panda-helper.org Open in urlscan Pro
2606:4700:20::ac43:449b Public Scan

Go To Rescan
Add Verdict Report

URL:
https://panda-helper.org/fr/
Submission: On September 29 via manual (September 29th 2023, 4:38:46 pm UTC) from FR — Scanned from FR

Summary HTTP 104 Redirects Links 3 Behaviour Indicators

Summary

This website contacted 20 IPs in 5 countries across 18 domains to perform 104 HTTP transactions. The main IP is 2606:4700:20::ac43:449b, located in United States and belongs to CLOUDFLARENET, US. The main domain is panda-helper.org.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on April 11th 2023. Valid for: a year.

This is the only time panda-helper.org was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
18	2606:4700:20:... 2606:4700:20::ac43:449b	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6811:180e	13335 (CLOUDFLAR...) (CLOUDFLARENET)
14	2a00:1450:400... 2a00:1450:4001:82f::2002	15169 (GOOGLE) (GOOGLE)
1	13.249.12.112 13.249.12.112	16509 (AMAZON-02) (AMAZON-02)
1	54.161.77.199 54.161.77.199	14618 (AMAZON-AES) (AMAZON-AES)
3 11	2a00:1450:400... 2a00:1450:4001:811::2002	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:81c::2002	15169 (GOOGLE) (GOOGLE)
5	2a00:1450:400... 2a00:1450:4001:81c::200a	15169 (GOOGLE) (GOOGLE)
1 24	2a00:1450:400... 2a00:1450:4001:831::2001	15169 (GOOGLE) (GOOGLE)
4	2a00:1450:400... 2a00:1450:4001:813::2002	15169 (GOOGLE) (GOOGLE)
8	2a00:1450:400... 2a00:1450:4001:82b::2003	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:831::2003	15169 (GOOGLE) (GOOGLE)
6	216.58.206.34 216.58.206.34	15169 (GOOGLE) (GOOGLE)
2 4	142.250.185.166 142.250.185.166	15169 (GOOGLE) (GOOGLE)
1 2	2a00:1450:400... 2a00:1450:4001:810::2004	15169 (GOOGLE) (GOOGLE)
1 2	2001:678:cb4:... 2001:678:cb4:bbbb::11	56396 (AMOBEE) (AMOBEE)
2 6	172.217.16.194 172.217.16.194	15169 (GOOGLE) (GOOGLE)
1	3.127.97.70 3.127.97.70	16509 (AMAZON-02) (AMAZON-02)
1 1	2a05:d018:d29... 2a05:d018:d29:3601:bf41:b326:fa86:2937	16509 (AMAZON-02) (AMAZON-02)
2 2	37.157.3.20 37.157.3.20	198622 (ADFORM) (ADFORM)
1 1	35.186.193.173 35.186.193.173	15169 (GOOGLE) (GOOGLE)
1 2	104.102.35.84 104.102.35.84	16625 (AKAMAI-AS) (AKAMAI-AS)
104	20

18 2606:4700:20::ac43:449b (United States)

ASN13335 (CLOUDFLARENET, US)

panda-helper.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:180e (United States)

ASN13335 (CLOUDFLARENET, US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

14 2a00:1450:4001:82f::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.249.12.112 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-249-12-112.cdg53.r.cloudfront.net

d2fuc4clr7gvcn.cloudfront.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.161.77.199 (United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-161-77-199.compute-1.amazonaws.com

track.gaug.es	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 2a00:1450:4001:811::2002 (Frankfurt am Main, Germany) 3 redirects

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:81c::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

partner.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:81c::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

24 2a00:1450:4001:831::2001 (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:813::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2a00:1450:4001:82b::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:831::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 216.58.206.34 (United States)

ASN15169 (GOOGLE, US)
PTR: lcfraa-aa-in-f2.1e100.net

www.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 142.250.185.166 (United States) 2 redirects

ASN15169 (GOOGLE, US)
PTR: fra16s51-in-f6.1e100.net

ad.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:810::2004 (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2001:678:cb4:bbbb::11 (United Kingdom) 1 redirects

ASN56396 (AMOBEE, GB)

ad.turn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
r.turn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 172.217.16.194 (United States) 2 redirects

ASN15169 (GOOGLE, US)
PTR: fra16s08-in-f194.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 3.127.97.70 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-127-97-70.eu-central-1.compute.amazonaws.com

x.bidswitch.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a05:d018:d29:3601:bf41:b326:fa86:2937 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)

pr-bh.ybp.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 37.157.3.20 (Denmark) 2 redirects

ASN198622 (ADFORM, DK)

c1.adform.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.186.193.173 (Kansas City, United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: 173.193.186.35.bc.googleusercontent.com

ius.ctnsnet.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.102.35.84 (Frankfurt am Main, Germany) 1 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a104-102-35-84.deploy.static.akamaitechnologies.com

sync.teads.tv	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
38	googlesyndication.com 1 redirects pagead2.googlesyndication.com — Cisco Umbrella Rank: 122 tpc.googlesyndication.com — Cisco Umbrella Rank: 169	542 KB
21	doubleclick.net 7 redirects googleads.g.doubleclick.net — Cisco Umbrella Rank: 66 ad.doubleclick.net — Cisco Umbrella Rank: 180 cm.g.doubleclick.net — Cisco Umbrella Rank: 329	175 KB
18	panda-helper.org panda-helper.org	228 KB
11	gstatic.com www.gstatic.com fonts.gstatic.com	146 KB
7	googleadservices.com partner.googleadservices.com — Cisco Umbrella Rank: 1368 www.googleadservices.com — Cisco Umbrella Rank: 178	605 B
5	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 113	5 KB
4	googletagservices.com www.googletagservices.com — Cisco Umbrella Rank: 254	229 KB
2	teads.tv 1 redirects sync.teads.tv — Cisco Umbrella Rank: 2022	451 B
2	adform.net 2 redirects c1.adform.net — Cisco Umbrella Rank: 954	1 KB
2	turn.com 1 redirects ad.turn.com — Cisco Umbrella Rank: 1432 r.turn.com — Cisco Umbrella Rank: 6191	869 B
2	google.com 1 redirects www.google.com — Cisco Umbrella Rank: 11	1 KB
1	ctnsnet.com 1 redirects ius.ctnsnet.com — Cisco Umbrella Rank: 13762	623 B
1	yahoo.com 1 redirects pr-bh.ybp.yahoo.com — Cisco Umbrella Rank: 783	713 B
1	bidswitch.net x.bidswitch.net — Cisco Umbrella Rank: 614	146 B
1	gaug.es track.gaug.es — Cisco Umbrella Rank: 462540	389 B
1	cloudfront.net d2fuc4clr7gvcn.cloudfront.net	2 KB
1	cloudflare.com cdnjs.cloudflare.com — Cisco Umbrella Rank: 410	7 KB
0	gemius.pl Failed googlecm.hit.gemius.pl Failed
104	18

