr=1600x1200&cid=1121403278.1700406822&ir=1&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_eu=EBAI&_s=1&dl=https%3A%2F%2Fmabi.tar.to%2F&dt=%ED%83%80%EB%A5%B4%ED%86%A0%EC%9D%98%20%EB%A7%88%EB%B9%84%EB%85%B8%EA%B8%B0%20AP%20%EC%8B%9C%EB%AE%AC%EB%A0%88%EC%9D%B4%ED%84%B0&sid=1700406822&sct=1&seg=0&en=page_view&_fv=1&_ss=1&_ee=1&tfd=3175
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-P3XQGQESZS&cx=c&_slc=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mabi.tar.to/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 19 Nov 2023 15:13:42 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://mabi.tar.to
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK timeline.adfe2c2389e3901ab04fe5f4755ea3e6.js Show response
platform.twitter.com/js/ 8 KB
4 KB 24ms
24ms Script
application/javascript 2606:2800:234:59:254c:406:2366:268c
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/js/timeline.adfe2c2389e3901ab04fe5f4755ea3e6.js
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (frb/67DF) /
Resource Hash: 48c7db6d839d307798dae0e5f6a9b6b7a8c534575f6e587131fbeef6343bcec6

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mabi.tar.to/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date: Sun, 19 Nov 2023 15:13:42 GMT
Content-Encoding: gzip
Age: 3523270
x-amz-server-side-encryption: AES256
X-Cache: HIT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server-Timing: x-cache;desc= HIT,x-tw-cdn;desc=VZ
Content-Length: 2964
Last-Modified: Mon, 09 Oct 2023 20:29:15 GMT
Server: ECS (frb/67DF)
Etag: "d16435c9f33af1915656b8c5daa47152+gzip"
Vary: Accept-Encoding
Access-Control-Allow-Methods: GET
Content-Type: application/javascript; charset=utf-8
Access-Control-Allow-Origin: *
x-tw-cdn: VZ
Cache-Control: public, max-age=315360000

GET
H2 200 mabiapsimulator Show response
syndication.twitter.com/srv/timeline-profile/screen-name/ Frame 5353 5 KB
2 KB 185ms
184ms Document
text/html 104.244.42.136
TWITTER

General

Check archive.org

Show headers Download Go to

Full URL

https://syndication.twitter.com/srv/timeline-profile/screen-name/mabiapsimulator?dnt=false&embedId=twitter-widget-0&features=eyJ0ZndfdGltZWxpbmVfbGlzdCI6eyJidWNrZXQiOltdLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X2ZvbGxvd2VyX2NvdW50X3N1bnNldCI6eyJidWNrZXQiOnRydWUsInZlcnNpb24iOm51bGx9LCJ0ZndfdHdlZXRfZWRpdF9iYWNrZW5kIjp7ImJ1Y2tldCI6Im9uIiwidmVyc2lvbiI6bnVsbH0sInRmd19yZWZzcmNfc2Vzc2lvbiI6eyJidWNrZXQiOiJvbiIsInZlcnNpb24iOm51bGx9LCJ0ZndfZm9zbnJfc29mdF9pbnRlcnZlbnRpb25zX2VuYWJsZWQiOnsiYnVja2V0Ijoib24iLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X21peGVkX21lZGlhXzE1ODk3Ijp7ImJ1Y2tldCI6InRyZWF0bWVudCIsInZlcnNpb24iOm51bGx9LCJ0ZndfZXhwZXJpbWVudHNfY29va2llX2V4cGlyYXRpb24iOnsiYnVja2V0IjoxMjA5NjAwLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X3Nob3dfYmlyZHdhdGNoX3Bpdm90c19lbmFibGVkIjp7ImJ1Y2tldCI6Im9uIiwidmVyc2lvbiI6bnVsbH0sInRmd19kdXBsaWNhdGVfc2NyaWJlc190b19zZXR0aW5ncyI6eyJidWNrZXQiOiJvbiIsInZlcnNpb24iOm51bGx9LCJ0ZndfdXNlX3Byb2ZpbGVfaW1hZ2Vfc2hhcGVfZW5hYmxlZCI6eyJidWNrZXQiOiJvbiIsInZlcnNpb24iOm51bGx9LCJ0ZndfdmlkZW9faGxzX2R5bmFtaWNfbWFuaWZlc3RzXzE1MDgyIjp7ImJ1Y2tldCI6InRydWVfYml0cmF0ZSIsInZlcnNpb24iOm51bGx9LCJ0ZndfbGVnYWN5X3RpbWVsaW5lX3N1bnNldCI6eyJidWNrZXQiOnRydWUsInZlcnNpb24iOm51bGx9LCJ0ZndfdHdlZXRfZWRpdF9mcm9udGVuZCI6eyJidWNrZXQiOiJvbiIsInZlcnNpb24iOm51bGx9fQ%3D%3D&frame=false&hideBorder=false&hideFooter=false&hideHeader=false&hideScrollBar=false&lang=en&maxHeight=600px&origin=https%3A%2F%2Fmabi.tar.to%2F&sessionId=411fb75154840616a2831a73ac39d72318f6e232&showHeader=true&showReplies=false&transparent=false&widgetsVersion=01917f4d1d4cb%3A1696883169554

Requested by

Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.136 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

051ebaf329ea5e0d5ef169fed5eabd73e197ac1d5a721a2328db871517546ce1

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Xss-Protection	0

Request headers

Referer: https://mabi.tar.to/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: must-revalidate, max-age=60
content-encoding: gzip
content-length: 1827
content-type: text/html; charset=utf-8
date: Sun, 19 Nov 2023 15:13:42 GMT
etag: "148c-6s40Z/W6EzPajBSY+/EG2V//7XA"
perf: 7626143928
server: tsa_o
strict-transport-security: max-age=631138519
x-connection-hash: c9ee0606bc05ad6ea88f6bef04f4ef651e23cd004a97ddfb8ecc1696a1697ee3
x-response-time: 162
x-transaction-id: b17128a8c1b3772c
x-xss-protection: 0

GET
H/1.1 200
OK runtime-a697c5a1ae32bd7e4d42.js Show response
platform.twitter.com/_next/static/chunks/ Frame 5353 4 KB
3 KB 25ms
23ms Script
application/javascript 2606:2800:234:59:254c:406:2366:268c
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/_next/static/chunks/runtime-a697c5a1ae32bd7e4d42.js
Requested by: Host: syndication.twitter.com
URL: https://syndication.twitter.com/srv/timeline-profile/screen-name/mabiapsimulator?dnt=false&embedId=twitter-widget-0&features=eyJ0ZndfdGltZWxpbmVfbGlzdCI6eyJidWNrZXQiOltdLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X2ZvbGxvd2VyX2NvdW50X3N1bnNldCI6eyJidWNrZXQiOnRydWUsInZlcnNpb24iOm51bGx9LCJ0ZndfdHdlZXRfZWRpdF9iYWNrZW5kIjp7ImJ1Y2tldCI6Im9uIiwidmVyc2lvbiI6bnVsbH0sInRmd19yZWZzcmNfc2Vzc2lvbiI6eyJidWNrZXQiOiJvbiIsInZlcnNpb24iOm51bGx9LCJ0ZndfZm9zbnJfc29mdF9pbnRlcnZlbnRpb25zX2VuYWJsZWQiOnsiYnVja2V0Ijoib24iLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X21peGVkX21lZGlhXzE1ODk3Ijp7ImJ1Y2tldCI6InRyZWF0bWVudCIsInZlcnNpb24iOm51bGx9LCJ0ZndfZXhwZXJpbWVudHNfY29va2llX2V4cGlyYXRpb24iOnsiYnVja2V0IjoxMjA5NjAwLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X3Nob3dfYmlyZHdhdGNoX3Bpdm90c19lbmFibGVkIjp7ImJ1Y2tldCI6Im9uIiwidmVyc2lvbiI6bnVsbH0sInRmd19kdXBsaWNhdGVfc2NyaWJlc190b19zZXR0aW5ncyI6eyJidWNrZXQiOiJvbiIsInZlcnNpb24iOm51bGx9LCJ0ZndfdXNlX3Byb2ZpbGVfaW1hZ2Vfc2hhcGVfZW5hYmxlZCI6eyJidWNrZXQiOiJvbiIsInZlcnNpb24iOm51bGx9LCJ0ZndfdmlkZW9faGxzX2R5bmFtaWNfbWFuaWZlc3RzXzE1MDgyIjp7ImJ1Y2tldCI6InRydWVfYml0cmF0ZSIsInZlcnNpb24iOm51bGx9LCJ0ZndfbGVnYWN5X3RpbWVsaW5lX3N1bnNldCI6eyJidWNrZXQiOnRydWUsInZlcnNpb24iOm51bGx9LCJ0ZndfdHdlZXRfZWRpdF9mcm9udGVuZCI6eyJidWNrZXQiOiJvbiIsInZlcnNpb24iOm51bGx9fQ%3D%3D&frame=false&hideBorder=false&hideFooter=false&hideHeader=false&hideScrollBar=false&lang=en&maxHeight=600px&origin=https%3A%2F%2Fmabi.tar.to%2F&sessionId=411fb75154840616a2831a73ac39d72318f6e232&showHeader=true&showReplies=false&transparent=false&widgetsVersion=01917f4d1d4cb%3A1696883169554
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (frb/675D) /
Resource Hash: d709d1a1a12f372cbd746fb29638bbbe4e88a256998da13c8c859a7fd6a29f6c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://syndication.twitter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date: Sun, 19 Nov 2023 15:13:42 GMT
Content-Encoding: gzip
Age: 3523270
x-amz-server-side-encryption: AES256
X-Cache: HIT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server-Timing: x-cache;desc= HIT,x-tw-cdn;desc=VZ
Content-Length: 2232
Last-Modified: Wed, 13 Sep 2023 20:30:36 GMT
Server: ECS (frb/675D)
Etag: "4e8885e68df79c40c3a7aeda8d14bb81+gzip"
Vary: Accept-Encoding
Access-Control-Allow-Methods: GET
Content-Type: application/javascript; charset=utf-8
Access-Control-Allow-Origin: *
x-tw-cdn: VZ
Cache-Control: public, max-age=315360000

GET
H/1.1 200
OK modules.20f98d7498a59035a762.js Show response
platform.twitter.com/_next/static/chunks/ Frame 5353 286 KB
94 KB 47ms
21ms Script
application/javascript 2606:2800:234:59:254c:406:2366:268c
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/_next/static/chunks/modules.20f98d7498a59035a762.js
Requested by: Host: syndication.twitter.com
URL: https://syndication.twitter.com/srv/timeline-profile/screen-name/mabiapsimulator?dnt=false&embedId=twitter-widget-0&features=eyJ0ZndfdGltZWxpbmVfbGlzdCI6eyJidWNrZXQiOltdLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X2ZvbGxvd2VyX2NvdW50X3N1bnNldCI6eyJidWNrZXQiOnRydWUsInZlcnNpb24iOm51bGx9LCJ0ZndfdHdlZXRfZWRpdF9iYWNrZW5kIjp7ImJ1Y2tldCI6Im9uIiwidmVyc2lvbiI6bnVsbH0sInRmd19yZWZzcmNfc2Vzc2lvbiI6eyJidWNrZXQiOiJvbiIsInZlcnNpb24iOm51bGx9LCJ0ZndfZm9zbnJfc29mdF9pbnRlcnZlbnRpb25zX2VuYWJsZWQiOnsiYnVja2V0Ijoib24iLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X21peGVkX21lZGlhXzE1ODk3Ijp7ImJ1Y2tldCI6InRyZWF0bWVudCIsInZlcnNpb24iOm51bGx9LCJ0ZndfZXhwZXJpbWVudHNfY29va2llX2V4cGlyYXRpb24iOnsiYnVja2V0IjoxMjA5NjAwLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X3Nob3dfYmlyZHdhdGNoX3Bpdm90c19lbmFibGVkIjp7ImJ1Y2tldCI6Im9uIiwidmVyc2lvbiI6bnVsbH0sInRmd19kdXBsaWNhdGVfc2NyaWJlc190b19zZXR0aW5ncyI6eyJidWNrZXQiOiJvbiIsInZlcnNpb24iOm51bGx9LCJ0ZndfdXNlX3Byb2ZpbGVfaW1hZ2Vfc2hhcGVfZW5hYmxlZCI6eyJidWNrZXQiOiJvbiIsInZlcnNpb24iOm51bGx9LCJ0ZndfdmlkZW9faGxzX2R5bmFtaWNfbWFuaWZlc3RzXzE1MDgyIjp7ImJ1Y2tldCI6InRydWVfYml0cmF0ZSIsInZlcnNpb24iOm51bGx9LCJ0ZndfbGVnYWN5X3RpbWVsaW5lX3N1bnNldCI6eyJidWNrZXQiOnRydWUsInZlcnNpb24iOm51bGx9LCJ0ZndfdHdlZXRfZWRpdF9mcm9udGVuZCI6eyJidWNrZXQiOiJvbiIsInZlcnNpb24iOm51bGx9fQ%3D%3D&frame=false&hideBorder=false&hideFooter=false&hideHeader=false&hideScrollBar=false&lang=en&maxHeight=600px&origin=https%3A%2F%2Fmabi.tar.to%2F&sessionId=411fb75154840616a2831a73ac39d72318f6e232&showHeader=true&showReplies=false&transparent=false&widgetsVersion=01917f4d1d4cb%3A1696883169554
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (frb/6727) /
Resource Hash: 9013a9ca40a672ee35978b117e54d8b342cb591e8951f599a2b6dfef9d9fa723

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://syndication.twitter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date: Sun, 19 Nov 2023 15:13:42 GMT
Content-Encoding: gzip
Age: 3523270
x-amz-server-side-encryption: AES256
X-Cache: HIT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server-Timing: x-cache;desc= HIT,x-tw-cdn;desc=VZ
Content-Length: 95842
Last-Modified: Wed, 13 Sep 2023 20:30:36 GMT
Server: ECS (frb/6727)
Etag: "1c54378254eefb52fea75b3c31dfe51d+gzip"
Vary: Accept-Encoding
Access-Control-Allow-Methods: GET
Content-Type: application/javascript; charset=utf-8
Access-Control-Allow-Origin: *
x-tw-cdn: VZ
Cache-Control: public, max-age=315360000

GET
H/1.1 200
OK main-fd9ef5eb169057cda26d.js Show response
platform.twitter.com/_next/static/chunks/ Frame 5353 90 B
684 B 125ms
21ms Script
application/javascript 2606:2800:234:59:254c:406:2366:268c
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/_next/static/chunks/main-fd9ef5eb169057cda26d.js
Requested by: Host: syndication.twitter.com
URL: https://syndication.twitter.com/srv/timeline-profile/screen-name/mabiapsimulator?dnt=false&embedId=twitter-widget-0&features=eyJ0ZndfdGltZWxpbmVfbGlzdCI6eyJidWNrZXQiOltdLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X2ZvbGxvd2VyX2NvdW50X3N1bnNldCI6eyJidWNrZXQiOnRydWUsInZlcnNpb24iOm51bGx9LCJ0ZndfdHdlZXRfZWRpdF9iYWNrZW5kIjp7ImJ1Y2tldCI6Im9uIiwidmVyc2lvbiI6bnVsbH0sInRmd19yZWZzcmNfc2Vzc2lvbiI6eyJidWNrZXQiOiJvbiIsInZlcnNpb24iOm51bGx9LCJ0ZndfZm9zbnJfc29mdF9pbnRlcnZlbnRpb25zX2VuYWJsZWQiOnsiYnVja2V0Ijoib24iLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X21peGVkX21lZGlhXzE1ODk3Ijp7ImJ1Y2tldCI6InRyZWF0bWVudCIsInZlcnNpb24iOm51bGx9LCJ0ZndfZXhwZXJpbWVudHNfY29va2llX2V4cGlyYXRpb24iOnsiYnVja2V0IjoxMjA5NjAwLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X3Nob3dfYmlyZHdhdGNoX3Bpdm90c19lbmFibGVkIjp7ImJ1Y2tldCI6Im9uIiwidmVyc2lvbiI6bnVsbH0sInRmd19kdXBsaWNhdGVfc2NyaWJlc190b19zZXR0aW5ncyI6eyJidWNrZXQiOiJvbiIsInZlcnNpb24iOm51bGx9LCJ0ZndfdXNlX3Byb2ZpbGVfaW1hZ2Vfc2hhcGVfZW5hYmxlZCI6eyJidWNrZXQiOiJvbiIsInZlcnNpb24iOm51bGx9LCJ0ZndfdmlkZW9faGxzX2R5bmFtaWNfbWFuaWZlc3RzXzE1MDgyIjp7ImJ1Y2tldCI6InRydWVfYml0cmF0ZSIsInZlcnNpb24iOm51bGx9LCJ0ZndfbGVnYWN5X3RpbWVsaW5lX3N1bnNldCI6eyJidWNrZXQiOnRydWUsInZlcnNpb24iOm51bGx9LCJ0ZndfdHdlZXRfZWRpdF9mcm9udGVuZCI6eyJidWNrZXQiOiJvbiIsInZlcnNpb24iOm51bGx9fQ%3D%3D&frame=false&hideBorder=false&hideFooter=false&hideHeader=false&hideScrollBar=false&lang=en&maxHeight=600px&origin=https%3A%2F%2Fmabi.tar.to%2F&sessionId=411fb75154840616a2831a73ac39d72318f6e232&showHeader=true&showReplies=false&transparent=false&widgetsVersion=01917f4d1d4cb%3A1696883169554
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (frb/6796) /
Resource Hash: eefd62bfe6d0ad2f3f2b7bddb8f2c46d7c8b6ed4897e3f9309968a58dc078753

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://syndication.twitter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date: Sun, 19 Nov 2023 15:13:42 GMT
Age: 3523271
x-amz-server-side-encryption: AES256
X-Cache: HIT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server-Timing: x-cache;desc= HIT,x-tw-cdn;desc=VZ
Content-Length: 90
Last-Modified: Wed, 13 Sep 2023 20:30:36 GMT
Server: ECS (frb/6796)
Etag: "1d1fa0644a94523711b2bb99a8d652bc"
Access-Control-Allow-Methods: GET
Content-Type: application/javascript; charset=utf-8
Access-Control-Allow-Origin: *
x-tw-cdn: VZ
Cache-Control: public, max-age=315360000
Accept-Ranges: bytes

GET
H/1.1 200
OK _app-88bf420a57d49e33be53.js Show response
platform.twitter.com/_next/static/chunks/pages/ Frame 5353 1 KB
1 KB 128ms
20ms Script
application/javascript 2606:2800:234:59:254c:406:2366:268c
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/_next/static/chunks/pages/_app-88bf420a57d49e33be53.js
Requested by: Host: syndication.twitter.com
URL: https://syndication.twitter.com/srv/timeline-profile/screen-name/mabiapsimulator?dnt=false&embedId=twitter-widget-0&features=eyJ0ZndfdGltZWxpbmVfbGlzdCI6eyJidWNrZXQiOltdLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X2ZvbGxvd2VyX2NvdW50X3N1bnNldCI6eyJidWNrZXQiOnRydWUsInZlcnNpb24iOm51bGx9LCJ0ZndfdHdlZXRfZWRpdF9iYWNrZW5kIjp7ImJ1Y2tldCI6Im9uIiwidmVyc2lvbiI6bnVsbH0sInRmd19yZWZzcmNfc2Vzc2lvbiI6eyJidWNrZXQiOiJvbiIsInZlcnNpb24iOm51bGx9LCJ0ZndfZm9zbnJfc29mdF9pbnRlcnZlbnRpb25zX2VuYWJsZWQiOnsiYnVja2V0Ijoib24iLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X21peGVkX21lZGlhXzE1ODk3Ijp7ImJ1Y2tldCI6InRyZWF0bWVudCIsInZlcnNpb24iOm51bGx9LCJ0ZndfZXhwZXJpbWVudHNfY29va2llX2V4cGlyYXRpb24iOnsiYnVja2V0IjoxMjA5NjAwLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X3Nob3dfYmlyZHdhdGNoX3Bpdm90c19lbmFibGVkIjp7ImJ1Y2tldCI6Im9uIiwidmVyc2lvbiI6bnVsbH0sInRmd19kdXBsaWNhdGVfc2NyaWJlc190b19zZXR0aW5ncyI6eyJidWNrZXQiOiJvbiIsInZlcnNpb24iOm51bGx9LCJ0ZndfdXNlX3Byb2ZpbGVfaW1hZ2Vfc2hhcGVfZW5hYmxlZCI6eyJidWNrZXQiOiJvbiIsInZlcnNpb24iOm51bGx9LCJ0ZndfdmlkZW9faGxzX2R5bmFtaWNfbWFuaWZlc3RzXzE1MDgyIjp7ImJ1Y2tldCI6InRydWVfYml0cmF0ZSIsInZlcnNpb24iOm51bGx9LCJ0ZndfbGVnYWN5X3RpbWVsaW5lX3N1bnNldCI6eyJidWNrZXQiOnRydWUsInZlcnNpb24iOm51bGx9LCJ0ZndfdHdlZXRfZWRpdF9mcm9udGVuZCI6eyJidWNrZXQiOiJvbiIsInZlcnNpb24iOm51bGx9fQ%3D%3D&frame=false&hideBorder=false&hideFooter=false&hideHeader=false&hideScrollBar=false&lang=en&maxHeight=600px&origin=https%3A%2F%2Fmabi.tar.to%2F&sessionId=411fb75154840616a2831a73ac39d72318f6e232&showHeader=true&showReplies=false&transparent=false&widgetsVersion=01917f4d1d4cb%3A1696883169554
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (frb/6752) /
Resource Hash: 729cfa84928e7a87a4a4551df25c1406da86af8f0ebd2f579460546d11722326

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://syndication.twitter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date: Sun, 19 Nov 2023 15:13:42 GMT
Content-Encoding: gzip
Age: 3523270
x-amz-server-side-encryption: AES256
X-Cache: HIT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server-Timing: x-cache;desc= HIT,x-tw-cdn;desc=VZ
Content-Length: 668
Last-Modified: Wed, 13 Sep 2023 20:30:36 GMT
Server: ECS (frb/6752)
Etag: "2856f57c62c238a564ef576bbc50ca4a+gzip"
Vary: Accept-Encoding
Access-Control-Allow-Methods: GET
Content-Type: application/javascript; charset=utf-8
Access-Control-Allow-Origin: *
x-tw-cdn: VZ
Cache-Control: public, max-age=315360000

GET
H/1.1 200
OK %5BscreenName%5D-c33f0b02841cffc3e9b4.js Show response
platform.twitter.com/_next/static/chunks/pages/timeline-profile/screen-name/ Frame 5353 13 KB
2 KB 129ms
21ms Script
application/javascript 2606:2800:234:59:254c:406:2366:268c
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/_next/static/chunks/pages/timeline-profile/screen-name/%5BscreenName%5D-c33f0b02841cffc3e9b4.js
Requested by: Host: syndication.twitter.com
URL: https://syndication.twitter.com/srv/timeline-profile/screen-name/mabiapsimulator?dnt=false&embedId=twitter-widget-0&features=eyJ0ZndfdGltZWxpbmVfbGlzdCI6eyJidWNrZXQiOltdLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X2ZvbGxvd2VyX2NvdW50X3N1bnNldCI6eyJidWNrZXQiOnRydWUsInZlcnNpb24iOm51bGx9LCJ0ZndfdHdlZXRfZWRpdF9iYWNrZW5kIjp7ImJ1Y2tldCI6Im9uIiwidmVyc2lvbiI6bnVsbH0sInRmd19yZWZzcmNfc2Vzc2lvbiI6eyJidWNrZXQiOiJvbiIsInZlcnNpb24iOm51bGx9LCJ0ZndfZm9zbnJfc29mdF9pbnRlcnZlbnRpb25zX2VuYWJsZWQiOnsiYnVja2V0Ijoib24iLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X21peGVkX21lZGlhXzE1ODk3Ijp7ImJ1Y2tldCI6InRyZWF0bWVudCIsInZlcnNpb24iOm51bGx9LCJ0ZndfZXhwZXJpbWVudHNfY29va2llX2V4cGlyYXRpb24iOnsiYnVja2V0IjoxMjA5NjAwLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X3Nob3dfYmlyZHdhdGNoX3Bpdm90c19lbmFibGVkIjp7ImJ1Y2tldCI6Im9uIiwidmVyc2lvbiI6bnVsbH0sInRmd19kdXBsaWNhdGVfc2NyaWJlc190b19zZXR0aW5ncyI6eyJidWNrZXQiOiJvbiIsInZlcnNpb24iOm51bGx9LCJ0ZndfdXNlX3Byb2ZpbGVfaW1hZ2Vfc2hhcGVfZW5hYmxlZCI6eyJidWNrZXQiOiJvbiIsInZlcnNpb24iOm51bGx9LCJ0ZndfdmlkZW9faGxzX2R5bmFtaWNfbWFuaWZlc3RzXzE1MDgyIjp7ImJ1Y2tldCI6InRydWVfYml0cmF0ZSIsInZlcnNpb24iOm51bGx9LCJ0ZndfbGVnYWN5X3RpbWVsaW5lX3N1bnNldCI6eyJidWNrZXQiOnRydWUsInZlcnNpb24iOm51bGx9LCJ0ZndfdHdlZXRfZWRpdF9mcm9udGVuZCI6eyJidWNrZXQiOiJvbiIsInZlcnNpb24iOm51bGx9fQ%3D%3D&frame=false&hideBorder=false&hideFooter=false&hideHeader=false&hideScrollBar=false&lang=en&maxHeight=600px&origin=https%3A%2F%2Fmabi.tar.to%2F&sessionId=411fb75154840616a2831a73ac39d72318f6e232&showHeader=true&showReplies=false&transparent=false&widgetsVersion=01917f4d1d4cb%3A1696883169554
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (frb/67D4) /
Resource Hash: bd18e405cbfb6fb5c27224b38e792c8b6542d9b7eae37aa5883808b69392dcef

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://syndication.twitter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date: Sun, 19 Nov 2023 15:13:42 GMT
Content-Encoding: gzip
Age: 3523270
x-amz-server-side-encryption: AES256
X-Cache: HIT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server-Timing: x-cache;desc= HIT,x-tw-cdn;desc=VZ
Content-Length: 1290
Last-Modified: Wed, 13 Sep 2023 20:30:36 GMT
Server: ECS (frb/67D4)
Etag: "e78034c651c8a81b2acd83dc7e7ad407+gzip"
Vary: Accept-Encoding
Access-Control-Allow-Methods: GET
Content-Type: application/javascript; charset=utf-8
Access-Control-Allow-Origin: *
x-tw-cdn: VZ
Cache-Control: public, max-age=315360000

GET
H/1.1 200
OK _buildManifest.js Show response
platform.twitter.com/_next/static/pc7SXdI2p34p0Y95uXWdA/ Frame 5353 1 KB
1 KB 129ms
20ms Script
application/javascript 2606:2800:234:59:254c:406:2366:268c
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/_next/static/pc7SXdI2p34p0Y95uXWdA/_buildManifest.js
Requested by: Host: syndication.twitter.com
URL: https://syndication.twitter.com/srv/timeline-profile/screen-name/mabiapsimulator?dnt=false&embedId=twitter-widget-0&features=eyJ0ZndfdGltZWxpbmVfbGlzdCI6eyJidWNrZXQiOltdLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X2ZvbGxvd2VyX2NvdW50X3N1bnNldCI6eyJidWNrZXQiOnRydWUsInZlcnNpb24iOm51bGx9LCJ0ZndfdHdlZXRfZWRpdF9iYWNrZW5kIjp7ImJ1Y2tldCI6Im9uIiwidmVyc2lvbiI6bnVsbH0sInRmd19yZWZzcmNfc2Vzc2lvbiI6eyJidWNrZXQiOiJvbiIsInZlcnNpb24iOm51bGx9LCJ0ZndfZm9zbnJfc29mdF9pbnRlcnZlbnRpb25zX2VuYWJsZWQiOnsiYnVja2V0Ijoib24iLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X21peGVkX21lZGlhXzE1ODk3Ijp7ImJ1Y2tldCI6InRyZWF0bWVudCIsInZlcnNpb24iOm51bGx9LCJ0ZndfZXhwZXJpbWVudHNfY29va2llX2V4cGlyYXRpb24iOnsiYnVja2V0IjoxMjA5NjAwLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X3Nob3dfYmlyZHdhdGNoX3Bpdm90c19lbmFibGVkIjp7ImJ1Y2tldCI6Im9uIiwidmVyc2lvbiI6bnVsbH0sInRmd19kdXBsaWNhdGVfc2NyaWJlc190b19zZXR0aW5ncyI6eyJidWNrZXQiOiJvbiIsInZlcnNpb24iOm51bGx9LCJ0ZndfdXNlX3Byb2ZpbGVfaW1hZ2Vfc2hhcGVfZW5hYmxlZCI6eyJidWNrZXQiOiJvbiIsInZlcnNpb24iOm51bGx9LCJ0ZndfdmlkZW9faGxzX2R5bmFtaWNfbWFuaWZlc3RzXzE1MDgyIjp7ImJ1Y2tldCI6InRydWVfYml0cmF0ZSIsInZlcnNpb24iOm51bGx9LCJ0ZndfbGVnYWN5X3RpbWVsaW5lX3N1bnNldCI6eyJidWNrZXQiOnRydWUsInZlcnNpb24iOm51bGx9LCJ0ZndfdHdlZXRfZWRpdF9mcm9udGVuZCI6eyJidWNrZXQiOiJvbiIsInZlcnNpb24iOm51bGx9fQ%3D%3D&frame=false&hideBorder=false&hideFooter=false&hideHeader=false&hideScrollBar=false&lang=en&maxHeight=600px&origin=https%3A%2F%2Fmabi.tar.to%2F&sessionId=411fb75154840616a2831a73ac39d72318f6e232&showHeader=true&showReplies=false&transparent=false&widgetsVersion=01917f4d1d4cb%3A1696883169554
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (frb/668B) /
Resource Hash: 7a4a63c52bdfab0ab459b1b77dad4a4ce4e1f7dfdfdba0b2013ba32f0690e15f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://syndication.twitter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date: Sun, 19 Nov 2023 15:13:42 GMT
Content-Encoding: gzip
Age: 3523270
x-amz-server-side-encryption: AES256
X-Cache: HIT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server-Timing: x-cache;desc= HIT,x-tw-cdn;desc=VZ
Content-Length: 451
Last-Modified: Wed, 13 Sep 2023 20:30:36 GMT
Server: ECS (frb/668B)
Etag: "bd9a3afe8a64146469f036be13628170+gzip"
Vary: Accept-Encoding
Access-Control-Allow-Methods: GET
Content-Type: application/javascript; charset=utf-8
Access-Control-Allow-Origin: *
x-tw-cdn: VZ
Cache-Control: public, max-age=315360000

GET
H/1.1 200
OK _ssgManifest.js Show response
platform.twitter.com/_next/static/pc7SXdI2p34p0Y95uXWdA/ Frame 5353 76 B
670 B 111ms
25ms Script
application/javascript 2606:2800:234:59:254c:406:2366:268c
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/_next/static/pc7SXdI2p34p0Y95uXWdA/_ssgManifest.js
Requested by: Host: syndication.twitter.com
URL: https://syndication.twitter.com/srv/timeline-profile/screen-name/mabiapsimulator?dnt=false&embedId=twitter-widget-0&features=eyJ0ZndfdGltZWxpbmVfbGlzdCI6eyJidWNrZXQiOltdLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X2ZvbGxvd2VyX2NvdW50X3N1bnNldCI6eyJidWNrZXQiOnRydWUsInZlcnNpb24iOm51bGx9LCJ0ZndfdHdlZXRfZWRpdF9iYWNrZW5kIjp7ImJ1Y2tldCI6Im9uIiwidmVyc2lvbiI6bnVsbH0sInRmd19yZWZzcmNfc2Vzc2lvbiI6eyJidWNrZXQiOiJvbiIsInZlcnNpb24iOm51bGx9LCJ0ZndfZm9zbnJfc29mdF9pbnRlcnZlbnRpb25zX2VuYWJsZWQiOnsiYnVja2V0Ijoib24iLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X21peGVkX21lZGlhXzE1ODk3Ijp7ImJ1Y2tldCI6InRyZWF0bWVudCIsInZlcnNpb24iOm51bGx9LCJ0ZndfZXhwZXJpbWVudHNfY29va2llX2V4cGlyYXRpb24iOnsiYnVja2V0IjoxMjA5NjAwLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X3Nob3dfYmlyZHdhdGNoX3Bpdm90c19lbmFibGVkIjp7ImJ1Y2tldCI6Im9uIiwidmVyc2lvbiI6bnVsbH0sInRmd19kdXBsaWNhdGVfc2NyaWJlc190b19zZXR0aW5ncyI6eyJidWNrZXQiOiJvbiIsInZlcnNpb24iOm51bGx9LCJ0ZndfdXNlX3Byb2ZpbGVfaW1hZ2Vfc2hhcGVfZW5hYmxlZCI6eyJidWNrZXQiOiJvbiIsInZlcnNpb24iOm51bGx9LCJ0ZndfdmlkZW9faGxzX2R5bmFtaWNfbWFuaWZlc3RzXzE1MDgyIjp7ImJ1Y2tldCI6InRydWVfYml0cmF0ZSIsInZlcnNpb24iOm51bGx9LCJ0ZndfbGVnYWN5X3RpbWVsaW5lX3N1bnNldCI6eyJidWNrZXQiOnRydWUsInZlcnNpb24iOm51bGx9LCJ0ZndfdHdlZXRfZWRpdF9mcm9udGVuZCI6eyJidWNrZXQiOiJvbiIsInZlcnNpb24iOm51bGx9fQ%3D%3D&frame=false&hideBorder=false&hideFooter=false&hideHeader=false&hideScrollBar=false&lang=en&maxHeight=600px&origin=https%3A%2F%2Fmabi.tar.to%2F&sessionId=411fb75154840616a2831a73ac39d72318f6e232&showHeader=true&showReplies=false&transparent=false&widgetsVersion=01917f4d1d4cb%3A1696883169554
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (frb/6760) /
Resource Hash: 653f3e53e89b4f8548ff86c19e92bb3c6b84b6be7485a320b1e00893ed877479

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://syndication.twitter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date: Sun, 19 Nov 2023 15:13:42 GMT
Age: 3523271
x-amz-server-side-encryption: AES256
X-Cache: HIT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server-Timing: x-cache;desc= HIT,x-tw-cdn;desc=VZ
Content-Length: 76
Last-Modified: Wed, 13 Sep 2023 20:30:36 GMT
Server: ECS (frb/6760)
Etag: "abee47769bf307639ace4945f9cfd4ff"
Access-Control-Allow-Methods: GET
Content-Type: application/javascript; charset=utf-8
Access-Control-Allow-Origin: *
x-tw-cdn: VZ
Cache-Control: public, max-age=315360000
Accept-Ranges: bytes

GET
H/1.1 200
OK 2.691622e4391d1973cb65.js Show response
platform.twitter.com/_next/static/chunks/ Frame 5353 23 KB
8 KB 22ms
22ms Script
application/javascript 2606:2800:234:59:254c:406:2366:268c
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/_next/static/chunks/2.691622e4391d1973cb65.js
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/_next/static/chunks/runtime-a697c5a1ae32bd7e4d42.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (frb/669E) /
Resource Hash: 2adcd0a627dee2ac4ab782a00745d7678e374dc4625ddf673a88121977d77c67

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://syndication.twitter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date: Sun, 19 Nov 2023 15:13:42 GMT
Content-Encoding: gzip
Age: 3523270
x-amz-server-side-encryption: AES256
X-Cache: HIT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server-Timing: x-cache;desc= HIT,x-tw-cdn;desc=VZ
Content-Length: 7674
Last-Modified: Wed, 13 Sep 2023 20:30:36 GMT
Server: ECS (frb/669E)
Etag: "942b5b928a24465d1906b4716131d896+gzip"
Vary: Accept-Encoding
Access-Control-Allow-Methods: GET
Content-Type: application/javascript; charset=utf-8
Access-Control-Allow-Origin: *
x-tw-cdn: VZ
Cache-Control: public, max-age=315360000

GET
H/1.1 200
OK 16.f331e94703acc65738d5.js Show response
platform.twitter.com/_next/static/chunks/ Frame 5353 38 KB
12 KB 21ms
21ms Script
application/javascript 2606:2800:234:59:254c:406:2366:268c
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/_next/static/chunks/16.f331e94703acc65738d5.js
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/_next/static/chunks/runtime-a697c5a1ae32bd7e4d42.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (frb/67BE) /
Resource Hash: 3effab7013cf9a1b25fc76975f042ec2caef2a7726c8de4c3de934f3de4d4adc

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://syndication.twitter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date: Sun, 19 Nov 2023 15:13:42 GMT
Content-Encoding: gzip
Age: 3523271
x-amz-server-side-encryption: AES256
X-Cache: HIT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server-Timing: x-cache;desc= HIT,x-tw-cdn;desc=VZ
Content-Length: 12161
Last-Modified: Wed, 13 Sep 2023 20:30:36 GMT
Server: ECS (frb/67BE)
Etag: "5c87233703fee60cd3de98c5812d90de+gzip"
Vary: Accept-Encoding
Access-Control-Allow-Methods: GET
Content-Type: application/javascript; charset=utf-8
Access-Control-Allow-Origin: *
x-tw-cdn: VZ
Cache-Control: public, max-age=315360000

GET
H/1.1 200
OK 0.9098e7e4385bbbc1cefe.js Show response
platform.twitter.com/_next/static/chunks/ Frame 5353 246 KB
77 KB 25ms
24ms Script
application/javascript 2606:2800:234:59:254c:406:2366:268c
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/_next/static/chunks/0.9098e7e4385bbbc1cefe.js
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/_next/static/chunks/runtime-a697c5a1ae32bd7e4d42.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (frb/6712) /
Resource Hash: 5a8495469faaa41a4ffd046646ab9ac451effad6b9609eb870c758ae138a4dd9

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://syndication.twitter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date: Sun, 19 Nov 2023 15:13:42 GMT
Content-Encoding: gzip
Age: 3523270
x-amz-server-side-encryption: AES256
X-Cache: HIT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server-Timing: x-cache;desc= HIT,x-tw-cdn;desc=VZ
Content-Length: 77945
Last-Modified: Wed, 13 Sep 2023 20:30:36 GMT
Server: ECS (frb/6712)
Etag: "7d7fd30a3c04f91bb6e42719e657c333+gzip"
Vary: Accept-Encoding
Access-Control-Allow-Methods: GET
Content-Type: application/javascript; charset=utf-8
Access-Control-Allow-Origin: *
x-tw-cdn: VZ
Cache-Control: public, max-age=315360000

GET
H/1.1 200
OK 4.1579d566fe7ef23f99dd.js Show response
platform.twitter.com/_next/static/chunks/ Frame 5353 234 KB
63 KB 32ms
31ms Script
application/javascript 2606:2800:234:59:254c:406:2366:268c
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/_next/static/chunks/4.1579d566fe7ef23f99dd.js
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/_next/static/chunks/runtime-a697c5a1ae32bd7e4d42.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (frb/67D5) /
Resource Hash: 9562e67b97f96f4f008179b61f9fcc006620c32307cec3ad9fe2e6d0b58378e3

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://syndication.twitter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date: Sun, 19 Nov 2023 15:13:42 GMT
Content-Encoding: gzip
Age: 3523270
x-amz-server-side-encryption: AES256
X-Cache: HIT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server-Timing: x-cache;desc= HIT,x-tw-cdn;desc=VZ
Content-Length: 63766
Last-Modified: Wed, 13 Sep 2023 20:30:36 GMT
Server: ECS (frb/67D5)
Etag: "b19ad66a33044952a2778e4e1de5b11f+gzip"
Vary: Accept-Encoding
Access-Control-Allow-Methods: GET
Content-Type: application/javascript; charset=utf-8
Access-Control-Allow-Origin: *
x-tw-cdn: VZ
Cache-Control: public, max-age=315360000

GET
H/1.1 200
OK 1.2a1457a8c568f1533384.js Show response
platform.twitter.com/_next/static/chunks/ Frame 5353 163 KB
49 KB 23ms
22ms Script
application/javascript 2606:2800:234:59:254c:406:2366:268c
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/_next/static/chunks/1.2a1457a8c568f1533384.js
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/_next/static/chunks/runtime-a697c5a1ae32bd7e4d42.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (frb/6711) /
Resource Hash: 6e4c7f45987f5b5e2e4a0addcd924e736312fd3b2c42f7bcd41feb242fcf721e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://syndication.twitter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date: Sun, 19 Nov 2023 15:13:42 GMT
Content-Encoding: gzip
Age: 3523270
x-amz-server-side-encryption: AES256
X-Cache: HIT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server-Timing: x-cache;desc= HIT,x-tw-cdn;desc=VZ
Content-Length: 49719
Last-Modified: Wed, 13 Sep 2023 20:30:36 GMT
Server: ECS (frb/6711)
Etag: "207cde851cb385975ed7fa54f14a46d9+gzip"
Vary: Accept-Encoding
Access-Control-Allow-Methods: GET
Content-Type: application/javascript; charset=utf-8
Access-Control-Allow-Origin: *
x-tw-cdn: VZ
Cache-Control: public, max-age=315360000

GET
H/1.1 200
OK 3.623849758c2a16a878a7.js Show response
platform.twitter.com/_next/static/chunks/ Frame 5353 654 KB
161 KB 21ms
20ms Script
application/javascript 2606:2800:234:59:254c:406:2366:268c
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/_next/static/chunks/3.623849758c2a16a878a7.js
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/_next/static/chunks/runtime-a697c5a1ae32bd7e4d42.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (frb/67C1) /
Resource Hash: a66da3004ab7904cb4abc086d932fde6720e5db5ae6acc974e48fa3b16d69ab0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://syndication.twitter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date: Sun, 19 Nov 2023 15:13:42 GMT
Content-Encoding: gzip
Age: 3523270
x-amz-server-side-encryption: AES256
X-Cache: HIT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server-Timing: x-cache;desc= HIT,x-tw-cdn;desc=VZ
Content-Length: 164147
Last-Modified: Wed, 13 Sep 2023 20:30:36 GMT
Server: ECS (frb/67C1)
Etag: "618712ac658424673c59e506a6c7d1d8+gzip"
Vary: Accept-Encoding
Access-Control-Allow-Methods: GET
Content-Type: application/javascript; charset=utf-8
Access-Control-Allow-Origin: *
x-tw-cdn: VZ
Cache-Control: public, max-age=315360000

GET
H/1.1 200
OK 6.902e7a204f7eea980629.js Show response
platform.twitter.com/_next/static/chunks/ Frame 5353 2 KB
2 KB 24ms
23ms Script
application/javascript 2606:2800:234:59:254c:406:2366:268c
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/_next/static/chunks/6.902e7a204f7eea980629.js
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/_next/static/chunks/runtime-a697c5a1ae32bd7e4d42.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (frb/674C) /
Resource Hash: 713a5085778002ac882de664c065bc7a55a26c6091d12c39a038bac7b70dcf45

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://syndication.twitter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date: Sun, 19 Nov 2023 15:13:42 GMT
Content-Encoding: gzip
Age: 3523270
x-amz-server-side-encryption: AES256
X-Cache: HIT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server-Timing: x-cache;desc= HIT,x-tw-cdn;desc=VZ
Content-Length: 1276
Last-Modified: Wed, 13 Sep 2023 20:30:36 GMT
Server: ECS (frb/674C)
Etag: "0e9ca787dfdcbf5ffeb7df678ec8f6df+gzip"
Vary: Accept-Encoding
Access-Control-Allow-Methods: GET
Content-Type: application/javascript; charset=utf-8
Access-Control-Allow-Origin: *
x-tw-cdn: VZ
Cache-Control: public, max-age=315360000

GET
H/1.1 200
OK ondemand.Dropdown.0890ced0fe3b29a4c947.js Show response
platform.twitter.com/_next/static/chunks/ Frame 5353 7 KB
3 KB 35ms
34ms Script
application/javascript 2606:2800:234:59:254c:406:2366:268c
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/_next/static/chunks/ondemand.Dropdown.0890ced0fe3b29a4c947.js
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/_next/static/chunks/runtime-a697c5a1ae32bd7e4d42.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (frb/67DF) /
Resource Hash: 1c0486acafe63a074adbd08ecc9cad99ee106f3701e2b93c2a75533774f7faba

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://syndication.twitter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date: Sun, 19 Nov 2023 15:13:42 GMT
Content-Encoding: gzip
Age: 3523271
x-amz-server-side-encryption: AES256
X-Cache: HIT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server-Timing: x-cache;desc= HIT,x-tw-cdn;desc=VZ
Content-Length: 2822
Last-Modified: Wed, 13 Sep 2023 20:30:36 GMT
Server: ECS (frb/67DF)
Etag: "ee85bb78f0eb1080fd5fc8c4d4cddbb8+gzip"
Vary: Accept-Encoding
Access-Control-Allow-Methods: GET
Content-Type: application/javascript; charset=utf-8
Access-Control-Allow-Origin: *
x-tw-cdn: VZ
Cache-Control: public, max-age=315360000

GET
H2 200 jot
syndication.twitter.com/i/ Frame 5353 43 B
104 B 128ms
127ms Image
image/gif 104.244.42.136
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://syndication.twitter.com/i/jot?l=%7B%22_category_%22%3A%22tfw_client_event%22%2C%22triggered_on%22%3A1700406822756%2C%22event_namespace%22%3A%7B%22action%22%3A%22no-results%22%2C%22client%22%3A%22tfw%22%2C%22page%22%3A%22timeline-profile%22%2C%22section%22%3A%22main%22%7D%2C%22context%22%3A%22horizon%22%2C%22client_version%22%3A%2201917f4d1d4cb%3A1696883169554%22%2C%22dnt%22%3Afalse%2C%22widget_id%22%3A%22twitter-widget-0%22%2C%22widget_origin%22%3A%22https%3A%2F%2Fmabi.tar.to%2F%22%2C%22widget_frame%22%3A%22false%22%2C%22widget_partner%22%3A%22%22%2C%22widget_site_screen_name%22%3A%22%22%2C%22widget_site_user_id%22%3A%22%22%2C%22widget_creator_screen_name%22%3A%22%22%2C%22widget_creator_user_id%22%3A%22%22%2C%22widget_iframe_version%22%3A%22d2b21d1%3A1693532938118%22%2C%22widget_data_source%22%3A%22screen-name%3Amabiapsimulator%22%7D&session_id=411fb75154840616a2831a73ac39d72318f6e232

Requested by

Host: syndication.twitter.com
URL: https://syndication.twitter.com/srv/timeline-profile/screen-name/mabiapsimulator?dnt=false&embedId=twitter-widget-0&features=eyJ0ZndfdGltZWxpbmVfbGlzdCI6eyJidWNrZXQiOltdLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X2ZvbGxvd2VyX2NvdW50X3N1bnNldCI6eyJidWNrZXQiOnRydWUsInZlcnNpb24iOm51bGx9LCJ0ZndfdHdlZXRfZWRpdF9iYWNrZW5kIjp7ImJ1Y2tldCI6Im9uIiwidmVyc2lvbiI6bnVsbH0sInRmd19yZWZzcmNfc2Vzc2lvbiI6eyJidWNrZXQiOiJvbiIsInZlcnNpb24iOm51bGx9LCJ0ZndfZm9zbnJfc29mdF9pbnRlcnZlbnRpb25zX2VuYWJsZWQiOnsiYnVja2V0Ijoib24iLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X21peGVkX21lZGlhXzE1ODk3Ijp7ImJ1Y2tldCI6InRyZWF0bWVudCIsInZlcnNpb24iOm51bGx9LCJ0ZndfZXhwZXJpbWVudHNfY29va2llX2V4cGlyYXRpb24iOnsiYnVja2V0IjoxMjA5NjAwLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X3Nob3dfYmlyZHdhdGNoX3Bpdm90c19lbmFibGVkIjp7ImJ1Y2tldCI6Im9uIiwidmVyc2lvbiI6bnVsbH0sInRmd19kdXBsaWNhdGVfc2NyaWJlc190b19zZXR0aW5ncyI6eyJidWNrZXQiOiJvbiIsInZlcnNpb24iOm51bGx9LCJ0ZndfdXNlX3Byb2ZpbGVfaW1hZ2Vfc2hhcGVfZW5hYmxlZCI6eyJidWNrZXQiOiJvbiIsInZlcnNpb24iOm51bGx9LCJ0ZndfdmlkZW9faGxzX2R5bmFtaWNfbWFuaWZlc3RzXzE1MDgyIjp7ImJ1Y2tldCI6InRydWVfYml0cmF0ZSIsInZlcnNpb24iOm51bGx9LCJ0ZndfbGVnYWN5X3RpbWVsaW5lX3N1bnNldCI6eyJidWNrZXQiOnRydWUsInZlcnNpb24iOm51bGx9LCJ0ZndfdHdlZXRfZWRpdF9mcm9udGVuZCI6eyJidWNrZXQiOiJvbiIsInZlcnNpb24iOm51bGx9fQ%3D%3D&frame=false&hideBorder=false&hideFooter=false&hideHeader=false&hideScrollBar=false&lang=en&maxHeight=600px&origin=https%3A%2F%2Fmabi.tar.to%2F&sessionId=411fb75154840616a2831a73ac39d72318f6e232&showHeader=true&showReplies=false&transparent=false&widgetsVersion=01917f4d1d4cb%3A1696883169554

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.136 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://syndication.twitter.com/srv/timeline-profile/screen-name/mabiapsimulator?dnt=false&embedId=twitter-widget-0&features=eyJ0ZndfdGltZWxpbmVfbGlzdCI6eyJidWNrZXQiOltdLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X2ZvbGxvd2VyX2NvdW50X3N1bnNldCI6eyJidWNrZXQiOnRydWUsInZlcnNpb24iOm51bGx9LCJ0ZndfdHdlZXRfZWRpdF9iYWNrZW5kIjp7ImJ1Y2tldCI6Im9uIiwidmVyc2lvbiI6bnVsbH0sInRmd19yZWZzcmNfc2Vzc2lvbiI6eyJidWNrZXQiOiJvbiIsInZlcnNpb24iOm51bGx9LCJ0ZndfZm9zbnJfc29mdF9pbnRlcnZlbnRpb25zX2VuYWJsZWQiOnsiYnVja2V0Ijoib24iLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X21peGVkX21lZGlhXzE1ODk3Ijp7ImJ1Y2tldCI6InRyZWF0bWVudCIsInZlcnNpb24iOm51bGx9LCJ0ZndfZXhwZXJpbWVudHNfY29va2llX2V4cGlyYXRpb24iOnsiYnVja2V0IjoxMjA5NjAwLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X3Nob3dfYmlyZHdhdGNoX3Bpdm90c19lbmFibGVkIjp7ImJ1Y2tldCI6Im9uIiwidmVyc2lvbiI6bnVsbH0sInRmd19kdXBsaWNhdGVfc2NyaWJlc190b19zZXR0aW5ncyI6eyJidWNrZXQiOiJvbiIsInZlcnNpb24iOm51bGx9LCJ0ZndfdXNlX3Byb2ZpbGVfaW1hZ2Vfc2hhcGVfZW5hYmxlZCI6eyJidWNrZXQiOiJvbiIsInZlcnNpb24iOm51bGx9LCJ0ZndfdmlkZW9faGxzX2R5bmFtaWNfbWFuaWZlc3RzXzE1MDgyIjp7ImJ1Y2tldCI6InRydWVfYml0cmF0ZSIsInZlcnNpb24iOm51bGx9LCJ0ZndfbGVnYWN5X3RpbWVsaW5lX3N1bnNldCI6eyJidWNrZXQiOnRydWUsInZlcnNpb24iOm51bGx9LCJ0ZndfdHdlZXRfZWRpdF9mcm9udGVuZCI6eyJidWNrZXQiOiJvbiIsInZlcnNpb24iOm51bGx9fQ%3D%3D&frame=false&hideBorder=false&hideFooter=false&hideHeader=false&hideScrollBar=false&lang=en&maxHeight=600px&origin=https%3A%2F%2Fmabi.tar.to%2F&sessionId=411fb75154840616a2831a73ac39d72318f6e232&showHeader=true&showReplies=false&transparent=false&widgetsVersion=01917f4d1d4cb%3A1696883169554
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

x-response-time: 105
date: Sun, 19 Nov 2023 15:13:41 GMT
strict-transport-security: max-age=631138519
last-modified: Sun, 19 Nov 2023 15:13:42 GMT
server: tsa_o
vary: Origin
content-type: image/gif
x-transaction-id: 3b6576dea686020f
cache-control: must-revalidate, max-age=600
perf: 7626143928
x-connection-hash: c9ee0606bc05ad6ea88f6bef04f4ef651e23cd004a97ddfb8ecc1696a1697ee3
content-length: 43

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame C340 42 B
63 B 55ms
54ms Image
image/gif 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-BaL_Z3MZn9aMJjGpqSOkBNZRDyCu3kqmHC59LO-ZwsWYHsT809PwXjEv1CmwdW53WYjOBMjbzaywNSXo4COSkdMy5leV8lgoRhwYlRHyNpCZrAL38

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3088185226594785&output=html&h=600&slotname=4244427159&adk=2845068819&adf=1795251393&pi=t.ma~as.4244427159&w=160&fwrn=4&fwrnh=100&lmt=1700406821&rafmt=1&format=160x600&url=https%3A%2F%2Fmabi.tar.to%2F&ea=0&fwr=0&rpe=1&resp_fmts=4&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1700406821692&bpp=4&bdt=1272&idt=265&shv=r20231109&mjsv=m202311140101&ptt=9&saldr=aa&abxe=1&correlator=575093355090&frm=20&pv=2&ga_vid=1121403278.1700406822&ga_sid=1700406822&ga_hid=1518721436&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=15&ady=115&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C31079759%2C42531706%2C44809316%2C31078297%2C31079756%2C44807763%2C44808148%2C44808285%2C44809056%2C318512602&oid=2&pvsid=2499941510308167&tmod=706454881&uas=0&nvt=1&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CfE%7C&abl=CF&pfx=0&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=1&uci=a!1&fsb=1&dtd=279

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 19 Nov 2023 15:13:42 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame C340 0
20 B 56ms
55ms Image
image/gif 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=fetch&cor=14835039067406345848&x=1&ct=76

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 19 Nov 2023 15:13:42 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 dv3.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame C340 92 KB
32 KB 76ms
75ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/dv3.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

1f40994eab15b92af5183f9acf338e0354771054c65024e0aa679b6506f9eb87

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Sun, 19 Nov 2023 15:13:42 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 32789
x-xss-protection: 0
server: cafe
etag: 17194431578830737671
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=600
timing-allow-origin: *
expires: Sun, 19 Nov 2023 15:13:42 GMT

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/ Frame C340 3 KB
1 KB 73ms
23ms Script
text/javascript 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/window_focus_fy2021.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Sun, 19 Nov 2023 10:19:40 GMT
content-encoding: br
x-content-type-options: nosniff
age: 17642
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 03 Dec 2023 10:19:40 GMT

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/ Frame C340 20 KB
9 KB 88ms
21ms Script
text/javascript 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/qs_click_protection_fy2021.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3c30eaaa059a466037880c18c01c2fe94183d8e67eaab42061d4d2a180114658

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Sat, 18 Nov 2023 23:16:58 GMT
content-encoding: br
x-content-type-options: nosniff
age: 57404
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8541
x-xss-protection: 0
server: cafe
etag: 737174102934380276
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 02 Dec 2023 23:16:58 GMT

GET
H2 200 ufs_web_display.js Show response
www.googletagservices.com/activeview/js/current/ Frame C340 202 KB
64 KB 185ms
120ms Script
text/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d00881661ce5e766ce98430f69d6d217ab80bdfa98811e039afc92a327d57a68

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Sun, 19 Nov 2023 15:13:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 65070
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1700193896630564"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 19 Nov 2023 15:13:42 GMT

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 1086 624 B
246 B 62ms
61ms Document
text/html 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CNKOMxDkyTkY6vrNxQEwAQ&v=APEucNXmCTHwG4FcgdC6OG1UeIaceGiKWwDJydV65-w3QLWGXppd-nwnoX5pXG9C9PSsN3ekNKAvkNV7dmo1109fFn_s9CsXPZspt72nGHY1KiAA5xH1xtzsqPWr0nyrv3jixqAL8cDUAI8rbxRLdZleGkhKw-aY7FxjtJoslTXW3x4RYr8e0p0

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3088185226594785&output=html&h=600&slotname=4244427159&adk=2845068819&adf=1795251393&pi=t.ma~as.4244427159&w=160&fwrn=4&fwrnh=100&lmt=1700406821&rafmt=1&format=160x600&url=https%3A%2F%2Fmabi.tar.to%2F&ea=0&fwr=0&rpe=1&resp_fmts=4&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1700406821692&bpp=4&bdt=1272&idt=265&shv=r20231109&mjsv=m202311140101&ptt=9&saldr=aa&abxe=1&correlator=575093355090&frm=20&pv=2&ga_vid=1121403278.1700406822&ga_sid=1700406822&ga_hid=1518721436&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=15&ady=115&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C31079759%2C42531706%2C44809316%2C31078297%2C31079756%2C44807763%2C44808148%2C44808285%2C44809056%2C318512602&oid=2&pvsid=2499941510308167&tmod=706454881&uas=0&nvt=1&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CfE%7C&abl=CF&pfx=0&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=1&uci=a!1&fsb=1&dtd=279
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 222
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sun, 19 Nov 2023 15:13:42 GMT
expires: Sun, 19 Nov 2023 15:13:42 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2

200

rum
dsum-sec.casalemedia.com/ Frame 1086
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEKAdcv33jFdYnM8V4boETPQ&google_cver=1

43 B
560 B

36ms
35ms

Image
image/gif

172.64.151.101
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEKAdcv33jFdYnM8V4boETPQ&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CNKOMxDkyTkY6vrNxQEwAQ&v=APEucNXmCTHwG4FcgdC6OG1UeIaceGiKWwDJydV65-w3QLWGXppd-nwnoX5pXG9C9PSsN3ekNKAvkNV7dmo1109fFn_s9CsXPZspt72nGHY1KiAA5xH1xtzsqPWr0nyrv3jixqAL8cDUAI8rbxRLdZleGkhKw-aY7FxjtJoslTXW3x4RYr8e0p0
Protocol: H2
Server: 172.64.151.101 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 19 Nov 2023 15:13:43 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=H9AQurIGMj6RAwvsyY2cZEShT2AGTsbHCl%2BYO2y5VRYfHrkYnSxbaN9wMppCROfBVyDnK20fbQh4dS3GsTp7pT6qXvuVPaRxAfonG4X8w%2Bbcq%2FhgqxwSXynVF37hpoARanymLTNmKhkH1A%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type: image/gif
cache-control: no-cache
cf-ray: 82896613a9f76ae1-FRA
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Sun, 19 Nov 2023 15:13:42 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEKAdcv33jFdYnM8V4boETPQ&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

rum
dsum-sec.casalemedia.com/ Frame 1086
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZVomJnpqD6mHfM4IhJ5tHAAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEKAdcv33jFdYnM8V4boETPQ&google_cver=1

43 B
770 B

46ms
45ms

Image
image/gif

172.64.151.101
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEKAdcv33jFdYnM8V4boETPQ&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CNKOMxDkyTkY6vrNxQEwAQ&v=APEucNXmCTHwG4FcgdC6OG1UeIaceGiKWwDJydV65-w3QLWGXppd-nwnoX5pXG9C9PSsN3ekNKAvkNV7dmo1109fFn_s9CsXPZspt72nGHY1KiAA5xH1xtzsqPWr0nyrv3jixqAL8cDUAI8rbxRLdZleGkhKw-aY7FxjtJoslTXW3x4RYr8e0p0
Protocol: H3
Server: 172.64.151.101 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 19 Nov 2023 15:13:43 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wE4GB2dpX1hOGWkyxujG2SL7v77q8RyW63kSLzfnYXBeIoV4mCBy66MAa%2BSpt0rKBfiOrPYfdWynBw4jgLMMc19mW3hWSsVUY8%2Fn8iiivmGN43YTIv6TwQgNlQwyA1j32Q6hH%2F2BB5c2Rw%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type: image/gif
cache-control: no-cache
cf-ray: 828966143a1030ed-FRA
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Sun, 19 Nov 2023 15:13:43 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEKAdcv33jFdYnM8V4boETPQ&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

bounce
ib.adnxs.com/ Frame 1086
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEBL1eLTV3GTvU6MhWqjGExs&google_cver=1
https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESEBL1eLTV3GTvU6MhWqjGExs%26google_cver%3D1