	Domain	Requested by
24	tpc.googlesyndication.com	1 redirects googleads.g.doubleclick.net pagead2.googlesyndication.com tpc.googlesyndication.com
18	panda-helper.org	panda-helper.org
14	pagead2.googlesyndication.com	panda-helper.org pagead2.googlesyndication.com googleads.g.doubleclick.net tpc.googlesyndication.com
11	googleads.g.doubleclick.net	3 redirects pagead2.googlesyndication.com googleads.g.doubleclick.net
8	www.gstatic.com	googleads.g.doubleclick.net
6	cm.g.doubleclick.net	2 redirects googleads.g.doubleclick.net
6	www.googleadservices.com	panda-helper.org
5	fonts.googleapis.com	googleads.g.doubleclick.net
4	ad.doubleclick.net	2 redirects panda-helper.org
4	www.googletagservices.com	googleads.g.doubleclick.net
3	fonts.gstatic.com	fonts.googleapis.com
2	sync.teads.tv	1 redirects
2	c1.adform.net	2 redirects
2	www.google.com	1 redirects tpc.googlesyndication.com
1	ius.ctnsnet.com	1 redirects
1	pr-bh.ybp.yahoo.com	1 redirects
1	x.bidswitch.net	googleads.g.doubleclick.net
1	r.turn.com
1	ad.turn.com	1 redirects
1	partner.googleadservices.com	pagead2.googlesyndication.com
1	track.gaug.es	panda-helper.org
1	d2fuc4clr7gvcn.cloudfront.net	panda-helper.org
1	cdnjs.cloudflare.com	panda-helper.org
0	googlecm.hit.gemius.pl Failed	googleads.g.doubleclick.net
104	24

This site contains links to these domains. Also see Links.

Domain
www.facebook.com
us.norton.com
mobile.twitter.com

Subject Issuer	Validity	Valid
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2023-04-11` - `2024-04-10`	a year	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2023-09-04` - `2023-11-27`	3 months	crt.sh
*.cloudfront.net Amazon RSA 2048 M01	`2022-12-08` - `2023-12-07`	a year	crt.sh
*.gaug.es Sectigo RSA Domain Validation Secure Server CA	`2023-03-02` - `2024-04-01`	a year	crt.sh
*.googleadservices.com GTS CA 1C3	`2023-09-04` - `2023-11-27`	3 months	crt.sh
upload.video.google.com GTS CA 1C3	`2023-09-04` - `2023-11-27`	3 months	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2023-09-04` - `2023-11-27`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2023-09-04` - `2023-11-27`	3 months	crt.sh
www.googleadservices.com GTS CA 1C3	`2023-09-04` - `2023-11-27`	3 months	crt.sh
www.google.com GTS CA 1C3	`2023-09-04` - `2023-11-27`	3 months	crt.sh
*.bidswitch.net Sectigo RSA Domain Validation Secure Server CA	`2023-03-23` - `2024-03-23`	a year	crt.sh

This page contains 16 frames:

Primary Page: https://panda-helper.org/fr/
Frame ID: 4A2BE2A9DFCA644DCC76FB1B64A97E47
Requests: 33 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20230927/r20190131/zrt_lookup.html
Frame ID: 0B9D7226395EE4331C1E367E90C0BC33
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2367824146894034&output=html&adk=1812271804&adf=3025194257&lmt=1695702037&plat=3%3A16%2C4%3A16%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C41%3A32%2C42%3A32&format=0x0&url=https%3A%2F%2Fpanda-helper.org%2Ffr%2F&ea=0&pra=5&wgl=1&easpi=0&asro=0&asiscm=1&aslmt=0.4&asamt=-1&asedf=0&asefa=1&aseiel=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1696005522240&bpp=15&bdt=254&idt=197&shv=r20230927&mjsv=m202309260101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=8620002823418&frm=20&pv=2&ga_vid=433295321.1696005522&ga_sid=1696005522&ga_hid=392041215&ga_fc=0&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C31078216%2C31078297&oid=2&pvsid=864622989496200&tmod=1336287825&uas=0&nvt=1&fsapi=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=1&uci=a!1&fsb=1&dtd=215
Frame ID: 7C5A103DE237D711B45E1DDF47B094F1
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2367824146894034&output=html&h=280&adk=1474571092&adf=3081371720&pi=t.aa~a.3079517651~rp.4&w=1200&fwrn=4&fwrnh=100&lmt=1695702037&rafmt=1&to=qs&pwprc=3386368754&format=1200x280&url=https%3A%2F%2Fpanda-helper.org%2Ffr%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1696005522255&bpp=2&bdt=269&idt=203&shv=r20230927&mjsv=m202309260101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=2&correlator=8620002823418&frm=20&pv=1&ga_vid=433295321.1696005522&ga_sid=1696005522&ga_hid=392041215&ga_fc=0&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=1991&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C31078216%2C31078297&oid=2&pvsid=864622989496200&tmod=1336287825&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=2&uci=a!2&btvi=1&fsb=1&xpc=pa2ye6jArc&p=https%3A//panda-helper.org&dtd=205
Frame ID: 77A1D93AF9C7E2045E4FD55BC623CFBB
Requests: 14 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/fKmd0_GjkmbwxuPCHGJrquWY3DKtsFUpFSxCST8vOts.js
Frame ID: 8545F4AC6FC9FC9A406EEA205A7A98F4
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2367824146894034&output=html&h=280&adk=1213588912&adf=3416974341&pi=t.aa~a.2826166470~rp.1&w=1200&fwrn=4&fwrnh=100&lmt=1695702037&rafmt=1&to=qs&pwprc=3386368754&format=1200x280&url=https%3A%2F%2Fpanda-helper.org%2Ffr%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1696005524368&bpp=1&bdt=2381&idt=0&shv=r20230927&mjsv=m202309260101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D0ee212b87f97dcde-22528ed4b0de0051%3AT%3D1696005522%3ART%3D1696005522%3AS%3DALNI_MaMz4y-QGvnxZbmbjQAcsNuxpTI3Q&gpic=UID%3D00000c883deb3ba2%3AT%3D1696005522%3ART%3D1696005522%3AS%3DALNI_MZVFLS_xEtDHba2UuoUMHpGtqA2KQ&prev_fmts=0x0%2C1200x280&nras=3&correlator=8620002823418&frm=20&pv=1&ga_vid=433295321.1696005522&ga_sid=1696005522&ga_hid=392041215&ga_fc=0&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=1962&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C31078216%2C31078297&oid=2&psts=AOrYGsld08c72dXJsBu0PXty8nYJQumcvqvECHy8UpokGitRr5mg4xd9Ji4gbBY0MAZk-2H6_nxdUOLwghdqgd8P_3f9fg&pvsid=864622989496200&tmod=1336287825&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=3&uci=a!3&btvi=2&fsb=1&xpc=B9I5XhHIcH&p=https%3A//panda-helper.org&dtd=5
Frame ID: F4DA2AA1EC823957D7AF27E0627D20D1
Requests: 16 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20230927/r20110914/zrt_lookup.html?fsb=1
Frame ID: B2231E5EE290BCE0BD8E1243DB06FA23
Requests: 6 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20230927/r20110914/zrt_lookup.html?fsb=1
Frame ID: 0A3242065A92266117AF338E0F7CEA1B
Requests: 11 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: DB067BBB851B3E8C2198CAFDA4726086
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: D05B81F7C4C804B23BC1F0ED2649C37D
Requests: 2 HTTP requests in this frame

Frame: https://fonts.googleapis.com/css?family=Roboto%3A300%2C400%2C700&display=swap
Frame ID: 3D43F29B1EF79C98C2DD239B609FA227
Requests: 6 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Frame ID: CAA77A580D230909DDC82455BC35C356
Requests: 2 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/fKmd0_GjkmbwxuPCHGJrquWY3DKtsFUpFSxCST8vOts.js
Frame ID: CF5B0758D6BCBBF75D8D467B6140DBC2
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/fKmd0_GjkmbwxuPCHGJrquWY3DKtsFUpFSxCST8vOts.js
Frame ID: DE314BD50BD99DF7508E12F786DB23B4
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: CB8C79AE267E402ECED48F2A7B17CF1C
Requests: 9 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/fKmd0_GjkmbwxuPCHGJrquWY3DKtsFUpFSxCST8vOts.js
Frame ID: 6034ACE361E35C83768265A6E3994C4D
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Panda Helper ( iOS et APK Android ) Français

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

<link rel=["']stylesheet["'] [^>]+/wp-(?:content|includes)/
/wp-(?:content|includes)/

ZURB Foundation (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

<link[^>]+foundation[^>"]+css

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/

Osano (Cookie compliance) Expand

Overall confidence: 100%
Detected patterns

cookieconsent\.min\.js

Page Statistics

104
Requests

88 %
HTTPS

59 %
IPv6

18
Domains

24
Subdomains

20
IPs

5
Countries

1364 kB
Transfer

3598 kB
Size

21
Cookies

3 Outgoing links

These are links going to different origins than the main page.