43 B
894 B

27ms
27ms

Image
image/gif

37.252.171.85
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESEBL1eLTV3GTvU6MhWqjGExs%26google_cver%3D1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CNKOMxDkyTkY6vrNxQEwAQ&v=APEucNXmCTHwG4FcgdC6OG1UeIaceGiKWwDJydV65-w3QLWGXppd-nwnoX5pXG9C9PSsN3ekNKAvkNV7dmo1109fFn_s9CsXPZspt72nGHY1KiAA5xH1xtzsqPWr0nyrv3jixqAL8cDUAI8rbxRLdZleGkhKw-aY7FxjtJoslTXW3x4RYr8e0p0

Protocol

Server

37.252.171.85 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

1006.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.23.4 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 19 Nov 2023 15:13:43 GMT
an-x-request-uuid: e5d2ea5d-546d-43a7-8a9c-b4aac0bf8f5c
server: nginx/1.23.4
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: image/gif
access-control-allow-origin: *
cache-control: no-store, no-cache, private
access-control-allow-credentials: true
x-proxy-origin: 217.114.218.28; 217.114.218.28; 1006.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
content-length: 43
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Sun, 19 Nov 2023 15:13:43 GMT
an-x-request-uuid: ecdb6288-9226-43b9-9611-230c5766a000
server: nginx/1.23.4
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: text/html; charset=utf-8
location: https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESEBL1eLTV3GTvU6MhWqjGExs%26google_cver%3D1
cache-control: no-store, no-cache, private
x-proxy-origin: 217.114.218.28; 217.114.218.28; 1006.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
content-length: 0
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2

200

pixel
cm.g.doubleclick.net/ Frame 1086
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MTE1MjY5MDQyNjcwMDI4NjMyMw%3D%3D

170 B
244 B

32ms
32ms

Image
image/png

142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MTE1MjY5MDQyNjcwMDI4NjMyMw%3D%3D

Requested by

Protocol

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 19 Nov 2023 15:13:43 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Sun, 19 Nov 2023 15:13:43 GMT
an-x-request-uuid: 69280678-461d-48e5-88d5-27afe46269a6
server: nginx/1.23.4
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: text/html; charset=utf-8
access-control-allow-origin: *
cache-control: no-store, no-cache, private
access-control-allow-credentials: true
location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MTE1MjY5MDQyNjcwMDI4NjMyMw%3D%3D
x-proxy-origin: 217.114.218.28; 217.114.218.28; 1006.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
content-length: 0
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3 200 reactive_library_fy2021.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202311140101/ 160 KB
55 KB 78ms
77ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202311140101/reactive_library_fy2021.js?bust=31079756

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ee8b40ba4a1d4d83b9e9bcf65098832c470409ec955a868ba8809652d5df140e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mabi.tar.to/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Sun, 19 Nov 2023 15:13:42 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 55853
x-xss-protection: 0
server: cafe
etag: 695492426184849129
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=1209600
timing-allow-origin: *
expires: Sun, 19 Nov 2023 15:13:42 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame C340 0
20 B 54ms
54ms Ping
image/gif 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=running&ord=1958167221208&version=m202311060101

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 19 Nov 2023 15:13:42 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame C340 0
20 B 56ms
56ms Ping
image/gif 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tlbr&ord=1958167221208&version=m202311060101&ct=76&x=1&cor=14835039067406346000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 19 Nov 2023 15:13:42 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame C340 106 KB
41 KB 71ms
70ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-CVswg1zOqIzyk0_8EUmTcubINHs_DP6q4-xf6sOdJop--2TdAWQC_h7xWrIDfVREyoqptj2kTIF3nxFiqWJWoXb6ou2GImBkN6GeKz-LzfTq0BdunFxXlfsVdSN8hy-cntDyVS3TAgWmHjU6NxGrLMt16tXTH-D3kIo8-tjD0rgSmsVJ4&dbm_d=AKAmf-BXT110JZopC41qsF954tJF_b_5wCa8x9p-N6AHrjo8AF-_XyoycikLx-cFG4-4LJzDfd3dQHfQQQyqrjl7ze12mPSiawsqGkj3LXwbtF-sm_QwCNE_fxohnW2VKShAMMb9CZ3RSbkvJIqCd8YFhXs3valpwBcncbRaqjZ4vd--z1xeaP8goM6BH9ur2Dvz0RqKm8fK5kOJe13Y-dtbEegmSxp4Lhhz-RAo7UNu0BVBicCOQNysa55HFGakanamkjakXAOLwW_lMHRAgUgxAdEOEoXgalbHxlAHlIgMsyO8VXz18HwWtFV-S1UwfGS8e-f3LezJaeoD_QIbKU1u4nCBx5FsOXoWEB4m-_V0JpN48Vm86FSk_F7X8-LV0oRth4wQ7liwgBJLE2L4FKZuJgnA2k3n1t4lVtvnLpAqtHh6TvCKpauHXnTYdiFdqk9c-bC5-eJZxQhhWMqfc-bRGEsghNNbYh2wB6Fuh5iWw3gsOmlII36VIRSQqxxyj9e1vWJl2o2nnuJYylKzT6MUZB4OUWOl_CNu7FXMyxsATLV0hg1LkGcy9gHBN3nVR8MW3C3O6F3YJgzamtzU0E6adhKP9c2pjfZxlFCS40Ce7vN_vFMzHadR-wvGeK5ZheNK4DFDacI6XYVt_udHBlkyPTneJPP35T2n0f8S9DeTbuUvGr4cwGoimZ9JGcUXPW-r4MhslwiQ-trRCzreu5QEv0EZfaNMaB02jALl6xc5AGdvj534i4Joi9iKxG37iYvybCtO2fsUst6Q-aCd4dT9S7rh7BLlpua5CCTN6S8GuCzMcmBeBSjEs_rYS8dOoPnHw4yLIXXlsmjj12BI44-QJnnJLA1Z0lZzIND2J9G_-VZWLYK-dJewDATWltANgWtWZBT5Ll2WEPeDZ_mlVOQnI-iEvS6C88iJshTcKcjjsQZG9Lb41DX3wBDLoGFov0kpSiuJyZzVg2Tj9U9Vkl2J2o1zFWENiDWlgi_uFMrKgcXRiRBNyV1lA0Q5nEkwUll9s_DYxlpmUha41gnRbL3DWorOGxntswtHzjJq-N6x7IJcwhFHfPQshPkkjnm2Tk6U5kPN_mZqVrGDz41rB5wrFeusOENbUlAey3OP5w1yMSNCTr-cAjzTa6671AOPDcZfIJpukriKGXf6k8yqyJS79LVt09XFpPCntNTaIZhId5IwwCAhxX3q718IbEsPCn8SxkjEjX9k0Eo46wZfjbElansZF3UAiwqiv24-XT2K0nD_AtA-XG0WKhdOpEn23ykhcYRFVSuLhnyIRYG4_m4mznyzONFPlnDx1uEtqH_uVVEzIKOT02DLiKPm26yoPcU_SrTkBJnmVDXKeaQ7OFgVBEuA2VjN9QU9eetx7Yf5LEDAzn3V_AGTzXx0zZn3PiIaUQOkwJx00WjCAkvVlyyOdjhswG5qzF1F5kNNO-7air9I7Qf9gNsEJHamVqIzTbImomEPFCvtRy0inpdzyU5pGMWGIJfkocKL3s1jMinDZsB4jzCTCTM5zg-lHpkUs6ZjzSLZm3YxsrWKbVDVjRC4HtiEw5Z0Dj-fnZevoSYXGwOexIxSOnRb-f0oCmgD_cDKCYamQI4plLFjvETUUZjFgjsTtBPPoFy2e4II0WjZvWy66THwyLjfarZmxb9_IuZdpUmWduzoHbkytCNqGMkJRo4APmBctl9H0KQuNBfKxwW1b9YCKg0FGCB2AeUjUzEYG5c2lM7mwJ2ljvxYsK-NikKJCiZQWzDgnMB_weZ4JC9zacMDbsrCFnhfTHXwx-bM5f5rwIynQzRMgyifWboVpyprCuw3Kpz_TbIjuiXAqmLtMAb-fqyHO-G8C0CTkCV3Abx2BFDutx8wBNfCvLzIW4V6H3tz3s0wQOy6HPSmaNdCNw8Apa7l6E8pConM_qh-49uA6rETaYr-69onvGmvYQLDnoTboN7Ju3ZepBGX1w6UPjzha7yiyVZ882ouAXUeYC9M_iHo5ZXe7f4l9Ri9NQXcJHMCGEfSq0jWEg5-skDXK1rZiRI1cSv5i43FPnu4AtZO3bt-s_6XjCeZpSLo-xtrmY1-DD3D0lU3eFRq8-qsa1ndEPqdrRWWCLBtutOIVZqFUPG-uiTgl7SknSE_kkvZaCfEK6WANWrbWAMBmmgYYTE_Sz3CgTxPQNr5EdyGWsDkc6UjeqADSUy6sBHz0g37zK5h7P8_trwHEr-lHBocuHMQyzOqC1Zt14Ye1S0AtwUw8F-gyDKsnYyR6h95eJQKZijqLeqz4vinfEn7_tAeDhyaNYvaLiS6JoWYlqX_SKsnINEnPhHAQ68W4qbLgsr-oErsKdWSDIDGtTnO21_63-nWoh_55oFEPbiAEEKUfvfw-Ay6JPuUeM1aAnq3W6ERC7XYZvRV9dSG_SRk_pJuRKVWoXQ0j_0QfrZwaSAILEVu2q1tKhGSpSf6p57yA4wg--B16MgWyPG5jC_OcDrp2l6IcIKCRTexLB5222GMsaGFJiIbb28zcXqBkaPwheyahgQx0ntoUUrMz6vQrVI1dhPLO82pRpBdDBGHc_dgyES01uFkF30ZaDgHQzHZJnErejDLhC7PfOolWDUprK1cAU6_SGfKBcxvzrybkAftyc1PK0b6x4d7Xbo-gv4dQy07P5FILnmpCvDc_VNAXHfZ7M4hhPjKf3vj2juZwynpXZIo8ir_bRb6dX8xQnEWPKy6jy-Ku8Y3SXaEGSMyOpXEZTlvdnNh_qPXDyXeP0MXe6HVlvI5QsxRF7d7PAU9U16ZvbRz5qO3udApHFIcvQEEsScr975mxu2yjydPnWhIoJiPhiprxYzninC2_mLfmOcFO41ScdwJGGh7_5U-9G08IFNqO8WO1wsf2DucLahul4mjsWL2prsk8zkU57w_hcTI8TtL-idu5mIcOCVgYVHhsZO4Ju_qrcih0RpUUrcz3YLjHTHhP0ituCvS4xfYHzEyjPopf_HJ9TDEpOt1AqkdB12kb1HY03vlgb6NZXuW4qwm_deLpH-FuzSGTjWmxTq2l9srjgH0hkm_BTBidGfUdxIQMdBDBv7NQfywQV07xTg5ovCYYq6sOap3-03UH6gii5lcLQf4hm6CvBpXK9V9H1zg8O1fvpUx5afiiZO5xhUbqtEW3p2i9TMgFSbfZ0-l6htBx0XHMtktmRGZz_fmH7RJb_d5OAWuBXPq7Wdb7L-Ao-Q25YYhJOf5lWEfBxSaVWfiHfwc-osMjfYEsgaQUiHPYsdciNWzry9jm1wbLUqB5hQRE1kFW8v5zbVVwZsY1ezE1V84JpFZsyIExyYtAJZ32DQlsuOFyzT8lvaFHxYsndXw2x5nFjBGfuRHDtObS0anFaTh1u4ApD5UY9VUS1jpwfbiUM6o-5YyECRI6y5Ehidcj4TiEuc0vBt5Nep5Lg-59LESGlgITjhxOvO3nJeutqN0gUJEV4mhczE9nQTOsBkL0wgy6MW5ckH_SiyHXZ_0kyfvI9heopFqBc9aDDT1NgNd7dH2eB7ujP48E7YIU65ApzPq1ns7Ee530TtlVRF84WI81thhAuKI-6_yd1rDSv3WTCxM4Ahy3FRlS8Ckox54ak8jxahN3uFjZqtRvk1Ifn4gsQQHnhUo1YDl_0HnkO5dB8R9DHx955wlzKtTKcs2Npj6kG8rZRT2_IImcGnnBVNkMe_CTGmfN5ZPAHcitJA&cid=CAQSTwDICaaNEZ6BoSX23Cz9Bk1yxbBuBJgSL1ZNrnh-Jhj7H-QKgzsHUsVW-o2HcL1UIsDIb9Nr61ujHNKaJMFgvRrhzlj8h2jyqD7cS_wy0dEYAQ&dc_eid=31079496&dv3_ver=m202311060101&rfl=https%3A%2F%2Fmabi.tar.to%2F&ds=l&xdt=1&iif=1&cor=14835039067406346000&adk=2923430907&idt=91&cac=0&dtd=15

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

629249b6d45ff06ff52acdaaa7ecdccbdc183ae90672bf0a13e978440a9756fa

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3088185226594785&output=html&h=600&slotname=4244427159&adk=2845068819&adf=1795251393&pi=t.ma~as.4244427159&w=160&fwrn=4&fwrnh=100&lmt=1700406821&rafmt=1&format=160x600&url=https%3A%2F%2Fmabi.tar.to%2F&ea=0&fwr=0&rpe=1&resp_fmts=4&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1700406821692&bpp=4&bdt=1272&idt=265&shv=r20231109&mjsv=m202311140101&ptt=9&saldr=aa&abxe=1&correlator=575093355090&frm=20&pv=2&ga_vid=1121403278.1700406822&ga_sid=1700406822&ga_hid=1518721436&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=15&ady=115&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C31079759%2C42531706%2C44809316%2C31078297%2C31079756%2C44807763%2C44808148%2C44808285%2C44809056%2C318512602&oid=2&pvsid=2499941510308167&tmod=706454881&uas=0&nvt=1&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CfE%7C&abl=CF&pfx=0&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=1&uci=a!1&fsb=1&dtd=279
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 19 Nov 2023 15:13:42 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 41540
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 zrt_lookup_fy2021.html Show response
googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/ Frame 4D0A 9 KB
4 KB 21ms
20ms Document
text/html 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_fy2021.html?fsb=1

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

623c81b092a6116d4d60ff89b14803818efb0b9aebf6e4e2c50241e802f6e016

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://mabi.tar.to/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 66206
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4118
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sat, 18 Nov 2023 20:50:17 GMT
etag: 16674218716276178799
expires: Sat, 02 Dec 2023 20:50:17 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 zrt_lookup_fy2021.html Show response
googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/ Frame 8D94 9 KB
4 KB 22ms
22ms Document
text/html 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_fy2021.html?fsb=1

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

623c81b092a6116d4d60ff89b14803818efb0b9aebf6e4e2c50241e802f6e016

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://mabi.tar.to/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 66206
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4118
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sat, 18 Nov 2023 20:50:17 GMT
etag: 16674218716276178799
expires: Sat, 02 Dec 2023 20:50:17 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 zrt_lookup_fy2021.html Show response
googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/ Frame 6ACA 9 KB
4 KB 20ms
20ms Document
text/html 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_fy2021.html?fsb=1

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

623c81b092a6116d4d60ff89b14803818efb0b9aebf6e4e2c50241e802f6e016

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://mabi.tar.to/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 66206
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4118
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sat, 18 Nov 2023 20:50:17 GMT
etag: 16674218716276178799
expires: Sat, 02 Dec 2023 20:50:17 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 skeleton.js Show response
fw.adsafeprotected.com/rjss/st/990511/61634098/ Frame C340 255 KB
76 KB 179ms
47ms Script
application/javascript 34.250.116.222
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://fw.adsafeprotected.com/rjss/st/990511/61634098/skeleton.js?ias_dspID=3&ias_campId=1013669275&ias_pubId=pub-3088185226594785&ias_chanId=1&ias_placementId=20343398390&bidurl=https://mabi.tar.to/&ias_dealId=&adsafe_par&ias_impId=v4~~ABAjH0jQK4q0aTx1QYDt925j-qQn
Requested by: Host: mabi.tar.to
URL: https://mabi.tar.to/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.250.116.222 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-250-116-222.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: 56f6d23226194366f3fe7f04adc3ae22e857b58c937fb3c67e7b91422694f229

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 19 Nov 2023 15:13:43 GMT
content-encoding: gzip
vary: accept-encoding
content-type: application/javascript;charset=utf-8
access-control-allow-origin: fw.adsafeprotected.com
cache-control: no-cache
access-control-allow-credentials: true
expires: Wed, 31 Dec 1969 23:59:59 GMT

GET
H2 200 express_html_inpage_rendering_lib_200_278.js Show response
s0.2mdn.net/879366/ Frame C340 111 KB
39 KB 83ms
20ms Script
text/javascript 2a00:1450:4001:80b::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_278.js

Requested by

Host: mabi.tar.to
URL: https://mabi.tar.to/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1642dd5dc126df4feff2255cba0988528507973d842d0a73331a5873f6b9d4e5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Origin: https://googleads.g.doubleclick.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Sun, 19 Nov 2023 05:44:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 34173
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 39806
x-xss-protection: 0
last-modified: Tue, 14 Mar 2023 18:44:05 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Mon, 20 Nov 2023 05:44:10 GMT

GET
H3 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20231109/r20110914/elements/html/ Frame C340 11 KB
4 KB 20ms
20ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20231109/r20110914/elements/html/omrhp.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-CVswg1zOqIzyk0_8EUmTcubINHs_DP6q4-xf6sOdJop--2TdAWQC_h7xWrIDfVREyoqptj2kTIF3nxFiqWJWoXb6ou2GImBkN6GeKz-LzfTq0BdunFxXlfsVdSN8hy-cntDyVS3TAgWmHjU6NxGrLMt16tXTH-D3kIo8-tjD0rgSmsVJ4&dbm_d=AKAmf-BXT110JZopC41qsF954tJF_b_5wCa8x9p-N6AHrjo8AF-_XyoycikLx-cFG4-4LJzDfd3dQHfQQQyqrjl7ze12mPSiawsqGkj3LXwbtF-sm_QwCNE_fxohnW2VKShAMMb9CZ3RSbkvJIqCd8YFhXs3valpwBcncbRaqjZ4vd--z1xeaP8goM6BH9ur2Dvz0RqKm8fK5kOJe13Y-dtbEegmSxp4Lhhz-RAo7UNu0BVBicCOQNysa55HFGakanamkjakXAOLwW_lMHRAgUgxAdEOEoXgalbHxlAHlIgMsyO8VXz18HwWtFV-S1UwfGS8e-f3LezJaeoD_QIbKU1u4nCBx5FsOXoWEB4m-_V0JpN48Vm86FSk_F7X8-LV0oRth4wQ7liwgBJLE2L4FKZuJgnA2k3n1t4lVtvnLpAqtHh6TvCKpauHXnTYdiFdqk9c-bC5-eJZxQhhWMqfc-bRGEsghNNbYh2wB6Fuh5iWw3gsOmlII36VIRSQqxxyj9e1vWJl2o2nnuJYylKzT6MUZB4OUWOl_CNu7FXMyxsATLV0hg1LkGcy9gHBN3nVR8MW3C3O6F3YJgzamtzU0E6adhKP9c2pjfZxlFCS40Ce7vN_vFMzHadR-wvGeK5ZheNK4DFDacI6XYVt_udHBlkyPTneJPP35T2n0f8S9DeTbuUvGr4cwGoimZ9JGcUXPW-r4MhslwiQ-trRCzreu5QEv0EZfaNMaB02jALl6xc5AGdvj534i4Joi9iKxG37iYvybCtO2fsUst6Q-aCd4dT9S7rh7BLlpua5CCTN6S8GuCzMcmBeBSjEs_rYS8dOoPnHw4yLIXXlsmjj12BI44-QJnnJLA1Z0lZzIND2J9G_-VZWLYK-dJewDATWltANgWtWZBT5Ll2WEPeDZ_mlVOQnI-iEvS6C88iJshTcKcjjsQZG9Lb41DX3wBDLoGFov0kpSiuJyZzVg2Tj9U9Vkl2J2o1zFWENiDWlgi_uFMrKgcXRiRBNyV1lA0Q5nEkwUll9s_DYxlpmUha41gnRbL3DWorOGxntswtHzjJq-N6x7IJcwhFHfPQshPkkjnm2Tk6U5kPN_mZqVrGDz41rB5wrFeusOENbUlAey3OP5w1yMSNCTr-cAjzTa6671AOPDcZfIJpukriKGXf6k8yqyJS79LVt09XFpPCntNTaIZhId5IwwCAhxX3q718IbEsPCn8SxkjEjX9k0Eo46wZfjbElansZF3UAiwqiv24-XT2K0nD_AtA-XG0WKhdOpEn23ykhcYRFVSuLhnyIRYG4_m4mznyzONFPlnDx1uEtqH_uVVEzIKOT02DLiKPm26yoPcU_SrTkBJnmVDXKeaQ7OFgVBEuA2VjN9QU9eetx7Yf5LEDAzn3V_AGTzXx0zZn3PiIaUQOkwJx00WjCAkvVlyyOdjhswG5qzF1F5kNNO-7air9I7Qf9gNsEJHamVqIzTbImomEPFCvtRy0inpdzyU5pGMWGIJfkocKL3s1jMinDZsB4jzCTCTM5zg-lHpkUs6ZjzSLZm3YxsrWKbVDVjRC4HtiEw5Z0Dj-fnZevoSYXGwOexIxSOnRb-f0oCmgD_cDKCYamQI4plLFjvETUUZjFgjsTtBPPoFy2e4II0WjZvWy66THwyLjfarZmxb9_IuZdpUmWduzoHbkytCNqGMkJRo4APmBctl9H0KQuNBfKxwW1b9YCKg0FGCB2AeUjUzEYG5c2lM7mwJ2ljvxYsK-NikKJCiZQWzDgnMB_weZ4JC9zacMDbsrCFnhfTHXwx-bM5f5rwIynQzRMgyifWboVpyprCuw3Kpz_TbIjuiXAqmLtMAb-fqyHO-G8C0CTkCV3Abx2BFDutx8wBNfCvLzIW4V6H3tz3s0wQOy6HPSmaNdCNw8Apa7l6E8pConM_qh-49uA6rETaYr-69onvGmvYQLDnoTboN7Ju3ZepBGX1w6UPjzha7yiyVZ882ouAXUeYC9M_iHo5ZXe7f4l9Ri9NQXcJHMCGEfSq0jWEg5-skDXK1rZiRI1cSv5i43FPnu4AtZO3bt-s_6XjCeZpSLo-xtrmY1-DD3D0lU3eFRq8-qsa1ndEPqdrRWWCLBtutOIVZqFUPG-uiTgl7SknSE_kkvZaCfEK6WANWrbWAMBmmgYYTE_Sz3CgTxPQNr5EdyGWsDkc6UjeqADSUy6sBHz0g37zK5h7P8_trwHEr-lHBocuHMQyzOqC1Zt14Ye1S0AtwUw8F-gyDKsnYyR6h95eJQKZijqLeqz4vinfEn7_tAeDhyaNYvaLiS6JoWYlqX_SKsnINEnPhHAQ68W4qbLgsr-oErsKdWSDIDGtTnO21_63-nWoh_55oFEPbiAEEKUfvfw-Ay6JPuUeM1aAnq3W6ERC7XYZvRV9dSG_SRk_pJuRKVWoXQ0j_0QfrZwaSAILEVu2q1tKhGSpSf6p57yA4wg--B16MgWyPG5jC_OcDrp2l6IcIKCRTexLB5222GMsaGFJiIbb28zcXqBkaPwheyahgQx0ntoUUrMz6vQrVI1dhPLO82pRpBdDBGHc_dgyES01uFkF30ZaDgHQzHZJnErejDLhC7PfOolWDUprK1cAU6_SGfKBcxvzrybkAftyc1PK0b6x4d7Xbo-gv4dQy07P5FILnmpCvDc_VNAXHfZ7M4hhPjKf3vj2juZwynpXZIo8ir_bRb6dX8xQnEWPKy6jy-Ku8Y3SXaEGSMyOpXEZTlvdnNh_qPXDyXeP0MXe6HVlvI5QsxRF7d7PAU9U16ZvbRz5qO3udApHFIcvQEEsScr975mxu2yjydPnWhIoJiPhiprxYzninC2_mLfmOcFO41ScdwJGGh7_5U-9G08IFNqO8WO1wsf2DucLahul4mjsWL2prsk8zkU57w_hcTI8TtL-idu5mIcOCVgYVHhsZO4Ju_qrcih0RpUUrcz3YLjHTHhP0ituCvS4xfYHzEyjPopf_HJ9TDEpOt1AqkdB12kb1HY03vlgb6NZXuW4qwm_deLpH-FuzSGTjWmxTq2l9srjgH0hkm_BTBidGfUdxIQMdBDBv7NQfywQV07xTg5ovCYYq6sOap3-03UH6gii5lcLQf4hm6CvBpXK9V9H1zg8O1fvpUx5afiiZO5xhUbqtEW3p2i9TMgFSbfZ0-l6htBx0XHMtktmRGZz_fmH7RJb_d5OAWuBXPq7Wdb7L-Ao-Q25YYhJOf5lWEfBxSaVWfiHfwc-osMjfYEsgaQUiHPYsdciNWzry9jm1wbLUqB5hQRE1kFW8v5zbVVwZsY1ezE1V84JpFZsyIExyYtAJZ32DQlsuOFyzT8lvaFHxYsndXw2x5nFjBGfuRHDtObS0anFaTh1u4ApD5UY9VUS1jpwfbiUM6o-5YyECRI6y5Ehidcj4TiEuc0vBt5Nep5Lg-59LESGlgITjhxOvO3nJeutqN0gUJEV4mhczE9nQTOsBkL0wgy6MW5ckH_SiyHXZ_0kyfvI9heopFqBc9aDDT1NgNd7dH2eB7ujP48E7YIU65ApzPq1ns7Ee530TtlVRF84WI81thhAuKI-6_yd1rDSv3WTCxM4Ahy3FRlS8Ckox54ak8jxahN3uFjZqtRvk1Ifn4gsQQHnhUo1YDl_0HnkO5dB8R9DHx955wlzKtTKcs2Npj6kG8rZRT2_IImcGnnBVNkMe_CTGmfN5ZPAHcitJA&cid=CAQSTwDICaaNEZ6BoSX23Cz9Bk1yxbBuBJgSL1ZNrnh-Jhj7H-QKgzsHUsVW-o2HcL1UIsDIb9Nr61ujHNKaJMFgvRrhzlj8h2jyqD7cS_wy0dEYAQ&dc_eid=31079496&dv3_ver=m202311060101&rfl=https%3A%2F%2Fmabi.tar.to%2F&ds=l&xdt=1&iif=1&cor=14835039067406346000&adk=2923430907&idt=91&cac=0&dtd=15

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

47a0342d90a877ec7125c3a38706b2faefa9b867661ebcef4a98ec6cf3e60b40

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Sun, 19 Nov 2023 02:35:01 GMT
content-encoding: br
x-content-type-options: nosniff
age: 45522
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4206
x-xss-protection: 0
server: cafe
etag: 17947678125179771625
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 03 Dec 2023 02:35:01 GMT

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20231109/r20110914/ Frame C340 31 KB
12 KB 20ms
20ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20231109/r20110914/abg_lite.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

610d24f5996131b3ab98f18e05441cc246aa8674c3842df0df2b40b57ac9fd0c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Sun, 19 Nov 2023 04:49:49 GMT
content-encoding: br
x-content-type-options: nosniff
age: 37434
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11874
x-xss-protection: 0
server: cafe
etag: 3876053170955424897
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 03 Dec 2023 04:49:49 GMT

GET
H2 200 Q12zgMmT.js Show response
tpc.googlesyndication.com/sodar/ Frame C340 41 KB
14 KB 21ms
20ms Script
text/javascript 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Q12zgMmT.js

Requested by

Host: mabi.tar.to
URL: https://mabi.tar.to/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

435db380c9936c0970dcd3d9941eab6aec2fcf2a38c3e2b4e02d957e8e76bd1f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Fri, 17 Nov 2023 18:05:08 GMT
content-encoding: br
x-content-type-options: nosniff
age: 162515
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13937
x-xss-protection: 0
last-modified: Fri, 25 Aug 2023 23:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 16 Nov 2024 18:05:08 GMT

GET
H2 200 css2
fonts.googleapis.com/ Frame 4D0A 4 KB
1 KB 86ms
30ms Stylesheet
text/css 2a00:1450:4001:828::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Roboto:wght@400;700&display=swap

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

2d0922bd18f06df3c7413fcd6a3f1c5ec9545b4b07b131e362f30df7275fc058

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Sun, 19 Nov 2023 15:13:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Sun, 19 Nov 2023 13:45:20 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Sun, 19 Nov 2023 15:13:43 GMT

GET
H2 200 feedback_grey600_24dp.png
www.gstatic.com/images/icons/material/system/2x/ Frame 4D0A 205 B
295 B 71ms
21ms Image
image/png 2a00:1450:4001:829::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/images/icons/material/system/2x/feedback_grey600_24dp.png

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4d45982f2dc34f36c9045ee46a75a1943666bb7fd64e103cac8c7429e7012840

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Sat, 18 Nov 2023 08:09:01 GMT
x-content-type-options: nosniff
age: 111882
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 205
x-xss-protection: 0
last-modified: Thu, 20 Jul 2023 22:48:00 GMT
server: sffe
vary: Origin
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
expires: Sun, 17 Nov 2024 08:09:01 GMT

GET
H2 200 settings_grey600_24dp.png
www.gstatic.com/images/icons/material/system/2x/ Frame 4D0A 604 B
1 KB 70ms
21ms Image
image/png 2a00:1450:4001:829::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/images/icons/material/system/2x/settings_grey600_24dp.png

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5c4a713ee4250851232be9f9f68d41586be39b299528cfc7266e0b0e7e582e1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Sat, 18 Nov 2023 11:28:27 GMT
x-content-type-options: nosniff
age: 99916
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 604
x-xss-protection: 0
last-modified: Thu, 20 Jul 2023 22:48:00 GMT
server: sffe
vary: Origin
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
expires: Sun, 17 Nov 2024 11:28:27 GMT

GET
H2 200 fullscreen_api_adapter_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231109/r20110914/elements/html/ Frame 4D0A 15 KB
7 KB 25ms
23ms Script
text/javascript 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231109/r20110914/elements/html/fullscreen_api_adapter_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