URL: https://www.facebook.com/pandahelper.store
Title: Facebook

Search URL Search Domain Scan URL

URL: https://us.norton.com/internetsecurity-mobile-is-jailbreaking-legal-and-safe.html
Title: installer des programmes malveillants ou des failles de sécurité

Search URL Search Domain Scan URL

URL: https://mobile.twitter.com/PandaHelperApp
Title: Twitter

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 40

https://googleads.g.doubleclick.net/pagead/adview?ai=C44xJkv0WZZ3WKKWS18cPn-eSkALL7fXvbcDU9qb8D7z5teOgDhABIIiblBVg--GFg5wKoAGVtq-eA8gBCagDAcgDywSqBNoBT9CVt5iufc4TGbnsvy2_zSKqbsJ-HNJk6VJCymC45It4689-4bHHLRMTvwzloQEmTFkNKjSZK23RD-05h9v3FmTGkkI9Xo8VWgnhc65B9pa2OrKs2doucI9T_trcwFQhgwJV2HlKJMWvkGuYnNpLwX8GXxsVbFjezT5fFGlWWp7frBC8hevyyDIwIPlHwpNU4FZOzMMATdQdjnKB_gerKsjNiy56cZpSkYVFJlY-Q9IAIjY6rdNaF7di5D-_NGCzAtomiYnqkAzzho4tIgXZK75fa1IZe416ENvABMyW0aX9A4gF-MrGjTOSBQQIBBgBkgUECAUYBKAGLoAH08nQYagH2baxAqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4b2AcA8gcEEOa0BdIIFgiA4YAQEAEYHzICqgI6AoBASL39wTqaCUtodHRwczovL3d3dy5hdmFzdC5jb20vZnItZnIvbHAtcHBjLWFvbmUtdjI_cHBjX2NvZGU9MDEyJnBwYz16JmdjbHNyYz1hdy5kcyaACgHICwHYEwyIFATQFQGYFgGAFwGyFxwKGggAEhRwdWItMjM2NzgyNDE0Njg5NDAzNBgA&sigh=3xz3ha2045w&uach_m=[UACH]&ase=2&nis=4&cid=CAQSGwDICaaNJZ7v8pxKRQSWn0AP9DtigTWvtA_g4xgB&template_id=5000&cbvp=2&vis=1 HTTP 302
https://www.googleadservices.com/pagead/ar-adview/?nrh={%22debug_key%22:%228290293435339784128%22,%22debug_reporting%22:true,%22destination%22:%22https://avast.com%22,%22event_report_window%22:%22259200%22,%22expiry%22:%222592000%22,%22filter_data%22:{%222%22:[%22868997909%22],%224%22:[%2209-29%22],%226%22:[%22true%22]},%22priority%22:%22500%22,%22source_event_id%22:%2212804059824424629553%22}&andc=true

Request Chain 41

https://ad.doubleclick.net/ddm/trackimp/N8714.2382313DOUBLECLICKBIDMANAG/B22807636.328317791;dc_trk_aid=520608736;dc_trk_cid=117012770;ord=3777464884;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;gdpr=;gdpr_consent=;ltd=?&cbvp=2 HTTP 302
https://ad.doubleclick.net/ddm/trackimp/N8714.2382313DOUBLECLICKBIDMANAG/B22807636.328317791;dc_pre=CLCHnvag0IEDFQDlEQgd4FEAdQ;dc_trk_aid=520608736;dc_trk_cid=117012770;ord=3777464884;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;gdpr=;gdpr_consent=;ltd=?&cbvp=2

Request Chain 75

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Request Chain 78

https://googleads.g.doubleclick.net/pagead/adview?ai=C1g2ekv0WZY3kKauHn88Pyei56ArL7fXvbcDU9qb8D7z5teOgDhABIIiblBVg--GFg5wKoAGVtq-eA8gBAagDAcgDywSqBNoBT9C4NSMaHDMcpL8T53Jx424mFS6xgGnJETcGV1pCe2QX7pZtF_g0IpKNgdyzm8Ssv4Zr-Ooyn3qastk1kHLPo5J-seB5oZCtVRHHr5zmXI3DnF57FfHpAbl6yslzawwrYKr2kMQ8ML9Cfgx8YQ3u6Yf4N2GrumAjoCJOeYyfFWwMXIShJ5wE7N9GtlTHM4Zr9bZX48NVyxptIGJkpDuJsKsQzvsPzPTvFFbqOmKX_qGDtwRVMzuUyj73efJZbAvuK6OY_FAq6VDDhOdlnOoOB8oQ0yt88pZqDV7ABMyW0aX9A4gF-MrGjTOSBQQIBBgBkgUECAUYBIAH08nQYagH2baxAqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4b2AcB8gcEENjeK9IIFgiA4YAQEAEYHzICqgI6AoBASL39wTqaCUtodHRwczovL3d3dy5hdmFzdC5jb20vZnItZnIvbHAtcHBjLWFvbmUtdjI_cHBjX2NvZGU9MDEyJnBwYz16JmdjbHNyYz1hdy5kcyaACgHICwHYEwyIFATQFQGYFgGAFwGyFxwKGggAEhRwdWItMjM2NzgyNDE0Njg5NDAzNBgA&sigh=Tt4nMlGVH-g&uach_m=[UACH]&ase=2&nis=4&cid=CAQSGwDICaaNddOKl6pMLOalRmWqKsaPsSByksG4ChgB&cbvp=2&vis=1 HTTP 302
https://www.googleadservices.com/pagead/ar-adview/?nrh={%22debug_key%22:%2215408599115339769866%22,%22debug_reporting%22:true,%22destination%22:%22https://avast.com%22,%22event_report_window%22:%22259200%22,%22expiry%22:%222592000%22,%22filter_data%22:{%222%22:[%22868997909%22],%224%22:[%2209-29%22],%226%22:[%22true%22]},%22priority%22:%22500%22,%22source_event_id%22:%2218040749254449053265%22}&andc=true

Request Chain 79

https://ad.doubleclick.net/ddm/trackimp/N8714.2382313DOUBLECLICKBIDMANAG/B22807636.328317791;dc_trk_aid=520608736;dc_trk_cid=117012770;ord=2777684727;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;gdpr=;gdpr_consent=;ltd=?&cbvp=2 HTTP 302
https://ad.doubleclick.net/ddm/trackimp/N8714.2382313DOUBLECLICKBIDMANAG/B22807636.328317791;dc_pre=CLCc2_ag0IEDFenvEQgdQJ8Cbg;dc_trk_aid=520608736;dc_trk_cid=117012770;ord=2777684727;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;gdpr=;gdpr_consent=;ltd=?&cbvp=2

Request Chain 94

https://tpc.googlesyndication.com/pageadimg/imgad?id=CICAgODc-ZmqUxCBARiAATIIpcZJRVLpa0A HTTP 301
https://tpc.googlesyndication.com/simgad/14251315252457269813

Request Chain 98

https://ad.turn.com/r/cs?pid=3&google_gid=CAESEAx9woZTiYuhm1a4jyJTTRY&google_cver=1&google_push=AXcoOmSe08bqTyGykYSQkTapxoMe3nBt8CfdT60dChQmqixKZwgPr7shNa4D6K5L228_hIv6C2wPKgGygPrwjnnaEOsgN3iCRlNp3g HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=turn1&google_cm&google_sc&google_hm=ODkxMDU4MTg1NTY2NzA2MDYwNQ==&gdpr=&gdpr_consent= HTTP 302
https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?gdpr=&gdpr_consent=&google_gid=CAESEAx9woZTiYuhm1a4jyJTTRY&google_cver=1

Request Chain 100

https://pr-bh.ybp.yahoo.com/sync/adx?google_gid=CAESEP6c8hE98xZfUNaFfBIDJA0&google_cver=1&google_push=AXcoOmScGV4lom5SdWOuBZ_riO8ga18FJIXW8mOqfiCJTYKuvL1HnIUEaR-lwkRptiC0bJNC9fo-aSh-u8VcE9GYI3g-U6c6OKlP HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=AXcoOmScGV4lom5SdWOuBZ_riO8ga18FJIXW8mOqfiCJTYKuvL1HnIUEaR-lwkRptiC0bJNC9fo-aSh-u8VcE9GYI3g-U6c6OKlP&google_hm=eS1lM2dxSVI1RTJwRm83MW5xMGx1TWMzZU9WNjBPeTVyMX5B

Request Chain 101

https://c1.adform.net/serving/cookie/match/?party=1&google_gid=CAESENWqfdYAovunqrX6CCpTZpU&google_cver=1&google_push=AXcoOmRfOiNDsA126hwCwxxTSUrg6Kk47QufLRf8Hmd9rt4K-tKJtberFfitseTNQ08Ghv7oJrggEB5FCx-JIpFvHBcZp7Iyh9E8CQ HTTP 302
https://c1.adform.net/serving/cookie/match/?CC=1&party=1&google_gid=CAESENWqfdYAovunqrX6CCpTZpU&google_cver=1&google_push=AXcoOmRfOiNDsA126hwCwxxTSUrg6Kk47QufLRf8Hmd9rt4K-tKJtberFfitseTNQ08Ghv7oJrggEB5FCx-JIpFvHBcZp7Iyh9E8CQ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=NjkxMTQzNzY2NTY3OTE1NzEwNQ&google_push=AXcoOmRfOiNDsA126hwCwxxTSUrg6Kk47QufLRf8Hmd9rt4K-tKJtberFfitseTNQ08Ghv7oJrggEB5FCx-JIpFvHBcZp7Iyh9E8CQ

Request Chain 103

https://ius.ctnsnet.com/int/cm?exc=1&acc=crimtan_holdings_limited&google_gid=CAESEIj5NCBcraa_PxFsFjGBGvg&google_cver=1&google_push=AXcoOmSj4T3GEypEp-LldmTDXlo6PEC73VOnvd5-ZCH8ybqje5G4qfwg1oqhTmncZRepk86oEjZtoEe575ztInJ64FRO2-TArWaB9ds HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=crimtan_holdings_limited&google_push=AXcoOmSj4T3GEypEp-LldmTDXlo6PEC73VOnvd5-ZCH8ybqje5G4qfwg1oqhTmncZRepk86oEjZtoEe575ztInJ64FRO2-TArWaB9ds&google_hm=PLO-qVjlQO6xK7t1M4viQGU

Request Chain 104

https://sync.teads.tv/um?ssb_provider_id=3&uid=&google_nid=teadstv_ab&fb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dteadstv_ab%26google_hm%3D%5BVID_B64%5D&google_gid=CAESEHhYERNsKDgrBGPYFm7WAog&google_cver=1&google_push=AXcoOmSeBCJ9WLiiZsfxHz-_kWgM-DlpY-LM-kwAZBELwaReOjTCCv1m_tONVbQEuolYdrF5y56_SgVItnzzumkpWRGx19k5OK8botE HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=teadstv_ab&google_hm=&google_push=AXcoOmSeBCJ9WLiiZsfxHz-_kWgM-DlpY-LM-kwAZBELwaReOjTCCv1m_tONVbQEuolYdrF5y56_SgVItnzzumkpWRGx19k5OK8botE HTTP 302
https://sync.teads.tv/um/report?eid=3&google_nid=teadstv_ab

Request Chain 107

https://googleads.g.doubleclick.net/pagead/adview?ai=CeSqFlP0WZczNHPibv8IP8JS6-AGn8fCVc7WWrv3YEdmlwPidPxABIIiblBVg--GFg5wKoAGLpITcKMgBCagDAcgDy4SAgASqBNUBT9D1ivjQeGssNW05bTompGAccZy321b32XmOMZjbH3h-DnOyUbN2kpH2-eZ67-j05nQjjoSYs1Lc2JC-fgQsr6TewqWXveJBq_DqKunE8VedJmhogtf9xXSRn4rHHZAwq0Gx5j1J0Qit22RJXLeeMoAdHeSZYlW30eQ9yUsThn9cCIanTECGtlRMReC0Rd_cjhcz1q5SGVhulJUjp0Dr9LPL1Ql3jmzh3URq1N8HZuEfG0rZU68-Iuei-V7-zlIxA4Ht9IbQQuVAPDERwBCr2y2pg1pVwASegq3urASIBYH2uo9BkgUECAQYAZIFBAgFGASgBi6AB4vc1LsDqAfZtrECqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgHpr4b2AcA8gcEEOX3CdIIFgiA4YAQEAEYHzICqgI6AoBASL39wTqaCSJodHRwczovL3d3dy5mcmVlYmNjLmNvbS9raWRzLWdhbWVzgAoByAsB2BMMiBQB0BUBgBcBshccChoIABIUcHViLTIzNjc4MjQxNDY4OTQwMzQYAA&sigh=3ON6KqnDWmo&uach_m=[UACH]&ase=2&nis=4&cid=CAQSOwDICaaN-Wc34oZEgoDDprzRhoNRHueGxKZKYCkNngru4ExaRm_RFyUgFl0s8nAokTYRjTZMTqdb2rlBGAE&template_id=494&cbvp=2&vis=1 HTTP 302
https://www.googleadservices.com/pagead/ar-adview/?nrh={%22debug_key%22:%2215717796904343063769%22,%22debug_reporting%22:true,%22destination%22:%22https://freebcc.com%22,%22event_report_window%22:%22259200%22,%22expiry%22:%222592000%22,%22filter_data%22:{%222%22:[%2210930426379%22],%224%22:[%2209-29%22],%226%22:[%22true%22]},%22priority%22:%22500%22,%22source_event_id%22:%22329545059006341649%22}&andc=true