2881d8eadc298102d2462e8d32e40792adce37b6cd89d99045f574eb3ecbb748

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Sat, 18 Nov 2023 23:27:01 GMT
content-encoding: br
x-content-type-options: nosniff
age: 56802
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6702
x-xss-protection: 0
server: cafe
etag: 11213825687312121238
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 02 Dec 2023 23:27:01 GMT

GET
H2 200 interstitial_ad_frame_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231109/r20110914/elements/html/ Frame 4D0A 21 KB
9 KB 21ms
20ms Script
text/javascript 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231109/r20110914/elements/html/interstitial_ad_frame_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

25b1b4e9934aa4cb8e8bdf5fd7911f6ec67acde6b6b39f1561aec2244f7826af

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Sun, 19 Nov 2023 03:59:33 GMT
content-encoding: br
x-content-type-options: nosniff
age: 40450
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8781
x-xss-protection: 0
server: cafe
etag: 9666818975682992898
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 03 Dec 2023 03:59:33 GMT

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 5293 624 B
242 B 62ms
61ms Document
text/html 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CLbFxQEQq9bcARiD977cATAB&v=APEucNWP03gk7vbVkIPt6PKaIi7aolKzhHexzxvVvw-5t_NieZzi4h4UY3ZEaF7jgbi24lQzbdXdqIqBoDkgPm-i31Vcjlwlv0hLAre-KggcuayknxG1k81-8-hVsY879EN-YkNtaxNgKzw--ChcuPVUAlqhPVOZkLDAIDFfk9rHagcLDNSPQrg

Requested by

Host: mabi.tar.to
URL: https://mabi.tar.to/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_fy2021.html?fsb=1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: br
content-length: 222
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sun, 19 Nov 2023 15:13:43 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 abg_lite_fy2021.js Show response
pagead2.googlesyndication.com/pagead/js/r20231109/r20110914/ Frame F2AC 23 KB
9 KB 20ms
20ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20231109/r20110914/abg_lite_fy2021.js

Requested by

Host: mabi.tar.to
URL: https://mabi.tar.to/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8f665ba5c27890ebed553836dee5572ad583c0a65374373741ec0a5309df2b5a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Sat, 18 Nov 2023 15:58:47 GMT
content-encoding: br
x-content-type-options: nosniff
age: 83696
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9282
x-xss-protection: 0
server: cafe
etag: 14645652906762492339
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 02 Dec 2023 15:58:47 GMT

GET
H3 200 omrhp_fy2021.js Show response
pagead2.googlesyndication.com/pagead/js/r20231109/r20110914/elements/html/ Frame F2AC 7 KB
3 KB 21ms
20ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20231109/r20110914/elements/html/omrhp_fy2021.js

Requested by

Host: mabi.tar.to
URL: https://mabi.tar.to/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c4b813f7aa04eca20be469b259cca2779799f58e280d73488bd7386940d2d146

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Sun, 19 Nov 2023 14:44:44 GMT
content-encoding: br
x-content-type-options: nosniff
age: 1739
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 3071
x-xss-protection: 0
server: cafe
etag: 10674441169935035545
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 03 Dec 2023 14:44:44 GMT

GET
H3 200 Q12zgMmT.js Show response
tpc.googlesyndication.com/sodar/ Frame F2AC 41 KB
14 KB 22ms
22ms Script
text/javascript 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Q12zgMmT.js

Requested by

Host: mabi.tar.to
URL: https://mabi.tar.to/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

435db380c9936c0970dcd3d9941eab6aec2fcf2a38c3e2b4e02d957e8e76bd1f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Fri, 17 Nov 2023 18:05:08 GMT
content-encoding: br
x-content-type-options: nosniff
age: 162515
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13937
x-xss-protection: 0
last-modified: Fri, 25 Aug 2023 23:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 16 Nov 2024 18:05:08 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/ Frame F2AC 3 KB
1 KB 26ms
25ms Script
text/javascript 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/window_focus_fy2021.js

Requested by

Host: mabi.tar.to
URL: https://mabi.tar.to/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Sun, 19 Nov 2023 10:19:40 GMT
content-encoding: br
x-content-type-options: nosniff
age: 17643
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 03 Dec 2023 10:19:40 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/ Frame F2AC 20 KB
8 KB 27ms
26ms Script
text/javascript 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: mabi.tar.to
URL: https://mabi.tar.to/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3c30eaaa059a466037880c18c01c2fe94183d8e67eaab42061d4d2a180114658

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Sat, 18 Nov 2023 23:16:58 GMT
content-encoding: br
x-content-type-options: nosniff
age: 57405
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8541
x-xss-protection: 0
server: cafe
etag: 737174102934380276
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 02 Dec 2023 23:16:58 GMT

GET
H2 200 ufs_web_display.js Show response
www.googletagservices.com/activeview/js/current/ Frame F2AC 202 KB
64 KB 94ms
93ms Script
text/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Requested by

Host: mabi.tar.to
URL: https://mabi.tar.to/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d00881661ce5e766ce98430f69d6d217ab80bdfa98811e039afc92a327d57a68

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Sun, 19 Nov 2023 15:13:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 65070
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1700193896630564"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 19 Nov 2023 15:13:43 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame F2AC 42 B
63 B 54ms
54ms Image
image/gif 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-Dm30PVqtCJzMFOPjDBwef7RRI33eglbxzJRm4tiKXFjADi_zr8Nsk1RWVEQfw8p8gqSCSy7zU6ltUFxzga67vsZuwExmhTn5TRB_S5N_TeXngcxjI

Requested by

Host: mabi.tar.to
URL: https://mabi.tar.to/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 19 Nov 2023 15:13:43 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 2700198013282015668
s0.2mdn.net/simgad/ Frame F2AC 46 KB
46 KB 71ms
22ms Image
image/png 2a00:1450:4001:80b::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/simgad/2700198013282015668

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d99a04bd4ecf5dca2093d5f65916875f0aa77c556b73e86c87e86faae24319d6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Wed, 15 Nov 2023 00:00:49 GMT
x-content-type-options: nosniff
age: 400374
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 46615
x-xss-protection: 0
last-modified: Sun, 11 Dec 2022 07:06:48 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 14 Nov 2024 00:00:49 GMT

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 6BE8 624 B
242 B 63ms
61ms Document
text/html 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CNKOMxDkyTkY1O7NxQEwAQ&v=APEucNVtfw0yiT_Ecvc4V1Qzj4DOQSpK5IhgSCk6CWteLsJUeaQAdip2azD8OGAngNPmx64FaxIy6jOvEs-nTDhiMYZQ8b7VCgV4Sl7CNORqqfWylAnE7EnR4mJ68eP61Qm9Y_NEiGcIX1-XFXKBA36gxkLVQFn5GWL6i8zCpG6UbSE269ESyh0

Requested by

Host: mabi.tar.to
URL: https://mabi.tar.to/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_fy2021.html?fsb=1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: br
content-length: 222
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sun, 19 Nov 2023 15:13:43 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 dv3.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame 84AB 92 KB
32 KB 74ms
72ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/dv3.js

Requested by

Host: mabi.tar.to
URL: https://mabi.tar.to/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

1f40994eab15b92af5183f9acf338e0354771054c65024e0aa679b6506f9eb87

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Sun, 19 Nov 2023 15:13:43 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 32789
x-xss-protection: 0
server: cafe
etag: 17194431578830737671
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=600
timing-allow-origin: *
expires: Sun, 19 Nov 2023 15:13:43 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/ Frame 84AB 3 KB
1 KB 26ms
25ms Script
text/javascript 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/window_focus_fy2021.js

Requested by

Host: mabi.tar.to
URL: https://mabi.tar.to/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Sun, 19 Nov 2023 10:19:40 GMT
content-encoding: br
x-content-type-options: nosniff
age: 17643
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 03 Dec 2023 10:19:40 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/ Frame 84AB 20 KB
8 KB 27ms
25ms Script
text/javascript 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: mabi.tar.to
URL: https://mabi.tar.to/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3c30eaaa059a466037880c18c01c2fe94183d8e67eaab42061d4d2a180114658

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Sat, 18 Nov 2023 23:16:58 GMT
content-encoding: br
x-content-type-options: nosniff
age: 57405
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8541
x-xss-protection: 0
server: cafe
etag: 737174102934380276
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 02 Dec 2023 23:16:58 GMT

GET
H2 200 ufs_web_display.js Show response
www.googletagservices.com/activeview/js/current/ Frame 84AB 202 KB
64 KB 154ms
150ms Script
text/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Requested by

Host: mabi.tar.to
URL: https://mabi.tar.to/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d00881661ce5e766ce98430f69d6d217ab80bdfa98811e039afc92a327d57a68

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Sun, 19 Nov 2023 15:13:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 65070
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1700193896630564"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 19 Nov 2023 15:13:43 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 84AB 42 B
63 B 55ms
54ms Image
image/gif 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-AyZq74Z9L5KEm2JldxRGkfrGk8w8TxdCsptied7Jv29xLqF-nH2kpjUI-X9ZTrzy7qg8CFNf687x6vPWB1kT32Ys7UH8upjh_VOkowkkqXPkih7kc

Requested by

Host: mabi.tar.to
URL: https://mabi.tar.to/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 19 Nov 2023 15:13:43 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 84AB 0
20 B 55ms
54ms Image
image/gif 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=fetch&cor=14506134924480891742&x=1&ct=76

Requested by

Host: mabi.tar.to
URL: https://mabi.tar.to/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 19 Nov 2023 15:13:43 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
DATA 200
OK truncated
/ Frame C340 210 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 0e0efccd27fe1ef2bba35d87549636f5532053616bcee078df1eae6690f743a0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Content-Type: image/png

GET
H3

200

rum
dsum-sec.casalemedia.com/ Frame 5293
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEKAdcv33jFdYnM8V4boETPQ&google_cver=1

43 B
738 B

38ms
38ms

Image
image/gif

172.64.151.101
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEKAdcv33jFdYnM8V4boETPQ&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CLbFxQEQq9bcARiD977cATAB&v=APEucNWP03gk7vbVkIPt6PKaIi7aolKzhHexzxvVvw-5t_NieZzi4h4UY3ZEaF7jgbi24lQzbdXdqIqBoDkgPm-i31Vcjlwlv0hLAre-KggcuayknxG1k81-8-hVsY879EN-YkNtaxNgKzw--ChcuPVUAlqhPVOZkLDAIDFfk9rHagcLDNSPQrg
Protocol: H3
Server: 172.64.151.101 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 19 Nov 2023 15:13:43 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MLmBoWRUZtfYvhlAxYP0IMRCsedx9hFhNFl0e5dDEFSXdzRzRZqzuRKJOSOdiN83d%2BGla%2Fy4aMS6JfE5UmdE0LBINu%2BAVw0ymUnTGw1rDj%2BTG7BPqSd6Wdeo30SzcqwX0nM%2FwO1ITzUzRw%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type: image/gif
cache-control: no-cache
cf-ray: 828966158b9b30ed-FRA
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Sun, 19 Nov 2023 15:13:43 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEKAdcv33jFdYnM8V4boETPQ&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

rum
dsum-sec.casalemedia.com/ Frame 5293
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZVomJnpqD6mHfM4IhJ5tHAAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEKAdcv33jFdYnM8V4boETPQ&google_cver=1

43 B
735 B

42ms
42ms

Image
image/gif

172.64.151.101
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEKAdcv33jFdYnM8V4boETPQ&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CLbFxQEQq9bcARiD977cATAB&v=APEucNWP03gk7vbVkIPt6PKaIi7aolKzhHexzxvVvw-5t_NieZzi4h4UY3ZEaF7jgbi24lQzbdXdqIqBoDkgPm-i31Vcjlwlv0hLAre-KggcuayknxG1k81-8-hVsY879EN-YkNtaxNgKzw--ChcuPVUAlqhPVOZkLDAIDFfk9rHagcLDNSPQrg
Protocol: H3
Server: 172.64.151.101 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 19 Nov 2023 15:13:43 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MGo%2FO3UWQnXr686LNfGjObQp7H5DyHQ6WJNl2m7%2BVI%2FnHUfVq6336RG3uCYvBc6MSVbFI1RAKrjZBtcvKCq8jDLcYyIRGuMyEVd9uX9mMDpORKQUK1ZbNK9uxghmoig0q5GcYlh7SPOsSg%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type: image/gif
cache-control: no-cache
cf-ray: 82896615cbe530ed-FRA
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Sun, 19 Nov 2023 15:13:43 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEKAdcv33jFdYnM8V4boETPQ&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

setuid
ib.adnxs.com/ Frame 5293
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEBL1eLTV3GTvU6MhWqjGExs&google_cver=1

43 B
843 B

30ms
29ms

Image
image/gif

37.252.171.85
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=101&code=CAESEBL1eLTV3GTvU6MhWqjGExs&google_cver=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CLbFxQEQq9bcARiD977cATAB&v=APEucNWP03gk7vbVkIPt6PKaIi7aolKzhHexzxvVvw-5t_NieZzi4h4UY3ZEaF7jgbi24lQzbdXdqIqBoDkgPm-i31Vcjlwlv0hLAre-KggcuayknxG1k81-8-hVsY879EN-YkNtaxNgKzw--ChcuPVUAlqhPVOZkLDAIDFfk9rHagcLDNSPQrg

Protocol

Server

37.252.171.85 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

1006.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.23.4 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 19 Nov 2023 15:13:43 GMT
an-x-request-uuid: adbf73eb-7d72-4179-a1d6-bf1617c30bd7
server: nginx/1.23.4
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: image/gif
cache-control: no-store, no-cache, private
x-proxy-origin: 217.114.218.28; 217.114.218.28; 1006.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
content-length: 43
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Sun, 19 Nov 2023 15:13:43 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://ib.adnxs.com/setuid?entity=101&code=CAESEBL1eLTV3GTvU6MhWqjGExs&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 290
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 5293
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MTE1MjY5MDQyNjcwMDI4NjMyMw%3D%3D

170 B
188 B

32ms
31ms

Image
image/png

142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MTE1MjY5MDQyNjcwMDI4NjMyMw%3D%3D

Requested by

Protocol

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 19 Nov 2023 15:13:43 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Sun, 19 Nov 2023 15:13:43 GMT
an-x-request-uuid: 1d05d080-387b-4c52-84ea-654af702c62c
server: nginx/1.23.4
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: text/html; charset=utf-8
access-control-allow-origin: *
cache-control: no-store, no-cache, private
access-control-allow-credentials: true
location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MTE1MjY5MDQyNjcwMDI4NjMyMw%3D%3D
x-proxy-origin: 217.114.218.28; 217.114.218.28; 1006.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
content-length: 0
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3 200 index.html Show response
s0.2mdn.net/sadbundle/10256918388168393334/ Frame 9E63 148 KB
23 KB 22ms
21ms Document
text/html 2a00:1450:4001:80b::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/10256918388168393334/index.html?ev=01_250

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_278.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c69976cd568b69a76e60900676f5e45c901c66b2cd4b0181e1ac468bc28c986c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
age: 123229
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 23597
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
cross-origin-resource-policy: cross-origin
date: Sat, 18 Nov 2023 04:59:54 GMT
expires: Sun, 17 Nov 2024 04:59:54 GMT
last-modified: Wed, 09 Feb 2022 10:34:13 GMT
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-xss-protection: 0

GET
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame C340 0
0 145ms
68ms Fetch
image/gif 142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjstmrvfumwNJxduXz8WeSZYP4FTcAbLJzFwZdQICud2P8HQdLxi5sAJLJyrqnPXoxi87niIKU-7QEp6XHtjkQbiy-7rc8w4iOGl0bwDR0IcCwH29AoXPxEiwgm93FqLNNamRw5Rxpj0f_IH9dG-DUfyGHDkV5pJStwY4IMKuHxHf1TPbEGIDVXetrt5VVS7kKf83hgaIo-Fm0z9NFJeINSjW2AiVwAEkAixCd2wXk0C8CtaYLMinUVLRvmpTkeMpgBpVvuPiQwRv5atKfRlh8g1tH3EihU5h2cUDPSAA5GeDZfg5qnqx_ZD9gen4fRKF8c4EEhpQ3g6SW3jXv-ONcJbmFlWAWOutXBTPGJAdFF90CXvUkfR4znClb9MFzXYt2oZeSkHLe6w8bIVAvKj5Nzfy3zKDld00YTX0Zy9Fw_TBdoTPnqN8Rz7X88Abawl4k-iDxUvxu3LnV5SIwjwf8xl8uOLE2p8zbWkw8TDMrKOYZ4u0Fk4TuFo0mf6y-zXS5c1ucuR1hDnzkt2-pXrfVaqZqIhAIWI90xJZUR_sHsJWNIC1zmPmQS3y8zeWqDTxSO3Lz-VyNhqE6-HJ0RAjfCXgmon4BJEJWLcoiRpADb_GsHU5fEPdadbE1EQTxikyHekcYKBJisRAs1bsI3RNKRhDTmHtZEO2M2vIDH80xDA3yigBIog7PpKQ7XXe79HeVMsmRYmBzy6_9UpqLmXDVSHdZMQsUF5BlVq8ivu43iq2v_EQlvD1HskR3hJx0doGmXuiwgwzyAJJtGQv_V_44YuP-GIxFynyAc-7BdHK3y-0zgV5qnROq-oT8co_vkSGIP-ZFRRX9O7ikFFTFCY8R3NUaycEORcG2740f-R1QCsKm9cKQnqs4m_5KOft7o0MkRhvCfTiUYwRRrBpLYpKwlYbYg8_Uhjz_xfLXqSQurQGsDfvOHyBAr1PxyyNTjHq50pNRBi6obo0ax6YLNtJ8N3eZbLI6lxFciiSHdoeOHc8bpnlpOZ4bMdjE6KG_i5FlypwqfYeuX3mOCM080vCOReTcuONNvU7EnoTxndD9ic8vu3jidJJ24EGBifeMc7W6OP5F8UFUjnyhwuLJHDJbW0vnQNhFNqQf6s2ADjQPJ31wiVFpdqtYD_qQ3w8hb98i_J_D2Fo2kcYWpOfEC-ZE5eRJkeFxHWfJd265kDnCJ2JXRpGMAcbD9CY_io7ud_Tk_PaLLjQ8joAiXhH_hJS95tww43e6l7c2u2aD7aBx3Wm8gBTntXgmItQcUAmoZP2k9XY-RXtKxt8B5cNG8Ii7ifoArMEO3G2r6MKze_Sxm29F58s0Jh0GBZJlGyKpCfH&sai=AMfl-YQJxFQNriDo-_X0BYpw13ue52dbDQ3kn55A2ozrcgRcCKIa_mTbC_GBY9OgC_vi2QKkx49sm3IKJq2Co7KUDcJiFZL66GSc3lEj6qMJqIXzAYrgPhJV484FF7ODNVB-GmPMKyt1IFoGnyYhYTBvcFMj3xCj0CnkSxsibw6kibNgyZZFEV86nPDZyph4lPCa17Bqo08GC9hRqmkBV8FksgNAIi8AE7uGCTM1k7ZQh9xsZFv_umxSqEf9bO9dZz7Pqr2EZaIcTNB9Vbk-ZhCWhCRdOQalrM5NbfZ0A0MDSsl3uH30XvVbAY9nju2M9GGK4A&sig=Cg0ArKJSzCtbhoIdmPrREAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=183&cbvp=1&cstd=180&cisv=r20231109.10981&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&arae=0&ftch=1&adurl=

Requested by

Host: mabi.tar.to
URL: https://mabi.tar.to/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Sun, 19 Nov 2023 15:13:43 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
content-type: image/gif
cache-control: private
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H2 200 css
fonts.googleapis.com/ Frame F817 7 KB
1 KB 32ms
31ms Stylesheet
text/css 2a00:1450:4001:828::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Google%20Sans%3A400

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

98ea92621a1e03efc11987fba7aff5dae88cd39ffa85960a627b7c8c7b002e8e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Sun, 19 Nov 2023 15:13:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Sun, 19 Nov 2023 13:47:59 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Sun, 19 Nov 2023 15:13:43 GMT

GET
H3 200 load_preloaded_resource_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/ Frame F817 2 KB
822 B 21ms
21ms Script
text/javascript 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/load_preloaded_resource_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

41d2526e9c4595fc1fc747555bda18a041033a863a9b2ed180e7b5836918facd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Sat, 18 Nov 2023 15:51:29 GMT
content-encoding: br
x-content-type-options: nosniff
age: 84134
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 795
x-xss-protection: 0
server: cafe
etag: 4925184154378345226
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 02 Dec 2023 15:51:29 GMT

GET
H3 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231109/r20110914/ Frame F817 23 KB
9 KB 22ms
22ms Script
text/javascript 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231109/r20110914/abg_lite_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8f665ba5c27890ebed553836dee5572ad583c0a65374373741ec0a5309df2b5a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Sun, 19 Nov 2023 02:17:25 GMT
content-encoding: br
x-content-type-options: nosniff
age: 46578
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9282
x-xss-protection: 0
server: cafe
etag: 14645652906762492339
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 03 Dec 2023 02:17:25 GMT

GET
H3 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 8D91 143 B
166 B 27ms
22ms Document
text/html 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_fy2021.html?fsb=1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 3146
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=3600
content-encoding: gzip
content-length: 145
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sun, 19 Nov 2023 14:21:17 GMT
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/ Frame F817 3 KB
1 KB 22ms
21ms Script
text/javascript 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/window_focus_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Sun, 19 Nov 2023 10:19:40 GMT
content-encoding: br
x-content-type-options: nosniff
age: 17643
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 03 Dec 2023 10:19:40 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/ Frame F817 20 KB
8 KB 26ms
24ms Script
text/javascript 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3c30eaaa059a466037880c18c01c2fe94183d8e67eaab42061d4d2a180114658

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Sat, 18 Nov 2023 23:16:58 GMT
content-encoding: br
x-content-type-options: nosniff
age: 57405
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8541
x-xss-protection: 0
server: cafe
etag: 737174102934380276
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 02 Dec 2023 23:16:58 GMT

GET
H3 200 ufs_web_display.js Show response
www.googletagservices.com/activeview/js/current/ Frame F817 202 KB
64 KB 114ms
113ms Script
text/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d00881661ce5e766ce98430f69d6d217ab80bdfa98811e039afc92a327d57a68

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Sun, 19 Nov 2023 15:13:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 65070
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1700193896630564"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 19 Nov 2023 15:13:43 GMT

GET
H2 200 a6de5423b7c632060e8f86136bd5d27a.js Show response
www.gstatic.com/mysidia/ Frame F817 37 KB
15 KB 24ms
21ms Script
text/javascript 2a00:1450:4001:829::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/a6de5423b7c632060e8f86136bd5d27a.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0c21f21f7b1658ed6ab5c0461020a21d62f9e0a7cd7cf3d9e6ef61a2c481f31e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Sat, 18 Nov 2023 07:21:17 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 114746
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15478
x-xss-protection: 0
last-modified: Tue, 14 Nov 2023 14:10:21 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Fri, 16 Feb 2024 07:21:17 GMT

GET
H3 200 62bHydCX.html Show response
tpc.googlesyndication.com/sodar/ Frame 1A2A 38 KB
13 KB 25ms
23ms Document
text/html 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/62bHydCX.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Q12zgMmT.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

eb66c7c9d097d5ba414230f422484c17fa6f37157d30e1ded2cc5f65a9667987

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 65638
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: br
content-length: 13045
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Sat, 18 Nov 2023 20:59:45 GMT
expires: Sun, 17 Nov 2024 20:59:45 GMT
last-modified: Fri, 25 Aug 2023 23:48:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3

200

rum
dsum-sec.casalemedia.com/ Frame 6BE8
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEKAdcv33jFdYnM8V4boETPQ&google_cver=1

43 B
735 B

38ms
38ms

Image
image/gif

172.64.151.101
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEKAdcv33jFdYnM8V4boETPQ&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CNKOMxDkyTkY1O7NxQEwAQ&v=APEucNVtfw0yiT_Ecvc4V1Qzj4DOQSpK5IhgSCk6CWteLsJUeaQAdip2azD8OGAngNPmx64FaxIy6jOvEs-nTDhiMYZQ8b7VCgV4Sl7CNORqqfWylAnE7EnR4mJ68eP61Qm9Y_NEiGcIX1-XFXKBA36gxkLVQFn5GWL6i8zCpG6UbSE269ESyh0
Protocol: H3
Server: 172.64.151.101 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 19 Nov 2023 15:13:43 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ciYUgX6LUynQIv5rAODzqSz%2FFBGcLAk7RPtedzYkM0NFzQuUGJ0MBcIqYpZGfGSFavjisYHTkNfCY6TXNtvoAtiSXJIWzDcRv%2Bb%2FqydME47pR2wH9VMVT2XtlO9t9Uc1AUf9moVPBQVulg%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type: image/gif
cache-control: no-cache
cf-ray: 82896615fc2f30ed-FRA
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Sun, 19 Nov 2023 15:13:43 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEKAdcv33jFdYnM8V4boETPQ&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

rum
dsum-sec.casalemedia.com/ Frame 6BE8
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZVomJnpqD6mHfM4IhJ5tHAAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEKAdcv33jFdYnM8V4boETPQ&google_cver=1

43 B
737 B

38ms
38ms

Image
image/gif

172.64.151.101
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEKAdcv33jFdYnM8V4boETPQ&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CNKOMxDkyTkY1O7NxQEwAQ&v=APEucNVtfw0yiT_Ecvc4V1Qzj4DOQSpK5IhgSCk6CWteLsJUeaQAdip2azD8OGAngNPmx64FaxIy6jOvEs-nTDhiMYZQ8b7VCgV4Sl7CNORqqfWylAnE7EnR4mJ68eP61Qm9Y_NEiGcIX1-XFXKBA36gxkLVQFn5GWL6i8zCpG6UbSE269ESyh0
Protocol: H3
Server: 172.64.151.101 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 19 Nov 2023 15:13:43 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=583RgYQMQQi%2F0LfepqOLZ857pk%2B7TTK2dms14kMTqm2GdPQWfTdxvxZubeTgfOVYzNAZitFoBrqhqtk%2FliL0FvLcQb%2BVqp8mXr1WqKQd8Q%2F1FGavc6UQyWcfSArlzPF%2BdU2GkoLUoRtz1A%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type: image/gif
cache-control: no-cache
cf-ray: 828966163c5e30ed-FRA
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Sun, 19 Nov 2023 15:13:43 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEKAdcv33jFdYnM8V4boETPQ&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

setuid
ib.adnxs.com/ Frame 6BE8
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEBL1eLTV3GTvU6MhWqjGExs&google_cver=1

43 B
843 B

27ms
27ms

Image
image/gif

37.252.171.85
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=101&code=CAESEBL1eLTV3GTvU6MhWqjGExs&google_cver=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CNKOMxDkyTkY1O7NxQEwAQ&v=APEucNVtfw0yiT_Ecvc4V1Qzj4DOQSpK5IhgSCk6CWteLsJUeaQAdip2azD8OGAngNPmx64FaxIy6jOvEs-nTDhiMYZQ8b7VCgV4Sl7CNORqqfWylAnE7EnR4mJ68eP61Qm9Y_NEiGcIX1-XFXKBA36gxkLVQFn5GWL6i8zCpG6UbSE269ESyh0

Protocol

Server

37.252.171.85 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

1006.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.23.4 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 19 Nov 2023 15:13:43 GMT
an-x-request-uuid: 2d4bf259-e3f6-4cc0-8058-866c10d47f37
server: nginx/1.23.4
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: image/gif
cache-control: no-store, no-cache, private
x-proxy-origin: 217.114.218.28; 217.114.218.28; 1006.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
content-length: 43
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Sun, 19 Nov 2023 15:13:43 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://ib.adnxs.com/setuid?entity=101&code=CAESEBL1eLTV3GTvU6MhWqjGExs&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 290
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 6BE8
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MTE1MjY5MDQyNjcwMDI4NjMyMw%3D%3D

170 B
188 B

29ms
29ms

Image
image/png

142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MTE1MjY5MDQyNjcwMDI4NjMyMw%3D%3D

Requested by

Protocol

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 19 Nov 2023 15:13:43 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Sun, 19 Nov 2023 15:13:43 GMT
an-x-request-uuid: 5d27ce58-2323-4f55-907b-3db6b8545259
server: nginx/1.23.4
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: text/html; charset=utf-8
access-control-allow-origin: *
cache-control: no-store, no-cache, private
access-control-allow-credentials: true
location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MTE1MjY5MDQyNjcwMDI4NjMyMw%3D%3D
x-proxy-origin: 217.114.218.28; 217.114.218.28; 1006.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
content-length: 0
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3 200 DcmEnabler_01_247.js Show response
s0.2mdn.net/879366/ Frame 9E63 29 KB
10 KB 22ms
21ms Script
text/javascript 2a00:1450:4001:80b::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/DcmEnabler_01_247.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/10256918388168393334/index.html?ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

467a5b06cb117035f7882e8c71d80e093f04ce586c1ac2b84e7e4adf978edb30

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/10256918388168393334/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Sun, 19 Nov 2023 00:27:51 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 53152
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 10136
x-xss-protection: 0
last-modified: Mon, 27 Sep 2021 18:45:03 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Mon, 20 Nov 2023 00:27:51 GMT

GET
H3 200 62bHydCX.html Show response
tpc.googlesyndication.com/sodar/ Frame C48A 38 KB
13 KB 23ms
21ms Document
text/html 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/62bHydCX.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Q12zgMmT.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

eb66c7c9d097d5ba414230f422484c17fa6f37157d30e1ded2cc5f65a9667987

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 65638
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: br
content-length: 13045
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Sat, 18 Nov 2023 20:59:45 GMT
expires: Sun, 17 Nov 2024 20:59:45 GMT
last-modified: Fri, 25 Aug 2023 23:48:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 84AB 0
20 B 54ms
53ms Ping
image/gif 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=running&ord=1705991079551&version=m202311060101