104 HTTP transactions
7 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request / Show response
panda-helper.org/fr/ 57 KB
14 KB 125ms
44ms Document
text/html 2606:4700:20::ac43:449b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://panda-helper.org/fr/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:449b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c37e6a1934424134d5d0feb6b8863558b80aadf90aa4a02b7e85ec759676f1c7

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36
accept-language: fr-FR,fr;q=0.9

Response headers

age: 291982
alt-svc: h3=":443"; ma=86400
cache-control: max-age=31536000
cf-cache-status: HIT
cf-ray: 80e5a8702d53019e-CDG
content-encoding: br
content-type: text/html; charset=UTF-8
date: Fri, 29 Sep 2023 16:38:41 GMT
expires: Tue, 26 Sep 2023 07:32:19 GMT
last-modified: Tue, 26 Sep 2023 06:20:37 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jSbrChus6pn2eqW%2F8Gn43XQhCyGaQkNgnuhFeA%2FzcKuqOb%2FzGwtiqSyeyVGO7SPQoHu%2F65J22%2FXHld3pahpC9xB78%2B9oN0ed6l4VGQfA16nvq%2Bu8rb8bR03IxMHtS5mQFtK7HODsSbObV0DJ7Vc%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding,User-Agent

GET
H2 200 ratemypost.ttf
panda-helper.org/wp-content/plugins/rate-my-post/public/css/fonts/ 5 KB
3 KB 35ms
28ms Font
font/ttf 2606:4700:20::ac43:449b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://panda-helper.org/wp-content/plugins/rate-my-post/public/css/fonts/ratemypost.ttf
Requested by: Host: panda-helper.org
URL: https://panda-helper.org/fr/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:449b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 40d4cb30d26c1301383bc7445dd80bf4e3279374d2ff74c771aa4c3db182358f

Request headers

Referer: https://panda-helper.org/fr/
Origin: https://panda-helper.org
accept-language: fr-FR,fr;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Fri, 29 Sep 2023 16:38:42 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Tue, 31 Jan 2023 07:16:06 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 543222
vary: Accept-Encoding,User-Agent
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LSaeti5vEdRVZYwIlkc9W8m0XcM%2BI95exupxoXBBnR7%2FuJ8zDEDATmzxQrojs5kXac1i2F%2FUo64mMqAZSip47ryg1nMJqfUznrpZNhmg7SWfdDu%2ByyX%2FS2MSAR1utxhJQm1Fx16twl33WsnYVzk%3D"}],"group":"cf-nel","max_age":604800}
content-type: font/ttf
cache-control: public, max-age=31536000
cf-ray: 80e5a8708dd5019e-CDG
alt-svc: h3=":443"; ma=86400
expires: Sun, 21 Jan 2024 09:45:00 GMT

GET
H2 200 style.css
panda-helper.org/wp-content/cache/min/1/wp-content/plugins/wptouch-pro/themes/foundation/default/ 22 KB
7 KB 38ms
31ms Stylesheet
text/css 2606:4700:20::ac43:449b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://panda-helper.org/wp-content/cache/min/1/wp-content/plugins/wptouch-pro/themes/foundation/default/style.css?ver=1686820749
Requested by: Host: panda-helper.org
URL: https://panda-helper.org/fr/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:449b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8809f39a7b6fa8f457102b6fa5b8ba97af706c45435227d71d27c995c19e25b4

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://panda-helper.org/fr/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Fri, 29 Sep 2023 16:38:42 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 543145
cf-polished: origSize=22502
alt-svc: h3=":443"; ma=86400
cf-bgj: minify
last-modified: Thu, 15 Jun 2023 09:19:09 GMT
server: cloudflare
vary: Accept-Encoding,User-Agent
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bz5%2B4ClM%2BhmnDSwWQimUuA6ezl4ELt9ymU33LrdaO8G1wWSzdHGjV6oH7DacIG%2F1eRmig6lCAsBUb1IKkbJhiebOLljSpCh2OixDd5u2C17HK%2FN1wBiZ39u%2Fx1%2BhbB%2FvsRI6qj%2BB5e5vMBaV5Vk%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=utf-8
cache-control: public, max-age=31536000
cf-ray: 80e5a8708dd6019e-CDG
expires: Sun, 22 Sep 2024 09:46:17 GMT

GET
H2 200 classic-themes.min.css
panda-helper.org/wp-includes/css/ 217 B
488 B 40ms
33ms Stylesheet
text/css 2606:4700:20::ac43:449b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://panda-helper.org/wp-includes/css/classic-themes.min.css?ver=1
Requested by: Host: panda-helper.org
URL: https://panda-helper.org/fr/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:449b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5a5f39391fbf5b06db84b8f9716d53de575ee97a627d2c5f12f79a991a671eb5

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://panda-helper.org/fr/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Fri, 29 Sep 2023 16:38:42 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Tue, 31 Jan 2023 07:21:34 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 1868311
vary: Accept-Encoding,User-Agent
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=c1r25BJqnIan0IWzOZjeeJyLwrJTpKTqg9dJETSrfagDxXsme83hSoGu%2F6drygV8gyI2ODcFRuJxbVKI6Gs8itW7vK9xw%2B2ULxf6BpMcw3aW9Aw0Z5pG143%2Flt1l0Zvk2wcOf8bjcpKd3U4b6hc%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=utf-8
cache-control: public, max-age=31536000
cf-ray: 80e5a8708dd9019e-CDG
alt-svc: h3=":443"; ma=86400
expires: Sat, 07 Sep 2024 01:40:10 GMT

GET
H2 200 rate-my-post.css
panda-helper.org/wp-content/cache/min/1/wp-content/plugins/rate-my-post/public/css/ 10 KB
2 KB 41ms
35ms Stylesheet
text/css 2606:4700:20::ac43:449b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://panda-helper.org/wp-content/cache/min/1/wp-content/plugins/rate-my-post/public/css/rate-my-post.css?ver=1686820749
Requested by: Host: panda-helper.org
URL: https://panda-helper.org/fr/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:449b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f3d170cc7ec7d8ce2c47e64ab73aca0da7c6dadf2e66f30f07a9c70ec9e2f593

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://panda-helper.org/fr/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Fri, 29 Sep 2023 16:38:42 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 543099
cf-polished: origSize=10771
alt-svc: h3=":443"; ma=86400
cf-bgj: minify
last-modified: Thu, 15 Jun 2023 09:19:09 GMT
server: cloudflare
vary: Accept-Encoding,User-Agent
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=teG7pq8%2FMSw0DwwDTXtq5LSS0vc6N8Y7zrr%2BCDTyl53yuBNPrgv8Utk9Hc0EsJjsjjyaufVTw%2BTGkwvKqGKynZmtu%2Fc35OD5G6EqJoDVk5Lg0GZvvQeKL8kBBHC7M%2FOW6eKojWlEYpGUr3fiiaE%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=utf-8
cache-control: public, max-age=31536000
cf-ray: 80e5a8709ddd019e-CDG
expires: Sun, 22 Sep 2024 09:47:03 GMT

GET
H2 200 screen.min.css
panda-helper.org/wp-content/plugins/table-of-contents-plus/ 1 KB
719 B 38ms
33ms Stylesheet
text/css 2606:4700:20::ac43:449b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://panda-helper.org/wp-content/plugins/table-of-contents-plus/screen.min.css?ver=2212
Requested by: Host: panda-helper.org
URL: https://panda-helper.org/fr/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:449b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2e36bd3bdbb929f427e79a6c84b7922b4375589386981eba29eb0cff57b02b1b