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 19 Nov 2023 15:13:43 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 84AB 0
20 B 55ms
54ms Ping
image/gif 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tlbr&ord=1705991079551&version=m202311060101&ct=76&x=1&cor=14506134924480890000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 19 Nov 2023 15:13:43 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 84AB 106 KB
41 KB 73ms
73ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-B2enxkSakBUIVsUYpxzwj7npFiOkUvFeutDvZS3n32Sjv4vmAKyp4ay87SAvGBe-PaVMu5lPad2y4h8HnOIJdULnlBsbL8725cqIBv4oYjQrcFrhodZ-W0NjNb7XFTmJpoGArdpOAVO1ljqdITc83nDoVGcoQVp3CJB-Cj5Uj9X2z9PGw&dbm_d=AKAmf-DGswGD0ew9fgJa31jaR1JQ-a_vEmOHvFWDxwFlT88iw_fG2nL4OHW0AzikzOHj9zFev9rjt_uMsnbrsVlYIn21X25IHmCJyHqXmYbdda8taHy5NwGW76jlle2L-4823Duk3hI-mVKnj4nWt7cj-3oFglFqHFyWa8V4eCSIzRHarUrDA65s3CMNiJM2OOADucVAqs8wtKYdq8WOnx4dhcsBTXfnELCeCltVmuR6wxpn5mHFchyknDMqYRgEtICPQz-9jOSLo5LOODbVBsQuzvMri0Mqts0IxWlPpnk8InBeeI-tPpqoHyramcWw5l6b8cu-ZKcKiBVyXrR33R_BrJgTBboLgDykR9lj0j9deaG-9G6lbZqxH3BQx0iVriAOBBRNWtmyNxtcj3-21j7p9VV547UTTOgXqkeT9OPggwRF3Z4MTHqo-GJkvmbZJBuwulbKF30KJ-o8jpKcKLSCeQ8EELLbU23fdqbX-htkuyHYYTHXJQ2UYIQJ8ePTmgfoOBdpCJ2SLmg4ZE8P_Y9n_WRqC880l9DCHogpALGKV3mn_WM-gB2jQZFmUldyRd23B_zWXpwXbjMS9WZDUVMc7ICIaHeG0baVGxj6NRuzIG9NbXEqY0KQ_c0kbvGsjG7Yd4TG3YHK4x7-IplM-EKcm9i0v2bmlqZChKlgu15mY226cWXGD9OoJcPxx2HX74GpQ9RoOX635_clExBqPPhReuK9PiZJ0sqR8rlGjbfsZf7DkqKKx4yL0BK-XtQT2rnripKgeqhoSKwoXtTjOF101ZwlF7z93Vh8oyp9qybQNJHtJ_xem7c1R1o5oorkEkEDPmwbytdJZTy5rQTYPnllxPpZJRcmZJNI1emCVURwvcWTzK58p21ZSOPckwl0VkZuZ7jKwpl_3ivmUSKv65Kri7-7t0HLsu6cxba96a9vJzS1axFc4InKu8Ds9lDdaJ1WDKMD-fJpO_J3KjKC_Sq7mCmejdZAiWNHBQE7gUagHzPZ7NxQRQBq_-tFM47ZI56sZWhTGkew8clLowjvkTr1B7Cru1KnAWGT_AfziAOd3c-_0RMqwPuptM2doQuUNJ0uP5puLu_8_TejkAiQBds9ACJwAu9HwpdhwoyK50UyoyHDas8ZBA88laENUaBnmyd2ZeYcQ-gh_WVEy26DMo2RwLlAuXi-lxQDz4MG6YkEMWuDBkjy4mJle6cRkuAiddKYZSkaxrCs4qzfIon76q9L8W3HmfsZU_MLHFbpCXVIddES8mqT0iNUSg5mwEs-jP4I069-mv3t5kG2dtgWcFPWOEHQzkcc7rJRnI81nyMPCuPxSeKtPRaOADIdyyW6uHeMhm4KjI6LSCilljQ-Diq2QKXylrSfhzK2MbiOAZsLfWMZTTHSLpcwi-upgpyiWOV-JX-mqAnSzOT7xMl8_GNXzQ7CixJhO_pKaxcQviLvznVcBrLcorp-WhDCJk7qbZjci-5iH5zQ0k_HUiIKdoVWD5ia_A1Ejd9506RVRttVP1xOrhLHW7i9H0T1dKruBiYnSDt3eFUpcDTDcdgkNm3_uQqUqRPmTBz4dX_BBG4TD3eQa8AP6WQje4crLMuy16L5d9Ue-MxvcbqwEfZabZLrH3tRgjWug7eAKk6bdez6XLq-CFBNZUxAlmLgUFT_75wcUm_D6YDVHULINjxRY0zZer72JBGUYdgO6IJmTRbJJ8ELXESOazjujLP5bownrypmduC_s2cIeGJRFRLr1LhYsQH2k_0paB4Efgdjy8iAoI7EXVEn4zOW-Quks0eYqLGfd3SdTsPIIh30ATnJKZ18ybMOJP9wl_JIcULi5oVtRWzLgUPIEddMXcWh1kchpBBJbLyzqFLzVvrZr6xvv9HwaeSwsakszEZ7MVJ1N1oDKBPMhlBWNrX8NMd5_PdaHgnk45KgpJnqdXr2DRPqiEpqVhK2bt8FdPQ9U1ifqK3_ej5XWlhziQ7H7y_iO7k1iJ_VMyMzFzKkQv8HQfd09RCQcxqu1VadKjYxiOmkXUkv6GStmV-4DtJLAxlZ1htLIWeSBIej1naq74eD8BbQvMHknhbaybAewfOvoXfpOUwx1lE095a9zDq_Dx6lrlIQDNnXEpFzMlU3f3FmWHCeFtRnebuBUG2PQR78Ixz7PhjvSrxkghgNRUVyrrYhRF1MfNyo4Qr2pSFWgWxITV-w1nRyYjcODZDIqFV9QeoeDp0ZJzOrBmgITkzwPNOzw7vqe7KosoaehBwT8zQ9tsmjTFXPXeUvV861jR_TAsbX_I_kJKt2oYMmiTrIQ0d75TG8lQXeF_ajpima2U81Ylw5eAkvZAhtgJRJ2jWqFQMiVwHlpABA1iX1J5uzsOtAf8Ak4MvHJNTy55cBjRtaJo5QaZAHP8fh6RvNw5a7wwCjPvddk2BKBmbyj5u2bsz6QLvQKRCJxRazePKweOxLcODw_I5h6n_W7s7tjeuToJtHkLoTN0yQohGIU9aK6QPFYUGDlD2MnTTzxpSj_O6JL11lNbDFerJrHAIaO7uk_tmITEyjmZnCHcdO96_P-BlLYCr19uwcqzA_cydU5GDNl7uLCkqTZaOE2IaykU8BVGNQixIbZICNAbgpVh2E4nHv-fLEqlPP563ntIWebviZntQKd7z4CujankiyAw66eC-zDQRHM1Ga0jfyelwWa42Pfz4HVcCwz7MBgo84Q9i8955P_lEEFo2fyVf2IeHM8iUWn8e8N7UPvWtFUvcjwehDGj9qXrrGXBDj4I5L1M_A1JINu9jHqKvvFbUhkxeqldBJCykX10pDeJFzK3PBG9NWOk5-46_t3YiNCez2uk9hSekBp7qaWF0x_hQ1VntucFXwQNR81m4zgmvaQntzjWWvJULkNyxwHf9JLoaI72HEsFElYNb61gHqbXzk0yDvmFAHqKXoNzg-vcygZkUoKmXF4LEqPPs-fAxW-G-pnBPM68mp33civBQ6y9qurE1bFDJtm5HNmObjNl6h4hDEgdkFjjc65-1Kt9Fdtu4vkrxhaGx8fiXqtSEd60yEEM3OVmbSGOixAWT-jwIP2n_jBGjucUO2Ht8vQCcOu19CdfSxe1_zWSsNxasWNSvldLbwI9I_Dc5nCAJrf6tc_Br-VhYXInLvGqc9aCTXwMpwBJvW1A3xPWpDPVGqsRJNXVqs9fcYpLARjzbP_hWiTD4_F8wTyulUy7gg-2ph-d6DQEsMUdyvSKAQtapLG1Oflp6IHJHfmBRBolw3ZvVLTaf5o7gbZpmRszD49_OkursmhCc3IpeLSra0tB99HXGc22YEkie3DcIqXGLE0oPMdALd5TcL4HKCjySNtCOjjOT-gAyTe3tTL0bkWNw3EDEUeYp8JSgrIx7avQuOJjCAN0lsrxJGDv4ejpkBUdqX3Okri_JBONqHBhh1uuIcHxDaWGCeg8nEYTmqUfufbePocKwPT87Oye32CGcbbKGKoiQZskh68kGMQa6eCg9_256_AzaGq_G_JOutahbPG30L3nUNj1VvdjxG9fTm5kMisZ7HqNim3cZtYvnoiPxHXOFp5wMz_XzQ9yG0PjczDAp51hTKkIWRHmhiPdH9eupZHNsAotBUq3snb1XZasDHcm4Da9gSF0-bdwmvtk7s9MGdBkJjC5H103reSzXXZ9qtnPiIgU6nEjokpmdiz5dDJcaGLw&cid=CAQSTwDICaaNc_dKtQ858jVMgY7DBOfSJ6rcki3sBM_D-qu-xMxiqTou7rQZYX0-mZKfMYd66Zi0tQN-gjq6fh8Y3fkd8i0B3W2GOPKEicQ7d8kYAQ&dc_eid=31079496&dv3_ver=m202311060101&rfl=https%3A%2F%2Fmabi.tar.to%2F&ds=l&xdt=1&iif=1&cor=14506134924480890000&adk=929882891&idt=86&cac=0&dtd=27

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

634b38ef788979a0a1cdbc07a578b5719dec8a04e522b4bc8599441379b14322

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_fy2021.html?fsb=1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 19 Nov 2023 15:13:43 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 41801
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

4.js Show response
static.adsafeprotected.com/ Frame C340
Redirect Chain

https://fw.adsafeprotected.com/rfw/st/990511/61634098/4.js?ias_dspID=3&ias_campId=1013669275&ias_pubId=pub-3088185226594785&ias_chanId=1&ias_placementId=20343398390&bidurl=https://mabi.tar.to/&ias_...
https://static.adsafeprotected.com/4.js?adContainerId=brand_safety_JiZaZa7uOd-ojuwP-_GlmA4&cbFunctionName=goog_wrapCb_JiZaZa7uOd-ojuwP-_GlmA4&true_pb=https%3A%2F%2Fstatic.adsafeprotected.com%2Fpass...

1 KB
1 KB

35ms
35ms

Script
application/javascript

2600:9000:20ab:de00:8:48e:53c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.adsafeprotected.com/4.js?adContainerId=brand_safety_JiZaZa7uOd-ojuwP-_GlmA4&cbFunctionName=goog_wrapCb_JiZaZa7uOd-ojuwP-_GlmA4&true_pb=https%3A%2F%2Fstatic.adsafeprotected.com%2Fpassback_160x600.js
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3088185226594785&output=html&h=600&slotname=4244427159&adk=2845068819&adf=1795251393&pi=t.ma~as.4244427159&w=160&fwrn=4&fwrnh=100&lmt=1700406821&rafmt=1&format=160x600&url=https%3A%2F%2Fmabi.tar.to%2F&ea=0&fwr=0&rpe=1&resp_fmts=4&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1700406821692&bpp=4&bdt=1272&idt=265&shv=r20231109&mjsv=m202311140101&ptt=9&saldr=aa&abxe=1&correlator=575093355090&frm=20&pv=2&ga_vid=1121403278.1700406822&ga_sid=1700406822&ga_hid=1518721436&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=15&ady=115&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C31079759%2C42531706%2C44809316%2C31078297%2C31079756%2C44807763%2C44808148%2C44808285%2C44809056%2C318512602&oid=2&pvsid=2499941510308167&tmod=706454881&uas=0&nvt=1&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CfE%7C&abl=CF&pfx=0&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=1&uci=a!1&fsb=1&dtd=279
Protocol: H2
Server: 2600:9000:20ab:de00:8:48e:53c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 27564fe0e5a95c61c9fbd45ecdb0a0a640fbb320bb64a54f3307a52fe96f86e4

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Mon, 13 Nov 2023 22:15:34 GMT
x-amz-version-id: 5yD0MD0xvY5qMDPlbaeccRZIQga4BLlQ
content-encoding: gzip
via: 1.1 3201e5fb77f9faaa881f4f324226564a.cloudfront.net (CloudFront)
x-amz-cf-pop: AMS58-P3
age: 493090
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: PENDING
last-modified: Mon, 13 Nov 2023 22:15:32 GMT
server: AmazonS3
etag: W/"33dffa7df253125904b2f354b5bb5e8d"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=604800
x-amz-cf-id: cTogt2J8CivVBysaKkGQAuq4yKkFXCvFIu1z4HWfGA2vUTg4KjmvAw==

Redirect headers

pragma: no-cache
date: Sun, 19 Nov 2023 15:13:43 GMT
server: nginx
x-server-name: app04.ie.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
location: https://static.adsafeprotected.com/4.js?adContainerId=brand_safety_JiZaZa7uOd-ojuwP-_GlmA4&cbFunctionName=goog_wrapCb_JiZaZa7uOd-ojuwP-_GlmA4&true_pb=https%3A%2F%2Fstatic.adsafeprotected.com%2Fpassback_160x600.js
cache-control: no-cache
content-length: 0

GET
H2 200 sca.17.6.2.js Show response
static.adsafeprotected.com/ Frame D903 91 KB
23 KB 114ms
36ms Script
application/javascript 2600:9000:20ab:de00:8:48e:53c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.adsafeprotected.com/sca.17.6.2.js
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3088185226594785&output=html&h=600&slotname=4244427159&adk=2845068819&adf=1795251393&pi=t.ma~as.4244427159&w=160&fwrn=4&fwrnh=100&lmt=1700406821&rafmt=1&format=160x600&url=https%3A%2F%2Fmabi.tar.to%2F&ea=0&fwr=0&rpe=1&resp_fmts=4&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1700406821692&bpp=4&bdt=1272&idt=265&shv=r20231109&mjsv=m202311140101&ptt=9&saldr=aa&abxe=1&correlator=575093355090&frm=20&pv=2&ga_vid=1121403278.1700406822&ga_sid=1700406822&ga_hid=1518721436&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=15&ady=115&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C31079759%2C42531706%2C44809316%2C31078297%2C31079756%2C44807763%2C44808148%2C44808285%2C44809056%2C318512602&oid=2&pvsid=2499941510308167&tmod=706454881&uas=0&nvt=1&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CfE%7C&abl=CF&pfx=0&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=1&uci=a!1&fsb=1&dtd=279
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:20ab:de00:8:48e:53c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 01cee6a7a3f1444680b188ab84052e2b6c85966f53a718d3926135ebcc832ffd

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Mon, 28 Aug 2023 08:07:09 GMT
x-amz-version-id: go8nfBUviNCPCwnrYX1LpMW5hEx3ASGy
content-encoding: gzip
via: 1.1 3201e5fb77f9faaa881f4f324226564a.cloudfront.net (CloudFront)
x-amz-cf-pop: AMS58-P3
age: 7196795
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
last-modified: Tue, 20 Sep 2022 19:21:34 GMT
server: AmazonS3
etag: W/"1f3488247c90bb5de253d3d0cb3b7458"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=315360000
x-amz-cf-id: o8i7klFFmsBzd5s1kOFpC-90rsSgKojqJozhmgC4IFNTIrpz34TyKw==

GET
H2 200 dt
dt.adsafeprotected.com/ Frame C340 43 B
217 B 603ms
175ms Image
image/gif 2600:1f13:800:7782:14df:363:a706:6a6f
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=990511&asId=2bcb91b1-d599-725b-261e-00ea8122ce24&tv=%7Bc:uqKnBY,pingTime:-3,time:105,type:v,clog:%5B%7Bpiv:0,vs:o,r:r,w:160,h:600,t:26%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:1,slTimes:%7Bi:0,o:105,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:26,wc:0.0.1600.1200,ac:NaN.NaN.160.600,am:sp,cc:0.0.160.600,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B95~0%5D,as:%5B95~160.600%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:0,fm:tW4lK3b+11%7C12%7C13*.990511-61634098%7C131%7C132%7C133%7C14%7C15%7C16%7C1711%7C1811%7C1812%7C1911%7C1a,idMap:13*,rmeas:1,rend:0,renddet:na,siq:28%7D&br=c
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3088185226594785&output=html&h=600&slotname=4244427159&adk=2845068819&adf=1795251393&pi=t.ma~as.4244427159&w=160&fwrn=4&fwrnh=100&lmt=1700406821&rafmt=1&format=160x600&url=https%3A%2F%2Fmabi.tar.to%2F&ea=0&fwr=0&rpe=1&resp_fmts=4&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1700406821692&bpp=4&bdt=1272&idt=265&shv=r20231109&mjsv=m202311140101&ptt=9&saldr=aa&abxe=1&correlator=575093355090&frm=20&pv=2&ga_vid=1121403278.1700406822&ga_sid=1700406822&ga_hid=1518721436&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=15&ady=115&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C31079759%2C42531706%2C44809316%2C31078297%2C31079756%2C44807763%2C44808148%2C44808285%2C44809056%2C318512602&oid=2&pvsid=2499941510308167&tmod=706454881&uas=0&nvt=1&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CfE%7C&abl=CF&pfx=0&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=1&uci=a!1&fsb=1&dtd=279
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f13:800:7782:14df:363:a706:6a6f Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 19 Nov 2023 15:13:44 GMT
server: nginx
x-server-name: dt14.or.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H2 200 dt
dt.adsafeprotected.com/ Frame C340 43 B
216 B 603ms
178ms Image
image/gif 2600:1f13:800:7782:14df:363:a706:6a6f
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=990511&asId=2bcb91b1-d599-725b-261e-00ea8122ce24&tv=%7Bc:uqKnBZ,pingTime:-6,time:106,type:i,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:1,slTimes:%7Bi:0,o:106,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:26,wc:0.0.1600.1200,ac:NaN.NaN.160.600,am:sp,cc:0.0.160.600,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B96~0%5D,as:%5B96~160.600%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:0,fm:tW4lK3b+11%7C12%7C13*.990511-61634098%7C131%7C132%7C133%7C14%7C15%7C16%7C1711%7C1811%7C1812%7C1911%7C1a,idMap:13*,rmeas:1,rend:0,renddet:na,siq:28%7D&tpiLookup=ao:mabi.tar.to*&br=c
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3088185226594785&output=html&h=600&slotname=4244427159&adk=2845068819&adf=1795251393&pi=t.ma~as.4244427159&w=160&fwrn=4&fwrnh=100&lmt=1700406821&rafmt=1&format=160x600&url=https%3A%2F%2Fmabi.tar.to%2F&ea=0&fwr=0&rpe=1&resp_fmts=4&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1700406821692&bpp=4&bdt=1272&idt=265&shv=r20231109&mjsv=m202311140101&ptt=9&saldr=aa&abxe=1&correlator=575093355090&frm=20&pv=2&ga_vid=1121403278.1700406822&ga_sid=1700406822&ga_hid=1518721436&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=15&ady=115&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C31079759%2C42531706%2C44809316%2C31078297%2C31079756%2C44807763%2C44808148%2C44808285%2C44809056%2C318512602&oid=2&pvsid=2499941510308167&tmod=706454881&uas=0&nvt=1&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CfE%7C&abl=CF&pfx=0&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=1&uci=a!1&fsb=1&dtd=279
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f13:800:7782:14df:363:a706:6a6f Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 19 Nov 2023 15:13:44 GMT
server: nginx
x-server-name: dt16.or.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H3

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 8D91
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

0
17 B

31ms
31ms

Document
text/html

2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sun, 19 Nov 2023 15:13:43 GMT
expires: Sun, 19 Nov 2023 15:13:43 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
x-content-type-options: nosniff
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sun, 19 Nov 2023 15:13:43 GMT
location: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame F2AC 210 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 2e205e7f3d2202206f6f0fa88e73f32485d8f3e5a32236192c8d22daa5e7e362

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 GOa2ZK97xVqw-WOSDw2lqG4V8l_qTiI5JNj0tnI6N88.js Show response
pagead2.googlesyndication.com/bg/ Frame 1A2A 39 KB
15 KB 20ms
20ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/GOa2ZK97xVqw-WOSDw2lqG4V8l_qTiI5JNj0tnI6N88.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/62bHydCX.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

18e6b664af7bc55ab0f963920f0da5a86e15f25fea4e223924d8f4b6723a37cf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Sun, 19 Nov 2023 10:17:57 GMT
content-encoding: br
x-content-type-options: nosniff
age: 17746
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15296
x-xss-protection: 0
last-modified: Mon, 06 Nov 2023 16:38:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Mon, 18 Nov 2024 10:17:57 GMT

GET
H2 200 skeleton.js Show response
fw.adsafeprotected.com/rjss/st/990511/61634096/ Frame 84AB 255 KB
77 KB 47ms
47ms Script
application/javascript 34.250.116.222
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://fw.adsafeprotected.com/rjss/st/990511/61634096/skeleton.js?ias_dspID=3&ias_campId=1013669275&ias_pubId=pub-3088185226594785&ias_chanId=1&ias_placementId=20343398390&bidurl=https://mabi.tar.to/&ias_dealId=&adsafe_par&ias_impId=v4~~ABAjH0hSWjzXjI6xiDq6xX-u9HI8
Requested by: Host: mabi.tar.to
URL: https://mabi.tar.to/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.250.116.222 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-250-116-222.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: a17bdbf02c9c06446700e547720a6ab25954c126efbf30bbd94d12106c939101

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 19 Nov 2023 15:13:43 GMT
content-encoding: gzip
vary: accept-encoding
content-type: application/javascript;charset=utf-8
access-control-allow-origin: fw.adsafeprotected.com
cache-control: no-cache
access-control-allow-credentials: true
expires: Wed, 31 Dec 1969 23:59:59 GMT

GET
H2 200 express_html_inpage_rendering_lib_200_278.js Show response
s0.2mdn.net/879366/ Frame 84AB 111 KB
39 KB 21ms
20ms Script
text/javascript 2a00:1450:4001:80b::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_278.js

Requested by

Host: mabi.tar.to
URL: https://mabi.tar.to/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1642dd5dc126df4feff2255cba0988528507973d842d0a73331a5873f6b9d4e5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Origin: https://googleads.g.doubleclick.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Sun, 19 Nov 2023 05:44:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 34173
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 39806
x-xss-protection: 0
last-modified: Tue, 14 Mar 2023 18:44:05 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Mon, 20 Nov 2023 05:44:10 GMT

GET
H3 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20231109/r20110914/elements/html/ Frame 84AB 11 KB
4 KB 20ms
20ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20231109/r20110914/elements/html/omrhp.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-B2enxkSakBUIVsUYpxzwj7npFiOkUvFeutDvZS3n32Sjv4vmAKyp4ay87SAvGBe-PaVMu5lPad2y4h8HnOIJdULnlBsbL8725cqIBv4oYjQrcFrhodZ-W0NjNb7XFTmJpoGArdpOAVO1ljqdITc83nDoVGcoQVp3CJB-Cj5Uj9X2z9PGw&dbm_d=AKAmf-DGswGD0ew9fgJa31jaR1JQ-a_vEmOHvFWDxwFlT88iw_fG2nL4OHW0AzikzOHj9zFev9rjt_uMsnbrsVlYIn21X25IHmCJyHqXmYbdda8taHy5NwGW76jlle2L-4823Duk3hI-mVKnj4nWt7cj-3oFglFqHFyWa8V4eCSIzRHarUrDA65s3CMNiJM2OOADucVAqs8wtKYdq8WOnx4dhcsBTXfnELCeCltVmuR6wxpn5mHFchyknDMqYRgEtICPQz-9jOSLo5LOODbVBsQuzvMri0Mqts0IxWlPpnk8InBeeI-tPpqoHyramcWw5l6b8cu-ZKcKiBVyXrR33R_BrJgTBboLgDykR9lj0j9deaG-9G6lbZqxH3BQx0iVriAOBBRNWtmyNxtcj3-21j7p9VV547UTTOgXqkeT9OPggwRF3Z4MTHqo-GJkvmbZJBuwulbKF30KJ-o8jpKcKLSCeQ8EELLbU23fdqbX-htkuyHYYTHXJQ2UYIQJ8ePTmgfoOBdpCJ2SLmg4ZE8P_Y9n_WRqC880l9DCHogpALGKV3mn_WM-gB2jQZFmUldyRd23B_zWXpwXbjMS9WZDUVMc7ICIaHeG0baVGxj6NRuzIG9NbXEqY0KQ_c0kbvGsjG7Yd4TG3YHK4x7-IplM-EKcm9i0v2bmlqZChKlgu15mY226cWXGD9OoJcPxx2HX74GpQ9RoOX635_clExBqPPhReuK9PiZJ0sqR8rlGjbfsZf7DkqKKx4yL0BK-XtQT2rnripKgeqhoSKwoXtTjOF101ZwlF7z93Vh8oyp9qybQNJHtJ_xem7c1R1o5oorkEkEDPmwbytdJZTy5rQTYPnllxPpZJRcmZJNI1emCVURwvcWTzK58p21ZSOPckwl0VkZuZ7jKwpl_3ivmUSKv65Kri7-7t0HLsu6cxba96a9vJzS1axFc4InKu8Ds9lDdaJ1WDKMD-fJpO_J3KjKC_Sq7mCmejdZAiWNHBQE7gUagHzPZ7NxQRQBq_-tFM47ZI56sZWhTGkew8clLowjvkTr1B7Cru1KnAWGT_AfziAOd3c-_0RMqwPuptM2doQuUNJ0uP5puLu_8_TejkAiQBds9ACJwAu9HwpdhwoyK50UyoyHDas8ZBA88laENUaBnmyd2ZeYcQ-gh_WVEy26DMo2RwLlAuXi-lxQDz4MG6YkEMWuDBkjy4mJle6cRkuAiddKYZSkaxrCs4qzfIon76q9L8W3HmfsZU_MLHFbpCXVIddES8mqT0iNUSg5mwEs-jP4I069-mv3t5kG2dtgWcFPWOEHQzkcc7rJRnI81nyMPCuPxSeKtPRaOADIdyyW6uHeMhm4KjI6LSCilljQ-Diq2QKXylrSfhzK2MbiOAZsLfWMZTTHSLpcwi-upgpyiWOV-JX-mqAnSzOT7xMl8_GNXzQ7CixJhO_pKaxcQviLvznVcBrLcorp-WhDCJk7qbZjci-5iH5zQ0k_HUiIKdoVWD5ia_A1Ejd9506RVRttVP1xOrhLHW7i9H0T1dKruBiYnSDt3eFUpcDTDcdgkNm3_uQqUqRPmTBz4dX_BBG4TD3eQa8AP6WQje4crLMuy16L5d9Ue-MxvcbqwEfZabZLrH3tRgjWug7eAKk6bdez6XLq-CFBNZUxAlmLgUFT_75wcUm_D6YDVHULINjxRY0zZer72JBGUYdgO6IJmTRbJJ8ELXESOazjujLP5bownrypmduC_s2cIeGJRFRLr1LhYsQH2k_0paB4Efgdjy8iAoI7EXVEn4zOW-Quks0eYqLGfd3SdTsPIIh30ATnJKZ18ybMOJP9wl_JIcULi5oVtRWzLgUPIEddMXcWh1kchpBBJbLyzqFLzVvrZr6xvv9HwaeSwsakszEZ7MVJ1N1oDKBPMhlBWNrX8NMd5_PdaHgnk45KgpJnqdXr2DRPqiEpqVhK2bt8FdPQ9U1ifqK3_ej5XWlhziQ7H7y_iO7k1iJ_VMyMzFzKkQv8HQfd09RCQcxqu1VadKjYxiOmkXUkv6GStmV-4DtJLAxlZ1htLIWeSBIej1naq74eD8BbQvMHknhbaybAewfOvoXfpOUwx1lE095a9zDq_Dx6lrlIQDNnXEpFzMlU3f3FmWHCeFtRnebuBUG2PQR78Ixz7PhjvSrxkghgNRUVyrrYhRF1MfNyo4Qr2pSFWgWxITV-w1nRyYjcODZDIqFV9QeoeDp0ZJzOrBmgITkzwPNOzw7vqe7KosoaehBwT8zQ9tsmjTFXPXeUvV861jR_TAsbX_I_kJKt2oYMmiTrIQ0d75TG8lQXeF_ajpima2U81Ylw5eAkvZAhtgJRJ2jWqFQMiVwHlpABA1iX1J5uzsOtAf8Ak4MvHJNTy55cBjRtaJo5QaZAHP8fh6RvNw5a7wwCjPvddk2BKBmbyj5u2bsz6QLvQKRCJxRazePKweOxLcODw_I5h6n_W7s7tjeuToJtHkLoTN0yQohGIU9aK6QPFYUGDlD2MnTTzxpSj_O6JL11lNbDFerJrHAIaO7uk_tmITEyjmZnCHcdO96_P-BlLYCr19uwcqzA_cydU5GDNl7uLCkqTZaOE2IaykU8BVGNQixIbZICNAbgpVh2E4nHv-fLEqlPP563ntIWebviZntQKd7z4CujankiyAw66eC-zDQRHM1Ga0jfyelwWa42Pfz4HVcCwz7MBgo84Q9i8955P_lEEFo2fyVf2IeHM8iUWn8e8N7UPvWtFUvcjwehDGj9qXrrGXBDj4I5L1M_A1JINu9jHqKvvFbUhkxeqldBJCykX10pDeJFzK3PBG9NWOk5-46_t3YiNCez2uk9hSekBp7qaWF0x_hQ1VntucFXwQNR81m4zgmvaQntzjWWvJULkNyxwHf9JLoaI72HEsFElYNb61gHqbXzk0yDvmFAHqKXoNzg-vcygZkUoKmXF4LEqPPs-fAxW-G-pnBPM68mp33civBQ6y9qurE1bFDJtm5HNmObjNl6h4hDEgdkFjjc65-1Kt9Fdtu4vkrxhaGx8fiXqtSEd60yEEM3OVmbSGOixAWT-jwIP2n_jBGjucUO2Ht8vQCcOu19CdfSxe1_zWSsNxasWNSvldLbwI9I_Dc5nCAJrf6tc_Br-VhYXInLvGqc9aCTXwMpwBJvW1A3xPWpDPVGqsRJNXVqs9fcYpLARjzbP_hWiTD4_F8wTyulUy7gg-2ph-d6DQEsMUdyvSKAQtapLG1Oflp6IHJHfmBRBolw3ZvVLTaf5o7gbZpmRszD49_OkursmhCc3IpeLSra0tB99HXGc22YEkie3DcIqXGLE0oPMdALd5TcL4HKCjySNtCOjjOT-gAyTe3tTL0bkWNw3EDEUeYp8JSgrIx7avQuOJjCAN0lsrxJGDv4ejpkBUdqX3Okri_JBONqHBhh1uuIcHxDaWGCeg8nEYTmqUfufbePocKwPT87Oye32CGcbbKGKoiQZskh68kGMQa6eCg9_256_AzaGq_G_JOutahbPG30L3nUNj1VvdjxG9fTm5kMisZ7HqNim3cZtYvnoiPxHXOFp5wMz_XzQ9yG0PjczDAp51hTKkIWRHmhiPdH9eupZHNsAotBUq3snb1XZasDHcm4Da9gSF0-bdwmvtk7s9MGdBkJjC5H103reSzXXZ9qtnPiIgU6nEjokpmdiz5dDJcaGLw&cid=CAQSTwDICaaNc_dKtQ858jVMgY7DBOfSJ6rcki3sBM_D-qu-xMxiqTou7rQZYX0-mZKfMYd66Zi0tQN-gjq6fh8Y3fkd8i0B3W2GOPKEicQ7d8kYAQ&dc_eid=31079496&dv3_ver=m202311060101&rfl=https%3A%2F%2Fmabi.tar.to%2F&ds=l&xdt=1&iif=1&cor=14506134924480890000&adk=929882891&idt=86&cac=0&dtd=27

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

47a0342d90a877ec7125c3a38706b2faefa9b867661ebcef4a98ec6cf3e60b40

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Sun, 19 Nov 2023 02:35:01 GMT
content-encoding: br
x-content-type-options: nosniff
age: 45522
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4206
x-xss-protection: 0
server: cafe
etag: 17947678125179771625
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 03 Dec 2023 02:35:01 GMT

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20231109/r20110914/ Frame 84AB 31 KB
12 KB 20ms
19ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20231109/r20110914/abg_lite.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

610d24f5996131b3ab98f18e05441cc246aa8674c3842df0df2b40b57ac9fd0c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Sun, 19 Nov 2023 04:49:49 GMT
content-encoding: br
x-content-type-options: nosniff
age: 37434
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11874
x-xss-protection: 0
server: cafe
etag: 3876053170955424897
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 03 Dec 2023 04:49:49 GMT

GET
H3 200 Q12zgMmT.js Show response
tpc.googlesyndication.com/sodar/ Frame 84AB 41 KB
14 KB 22ms
21ms Script
text/javascript 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Q12zgMmT.js

Requested by

Host: mabi.tar.to
URL: https://mabi.tar.to/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

435db380c9936c0970dcd3d9941eab6aec2fcf2a38c3e2b4e02d957e8e76bd1f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Fri, 17 Nov 2023 18:05:08 GMT
content-encoding: br
x-content-type-options: nosniff
age: 162515
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13937
x-xss-protection: 0
last-modified: Fri, 25 Aug 2023 23:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 16 Nov 2024 18:05:08 GMT

GET
DATA 200
OK truncated
/ Frame 84AB 212 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 199bab4fa1bb9c0ca5e2a3b0e1c3fd123919e9c915264a759f41fb5013f84329

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 dt
dt.adsafeprotected.com/ Frame C340 43 B
216 B 532ms
176ms Image
image/gif 2600:1f13:800:7782:14df:363:a706:6a6f
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=990511&asId=2bcb91b1-d599-725b-261e-00ea8122ce24&tv=%7Bc:uqKnD8,pingTime:-2,time:177,type:a,im:%7Bsf:0,pom:1,prf:%7BbeA:1472,beZ:1474,mfA:1477,cmA:1479,inA:1479,inZ:1484,prA:1485,prZ:1492,si:1499,poA:1501,poZ:1525,cmZ:1525,mfZ:1525,loA:1578,loZ:1581,ltA:1648,ltZ:1648%7D%7D,sca:%7Bdfp:%7Bdf:4,sz:160.600,dom:div%7D%7D,env:%7Bgca:false,cca:false,gca2:false%7D,clog:%5B%7Bpiv:0,vs:o,r:r,w:160,h:600,t:26%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:1,slTimes:%7Bi:0,o:177,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:26,wc:0.0.1600.1200,ac:NaN.NaN.160.600,am:sp,cc:0.0.160.600,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B167~0%5D,as:%5B167~160.600%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:0,fm:tW4lK3b+11%7C12%7C13*.990511-61634098%7C131%7C132%7C133%7C14%7C15%7C16%7C1711%7C1811%7C1812%7C1911%7C1a,idMap:13*,pd:VEBo.mhjfbmdgcfjbbpaeojofohoefgiehjai,rmeas:1,rend:0,renddet:na,siq:28,sinceFw:147,readyFired:true%7D&br=c
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3088185226594785&output=html&h=600&slotname=4244427159&adk=2845068819&adf=1795251393&pi=t.ma~as.4244427159&w=160&fwrn=4&fwrnh=100&lmt=1700406821&rafmt=1&format=160x600&url=https%3A%2F%2Fmabi.tar.to%2F&ea=0&fwr=0&rpe=1&resp_fmts=4&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1700406821692&bpp=4&bdt=1272&idt=265&shv=r20231109&mjsv=m202311140101&ptt=9&saldr=aa&abxe=1&correlator=575093355090&frm=20&pv=2&ga_vid=1121403278.1700406822&ga_sid=1700406822&ga_hid=1518721436&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=15&ady=115&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C31079759%2C42531706%2C44809316%2C31078297%2C31079756%2C44807763%2C44808148%2C44808285%2C44809056%2C318512602&oid=2&pvsid=2499941510308167&tmod=706454881&uas=0&nvt=1&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CfE%7C&abl=CF&pfx=0&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=1&uci=a!1&fsb=1&dtd=279
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f13:800:7782:14df:363:a706:6a6f Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 19 Nov 2023 15:13:44 GMT
server: nginx
x-server-name: dt12.or.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame C340 0
0 62ms
61ms Fetch
image/gif 142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjstmrvfumwNJxduXz8WeSZYP4FTcAbLJzFwZdQICud2P8HQdLxi5sAJLJyrqnPXoxi87niIKU-7QEp6XHtjkQbiy-7rc8w4iOGl0bwDR0IcCwH29AoXPxEiwgm93FqLNNamRw5Rxpj0f_IH9dG-DUfyGHDkV5pJStwY4IMKuHxHf1TPbEGIDVXetrt5VVS7kKf83hgaIo-Fm0z9NFJeINSjW2AiVwAEkAixCd2wXk0C8CtaYLMinUVLRvmpTkeMpgBpVvuPiQwRv5atKfRlh8g1tH3EihU5h2cUDPSAA5GeDZfg5qnqx_ZD9gen4fRKF8c4EEhpQ3g6SW3jXv-ONcJbmFlWAWOutXBTPGJAdFF90CXvUkfR4znClb9MFzXYt2oZeSkHLe6w8bIVAvKj5Nzfy3zKDld00YTX0Zy9Fw_TBdoTPnqN8Rz7X88Abawl4k-iDxUvxu3LnV5SIwjwf8xl8uOLE2p8zbWkw8TDMrKOYZ4u0Fk4TuFo0mf6y-zXS5c1ucuR1hDnzkt2-pXrfVaqZqIhAIWI90xJZUR_sHsJWNIC1zmPmQS3y8zeWqDTxSO3Lz-VyNhqE6-HJ0RAjfCXgmon4BJEJWLcoiRpADb_GsHU5fEPdadbE1EQTxikyHekcYKBJisRAs1bsI3RNKRhDTmHtZEO2M2vIDH80xDA3yigBIog7PpKQ7XXe79HeVMsmRYmBzy6_9UpqLmXDVSHdZMQsUF5BlVq8ivu43iq2v_EQlvD1HskR3hJx0doGmXuiwgwzyAJJtGQv_V_44YuP-GIxFynyAc-7BdHK3y-0zgV5qnROq-oT8co_vkSGIP-ZFRRX9O7ikFFTFCY8R3NUaycEORcG2740f-R1QCsKm9cKQnqs4m_5KOft7o0MkRhvCfTiUYwRRrBpLYpKwlYbYg8_Uhjz_xfLXqSQurQGsDfvOHyBAr1PxyyNTjHq50pNRBi6obo0ax6YLNtJ8N3eZbLI6lxFciiSHdoeOHc8bpnlpOZ4bMdjE6KG_i5FlypwqfYeuX3mOCM080vCOReTcuONNvU7EnoTxndD9ic8vu3jidJJ24EGBifeMc7W6OP5F8UFUjnyhwuLJHDJbW0vnQNhFNqQf6s2ADjQPJ31wiVFpdqtYD_qQ3w8hb98i_J_D2Fo2kcYWpOfEC-ZE5eRJkeFxHWfJd265kDnCJ2JXRpGMAcbD9CY_io7ud_Tk_PaLLjQ8joAiXhH_hJS95tww43e6l7c2u2aD7aBx3Wm8gBTntXgmItQcUAmoZP2k9XY-RXtKxt8B5cNG8Ii7ifoArMEO3G2r6MKze_Sxm29F58s0Jh0GBZJlGyKpCfH&sai=AMfl-YQJxFQNriDo-_X0BYpw13ue52dbDQ3kn55A2ozrcgRcCKIa_mTbC_GBY9OgC_vi2QKkx49sm3IKJq2Co7KUDcJiFZL66GSc3lEj6qMJqIXzAYrgPhJV484FF7ODNVB-GmPMKyt1IFoGnyYhYTBvcFMj3xCj0CnkSxsibw6kibNgyZZFEV86nPDZyph4lPCa17Bqo08GC9hRqmkBV8FksgNAIi8AE7uGCTM1k7ZQh9xsZFv_umxSqEf9bO9dZz7Pqr2EZaIcTNB9Vbk-ZhCWhCRdOQalrM5NbfZ0A0MDSsl3uH30XvVbAY9nju2M9GGK4A&sig=Cg0ArKJSzCtbhoIdmPrREAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=565&vt=11&dtpt=382&dett=3&cstd=180&cisv=r20231109.10981&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&arae=0&ftch=1&adurl=

Requested by

Host: mabi.tar.to
URL: https://mabi.tar.to/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Sun, 19 Nov 2023 15:13:43 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H3 200 GOa2ZK97xVqw-WOSDw2lqG4V8l_qTiI5JNj0tnI6N88.js Show response
pagead2.googlesyndication.com/bg/ Frame C48A 39 KB
15 KB 23ms
22ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/GOa2ZK97xVqw-WOSDw2lqG4V8l_qTiI5JNj0tnI6N88.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/62bHydCX.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

18e6b664af7bc55ab0f963920f0da5a86e15f25fea4e223924d8f4b6723a37cf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Sun, 19 Nov 2023 10:17:57 GMT
content-encoding: br
x-content-type-options: nosniff
age: 17746
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15296
x-xss-protection: 0
last-modified: Mon, 06 Nov 2023 16:38:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Mon, 18 Nov 2024 10:17:57 GMT

GET
H2 200 view
ad.doubleclick.net/pcs/ Frame F2AC 0
0 135ms
73ms Fetch
image/gif 142.250.185.70
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ad.doubleclick.net/pcs/view?xai=AKAOjsvGPDQGG6SwTweJKUiPL-tVX9Khn6WezNeN6W4Fg4TZwmH694mHPP9Axg1Ym5ry1DK2c4xyKLdwkpXiamrm32UNKqxW6-d_2scpz_nAfrTEmSQS5RJUAzKUsUE42ULa_vWeW8vYqJSldv9UYeCZPvzW9jDozjWB_DCt0sBvyRWKxx9GKWJ-UD39ZR3gui4Zd95EzyMGQDZl2Y5dt7nSrxn9slePjice3N3SfxngENT2soPje7tTj7vZMeB3ln7A2wYc1tbuwzNZLE5HMnoVnK0ISoMQeTydF9zP1oiM0alwg9OvJq8m5WM2B8Djbws9EJO00GLIf0VYwcANRjtLOlNyZxpCYSX2-7FeRQemaeQFOZcMVuhpwF8Lxy7mtM8KRRiLbQl8_9uR6Y9B_ZaE__3AyAqmirKkszzzq5kA6d-1OlRM6KN_ZkrPkiN0DGEQ7fYSt9tTrk-iqV7nHIQJrATikdmUgmmxxpC7k76IaGhWhyOaAkVlhpfT685TPuRbnlGlr1qka6m-imy8-7wVHs54JSQuNdq5jvd9E79a3diEECGjFnroeTPwvDAqG4hOPH5C7AEPQx8CKCMmLaLD_oIjo9NYwfsdqRU5FQAOFjb4vp8jl3HiO_eUtVke7bClhAFjkPU4riFqXHqlsA3gJw1p3ElP_022CcrQCshvTKpzqfcNfldlJa9KPs--JQaZPw2j_JrY-0FNvCACOdkLu_T8GnBckKFrgcM6guBYfK6iRkkNhJiPDulq1aCj7aXMwJFg7X0NiIPxTQCxyTNYoSC_oI5-5dM8POgWcc8dam1Qa-_B2vJFDUhc_Fo58unpCl_40a9--Io1mMnNBaR8opho2YjTMHVfrcBJRdXFcS5FPddfvVq-SgXncCRojlyZucSCEwfOUWFWeMprPZTkRHr4UVwQmKc3jDwSyN4vk_i3cBdQQ0EROoSYuCUXFtIAu6bjdi5SIlqoqbqW9cVA5lOCgOadV6Vl9tvwIjxDBNQ86LRiUL-v0fjD4mjFsvXQTGYBnygdBzOKVNiQ4ojP0PhY7N7Z-Goxsfs4wJX-3LF4JfFGEQ2rTKDckvk2APxSU64EFA2OsGFxqGOHR2UQmI5nayTxnU19t_Glgau5Our2Gpjl4mZyhNqmkK08ttTO55Fz1bIDKkvsEAc6qzOiVJDlyz-sJV4kOjvlnTQsiNeXG9qCYAmiD5IalVOt6xgNRBrPLYKIArfYPorAMhOefd-ebHMvzRMu9KsH9ke9BO6gQVf-8jpV8ER9rvlcblQiXbNtsNvN&sai=AMfl-YQ0eYVvzZFZA7YwEBZYE18H3RwObkF6f9kbIeJLLntAWrCsSubDbBZScmr2C1VxLDu793zmQSzZn7Fh3-1CSmX8ttjJPitVQm9Do0DBx8vbqPOr1KK6qVj9RGZrKc9HBqCdFs621nhgOSlaiKhkap6F6_8IJzm2HMjrV2BLloZcbUkmL-offq-U_COA-D3uP-oGT_sxQQQNxWXvC4-aIbu-1xmZTzbP_M_pZsMek-JwLPtuQfFQMEiAyhcMkDdq-6RoZjq3aepIHmdqd1PvFWq2Zt-4AE9yZLsHhaupOQgtIrdgOWL17uAhOzFUFZvgHWbJUJ0LHMNO1-Ov-0M3_Lr592oTo0glekNoeIdVHd_iYf0HfTs9IHrA79FaGxcYNdSuM35Sb5fasPyMLXOPGEk_jT-8k1oXjNHRGpBFBi3wlnH3Yi4qJ-ob1MOpRo0oHGGlEdawe1OdKG3KnpC6QiFy1XsZSHfnD8LgUy8UuWyhOykprb7ceptNRDlRpnPxsiiBmnFW9Q7S&sig=Cg0ArKJSzC7OBHthMOltEAE&uach_m=[UACH]&pr=missingexchangepricemacro&crd=aHR0cHM6Ly9maXZlcnIuY29t&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=464&cbvp=2&dett=2&cstd=0&cisv=r20231109.07037&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&arae=0&ftch=1&adurl=

Requested by

Host: mabi.tar.to
URL: https://mabi.tar.to/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.70 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f6.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Sun, 19 Nov 2023 15:13:43 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
content-type: image/gif
cache-control: private
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H2 200 dt
dt.adsafeprotected.com/ Frame C340 43 B
216 B 690ms
345ms Image
image/gif 2600:1f13:800:7782:14df:363:a706:6a6f
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=990511&asId=2bcb91b1-d599-725b-261e-00ea8122ce24&tv=%7Bc:uqKnDj,pingTime:0,time:188,type:pf,im:%7Bpci:%7Btdr:160%7D%7D,clog:%5B%7Bpiv:0,vs:o,r:r,w:160,h:600,t:26%7D,%7Bpiv:100,vs:i,r:,t:188%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:1,slTimes:%7Bi:0,o:188,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:26,wc:0.0.1600.1200,ac:NaN.NaN.160.600,am:sp,cc:0.0.160.600,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B178~0%5D,as:%5B178~160.600%5D%7D%7D,%7Bsl:i,t:188,wc:0.0.1600.1200,ac:NaN.NaN.160.600,am:sp,cc:0.0.160.600,piv:100,obst:0,th:0,reas:,bkn:%7Bpiv:%5B0~100%5D,as:%5B0~160.600%5D%7D%7D%5D,slEventCount:2,em:true,fr:false,e:,tt:rjss,dtt:0,fm:tW4lK3b+11%7C12%7C13*.990511-61634098%7C131%7C132%7C133%7C14%7C15%7C16%7C1711%7C1811%7C1812%7C1911%7C1a,idMap:13*,rmeas:1,rend:1,renddet:XIFRAME.qs.lf,siq:28%7D&br=c
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3088185226594785&output=html&h=600&slotname=4244427159&adk=2845068819&adf=1795251393&pi=t.ma~as.4244427159&w=160&fwrn=4&fwrnh=100&lmt=1700406821&rafmt=1&format=160x600&url=https%3A%2F%2Fmabi.tar.to%2F&ea=0&fwr=0&rpe=1&resp_fmts=4&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1700406821692&bpp=4&bdt=1272&idt=265&shv=r20231109&mjsv=m202311140101&ptt=9&saldr=aa&abxe=1&correlator=575093355090&frm=20&pv=2&ga_vid=1121403278.1700406822&ga_sid=1700406822&ga_hid=1518721436&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=15&ady=115&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C31079759%2C42531706%2C44809316%2C31078297%2C31079756%2C44807763%2C44808148%2C44808285%2C44809056%2C318512602&oid=2&pvsid=2499941510308167&tmod=706454881&uas=0&nvt=1&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CfE%7C&abl=CF&pfx=0&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=1&uci=a!1&fsb=1&dtd=279
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f13:800:7782:14df:363:a706:6a6f Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 19 Nov 2023 15:13:44 GMT
server: nginx
x-server-name: dt01.or.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H3 200 tui_logo_live_happy.svg
s0.2mdn.net/creatives/assets/4364511/ Frame 9E63 6 KB
2 KB 24ms
23ms Image
image/svg+xml 2a00:1450:4001:80b::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/creatives/assets/4364511/tui_logo_live_happy.svg

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

854a1cb3bf2ef67e6a303c0ca22cbf1616a6683a1415997646bb2129047a7e1d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/10256918388168393334/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Sun, 19 Nov 2023 15:00:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 766
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2072
x-xss-protection: 0
last-modified: Mon, 08 Nov 2021 07:44:21 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 19 Nov 2023 15:15:57 GMT

GET
H3 200 cta_jetzt_buchen.svg
s0.2mdn.net/creatives/assets/4331440/ Frame 9E63 2 KB
1 KB 25ms
24ms Image
image/svg+xml 2a00:1450:4001:80b::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/creatives/assets/4331440/cta_jetzt_buchen.svg

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6b9b2b33d50320446996a318fbd7129b3b365e760c44e8acc28031438bb3f8d3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/10256918388168393334/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Sun, 19 Nov 2023 15:00:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 775
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1056
x-xss-protection: 0
last-modified: Wed, 13 Oct 2021 09:19:56 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 19 Nov 2023 15:15:48 GMT

GET
H3 200 logo_flextarif.svg
s0.2mdn.net/creatives/assets/4331440/ Frame 9E63 3 KB
1 KB 25ms
24ms Image
image/svg+xml 2a00:1450:4001:80b::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/creatives/assets/4331440/logo_flextarif.svg

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

82df0096488e87333aaa0b7cad6ec583baee19c0d1cf7638e48fb609ed060a79

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/10256918388168393334/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Sun, 19 Nov 2023 15:00:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 778
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1288
x-xss-protection: 0
last-modified: Thu, 21 Oct 2021 13:24:58 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 19 Nov 2023 15:15:45 GMT

GET
H3 200 head2_5line_paare.svg
s0.2mdn.net/creatives/assets/4453672/ Frame 9E63 12 KB
3 KB 28ms
28ms Image
image/svg+xml 2a00:1450:4001:80b::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/creatives/assets/4453672/head2_5line_paare.svg

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4fc65e436756cddb5fdfe98535eb5c0dadda31f81801a21fa4c0839d45daebd9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/10256918388168393334/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Sun, 19 Nov 2023 15:11:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 155
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 3331
x-xss-protection: 0
last-modified: Mon, 07 Feb 2022 13:00:31 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 19 Nov 2023 15:26:08 GMT

GET
H3 200 head1_2line_paare.svg
s0.2mdn.net/creatives/assets/4453672/ Frame 9E63 4 KB
2 KB 25ms
25ms Image
image/svg+xml 2a00:1450:4001:80b::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/creatives/assets/4453672/head1_2line_paare.svg

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2ab6793dc8e7ecc84e623176376fac17df0d4513fc68ab392d3850200da5f13b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/10256918388168393334/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Sun, 19 Nov 2023 15:11:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 155
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1686
x-xss-protection: 0
last-modified: Mon, 07 Feb 2022 13:00:28 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 19 Nov 2023 15:26:08 GMT

GET
H3 200 160x600_kv_paar.jpg
s0.2mdn.net/creatives/assets/4453672/ Frame 9E63 37 KB
37 KB 26ms
25ms Image
image/jpeg 2a00:1450:4001:80b::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/creatives/assets/4453672/160x600_kv_paar.jpg

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8d6d8aa9116c8538da4416d44de1532dcf9f5ec4ddc85f4d524714e8ed918ee2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/10256918388168393334/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Sun, 19 Nov 2023 15:12:54 GMT
x-content-type-options: nosniff
age: 49
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 37561
x-xss-protection: 0
last-modified: Mon, 07 Feb 2022 08:15:06 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 19 Nov 2023 15:27:54 GMT

GET
H3 200 index.html Show response
s0.2mdn.net/sadbundle/17990266662471768200/ Frame 5511 141 KB
22 KB 23ms
20ms Document
text/html 2a00:1450:4001:80b::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/17990266662471768200/index.html?ev=01_250

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_278.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

57c2b596262f49dfc85822938e3989a0345fcd5ddd698423283ca15f162f6b99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
age: 234116
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 22865
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
cross-origin-resource-policy: cross-origin
date: Thu, 16 Nov 2023 22:11:47 GMT
expires: Fri, 15 Nov 2024 22:11:47 GMT
last-modified: Wed, 09 Feb 2022 10:37:12 GMT
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-xss-protection: 0

GET
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame 84AB 0
0 70ms
70ms Fetch
image/gif 142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsuWHViQiGJ75KQuWjtrOLau6zh9O7m3JgZIWqo1HN-QtyUWNQq4MivvWpASxGnLlzCc0THdbs0kH4RQ7cW5PoPZfe_wyhOsFQhDGVLmzGyPjAOXyu6twSUjg0UiMu-994SYvTwT-KZK1qqZLx9rAH0MWc71ZBXqxXK0PmPoY2oO-6nRmzdEKlb7kRO2cm_X0A04ZMjO4uxWqMU8OwVXyQ7w0oQuF7NPL4itudkqPV2itoAt7QqlhrDiHdGyGtnsnoat1Eegw5fh38EgHw5OAE4WIm9Ep_tSzzYxPf4vXKGTO4os2gV-P38lAfGdJjd-RmB8NcKndcmVJRrToH49Zyng1uYz3XQAfktUvJaijnFJLEKGvgkFcX8snVQGplrp8_Op4yVWbUVCdaHGXo8AEAaSi8B_qm0AvyuZtFa4zzrAGlcTzfw6KvrkPFovlp-xRbIfIxdH_OwSvth3UehKFHekl6Unooz7RGTQCaiooawL7tPTrSODNt1a7x7iFXsahJhRQmdloMKX6xNL4pi_03wJeU11gd8RuIhe-Ri4bwLByCODdZt8JhkyvKXochutnWMGr3RciJ2WJahOzC5Tv7482JWKXNlMxx8WYUy_DfRFdfU2cKYaAc691cfd448zHavkdDSZFiBuG26q_Zoi0kfWck5jYQD0CiPzkXfKsN7HkchmlnSpsoGyqDQTeBsW-0Ap5OG6Nev--CTSwHPki7Iik-uvClEdXGO7921Mc3FVl_Ra5s5-UMWaKkYw2Qw7I0CM6XHbVf7-KRHmgbzUo2_1hdKonN8rhcaPntaSaVJMiz1x2MK9emBOR-Uk5hCjXnqoqY73k_PKYsiWs4cIaxRXEAUAwuXlr-KmVlINF9zJYy_2e-PkH7IDPjHotwLGS2znIdmstWe1jn3hlWh1iQBWPbbBJ0awiArNdqQDW8Y_mJt-1-RFLqJGq_M57cg6Zjd1NqVoPie926bC38oxohUGRgmb5GKhaqNYc7x3shQUR4kdEpZvi-weoH9ZIll5TaoHs7skUNtDCvAaIsC9h2w5gaJUzHcBtnAXG-Wi9sPTetiXLA7efH4UqfKs2MlYZDtYvNYtlqKQIybowMGtqNMD_9zVwybGN-0Sfg_uaxFdsbwAwvMcU8oGE_f35xU58D7P8ePsE4LgnEQtKPcnKAvhfZ1FxD76VvzmMc5n_TEFNw6o4zu5elca4HSrN3PYNCrLSInaH-yLkgQW9AMc8uETfqIddRo9V73nkKQeJogPomA6WsMwPJdUxWNaAcxG6qcCTtpSM23cp74xfiiRKC3cmojpJhPJnwAW6iu4ABfgtgQEnKcNxDDDe19VSw&sai=AMfl-YQwxCP1VZgAsSDB-x3Qpi9YosIfDXxquG43YkOWL50lEy7s3dnTPHYl7pP63NgbHxo_taGDvA8sxP19uVI9E-rJ48aYEw9mfpXY0NNQL0LdRXUjiMLC7Or_CxFtQ_pQDfV_3EdNGCn675riQKffbF96bCupCc4NFM5SW4gcVO3QH_Bdu4364kWSg6AgHQv5ViVh4q8_DpXKLZE_IYY3cDqG7N96gQVYflt9doI4kzWGysd-tZj25xUkBPZFjsBVDgA6rMm0GqDN433w4is7SvDXxmjmBWHCINQjWxzu4aiDEmmIXAEAktX6FHq1W7on0Q&sig=Cg0ArKJSzEnB4cm3f2REEAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=174&cbvp=1&cstd=172&cisv=r20231109.68586&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&arae=0&ftch=1&adurl=

Requested by

Host: mabi.tar.to
URL: https://mabi.tar.to/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Sun, 19 Nov 2023 15:13:43 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
content-type: image/gif
cache-control: private
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H3 200 62bHydCX.html Show response
tpc.googlesyndication.com/sodar/ Frame 75EB 38 KB
13 KB 22ms
21ms Document
text/html 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/62bHydCX.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Q12zgMmT.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

eb66c7c9d097d5ba414230f422484c17fa6f37157d30e1ded2cc5f65a9667987

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 65638
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: br
content-length: 13045
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Sat, 18 Nov 2023 20:59:45 GMT
expires: Sun, 17 Nov 2024 20:59:45 GMT
last-modified: Fri, 25 Aug 2023 23:48:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2

200

4.js Show response
static.adsafeprotected.com/ Frame 84AB
Redirect Chain

https://fw.adsafeprotected.com/rfw/st/990511/61634096/4.js?ias_dspID=3&ias_campId=1013669275&ias_pubId=pub-3088185226594785&ias_chanId=1&ias_placementId=20343398390&bidurl=https://mabi.tar.to/&ias_...
https://static.adsafeprotected.com/4.js?adContainerId=brand_safety_JyZaZY-_GOCRjuwP5MCNsAw&cbFunctionName=goog_wrapCb_JyZaZY-_GOCRjuwP5MCNsAw&true_pb=https%3A%2F%2Fstatic.adsafeprotected.com%2Fpass...