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://panda-helper.org/fr/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Fri, 29 Sep 2023 16:38:42 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Tue, 31 Jan 2023 07:16:09 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 543145
vary: Accept-Encoding,User-Agent
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=N329hyr8SKAAn6SFJJrLZOaMkEy2KTvAUMSl1EX0P8MMY6h043hru5rtZLv3mDMPNccF1Qoc9n77mqe2FOYtyG9T%2F5LtFLu3tZcp39RN74Cp8YAv94uFh6OzvzL7EmRQWmAnaqcUW868R8AJQh4%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=utf-8
cache-control: public, max-age=31536000
cf-ray: 80e5a8709ddf019e-CDG
alt-svc: h3=":443"; ma=86400
expires: Sun, 22 Sep 2024 09:46:17 GMT

GET
H2 200 style.css
panda-helper.org/wp-content/cache/min/1/wp-content/wptouch-data/themes/bauhaus/default/ 17 KB
4 KB 41ms
36ms Stylesheet
text/css 2606:4700:20::ac43:449b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://panda-helper.org/wp-content/cache/min/1/wp-content/wptouch-data/themes/bauhaus/default/style.css?ver=1686820749
Requested by: Host: panda-helper.org
URL: https://panda-helper.org/fr/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:449b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4c145f5f47b58e72811ff0a2b2bd2f4e63d3a6ade08c96e7271a6ec9f3f17bdb

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://panda-helper.org/fr/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Fri, 29 Sep 2023 16:38:42 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 1641495
cf-polished: origSize=16937
alt-svc: h3=":443"; ma=86400
cf-bgj: minify
last-modified: Thu, 15 Jun 2023 09:19:09 GMT
server: cloudflare
vary: Accept-Encoding,User-Agent
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kgyRgqafDC%2B9K8XwCS60eyKRFamarET8mSVIBILDfhjhGgkB8a82TSYHN%2FYbB2y90RWIjs14D1HyjiOrTsT8LzE6DQwGYXkhM6VrrnqQbIkevKN%2BMzEN5h%2FZ7%2Bz2z68q7tPWtDg2ZqEw%2BZOch6g%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=utf-8
cache-control: public, max-age=31536000
cf-ray: 80e5a8709de1019e-CDG
expires: Mon, 09 Sep 2024 16:40:27 GMT

GET
H2 200 button-styles.css
panda-helper.org/wp-content/cache/min/1/wp-content/plugins/forget-about-shortcode-buttons/public/css/ 151 KB
48 KB 47ms
43ms Stylesheet
text/css 2606:4700:20::ac43:449b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://panda-helper.org/wp-content/cache/min/1/wp-content/plugins/forget-about-shortcode-buttons/public/css/button-styles.css?ver=1686820749
Requested by: Host: panda-helper.org
URL: https://panda-helper.org/fr/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:449b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f66d7cc6eac121652784cd3913397795decbd586dd1e32189357eca6104e60b2

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://panda-helper.org/fr/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Fri, 29 Sep 2023 16:38:42 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 543145
cf-polished: origSize=154873
alt-svc: h3=":443"; ma=86400
cf-bgj: minify
last-modified: Thu, 15 Jun 2023 09:19:09 GMT
server: cloudflare
vary: Accept-Encoding,User-Agent
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zLRIhL9wol29kL05KZfHvRrIGffKIZCTl5eDick3ZpGSTVwTIp8B0fSM8xDBI2s4VC5ARuYjk4ncQkxy8hy9564eVLzycZsyHbnWxdae5AUmSltpG2oimbjoloetKYY4BBFINoTudxDNWOsxG4k%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=utf-8
cache-control: public, max-age=31536000
cf-ray: 80e5a8709de3019e-CDG
expires: Sun, 22 Sep 2024 09:46:17 GMT

GET
H2 200 navigation-branding.min.css
panda-helper.org/wp-content/plugins/gp-premium/menu-plus/functions/css/ 3 KB
956 B 36ms
32ms Stylesheet
text/css 2606:4700:20::ac43:449b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://panda-helper.org/wp-content/plugins/gp-premium/menu-plus/functions/css/navigation-branding.min.css?ver=2.2.2
Requested by: Host: panda-helper.org
URL: https://panda-helper.org/fr/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:449b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1cc5fba1b17b26c8975d63d581f375152c583264b4ba58a2d2eacac2d11d90ee

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://panda-helper.org/fr/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Fri, 29 Sep 2023 16:38:42 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Tue, 31 Jan 2023 07:16:04 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 543145
vary: Accept-Encoding,User-Agent
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8rbdvekKVCav27OCwAMOBoPLpoyfjKupBBrEWYTPP3dofMJ0Bmmh7DFetUalObbiEoglo8dJVXPwMPZiw%2Fc3tyJQXuVsntRcaw7ztwHHHgwmd21AOnTGYdqUGUQRB%2FzP6Q0cZaXUdgirqp%2F0QuE%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=utf-8
cache-control: public, max-age=31536000
cf-ray: 80e5a8709de5019e-CDG
alt-svc: h3=":443"; ma=86400
expires: Sun, 22 Sep 2024 09:46:17 GMT

GET
H2 200 cookieconsent.min.css
panda-helper.org/wp-content/cache/min/1/ajax/libs/cookieconsent2/3.1.0/ 4 KB
1 KB 33ms
30ms Stylesheet
text/css 2606:4700:20::ac43:449b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://panda-helper.org/wp-content/cache/min/1/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.css?ver=1686820749
Requested by: Host: panda-helper.org
URL: https://panda-helper.org/fr/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:449b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 459386386a93a7e2f17759288436f8ed0c24a62dfb118bd85495c7b1d9c39aea

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://panda-helper.org/fr/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Fri, 29 Sep 2023 16:38:42 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Thu, 15 Jun 2023 09:19:09 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 543145
vary: Accept-Encoding,User-Agent
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gjpjZQNZMoR1REh36y2l2KczMDuataoO4V5%2Fv5%2BbR773nvL1IHTE5m9Kzs8XO9tYIddow%2BnqxopZs9gM0gH7p%2BMCGVnCgDKwExfaHqIBHa9Bh%2F%2FC8rkxFQi142pSKJpKn3RD%2BZeTtloN3fB2oZo%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=utf-8
cache-control: public, max-age=31536000
cf-ray: 80e5a8709de8019e-CDG
alt-svc: h3=":443"; ma=86400
expires: Sun, 22 Sep 2024 09:46:17 GMT

GET
H2 200 cookieconsent.min.js Show response
cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/ 20 KB
7 KB 70ms
29ms Script
application/javascript 2606:4700::6811:180e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.js

Requested by

Host: panda-helper.org
URL: https://panda-helper.org/fr/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:180e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

cb41292903f6bd996333bdfe6fbc58e1dbdb6109074505ee3ea46373bb23be70

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://panda-helper.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Fri, 29 Sep 2023 16:38:42 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
age: 4400056
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 5979
last-modified: Thu, 22 Jun 2023 10:57:54 GMT
server: cloudflare
cf-cdnjs-via: cfworker/r2
etag: "64942932-175b"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VxHfGE9QjKCFg6G2CxSmY5h0wv%2BN%2FY%2F1zixM70go9cNROjcMf4NU%2BtHULEKabYq%2F69K%2Ba3mmwRwxS3elg0TVqkOLXXw6Z5xfKk%2FX3GqsuYJ%2BGhSyQL7Pn%2BQPnLBBON5HO%2Frx0b4jzB8vZAwelJNEthrz"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 80e5a8710a42d68a-CDG
expires: Wed, 18 Sep 2024 16:38:42 GMT

GET
H2 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ 149 KB
51 KB 153ms
93ms Script
text/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Requested by

Host: panda-helper.org
URL: https://panda-helper.org/fr/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

38a7584182deac86805099edb422b67d984aaf14a7c6e7587b158763320dad98

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://panda-helper.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Fri, 29 Sep 2023 16:38:42 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 51466
x-xss-protection: 0
server: cafe
etag: 7281958825785518926
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Fri, 29 Sep 2023 16:38:42 GMT

GET
H3 200 665b9912f784557841dd63078f5b49bf.min.js Show response
panda-helper.org/wp-content/wptouch-data/power-pack/js/ 246 KB
74 KB 120ms
119ms Script
application/javascript 2606:4700:20::ac43:449b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://panda-helper.org/wp-content/wptouch-data/power-pack/js/665b9912f784557841dd63078f5b49bf.min.js
Requested by: Host: panda-helper.org
URL: https://panda-helper.org/fr/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::ac43:449b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 05cd91541a76b8b47c82a4b504fc50f6e1c2e6e34f7f6a9d4562b5501190f0a9

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://panda-helper.org/fr/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Fri, 29 Sep 2023 16:38:42 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Tue, 31 Jan 2023 07:21:57 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 542510
vary: Accept-Encoding,User-Agent
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CJ52fIvEZVCzqXt0s0LGQt30hkJe1X3mmxj7N6qCdTcjtx8LZAkeuVY136ineSIGOy7kftGijS3nWxJ91PJesrNW0A16Yeddqqcy7wMRTy7n4gaKISAP6Egw9IhjXJbQtuXNiclUDwkBH0VWAC0%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
cache-control: public, max-age=31536000
cf-ray: 80e5a870c949f15c-CDG
alt-svc: h3=":443"; ma=86400
expires: Sun, 22 Sep 2024 09:56:52 GMT

GET
H3 200 lazyload.min.js Show response
panda-helper.org/wp-content/plugins/wp-rocket/assets/js/lazyload/17.5/ 8 KB
3 KB 139ms
138ms Script
application/javascript 2606:4700:20::ac43:449b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://panda-helper.org/wp-content/plugins/wp-rocket/assets/js/lazyload/17.5/lazyload.min.js
Requested by: Host: panda-helper.org
URL: https://panda-helper.org/fr/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::ac43:449b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8ceb3992861ed1fda25855c2e500e76842ae0d788405e50e3a9f45df36499cf6

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://panda-helper.org/fr/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Fri, 29 Sep 2023 16:38:42 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Sat, 04 Feb 2023 07:15:27 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 543374
vary: Accept-Encoding,User-Agent
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=j%2BQ8xN8lvigTDQ43ti9XVLgUppB0vt1hT7W%2FFBRB2YJfg8unqsweqpJEmdSh3BWOdtibDbZShcrezTbzYB2Hcuq6AmE%2FIdIGLiHzbSvQp2XLe7ZNhO1K0PwDdONcRSpC0oTR9AV7KfLS0V5OQNA%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
cache-control: public, max-age=31536000
cf-ray: 80e5a870c94bf15c-CDG
alt-svc: h3=":443"; ma=86400
expires: Sun, 22 Sep 2024 09:42:28 GMT

GET
H2 200 track.js Show response
d2fuc4clr7gvcn.cloudfront.net/ 4 KB
2 KB 124ms
20ms Script
application/javascript 13.249.12.112
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://d2fuc4clr7gvcn.cloudfront.net/track.js
Requested by: Host: panda-helper.org
URL: https://panda-helper.org/fr/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.249.12.112 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-249-12-112.cdg53.r.cloudfront.net
Software: nginx/1.10.3 (Ubuntu) /
Resource Hash: df2698e6cf74ed890afa92da10051f880df2ce0b3257b73c5d9ae2f6bea82d3c

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://panda-helper.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Fri, 29 Sep 2023 12:39:17 GMT
content-encoding: gzip
via: 1.1 f6d81b3012ddbb7788e324c7c08594a6.cloudfront.net (CloudFront)
last-modified: Thu, 31 Aug 2023 11:25:26 GMT
server: nginx/1.10.3 (Ubuntu)
x-amz-cf-pop: CDG53-C1
age: 14377
etag: W/"64f078a6-ef5"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
x-amz-cf-id: SVjOp1ClI-1YMtFgqP5S1jko1bbonpAeC3vFADR0MZSL65hq5_E0KQ==

GET
DATA 200
OK truncated
/ 68 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 11fcbd228e7d2b1ba69bf1863b629404fc8fc3ca082e24ac9995b7ba5c7bf1cd

Request headers

accept-language: fr-FR,fr;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 68 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e9a8768c59fb97194bf8bc1b3c1045bc46fc5c332a69611a044b2a8f2f0c5ad7

Request headers

accept-language: fr-FR,fr;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H3 200 wptouch-icons.woff
panda-helper.org/wp-content/plugins/wptouch-pro/themes/foundation/modules/wptouch-icons/font/ 11 KB
12 KB 80ms
80ms Font
font/woff 2606:4700:20::ac43:449b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://panda-helper.org/wp-content/plugins/wptouch-pro/themes/foundation/modules/wptouch-icons/font/wptouch-icons.woff?64777116
Requested by: Host: panda-helper.org
URL: https://panda-helper.org/wp-content/cache/min/1/wp-content/plugins/wptouch-pro/themes/foundation/default/style.css?ver=1686820749
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::ac43:449b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 68ebf0f65fdbf1e57713f094f426e2f5dbba1a819dfd1959fe4b4e92a2e698aa

Request headers

Referer: https://panda-helper.org/wp-content/cache/min/1/wp-content/plugins/wptouch-pro/themes/foundation/default/style.css?ver=1686820749
Origin: https://panda-helper.org
accept-language: fr-FR,fr;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Fri, 29 Sep 2023 16:38:42 GMT
cf-cache-status: HIT
last-modified: Sat, 27 Aug 2022 06:14:23 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 1669432
vary: Accept-Encoding,User-Agent
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=c%2FOhTVGZYXXVgBO%2BiZffZAgN2pex2VhHpRlt2Tq%2BYsrOTC8yvblKym7CWVfvZKaoAfjwnckLQ8c2ji5QAbAvFZmR0D94oA%2BP%2Bu6VshxBz64Aw71jpdPvtUXouSjDmEqQsaDx3Nm1na5bHhB2XCg%3D"}],"group":"cf-nel","max_age":604800}
content-type: font/woff
cache-control: max-age=31536000
cf-ray: 80e5a870e970f15c-CDG
alt-svc: h3=":443"; ma=86400
expires: Mon, 08 Jan 2024 08:54:50 GMT

GET
H3 200 fontawesome-webfont.woff
panda-helper.org/wp-content/plugins/forget-about-shortcode-buttons/public/fonts/ 43 KB
44 KB 61ms
61ms Font
font/woff 2606:4700:20::ac43:449b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://panda-helper.org/wp-content/plugins/forget-about-shortcode-buttons/public/fonts/fontawesome-webfont.woff?v=4.0.3
Requested by: Host: panda-helper.org
URL: https://panda-helper.org/wp-content/cache/min/1/wp-content/plugins/forget-about-shortcode-buttons/public/css/button-styles.css?ver=1686820749
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::ac43:449b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0fd28fece9ebd606b8b071460ebd3fc2ed7bc7a66ef91c8834f11dfacab4a849