1 KB
1 KB

32ms
32ms

Script
application/javascript

2600:9000:20ab:de00:8:48e:53c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.adsafeprotected.com/4.js?adContainerId=brand_safety_JyZaZY-_GOCRjuwP5MCNsAw&cbFunctionName=goog_wrapCb_JyZaZY-_GOCRjuwP5MCNsAw&true_pb=https%3A%2F%2Fstatic.adsafeprotected.com%2Fpassback_728x90.js
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_fy2021.html?fsb=1
Protocol: H2
Server: 2600:9000:20ab:de00:8:48e:53c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 27564fe0e5a95c61c9fbd45ecdb0a0a640fbb320bb64a54f3307a52fe96f86e4

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Mon, 13 Nov 2023 22:15:34 GMT
x-amz-version-id: 5yD0MD0xvY5qMDPlbaeccRZIQga4BLlQ
content-encoding: gzip
via: 1.1 3201e5fb77f9faaa881f4f324226564a.cloudfront.net (CloudFront)
x-amz-cf-pop: AMS58-P3
age: 493090
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: PENDING
last-modified: Mon, 13 Nov 2023 22:15:32 GMT
server: AmazonS3
etag: W/"33dffa7df253125904b2f354b5bb5e8d"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=604800
x-amz-cf-id: Wl60jKMDqYPAmVAg6WFLebxhCYzwV-LKM3reyRbO3SGeCwa_bitsNA==

Redirect headers

pragma: no-cache
date: Sun, 19 Nov 2023 15:13:43 GMT
server: nginx
x-server-name: app06.ie.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
location: https://static.adsafeprotected.com/4.js?adContainerId=brand_safety_JyZaZY-_GOCRjuwP5MCNsAw&cbFunctionName=goog_wrapCb_JyZaZY-_GOCRjuwP5MCNsAw&true_pb=https%3A%2F%2Fstatic.adsafeprotected.com%2Fpassback_728x90.js
cache-control: no-cache
content-length: 0

GET
H2 200 sca.17.6.2.js Show response
static.adsafeprotected.com/ Frame 3312 91 KB
23 KB 37ms
37ms Script
application/javascript 2600:9000:20ab:de00:8:48e:53c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.adsafeprotected.com/sca.17.6.2.js
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_fy2021.html?fsb=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:20ab:de00:8:48e:53c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 01cee6a7a3f1444680b188ab84052e2b6c85966f53a718d3926135ebcc832ffd

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Mon, 28 Aug 2023 08:07:09 GMT
x-amz-version-id: go8nfBUviNCPCwnrYX1LpMW5hEx3ASGy
content-encoding: gzip
via: 1.1 3201e5fb77f9faaa881f4f324226564a.cloudfront.net (CloudFront)
x-amz-cf-pop: AMS58-P3
age: 7196795
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
last-modified: Tue, 20 Sep 2022 19:21:34 GMT
server: AmazonS3
etag: W/"1f3488247c90bb5de253d3d0cb3b7458"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=315360000
x-amz-cf-id: zSETSlpU5Z9ATXQvuAbG4cquYNuBFXm71n4mgDBlXgQexBaz8E883Q==

GET
H3 200 DcmEnabler_01_247.js Show response
s0.2mdn.net/879366/ Frame 5511 29 KB
10 KB 20ms
20ms Script
text/javascript 2a00:1450:4001:80b::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/DcmEnabler_01_247.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/17990266662471768200/index.html?ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

467a5b06cb117035f7882e8c71d80e093f04ce586c1ac2b84e7e4adf978edb30

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/17990266662471768200/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Sun, 19 Nov 2023 00:27:51 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 53152
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 10136
x-xss-protection: 0
last-modified: Mon, 27 Sep 2021 18:45:03 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Mon, 20 Nov 2023 00:27:51 GMT

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 84AB 43 B
216 B 259ms
176ms Image
image/gif 2600:1f13:800:7782:14df:363:a706:6a6f
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=990511&asId=ceae0055-11b4-ed6b-ed38-d907f6dacbbe&tv=%7Bc:uqKnHx,pingTime:-3,time:129,type:v,clog:%5B%7Bpiv:0,vs:o,r:r,w:728,h:90,t:34%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:1,slTimes:%7Bi:0,o:129,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:34,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:sp,cc:0.0.728.90,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B121~0%5D,as:%5B121~728.90%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:0,fm:tW4lK8m+11%7C12%7C131%7C132%7C1331%7C134%7C14%7C15%7C16%7C1711%7C1811%7C18121%7C191*.990511-61634096%7C1911%7C1912%7C1913%7C1a,idMap:191*,rmeas:1,rend:0,renddet:DIV,siq:35%7D&br=c
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_fy2021.html?fsb=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f13:800:7782:14df:363:a706:6a6f Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 19 Nov 2023 15:13:44 GMT
server: nginx
x-server-name: dt06.or.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 84AB 43 B
216 B 256ms
177ms Image
image/gif 2600:1f13:800:7782:14df:363:a706:6a6f
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=990511&asId=ceae0055-11b4-ed6b-ed38-d907f6dacbbe&tv=%7Bc:uqKnHz,pingTime:-6,time:131,type:i,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:1,slTimes:%7Bi:0,o:131,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:34,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:sp,cc:0.0.728.90,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B122~0%5D,as:%5B122~728.90%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:0,fm:tW4lK8m+11%7C12%7C131%7C132%7C1331%7C134%7C14%7C15%7C16%7C1711%7C1811%7C18121%7C191*.990511-61634096%7C1911%7C1912%7C1913%7C1a,idMap:191*,rmeas:1,rend:0,renddet:DIV,siq:35%7D&tpiLookup=ao:mabi.tar.to*%2Cgoogleads.g.doubleclick.net*&br=c
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_fy2021.html?fsb=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f13:800:7782:14df:363:a706:6a6f Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 19 Nov 2023 15:13:44 GMT
server: nginx
x-server-name: dt20.or.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H3 200 unVwOGQH9SsIcJBr4Xp3HcCvUJyc_uBy8Ir4YHk_V1Y.js Show response
pagead2.googlesyndication.com/bg/ Frame BE88 38 KB
15 KB 21ms
20ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/unVwOGQH9SsIcJBr4Xp3HcCvUJyc_uBy8Ir4YHk_V1Y.js

Requested by

Host: mabi.tar.to
URL: https://mabi.tar.to/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ba7570386407f52b0870906be17a771dc0af509c9cfee072f08af860793f5756

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Thu, 16 Nov 2023 14:03:58 GMT
content-encoding: br
x-content-type-options: nosniff
age: 263385
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14990
x-xss-protection: 0
last-modified: Mon, 06 Nov 2023 16:38:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 15 Nov 2024 14:03:58 GMT

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 84AB 43 B
216 B 406ms
346ms Image
image/gif 2600:1f13:800:7782:14df:363:a706:6a6f
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=990511&asId=ceae0055-11b4-ed6b-ed38-d907f6dacbbe&tv=%7Bc:uqKnHU,pingTime:-2,time:152,type:a,im:%7Bsf:0,pom:1,prf:%7BbeA:587,beZ:588,mfA:592,cmA:594,inA:594,inZ:599,prA:599,prZ:615,si:621,poA:622,poZ:647,cmZ:647,mfZ:647,loA:718,loZ:721,ltA:738,ltZ:739%7D%7D,sca:%7Bdfp:%7Bdf:4,sz:728.90,dom:div%7D%7D,env:%7Bgca:false,cca:false,gca2:false%7D,clog:%5B%7Bpiv:0,vs:o,r:r,w:728,h:90,t:34%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:1,slTimes:%7Bi:0,o:152,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:34,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:sp,cc:0.0.728.90,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B143~0%5D,as:%5B143~728.90%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:0,fm:tW4lK3b+11%7C12%7C13.990511-61634098%7C131%7C132%7C1331%7C134%7C14%7C15%7C16%7C1711%7C1811%7C18121%7C191*.990511-61634096%7C1911%7C1912%7C1913%7C1a,idMap:191*,pd:CV8L.internal-pdf-viewer,rmeas:1,rend:0,renddet:DIV,siq:35,sinceFw:116,readyFired:true%7D&br=c
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_fy2021.html?fsb=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f13:800:7782:14df:363:a706:6a6f Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 19 Nov 2023 15:13:44 GMT
server: nginx
x-server-name: dt22.or.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H3 200 GOa2ZK97xVqw-WOSDw2lqG4V8l_qTiI5JNj0tnI6N88.js Show response
pagead2.googlesyndication.com/bg/ Frame 75EB 39 KB
15 KB 20ms
20ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/GOa2ZK97xVqw-WOSDw2lqG4V8l_qTiI5JNj0tnI6N88.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/62bHydCX.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

18e6b664af7bc55ab0f963920f0da5a86e15f25fea4e223924d8f4b6723a37cf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Sun, 19 Nov 2023 10:17:57 GMT
content-encoding: br
x-content-type-options: nosniff
age: 17746
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15296
x-xss-protection: 0
last-modified: Mon, 06 Nov 2023 16:38:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Mon, 18 Nov 2024 10:17:57 GMT

GET
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame 84AB 0
0 60ms
60ms Fetch
image/gif 142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsuWHViQiGJ75KQuWjtrOLau6zh9O7m3JgZIWqo1HN-QtyUWNQq4MivvWpASxGnLlzCc0THdbs0kH4RQ7cW5PoPZfe_wyhOsFQhDGVLmzGyPjAOXyu6twSUjg0UiMu-994SYvTwT-KZK1qqZLx9rAH0MWc71ZBXqxXK0PmPoY2oO-6nRmzdEKlb7kRO2cm_X0A04ZMjO4uxWqMU8OwVXyQ7w0oQuF7NPL4itudkqPV2itoAt7QqlhrDiHdGyGtnsnoat1Eegw5fh38EgHw5OAE4WIm9Ep_tSzzYxPf4vXKGTO4os2gV-P38lAfGdJjd-RmB8NcKndcmVJRrToH49Zyng1uYz3XQAfktUvJaijnFJLEKGvgkFcX8snVQGplrp8_Op4yVWbUVCdaHGXo8AEAaSi8B_qm0AvyuZtFa4zzrAGlcTzfw6KvrkPFovlp-xRbIfIxdH_OwSvth3UehKFHekl6Unooz7RGTQCaiooawL7tPTrSODNt1a7x7iFXsahJhRQmdloMKX6xNL4pi_03wJeU11gd8RuIhe-Ri4bwLByCODdZt8JhkyvKXochutnWMGr3RciJ2WJahOzC5Tv7482JWKXNlMxx8WYUy_DfRFdfU2cKYaAc691cfd448zHavkdDSZFiBuG26q_Zoi0kfWck5jYQD0CiPzkXfKsN7HkchmlnSpsoGyqDQTeBsW-0Ap5OG6Nev--CTSwHPki7Iik-uvClEdXGO7921Mc3FVl_Ra5s5-UMWaKkYw2Qw7I0CM6XHbVf7-KRHmgbzUo2_1hdKonN8rhcaPntaSaVJMiz1x2MK9emBOR-Uk5hCjXnqoqY73k_PKYsiWs4cIaxRXEAUAwuXlr-KmVlINF9zJYy_2e-PkH7IDPjHotwLGS2znIdmstWe1jn3hlWh1iQBWPbbBJ0awiArNdqQDW8Y_mJt-1-RFLqJGq_M57cg6Zjd1NqVoPie926bC38oxohUGRgmb5GKhaqNYc7x3shQUR4kdEpZvi-weoH9ZIll5TaoHs7skUNtDCvAaIsC9h2w5gaJUzHcBtnAXG-Wi9sPTetiXLA7efH4UqfKs2MlYZDtYvNYtlqKQIybowMGtqNMD_9zVwybGN-0Sfg_uaxFdsbwAwvMcU8oGE_f35xU58D7P8ePsE4LgnEQtKPcnKAvhfZ1FxD76VvzmMc5n_TEFNw6o4zu5elca4HSrN3PYNCrLSInaH-yLkgQW9AMc8uETfqIddRo9V73nkKQeJogPomA6WsMwPJdUxWNaAcxG6qcCTtpSM23cp74xfiiRKC3cmojpJhPJnwAW6iu4ABfgtgQEnKcNxDDDe19VSw&sai=AMfl-YQwxCP1VZgAsSDB-x3Qpi9YosIfDXxquG43YkOWL50lEy7s3dnTPHYl7pP63NgbHxo_taGDvA8sxP19uVI9E-rJ48aYEw9mfpXY0NNQL0LdRXUjiMLC7Or_CxFtQ_pQDfV_3EdNGCn675riQKffbF96bCupCc4NFM5SW4gcVO3QH_Bdu4364kWSg6AgHQv5ViVh4q8_DpXKLZE_IYY3cDqG7N96gQVYflt9doI4kzWGysd-tZj25xUkBPZFjsBVDgA6rMm0GqDN433w4is7SvDXxmjmBWHCINQjWxzu4aiDEmmIXAEAktX6FHq1W7on0Q&sig=Cg0ArKJSzEnB4cm3f2REEAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=432&vt=11&dtpt=258&dett=3&cstd=172&cisv=r20231109.68586&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&arae=0&ftch=1&adurl=

Requested by

Host: mabi.tar.to
URL: https://mabi.tar.to/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Sun, 19 Nov 2023 15:13:44 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H2 200 dt
dt.adsafeprotected.com/ Frame C340 43 B
216 B 248ms
247ms Image
image/gif 2600:1f13:800:7782:14df:363:a706:6a6f
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=990511&asId=2bcb91b1-d599-725b-261e-00ea8122ce24&tv=%7Bc:uqKnKs,pingTime:-10,time:631,type:s,mvn:ZnNjPTEzLHNkPTMsbm89OCxhc3A9MQ--,sd:MTcuNi4ydjEyMDB8fDE2MDB8fDF8fDF8fDI0fHwxMjAwfHwwfHwwfHwxfHxsYW5kc2NhcGUtcHJpbWFyeXx8MjR8fDQvM3x8NC8zfHwwfHwxNjAw,no:MTcuNi4ydk1vemlsbGF8fE5ldHNjYXBlfHxufHxufHwwfHxufHxXaW4zMnx8R2Vja298fDIwMDMwMTA3fHwtNjB8fE1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDEwLjA7IFdpbjY0OyB4NjQpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIENocm9tZS8xMTkuMC42MDQ1LjE1OSBTYWZhcmkvNTM3LjM2fHwxfHwxfHxHb29nbGUgSW5jLnx8bg--,ch:n,fsc:17.6.2v222222220002222202222222220222222222202222222220222202000022000220222222220000222202002222202222222220222222220000020022222200022222220200000222200022220002022022022222202002220222022222022220000220200000022220222220222222222222202222222222222222222222222222222222222200000022022020020000002022202022022022222222000000000020222202022022222000000020000000000000000000020220202220000022200222202220022200200222022202220022220222200202222020002200002222022222202222000002002002222222202220022202200022002220222202,asp:1700406824076%7C%7Ca08eb803cebfddcadfab2e2ac99fb3c6%7C%7C1b7de7e82db1163ab7a1342e5def95a8%7C%7C6f9d31014d6e1e22a7c227f4aa4382b8%7C%7C46aacd01a9aeef6658e8b97cae753cf7%7C%7C36a8cd8600e454f3422db8301b44920a%7C%7Cb3f9b45fb0e1b43c8d076d7e1bc53e1d%7C%7C4ee6626703a17912106df8f8e075746d%7C%7C1663701684%7D
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3088185226594785&output=html&h=600&slotname=4244427159&adk=2845068819&adf=1795251393&pi=t.ma~as.4244427159&w=160&fwrn=4&fwrnh=100&lmt=1700406821&rafmt=1&format=160x600&url=https%3A%2F%2Fmabi.tar.to%2F&ea=0&fwr=0&rpe=1&resp_fmts=4&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1700406821692&bpp=4&bdt=1272&idt=265&shv=r20231109&mjsv=m202311140101&ptt=9&saldr=aa&abxe=1&correlator=575093355090&frm=20&pv=2&ga_vid=1121403278.1700406822&ga_sid=1700406822&ga_hid=1518721436&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=15&ady=115&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C31079759%2C42531706%2C44809316%2C31078297%2C31079756%2C44807763%2C44808148%2C44808285%2C44809056%2C318512602&oid=2&pvsid=2499941510308167&tmod=706454881&uas=0&nvt=1&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CfE%7C&abl=CF&pfx=0&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=1&uci=a!1&fsb=1&dtd=279
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f13:800:7782:14df:363:a706:6a6f Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 19 Nov 2023 15:13:44 GMT
server: nginx
x-server-name: dt06.or.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H3 200 cta_jetzt_buchen.svg
s0.2mdn.net/creatives/assets/4331440/ Frame 5511 2 KB
1 KB 21ms
20ms Image
image/svg+xml 2a00:1450:4001:80b::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/creatives/assets/4331440/cta_jetzt_buchen.svg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/17990266662471768200/index.html?ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6b9b2b33d50320446996a318fbd7129b3b365e760c44e8acc28031438bb3f8d3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/17990266662471768200/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Sun, 19 Nov 2023 15:00:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 776
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1056
x-xss-protection: 0
last-modified: Wed, 13 Oct 2021 09:19:56 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 19 Nov 2023 15:15:48 GMT

GET
H3 200 logo_flextarif.svg
s0.2mdn.net/creatives/assets/4331440/ Frame 5511 3 KB
1 KB 21ms
20ms Image
image/svg+xml 2a00:1450:4001:80b::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/creatives/assets/4331440/logo_flextarif.svg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/17990266662471768200/index.html?ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

82df0096488e87333aaa0b7cad6ec583baee19c0d1cf7638e48fb609ed060a79

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/17990266662471768200/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Sun, 19 Nov 2023 15:00:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 779
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1288
x-xss-protection: 0
last-modified: Thu, 21 Oct 2021 13:24:58 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 19 Nov 2023 15:15:45 GMT

GET
H3 200 tui_live_happy_white.svg
s0.2mdn.net/creatives/assets/4426814/ Frame 5511 8 KB
3 KB 22ms
21ms Image
image/svg+xml 2a00:1450:4001:80b::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/creatives/assets/4426814/tui_live_happy_white.svg

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c043552be6d98da422ec5c2946c7a6588600e29d9f2a871ba1ea1206d3db813b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/17990266662471768200/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Sun, 19 Nov 2023 15:08:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 324
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2962
x-xss-protection: 0
last-modified: Wed, 02 Feb 2022 10:17:44 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 19 Nov 2023 15:23:20 GMT

GET
H3 200 head2_2line_paare.svg
s0.2mdn.net/creatives/assets/4453672/ Frame 5511 12 KB
3 KB 25ms
25ms Image
image/svg+xml 2a00:1450:4001:80b::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/creatives/assets/4453672/head2_2line_paare.svg

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9711c16a64e8b4086724485013257f3ba812d103630ddd609e3bcc677a07a0bb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/17990266662471768200/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Sun, 19 Nov 2023 15:08:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 315
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 3441
x-xss-protection: 0
last-modified: Wed, 09 Feb 2022 08:21:20 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 19 Nov 2023 15:23:29 GMT

GET
H3 200 head1_1line_paare.svg
s0.2mdn.net/creatives/assets/4453672/ Frame 5511 4 KB
2 KB 22ms
22ms Image
image/svg+xml 2a00:1450:4001:80b::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/creatives/assets/4453672/head1_1line_paare.svg

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4f859c54c2abc8c5257845d36ebb1152e3eb5c555b9b78420cca3a626ecabc9d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/17990266662471768200/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Sun, 19 Nov 2023 15:06:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 450
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1610
x-xss-protection: 0
last-modified: Tue, 08 Feb 2022 09:12:24 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 19 Nov 2023 15:21:14 GMT

GET
H3 200 728x90_kv_paare.jpg
s0.2mdn.net/creatives/assets/4453672/ Frame 5511 36 KB
36 KB 23ms
22ms Image
image/jpeg 2a00:1450:4001:80b::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/creatives/assets/4453672/728x90_kv_paare.jpg

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

15ddf64a1db0b06797a274e5975f2303bbfd68ca43e0539ddb4f5aac2bcaa456

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/17990266662471768200/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Sun, 19 Nov 2023 15:01:10 GMT
x-content-type-options: nosniff
age: 754
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 37294
x-xss-protection: 0
last-modified: Wed, 09 Feb 2022 08:21:24 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 19 Nov 2023 15:16:10 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 1A2A 0
20 B 56ms
55ms Image
image/gif 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=44&t=2&bgai=BE3QfJiZaZa7uOd-ojuwP-_GlmA4AAAAAOAHgBAI&bg=!bW6lbiHNAAZxrfrxUa07ADQBe5WfONk2H3MPeIIyEzNX38DjzCOJOL7kq1elNw-Y_zORecmSnlWySQhVzOaSkjSlY01MAgAAAhVSAAAABGgBB5kC2rVNJGU4CoFyl__T72iFnIVrsOlzpplRlt6xtPmU3EOMLuwE4GLPwYtrqmmiJCGZam7JOETKsgXsDfQY8vWAf51tO8Jd2Tv2DzBEP9cvkXSKdb6UJkTfuzLugR5RcivWNalQjU5Zyun9463pZjblI9LLOVwjhHMvYgoGZzifcvUGXLnZ3lhvecDPkJmFaWk6pt81DBWTz1wmRYVs69clUmgBVmOIu9aJCkDd9344dIF4BVmsmMdeu00DFgyk0WC0Wz0HFNRDCksT6w7keOOFzk47s3x2urhX0LGqVP79WxxnH1chJevIKV0aJD3sD8w_ozRCjY8VOyXUV-wO1K968snsKlenX0Uj-B0r8vgPU7o8QS4bE22XQCCnMp_lH72QhKyk7Y-Q5KaV3Bl6twZOs_8YTQGFdUOjtjrF872uwk7zw274-FfmzXgRGIsRVXj-lPX9bBDYZBRNZM47DUjJ_qYpXMT5jOMMe2Mc6DRbO2GIkQhzqX3icNME1i_tRqelCol6tE_zneds1PjrM2wZrOk5yLMSegpFAuh2mYC1i7k3bI3lZiBICYyKXHhU8Q40hB281VRbTF5FbFqvA_0ZDLuSO7hE3vXsMmsWE1-9rqDTlW-p6yKD4kR2xxSoVMCghAcosuk6Wo0RapOwQfD3PMSqrefKi5YRVLDhYmu1mnMRITr5kG-V0WbY5-fvj13ZPhtl8EXBDUw2akFN4StFYLdrgt5L4Gr9mDO2wMacQQCbwHTzejV_JeQpwlC6nPs8das8we7MCaTCzpuDgXIPMmMvUXjbyZ9G0tRrpabemRAS6i7D1v6vTFHg4L0kNWuiRpu1xqGS6vHMc4TzJBLh8xe7-CFakxqA6FgPAxZBcStElVBWyoY7lfp5tuRyRbEcbmF1nso3AzFolibR2X0hvtWWgFEJs3Lsf2QcubxFbjRjYJBgK-Spo6Q08V_VtUKPfTzA9ihyfTKPxNE

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 19 Nov 2023 15:13:44 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame C48A 0
20 B 57ms
57ms Image
image/gif 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=44&t=2&bgai=B3az4JiZaZZmuCuDI7OsPgPCVoAgAAAAAOAHgBAI&bg=!c3ClcD_NAAZxrfrxUa07ADQBe5WfOAiPwEp7KWCHOnuElB2Pp3xDueCmKCJ6ISSnsxWsCoRCx6joshk_oz9lndFoqNByAgAAAdpSAAAABWgBB5kDALboNKK9FzRUz33tidtJ-MFPH1X1AtmlZy2JBE8y06HtPF-SbhvHCzcr6zDza0whHhHPoYOrLaMMzgRcCwNbtDn6mgOIRDlJCQCjCGqX5NzdnHQNZAW9zhDZpcPT91cMRyIL2KpOY1HlgUdOo4Nxnyh8uDGafJJtQJO7NWQ-82jAz-gfSefaTUSfJaFJv2HQxDIafKBugjaQTqSnSBHOVOvrMCSaw_R4_8-wAX7KEl4HB8wcG229d2Lx3qLrGaPmfATjwLRxA4VJnoi6put8nZN7ZXnkb7dFpOgYwKbatVxJywZOL8hnuo9nF_wr3REtIohalLpG_zeQc-OBuR00tx618EM16RgelpNnZlw4UsG2dlJ3q-orSEmzTeWpIWKszfWuwX43DiddkTTvYmjkD42ecZ_mjczlfITV0iSZ50jREaISBQZAPg15tI7XEBEtadUPv8-YaI13OgWiJSfd29ZUJ_-GvEqRytuN5On3IfpaWEJ9k6SJzw1ARq93nbGInPAMDvxyTQpRPjhdVcF2Kd5l4i8Ncqta5hiYB3HH2MfNGRpHdKiNl76czKdkTrMIG615kvb2bwrtMZXi4FY6QEGng50rU8F0Pnkycj_U-o2MI9nt0A9lz7KeRGzq9DPMskuSHqPD4ij9RksvXK4nxb_o308CSRRZNqBzXRantxqYVTwvHgUVbKum9slK7R-bMXaBPmvAGqfnDGQtx04tPKg7PKPFULa8aQvV7PWL-aUhtz3FKaNLHVKqYZ_Rtx5r5rcHpCr3COIeCr3CYafy5I44Qex3w7idCmU3NW9gFEGq1G_3wNt1RtHFC4hSTov6mqdFwqqYaIxWAT4yFV2_YPD5cBIJZYv_mZQ8eEXtoZaG-Lz_yjrHnlZB90uMFt6_WXHgs8fRg7AcpSZ50W-qxsNy8AYGoVpj2MyhtxuZZXeAj4pwLmpkRN-wESuyb_s8hl2FslKM11TZYamOlIMNnlmo6Gumi3lSAQXN9bDKciWifZ8GERAikwyWe0-k14maHQ

Requested by

Host: mabi.tar.to
URL: https://mabi.tar.to/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 19 Nov 2023 15:13:44 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame C340 42 B
64 B 214ms
172ms Fetch
image/gif 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjstukO-leRSFg69d0mzBfPUe9N0_Ty0AfGk4CmjPX94b2fFpptYO8W5pCnKe_PTXE7JmavsqSGoNS0E3S6htY3Dlf8HeNnMxFm-itkQpgcbISvWTnNcbtHKDAvJi0SED_lhlX9lkCmZ-tjqH&sai=AMfl-YQRx8IrABTq2spf-9hi9Jll9E4Ks6eHvSlE8EF5nqMySaeu88ZHnuGjE5pwAstDSnowxsxbJ01m9J0UdcXC7ANZgqG-I2RcZ22r1cgIVFq-HuSQG0Cr7rl1xAxCuU43orz9HP_WE3QaB-iHFCgh7w&sig=Cg0ArKJSzA5afGSoYcd5EAE&cid=CAQSTwDICaaNEZ6BoSX23Cz9Bk1yxbBuBJgSL1ZNrnh-Jhj7H-QKgzsHUsVW-o2HcL1UIsDIb9Nr61ujHNKaJMFgvRrhzlj8h2jyqD7cS_wy0dEYAQ&id=lidar2&mcvt=1003&p=0,119,40,160&mtos=1003,1003,1003,1003,1003&tos=1003,0,0,0,0&v=20231116&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=20&adk=2845068819&rs=2&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0%3D&vs=4&r=v&rst=1700406821973&rpt=1232&met=ie&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 19 Nov 2023 15:13:44 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 75EB 0
20 B 56ms
56ms Image
image/gif 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=44&t=2&bgai=BH_aeJyZaZY-_GOCRjuwP5MCNsAwAAAAAOAHgBAI&bg=!x8SlxIvNAAZxrfrxUa07ADQBe5WfOCS27tHbl9UFpku6RBM666uuIHOSRc2iau99Oux2G3Y2j6L247Sm83lldXtDSIzoAgAAAMBSAAAABWgBBwoARyNQ5rRIF4Vo8M4pe1-ZI8m0qgGiagCDdRoFnycKTrgx0QBOJ0nbTnyqb551bTUU_vgpFw6qA1K8Ff6aqsRIkQbJ0HR3w140mQMEdW1T4kh3s5C2oU86mWsanPpggwCQaWgQPE-YDNchZshp6enZgOMl_1MU_aXWMwIrB4YCavruf4MoK9FNuZHStb5BZQb0nE3LjI0WsrswIqmBc0dZw3iLmZjPx5laZPK-dTp4x7mAt6rAQI1wkcewzsIoy8RnnurFFFsC2wsPm8Ruz7Mm4idU54wWw9Z8idZ5i5NGbWCZ8v1BaxZmKOTM2Q9sAli0vl3Z3hnyn2tk0Ep0sC8gt447vL1zQ-r4vx_1s7mxkB_o-grAiIMU8cQoNtjgFf5LHEPPjeTeQAfCTeQbVyJdnR3VeYAR1QGWsC7WoNtXxHBN20KqWjA-UvgMPPNeL2UpgxA8nR_pnXflviq8ZoWFJ6aJXt6a3B7WBd4FFgYR0A-37DQpfreo84K5V3k9SZf9tbsq1tQOW_1XLAaW48FsXgnu22lcHvH9HvF1ifZ-P2MmY-Q4iDa0Coc7MK8tDS0V7NNchLVYgrsE4F-N0RrnIPSqFNcZ9GHmAVYBOBQ2KmiCGPS2_mOfypfc7v3TvMurO6QQ-3twQ9JJeSjsV9H7wSXhzvrCIFZUTgR9ikA2Jwb4DC7JhhkzlS5foyLI6uXCfYkr2GfxMxxkEWLiU5cHdaLl_NMZw6cEOpNGaVx_0DQKV2YDpgmByOFxs6U4T1YblgTT9gqkHbErgw-a8fgjaYmqXn15oUBB08gYb7apM_RLIHu-gJq8NVOVLF_dpiDPl2mU3NPd7C5d0BXBhk3wsqOZRd1trl6MD1Cy5H42yI9IS8yFamZ7Z1rm05-xuR1CHv9oPUpJMKslnrVYY3zpM1dJ-1LLs6XzNLolhbdlUIcsNt_axp-VkSBcdyU639okgMUmH0GysE_FMr5c8SG30fym70EpZndedb2iIFpJnMV6ZpOSk22FIT9FO0gttK9J_IVlwnaKDciMaAmuCp_9gvwPjo-HGX5MABkgFMtiQYp4TPqeu0yBf_KdnG7wy0l5KmsYTtTpjErBJgqZ6Iz0YrHJfuRy7IMyzuPV5UlcAA

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 19 Nov 2023 15:13:44 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 16 KB
12 KB 76ms
73ms XHR
application/json 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20231109&st=env

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7452bf34013c4e1eccf91b889b00762cdbb9483511b45993e2f008d85d39d6aa

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mabi.tar.to/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Sun, 19 Nov 2023 15:13:44 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 12477
x-xss-protection: 0

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
6 KB 73ms
73ms Script
text/javascript 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mabi.tar.to/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Sun, 19 Nov 2023 15:13:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Sun, 19 Nov 2023 15:13:44 GMT

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 5084 13 KB
5 KB 24ms
21ms Document
text/html 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://mabi.tar.to/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 17644
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Sun, 19 Nov 2023 10:19:40 GMT
expires: Mon, 18 Nov 2024 10:19:40 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 aframe Show response
www.google.com/recaptcha/api2/ Frame EF36 829 B
998 B 34ms
32ms Document
text/html 2a00:1450:4001:80f::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

9252f8b0c6c5d035098b4bdc33018bd32853fc58b1d54ddc688fbabf60411a71

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-A1d4eN_jrakV9sVerG8t-g' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://mabi.tar.to/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=300
content-encoding: gzip
content-security-policy: script-src 'report-sample' 'nonce-A1d4eN_jrakV9sVerG8t-g' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Sun, 19 Nov 2023 15:13:44 GMT
expires: Sun, 19 Nov 2023 15:13:44 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H3 200 GOa2ZK97xVqw-WOSDw2lqG4V8l_qTiI5JNj0tnI6N88.js Show response
pagead2.googlesyndication.com/bg/ Frame 5084 39 KB
15 KB 20ms
20ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/GOa2ZK97xVqw-WOSDw2lqG4V8l_qTiI5JNj0tnI6N88.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

18e6b664af7bc55ab0f963920f0da5a86e15f25fea4e223924d8f4b6723a37cf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Sun, 19 Nov 2023 10:17:57 GMT
content-encoding: br
x-content-type-options: nosniff
age: 17747
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15296
x-xss-protection: 0
last-modified: Mon, 06 Nov 2023 16:38:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Mon, 18 Nov 2024 10:17:57 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame EF36 0
0 54ms
53ms Image
text/html 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gda_r20231109&jk=2499941510308167&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 84AB 42 B
64 B 172ms
172ms Fetch
image/gif 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjssG7zEMEh40Jx-pAxI7AcqvE7jcnluoG-k7mZMO1f84dOOXojzSvtAUXgmAQJcP0exYk3oG7lE1VFTNc2CHgSVsR5nLwl-aDti054GIGTUB4dCrbROeDS8IQFrfkjimrNSfwT0hd5sRjgX6&sai=AMfl-YRf7Ehckh03ZL9p4Xn-6BKnEyOMJPCVLXANFi3Bd2Dic44ZYKyTdnWYs5BXc7hG9odNMBV9YSDe1OLWdK7vDJyx-Muiq6jSepW5B87cusVVwuuu7yIcGhkod8uPQhw05Fbuo03e3AMcACc9JUetkA&sig=Cg0ArKJSzKGqZAohuObWEAE&cid=CAQSTwDICaaNc_dKtQ858jVMgY7DBOfSJ6rcki3sBM_D-qu-xMxiqTou7rQZYX0-mZKfMYd66Zi0tQN-gjq6fh8Y3fkd8i0B3W2GOPKEicQ7d8kYAQ&id=lidar2&mcvt=1008&p=0,0,90,728&mtos=579,1008,1008,1008,1008&tos=579,429,0,0,0&v=20231116&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=20&adk=1812271801&rs=2&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0%3D&vs=4&r=v&rst=1700406823180&rpt=433&met=ce&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 19 Nov 2023 15:13:44 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 dt
dt.adsafeprotected.com/ Frame C340 43 B
216 B 175ms
175ms Image
image/gif 2600:1f13:800:7782:14df:363:a706:6a6f
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=990511&asId=2bcb91b1-d599-725b-261e-00ea8122ce24&tv=%7Bc:uqKnTx,pingTime:1,time:1194,type:p,clog:%5B%7Bpiv:0,vs:o,r:r,w:160,h:600,t:26%7D,%7Bpiv:100,vs:i,r:,t:188%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:1,slTimes:%7Bi:1006,o:188,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:26,wc:0.0.1600.1200,ac:NaN.NaN.160.600,am:sp,cc:0.0.160.600,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B178~0%5D,as:%5B178~160.600%5D%7D%7D,%7Bsl:i,t:188,wc:0.0.1600.1200,ac:NaN.NaN.160.600,am:sp,cc:0.0.160.600,piv:100,obst:0,th:0,reas:,bkn:%7Bpiv:%5B1007~100%5D,as:%5B1007~160.600%5D%7D%7D%5D,slEventCount:2,em:true,fr:false,e:,tt:rjss,dtt:252,fm:tW4lK3b+11%7C12%7C13*.990511-61634098%7C131%7C132%7C133%7C14%7C15%7C16%7C1711%7C1811%7C1812%7C191.990511-61634096%7C1911%7C1a,idMap:13*,rmeas:1,rend:1,renddet:XIFRAME.qs.lf,siq:28,sis:232%7D&br=c
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f13:800:7782:14df:363:a706:6a6f Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 19 Nov 2023 15:13:44 GMT
server: nginx
x-server-name: dt23.or.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H2 200 dt
dt.adsafeprotected.com/ Frame C340 43 B
216 B 175ms
175ms Image
image/gif 2600:1f13:800:7782:14df:363:a706:6a6f
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=990511&asId=2bcb91b1-d599-725b-261e-00ea8122ce24&tv=%7Bc:uqKnTB,pingTime:1,time:1198,type:c,clog:%5B%7Bpiv:0,vs:o,r:r,w:160,h:600,t:26%7D,%7Bpiv:100,vs:i,r:,t:188%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:1,slTimes:%7Bi:1010,o:188,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:26,wc:0.0.1600.1200,ac:NaN.NaN.160.600,am:sp,cc:0.0.160.600,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B178~0%5D,as:%5B178~160.600%5D%7D%7D,%7Bsl:i,t:188,wc:0.0.1600.1200,ac:NaN.NaN.160.600,am:sp,cc:0.0.160.600,piv:100,obst:0,th:0,reas:,bkn:%7Bpiv:%5B1010~100%5D,as:%5B1010~160.600%5D%7D%7D%5D,slEventCount:2,em:true,fr:false,e:,tt:rjss,dtt:252,fm:tW4lK3b+11%7C12%7C13*.990511-61634098%7C131%7C132%7C133%7C14%7C15%7C16%7C1711%7C1811%7C1812%7C191.990511-61634096%7C1911%7C1a,idMap:13*,rmeas:1,rend:1,renddet:XIFRAME.qs.lf,siq:28,sis:232,metricId:grpm1,cmr:t%7D&br=c
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f13:800:7782:14df:363:a706:6a6f Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 19 Nov 2023 15:13:44 GMT
server: nginx
x-server-name: dt24.or.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame F2AC 42 B
64 B 170ms
170ms Fetch
image/gif 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjssal8pienljnSDBYMrFG1sKtalXhF0o07E1Jn5DbSwe6bLuFxWpuBRDg3dNraWKa2lUJLlPOT2YdhwpzHMCS7KhQBIxkh3wJgKpiugdBV0jztRsTIdyK6Jb2V2Ni6hiLGgzlst8blV28Sxw&sai=AMfl-YTvY3jbja-jvrjGe1-_ivirPRdCktkEDSle11yWB8OKLpqM_nDdwbnYNVDBNbYqBcZk_1zPskjcXF3FKttlIPfDIiGpEO7PZj116xHqLEbolUXOO-G9QGqRDt5jDm31hLqER8Vlz9LKNKoAv570pg&sig=Cg0ArKJSzGhIpHO-gzJfEAE&cid=CAQSTwDICaaNc_dKtQ858jVMgY7DBOfSJ6rcki3sBM_D-qu-xMxiqTou7rQZYX0-mZKfMYd66Zi0tQN-gjq6fh8Y3fkd8i0B3W2GOPKEicQ7d8kYAQ&id=lidar2&mcvt=1003&p=0,0,600,160&mtos=1003,1003,1003,1003,1003&tos=1003,0,0,0,0&v=20231116&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=20&adk=1812271804&rs=2&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0%3D&vs=4&r=v&rst=1700406823148&rpt=287&met=ie&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 19 Nov 2023 15:13:44 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame 5084 0
10 B 21ms
21ms Image
text/plain 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?ZzBWNQ
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Sun, 19 Nov 2023 15:13:44 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 84AB 43 B
216 B 175ms
175ms Image
image/gif 2600:1f13:800:7782:14df:363:a706:6a6f
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=990511&asId=ceae0055-11b4-ed6b-ed38-d907f6dacbbe&tv=%7Bc:uqKnWG,time:1068,type:e,im:%7Bpci:%7Btdr:1006%7D%7D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:1,slTimes:%7Bi:0,o:1068,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:34,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:sp,cc:0.0.728.90,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B1059~0%5D,as:%5B1059~728.90%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:408,fm:tW4lK3b+11%7C12%7C13.990511-61634098%7C131%7C132%7C1331%7C134%7C14%7C15%7C16%7C1711%7C1811%7C18121%7C191*.990511-61634096%7C1911%7C1912%7C1913%7C1a,idMap:191*,rmeas:1,rend:1,renddet:XIFRAME.qs.dr,siq:35,sis:289%7D&br=c
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f13:800:7782:14df:363:a706:6a6f Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 19 Nov 2023 15:13:44 GMT
server: nginx
x-server-name: dt04.or.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 84AB 43 B
216 B 176ms
175ms Image
image/gif 2600:1f13:800:7782:14df:363:a706:6a6f
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=990511&asId=ceae0055-11b4-ed6b-ed38-d907f6dacbbe&tv=%7Bc:uqKo0c,pingTime:-10,time:1286,type:s,mvn:ZnNjPTEzLHNkPTMsbm89OCxhc3A9MQ--,sd:MTcuNi4ydjEyMDB8fDE2MDB8fDF8fDF8fDI0fHwxMjAwfHwwfHwwfHwxfHxsYW5kc2NhcGUtcHJpbWFyeXx8MjR8fDQvM3x8NC8zfHwwfHwxNjAw,no:MTcuNi4ydk1vemlsbGF8fE5ldHNjYXBlfHxufHxufHwwfHxufHxXaW4zMnx8R2Vja298fDIwMDMwMTA3fHwtNjB8fE1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDEwLjA7IFdpbjY0OyB4NjQpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIENocm9tZS8xMTkuMC42MDQ1LjE1OSBTYWZhcmkvNTM3LjM2fHwxfHwxfHxHb29nbGUgSW5jLnx8bg--,ch:n,fsc:17.6.2v222222220002222202222222220222222222202222222220222202000022000220222222220000222202002222202222222220222222220000020022222200022222220200000222200022220002022022022222202002220222022222022220000220200000022220222220222222222222202222222222222222222222222222222222222200000022022020020000002022202022022022222222000000000020222202022022222000000020000000000000000000020220202220000022200222202220022200200222022202220022220222200202222020002200002222022222202222000002002002222222202220022202200022002220222202,asp:1700406824076%7C%7Ca08eb803cebfddcadfab2e2ac99fb3c6%7C%7C1b7de7e82db1163ab7a1342e5def95a8%7C%7C6f9d31014d6e1e22a7c227f4aa4382b8%7C%7C46aacd01a9aeef6658e8b97cae753cf7%7C%7C36a8cd8600e454f3422db8301b44920a%7C%7Cb3f9b45fb0e1b43c8d076d7e1bc53e1d%7C%7C4ee6626703a17912106df8f8e075746d%7C%7C1663701684,sca:%7Bspg:2bcb91b1-d599-725b-261e-00ea8122ce24%7D%7D
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f13:800:7782:14df:363:a706:6a6f Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 19 Nov 2023 15:13:45 GMT
server: nginx
x-server-name: dt03.or.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 84AB 43 B
216 B 175ms
175ms Image
image/gif 2600:1f13:800:7782:14df:363:a706:6a6f
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=990511&asId=ceae0055-11b4-ed6b-ed38-d907f6dacbbe&tv=%7Bc:uqKo1k,pingTime:0,time:1356,type:pf,clog:%5B%7Bpiv:0,vs:o,r:r,w:728,h:90,t:34%7D,%7Bpiv:100,vs:i,r:,t:1355%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:1,slTimes:%7Bi:1,o:1355,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:34,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:sp,cc:0.0.728.90,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B1347~0,0~100%5D,as:%5B1347~728.90%5D%7D%7D,%7Bsl:i,t:1355,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:sp,cc:0.0.728.90,piv:100,obst:0,th:0,reas:,bkn:%7Bpiv:%5B1347~0,0~100%5D,as:%5B1347~728.90%5D%7D%7D%5D,slEventCount:2,em:true,fr:false,e:,tt:rjss,dtt:177,fm:tW4lK3b+11%7C12%7C13.990511-61634098%7C131%7C132%7C1331%7C134%7C14%7C15%7C16%7C1711%7C1811%7C18121%7C191*.990511-61634096%7C1911%7C1912%7C1913%7C1a,idMap:191*,rmeas:1,rend:1,renddet:XIFRAME.qs.dr,siq:35,sis:289%7D&br=c
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f13:800:7782:14df:363:a706:6a6f Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 19 Nov 2023 15:13:45 GMT
server: nginx
x-server-name: dt06.or.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ 0
0 58ms
58ms Image
text/html 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gda_r20231109&jk=2499941510308167&bg=!ERKlEl3NAAZxrfrxUa07ADQBe5WfOAH9U3s3t2Se3NKJ1LyGxXmaQVNAOAD9DgBrQIYDCxa9OEdnRbLd1k5iB-D22sbwAgAAAG9SAAAABGgBB5kCrfsXw-nRGqjvtNLtldKPs_ZC130yOjf0PwWVmHJDCMuKOlw55rqQqf53-JoVp4NP0TF5s42yjayq6B93OK8-ANKI52dLdlxepK_qB-c-z7SEpzQR1B8w2s7Wq5VSFvp6Fj0WGy6WxsrAjtrsgODxFq8rMLoYQWtft5wIa6WOCchjhmdVI9x2O3mTwbvEYUUIlyqbYREqWJGCtXIwaQhAy5GfPjTXCMYoZ5R06GjzhPPMWep1cm10O7AGzem67bLYtdXyPJa8lLYHUQXoY0noixpm3n_NgrbuAGrG8OHmZvlwpdAnO4mIuhRS-zqSiuRBVjmFgo4ywNM3EHyJs2qKs2nLUi08MXReWBk9nKnjcEVbDB2r7c5z8dD71JXnTiUV8C4qtmCJAT6sfUEH574fjwuRVpKs-p-Vbg5dTx6Hzx-deR70mRSz8mA2NXAKXNxIbWNyMkmPLSGBSR-fv2AELo9R15FAJTmFaVRGMJ_te6A01moM1wUcGyogYkCYt5SnAmCoCKv_AhIqJPsm161vm3STBw8CypTf3ymU0c0afvJ-M-UDlyoOI4psW5dET1xsVx-laRJ_aywXnFYFW-ZeF2qDn_vslNj1Fq0N99MOkXjEx7GMniPUfz-as2WxMmC9xoWPD6qzAGZc9UgZDv3imedaEUJUX1Y8DiU0hCXSc7Jy-bDf9jDzk-fyX1ZjJ6Fi0SDGVnJWOemczfHcYsWImFHei7SQ71rKlzG3zpUUVqPK6mgGKqEizFbg12kII3C_V8cFc1HUyhnS3M47LEI2MyuOGUgjriODtefBmZjN3KDBd1rVYQDXsQJDZcW_GeDORzoi6GrydyIdOyW23_fnOufZ_MWaGWSi4kaPPsbgcEl75S-DxLIu-iTIIpmQ_ztKVm-XNwtwqyMaL9hakfI
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mabi.tar.to/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 84AB 0
20 B 54ms
53ms Ping
image/gif 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tler&ord=1705991079551&version=m202311060101&ct=76&x=1&cor=14506134924480890000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 19 Nov 2023 15:13:45 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame C340 0
20 B 54ms
54ms Ping
image/gif 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tler&ord=1958167221208&version=m202311060101&ct=76&x=1&cor=14835039067406346000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 19 Nov 2023 15:13:45 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 84AB 43 B
216 B 199ms
198ms Image
image/gif 2600:1f13:800:7782:14df:363:a706:6a6f
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=990511&asId=ceae0055-11b4-ed6b-ed38-d907f6dacbbe&tv=%7Bc:uqKohu,pingTime:1,time:2358,type:p,clog:%5B%7Bpiv:0,vs:o,r:r,w:728,h:90,t:34%7D,%7Bpiv:100,vs:i,r:,t:1355%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:1,slTimes:%7Bi:1003,o:1355,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:34,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:sp,cc:0.0.728.90,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B1347~0,0~100%5D,as:%5B1347~728.90%5D%7D%7D,%7Bsl:i,t:1355,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:sp,cc:0.0.728.90,piv:100,obst:0,th:0,reas:,bkn:%7Bpiv:%5B1002~100%5D,as:%5B1002~728.90%5D%7D%7D%5D,slEventCount:2,em:true,fr:false,e:,tt:rjss,dtt:177,fm:tW4lK3b+11%7C12%7C13.990511-61634098%7C131%7C132%7C1331%7C134%7C14%7C15%7C16%7C1711%7C1811%7C18121%7C191*.990511-61634096%7C1911%7C1912%7C1913%7C1a,idMap:191*,rmeas:1,rend:1,renddet:XIFRAME.qs.dr,siq:35,sis:289%7D&br=c
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f13:800:7782:14df:363:a706:6a6f Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 19 Nov 2023 15:13:46 GMT
server: nginx
x-server-name: dt23.or.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 84AB 43 B
216 B 197ms
196ms Image
image/gif 2600:1f13:800:7782:14df:363:a706:6a6f
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=990511&asId=ceae0055-11b4-ed6b-ed38-d907f6dacbbe&tv=%7Bc:uqKohv,pingTime:1,time:2359,type:c,clog:%5B%7Bpiv:0,vs:o,r:r,w:728,h:90,t:34%7D,%7Bpiv:100,vs:i,r:,t:1355%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:1,slTimes:%7Bi:1004,o:1355,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:34,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:sp,cc:0.0.728.90,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B1347~0,0~100%5D,as:%5B1347~728.90%5D%7D%7D,%7Bsl:i,t:1355,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:sp,cc:0.0.728.90,piv:100,obst:0,th:0,reas:,bkn:%7Bpiv:%5B1004~100%5D,as:%5B1004~728.90%5D%7D%7D%5D,slEventCount:2,em:true,fr:false,e:,tt:rjss,dtt:177,fm:tW4lK3b+11%7C12%7C13.990511-61634098%7C131%7C132%7C1331%7C134%7C14%7C15%7C16%7C1711%7C1811%7C18121%7C191*.990511-61634096%7C1911%7C1912%7C1913%7C1a,idMap:191*,rmeas:1,rend:1,renddet:XIFRAME.qs.dr,siq:35,sis:289,metricId:grpm1,cmr:t%7D&br=c
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f13:800:7782:14df:363:a706:6a6f Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 19 Nov 2023 15:13:46 GMT
server: nginx
x-server-name: dt24.or.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

Verdicts & Comments Add Verdict or Comment

74 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

15 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
mabi.tar.to/	1970-01-20 16:20:14	Name: ci_session Value: 8k0ct6tk60o7joptlfu4r00i617dbmnv
.tar.to/	1970-01-21 01:56:06	Name: _ga Value: GA1.2.1121403278.1700406822
.tar.to/	1970-01-20 16:21:33	Name: _gid Value: GA1.2.1446111362.1700406822
.tar.to/	1970-01-20 16:20:06	Name: _gat Value: 1
.tar.to/	1970-01-21 01:56:06	Name: _ga_P3XQGQESZS Value: GS1.2.1700406822.1.0.1700406822.0.0.0
.tar.to/	1970-01-21 01:41:42	Name: __gads Value: ID=060c0e9a4a06e4b6:T=1700406822:RT=1700406822:S=ALNI_Mazf73aHg8k6iXtccFkz_lExnOa4w
.tar.to/	1970-01-21 01:41:42	Name: __gpi Value: UID=00000cddb6725343:T=1700406822:RT=1700406822:S=ALNI_MaW7FcvwxvOmDXLjA6FJmPNlD_neQ
.doubleclick.net/	1970-01-21 01:41:42	Name: IDE Value: AHWqTUkDpg3rKy72UVH2XQ3BLes-7yf4ZXpqC8KJHm3N_sdvGKJKoRl7Ckmyu8S4
.casalemedia.com/	1970-01-21 01:05:42	Name: CMID Value: ZVomJnpqD6mHfM4IhJ5tHAAA
.casalemedia.com/	1970-01-20 18:29:42	Name: CMPS Value: 5136
.casalemedia.com/	1970-01-20 18:29:42	Name: CMPRO Value: 5136
.doubleclick.net/	1970-01-20 20:39:18	Name: APC Value: AfxxVi5Gmw0lMJUO8_rkevxBgGKTMxb3ZeEzPrP_4_597itxNeIZpQ
.adnxs.com/	1970-01-20 18:29:42	Name: uuid2 Value: 1152690426700286323
.adnxs.com/	1970-01-20 18:29:42	Name: anj Value: dTM7k!M41.D>6NRF']wIg2E>?eq7zD!]tbPl1M>e)ZlrFUfJ+tGXxp)S*$'f<A9_2<9Qr_Hfsy`UJlu%_/$ti368BP3If)y3KL9D3I?+EXge7`
.doubleclick.net/	1970-01-20 16:20:10	Name: DSID Value: NO_DATA

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ad.doubleclick.net
ajax.googleapis.com
cm.g.doubleclick.net
dsum-sec.casalemedia.com
dt.adsafeprotected.com
fonts.googleapis.com
fw.adsafeprotected.com
googleads.g.doubleclick.net
googleads4.g.doubleclick.net
ib.adnxs.com
mabi.tar.to
pagead2.googlesyndication.com
platform.twitter.com
region1.google-analytics.com
s0.2mdn.net
static.adsafeprotected.com
stats.g.doubleclick.net
syndication.twitter.com
themes.googleusercontent.com
tpc.googlesyndication.com
www.google-analytics.com
www.google.com
www.googletagmanager.com
www.googletagservices.com
www.gstatic.com
104.244.42.136
142.250.181.226
142.250.185.226
142.250.185.70
172.64.151.101
2001:4860:4802:32::36
2001:4860:4802:34::178
2600:1f13:800:7782:14df:363:a706:6a6f
2600:9000:20ab:de00:8:48e:53c0:93a1
2606:2800:234:59:254c:406:2366:268c
2a00:1450:4001:806::2001
2a00:1450:4001:80b::2006
2a00:1450:4001:80f::2004
2a00:1450:4001:813::2002
2a00:1450:4001:81c::2001
2a00:1450:4001:828::200a
2a00:1450:4001:829::2003
2a00:1450:4001:82a::2002
2a00:1450:4001:82b::200a
2a00:1450:4001:830::2002
2a00:1450:4001:830::2008
2a00:1450:400c:c06::9d
3.39.16.32
34.250.116.222
37.252.171.85
01cee6a7a3f1444680b188ab84052e2b6c85966f53a718d3926135ebcc832ffd
051ebaf329ea5e0d5ef169fed5eabd73e197ac1d5a721a2328db871517546ce1
09fd48874849a3dfa4a496483dd50687a91062ed0f57c9f00d3b73a394f50337
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0c21f21f7b1658ed6ab5c0461020a21d62f9e0a7cd7cf3d9e6ef61a2c481f31e
0e0efccd27fe1ef2bba35d87549636f5532053616bcee078df1eae6690f743a0
10ecb6d7d96791443e5a269b9fde78e8f7630da3d058c5e04ca26a235d00a10c
15ddf64a1db0b06797a274e5975f2303bbfd68ca43e0539ddb4f5aac2bcaa456
1642dd5dc126df4feff2255cba0988528507973d842d0a73331a5873f6b9d4e5
18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421
18e6b664af7bc55ab0f963920f0da5a86e15f25fea4e223924d8f4b6723a37cf
199bab4fa1bb9c0ca5e2a3b0e1c3fd123919e9c915264a759f41fb5013f84329
1c0486acafe63a074adbd08ecc9cad99ee106f3701e2b93c2a75533774f7faba
1f40994eab15b92af5183f9acf338e0354771054c65024e0aa679b6506f9eb87
2014aeb1ca2156fe2bfdb3ee251a672c482e8b9dafff8c6bb4290641aebcb793
25b1b4e9934aa4cb8e8bdf5fd7911f6ec67acde6b6b39f1561aec2244f7826af
2714621584c9b8ff6c02c831ffc27e309e8f7c6e17073b355ed3eb33ecec02c0
27564fe0e5a95c61c9fbd45ecdb0a0a640fbb320bb64a54f3307a52fe96f86e4
2881d8eadc298102d2462e8d32e40792adce37b6cd89d99045f574eb3ecbb748
2ab6793dc8e7ecc84e623176376fac17df0d4513fc68ab392d3850200da5f13b
2adcd0a627dee2ac4ab782a00745d7678e374dc4625ddf673a88121977d77c67
2d0922bd18f06df3c7413fcd6a3f1c5ec9545b4b07b131e362f30df7275fc058
2e205e7f3d2202206f6f0fa88e73f32485d8f3e5a32236192c8d22daa5e7e362
302da628a6afc3e93f1b86bf7c65e4d6536d8283d78266964822a76d1c645aa4
3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5
3a34035b5dd2ef449631220bc173e53521d08c31255d19e946cc4463aa84ec2c
3c30eaaa059a466037880c18c01c2fe94183d8e67eaab42061d4d2a180114658
3effab7013cf9a1b25fc76975f042ec2caef2a7726c8de4c3de934f3de4d4adc
41d2526e9c4595fc1fc747555bda18a041033a863a9b2ed180e7b5836918facd
435db380c9936c0970dcd3d9941eab6aec2fcf2a38c3e2b4e02d957e8e76bd1f
467a5b06cb117035f7882e8c71d80e093f04ce586c1ac2b84e7e4adf978edb30
47a0342d90a877ec7125c3a38706b2faefa9b867661ebcef4a98ec6cf3e60b40
48c7db6d839d307798dae0e5f6a9b6b7a8c534575f6e587131fbeef6343bcec6
4b53e40e08eed8b4c11151e3354e320fafa9629435373757d04e7c729d7b939d
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4d45982f2dc34f36c9045ee46a75a1943666bb7fd64e103cac8c7429e7012840
4f859c54c2abc8c5257845d36ebb1152e3eb5c555b9b78420cca3a626ecabc9d
4fc65e436756cddb5fdfe98535eb5c0dadda31f81801a21fa4c0839d45daebd9
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
56f6d23226194366f3fe7f04adc3ae22e857b58c937fb3c67e7b91422694f229
57c2b596262f49dfc85822938e3989a0345fcd5ddd698423283ca15f162f6b99
5a8495469faaa41a4ffd046646ab9ac451effad6b9609eb870c758ae138a4dd9
5c4a713ee4250851232be9f9f68d41586be39b299528cfc7266e0b0e7e582e1b
610d24f5996131b3ab98f18e05441cc246aa8674c3842df0df2b40b57ac9fd0c
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
61fa1058f3030533d639903fb5877ac717723ab65c8dcb91583c1f741a093d7e
623c81b092a6116d4d60ff89b14803818efb0b9aebf6e4e2c50241e802f6e016
629249b6d45ff06ff52acdaaa7ecdccbdc183ae90672bf0a13e978440a9756fa
634b38ef788979a0a1cdbc07a578b5719dec8a04e522b4bc8599441379b14322
653f3e53e89b4f8548ff86c19e92bb3c6b84b6be7485a320b1e00893ed877479
68e54cbda39ba0425fe9e891d51763941daa79d731a28f3486b0daf9cfade450
6a10aeb1d49bf113e429444dac318287da0ebf1a22dbba71ff2763d103cf004e
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
6b9b2b33d50320446996a318fbd7129b3b365e760c44e8acc28031438bb3f8d3
6da9221553a746a764cd91b6ed0878ceb8e85bf266af63b4b2cd9265ff38ae82
6e4c7f45987f5b5e2e4a0addcd924e736312fd3b2c42f7bcd41feb242fcf721e
70c00445d6632039ed99af760731daf3bf60eb12061863ee61e2cd7276a54d18
713a5085778002ac882de664c065bc7a55a26c6091d12c39a038bac7b70dcf45
729cfa84928e7a87a4a4551df25c1406da86af8f0ebd2f579460546d11722326
7452bf34013c4e1eccf91b889b00762cdbb9483511b45993e2f008d85d39d6aa
7a4a63c52bdfab0ab459b1b77dad4a4ce4e1f7dfdfdba0b2013ba32f0690e15f
7de35e5043b027a1b4ec0f9d1a5ab2e465093c3f7a937df62ded161466c6c049
82df0096488e87333aaa0b7cad6ec583baee19c0d1cf7638e48fb609ed060a79
854a1cb3bf2ef67e6a303c0ca22cbf1616a6683a1415997646bb2129047a7e1d
8b4786c11ba42334f0414dabecb5f476eff4999438bf58c663668fe5ec31c0df
8bf150f6b29d6c9337de6c945a8f63c929b203442040688878bc2753fe13e007
8d6d8aa9116c8538da4416d44de1532dcf9f5ec4ddc85f4d524714e8ed918ee2
8f665ba5c27890ebed553836dee5572ad583c0a65374373741ec0a5309df2b5a
9013a9ca40a672ee35978b117e54d8b342cb591e8951f599a2b6dfef9d9fa723
9252f8b0c6c5d035098b4bdc33018bd32853fc58b1d54ddc688fbabf60411a71
9521629b75431599b69d208c8de1e08c4fc023401b118973cbb4abbc8189b182
9562e67b97f96f4f008179b61f9fcc006620c32307cec3ad9fe2e6d0b58378e3
9671f8be70ad94a5362e60f4656d5d53ba214d32ab70a3f9d1603d7dadf9d1c1
9711c16a64e8b4086724485013257f3ba812d103630ddd609e3bcc677a07a0bb
98ea92621a1e03efc11987fba7aff5dae88cd39ffa85960a627b7c8c7b002e8e
9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120
a17bdbf02c9c06446700e547720a6ab25954c126efbf30bbd94d12106c939101
a5093d293aa2880bc70a30c0c6965c4e3d28eab21c6e3e93701a9e2dd5ed5722
a66da3004ab7904cb4abc086d932fde6720e5db5ae6acc974e48fa3b16d69ab0
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b65c814fd684fcacb9b1309b2310fbd22ced78eb7222ebbe1d717bb42f5b997f
ba7570386407f52b0870906be17a771dc0af509c9cfee072f08af860793f5756
bd18e405cbfb6fb5c27224b38e792c8b6542d9b7eae37aa5883808b69392dcef
c043552be6d98da422ec5c2946c7a6588600e29d9f2a871ba1ea1206d3db813b
c4b813f7aa04eca20be469b259cca2779799f58e280d73488bd7386940d2d146
c69976cd568b69a76e60900676f5e45c901c66b2cd4b0181e1ac468bc28c986c
d00881661ce5e766ce98430f69d6d217ab80bdfa98811e039afc92a327d57a68
d709d1a1a12f372cbd746fb29638bbbe4e88a256998da13c8c859a7fd6a29f6c
d99a04bd4ecf5dca2093d5f65916875f0aa77c556b73e86c87e86faae24319d6
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
e1b1f24d8534e6caadaea97189e6389842c7037a55eff537fddf217c41b7a372
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e405af5cbe31bfd4a58d7c21a8bbdc78716079b462731874eba4be3452c55500
ea4e8a9250124a721a0eaeac04d0d9bbb6ef45678f7cff3d143e5072f9c485c4
eb66c7c9d097d5ba414230f422484c17fa6f37157d30e1ded2cc5f65a9667987
ec0063451ec59faa489384094811c6e842855557c01611ace09f1667ac19c433
ee8b40ba4a1d4d83b9e9bcf65098832c470409ec955a868ba8809652d5df140e
eefd62bfe6d0ad2f3f2b7bddb8f2c46d7c8b6ed4897e3f9309968a58dc078753
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

mabi.tar.to Open in urlscan Pro 3.39.16.32 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

178 Requests

92 %HTTPS

68 %IPv6

15 Domains

25 Subdomains

26 IPs

5 Countries

2642 kBTransfer

7822 kBSize

15 Cookies

2 Outgoing links

Page URL History

Redirected requests

178 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 3 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

mabi.tar.to Open in urlscan Pro
3.39.16.32 Public Scan

Screenshot
Live screenshot

Full Image

178
Requests

92 %
HTTPS

68 %
IPv6

15
Domains

25
Subdomains

26
IPs

5
Countries

2642 kB
Transfer

7822 kB
Size

15
Cookies

178 HTTP transactions
3 data transactions