Request headers

Referer: https://panda-helper.org/wp-content/cache/min/1/wp-content/plugins/forget-about-shortcode-buttons/public/css/button-styles.css?ver=1686820749
Origin: https://panda-helper.org
accept-language: fr-FR,fr;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Fri, 29 Sep 2023 16:38:42 GMT
cf-cache-status: HIT
last-modified: Tue, 31 Jan 2023 07:16:03 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 537777
vary: Accept-Encoding,User-Agent
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5x%2FK0ToqaWQTWAhAEPRmvJ2IDKG49HaWi4yjSGBkpvRtqGANloAIsKqTP4TDCO4A%2FtOk7hoCfuCBWkesACsTIcrpCFzRmvoP4d2Rs9MitlZLld%2FC48ECmThgKJ89erN5bf3aJfoAef2ipyT3TsA%3D"}],"group":"cf-nel","max_age":604800}
content-type: font/woff
cache-control: max-age=31536000
cf-ray: 80e5a870e972f15c-CDG
alt-svc: h3=":443"; ma=86400
expires: Sun, 21 Jan 2024 11:15:45 GMT

GET
DATA 200
OK truncated
/ 31 KB
31 KB Font
application/x-font-woff

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: bc9c387b513b4d43675910f780fa03e92b9a4b58432b402a8f0a801a0d5ae855

Request headers

Referer
Origin: https://panda-helper.org
accept-language: fr-FR,fr;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

Content-Type: application/x-font-woff;charset=utf-8

GET
H/1.1 200
OK track.gif
track.gaug.es/ 35 B
389 B 625ms
133ms Image
image/gif 54.161.77.199
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://track.gaug.es/track.gif?h[site_id]=5b61f6890d10f32437e33827&h[resource]=https%3A%2F%2Fpanda-helper.org%2Ffr%2F&h[referrer]=&h[title]=Panda%20Helper%20(%20iOS%20et%20APK%20Android%20)%20Fran%C3%A7ais&h[user_agent]=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F117.0.5938.132%20Safari%2F537.36&h[unique]=1&h[unique_hour]=1&h[unique_day]=1&h[unique_month]=1&h[unique_year]=1&h[screenx]=1600&h[browserx]=1600&h[browsery]=1200&timestamp=1696005522172

Requested by

Host: panda-helper.org
URL: https://panda-helper.org/fr/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.161.77.199 , United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-54-161-77-199.compute-1.amazonaws.com

Software

nginx/1.10.3 (Ubuntu) /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://panda-helper.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 29 Sep 2023 16:38:42 GMT
X-Content-Type-Options: nosniff
Last-Modified: Fri, 29 Sep 2023 16:38:42 GMT
Server: nginx/1.10.3 (Ubuntu)
Content-Type: image/gif
Cache-Control: no-store, no-cache, must-revalidate, private
Connection: keep-alive
Content-Length: 35
Expires: Sat, 25 Nov 2000 05:00:00 GMT

GET
H3 200 panda-helper-logo-512px-120x120.png
panda-helper.org/wp-content/uploads/2022/11/ 5 KB
5 KB 31ms
30ms Image
image/webp 2606:4700:20::ac43:449b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://panda-helper.org/wp-content/uploads/2022/11/panda-helper-logo-512px-120x120.png
Requested by: Host: panda-helper.org
URL: https://panda-helper.org/fr/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::ac43:449b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: de7d0914bae9fe1f3559ee1dc90dfdb16e3212daa99455f18acdffa3e820304a

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://panda-helper.org/fr/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Fri, 29 Sep 2023 16:38:42 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 3739
cf-polished: origFmt=png, origSize=6179
content-disposition: inline; filename="panda-helper-logo-512px-120x120.webp"
alt-svc: h3=":443"; ma=86400
content-length: 4722
cf-bgj: imgq:100,h2pri
last-modified: Wed, 30 Nov 2022 10:12:16 GMT
server: cloudflare
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UPO5GZKaEMzYi%2BLh2Uc7zC%2FIaT3c%2B5Yi4PtV%2BUtRUgORL7Glr718rV5FKg%2FlcD9ullWdg4FKQYhOjD%2B2XX%2Byyi90HYPAflnNmM8TlPUW4UiizVrO5hhH6CFNNp%2FXuoFTEIiSNq475yzJLUMKARc%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 80e5a871fa72f15c-CDG
expires: Sat, 27 Jan 2024 15:36:23 GMT

GET
H3 200 app-store-5.png
panda-helper.org/wp-content/uploads/2019/10/ 740 B
1 KB 31ms
30ms Image
image/webp 2606:4700:20::ac43:449b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://panda-helper.org/wp-content/uploads/2019/10/app-store-5.png
Requested by: Host: panda-helper.org
URL: https://panda-helper.org/fr/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::ac43:449b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 9ead0704cbd80a4162c462393a627d0b45bb2b60647fed6be4f543617207d0ab

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://panda-helper.org/fr/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Fri, 29 Sep 2023 16:38:42 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 1874101
cf-polished: origFmt=png, origSize=1277
content-disposition: inline; filename="app-store-5.webp"
alt-svc: h3=":443"; ma=86400
content-length: 740
cf-bgj: imgq:100,h2pri
last-modified: Mon, 07 Oct 2019 07:20:20 GMT
server: cloudflare
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BFivGXm1P11w1KUB37ko2EWNwga9Wr4OUzAIRBcDBcorKexEFZs9%2BuP1dfrs6qW0Vf8FVfnz564KxsSIQ7JGyN3YjvQRtzBiweOGTpSQTjYnKd3YEynZLSWpHbC1R1Cu6VTVj35BvOB0zTfxOBI%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 80e5a871fa73f15c-CDG
expires: Sat, 06 Jan 2024 00:03:40 GMT

GET
H3 200 rating.png
panda-helper.org/wp-content/uploads/2019/03/ 2 KB
3 KB 32ms
31ms Image
image/webp 2606:4700:20::ac43:449b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://panda-helper.org/wp-content/uploads/2019/03/rating.png
Requested by: Host: panda-helper.org
URL: https://panda-helper.org/fr/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::ac43:449b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5d9683b392d6a226b8de5a6fd3d73b1582012b3be3220d0ecc1bb9e88d0cb6e3

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://panda-helper.org/fr/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Fri, 29 Sep 2023 16:38:42 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 528035
cf-polished: origFmt=png, origSize=3633
content-disposition: inline; filename="rating.webp"
alt-svc: h3=":443"; ma=86400
content-length: 2396
cf-bgj: imgq:100,h2pri
last-modified: Fri, 15 Mar 2019 16:21:50 GMT
server: cloudflare
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GDyfh9867JqOoq%2BQlvbSdTcF%2FKATABDD%2BICvzYCbEkGMwrrKIUh0zo4SPhZ3vfMkQiiue9GhITvniIchry2mpAxs5vp4zs1STi0lTUN8upO0ibFpSq0xgtm9tywhDJNk5dpbnIofDXj6IL5lCaQ%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 80e5a871fa75f15c-CDG
expires: Sun, 21 Jan 2024 13:58:07 GMT

GET
H3 200 customer-service-3-120x120.png
panda-helper.org/wp-content/uploads/2022/09/ 3 KB
3 KB 235ms
234ms Image
image/png 2606:4700:20::ac43:449b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://panda-helper.org/wp-content/uploads/2022/09/customer-service-3-120x120.png
Requested by: Host: panda-helper.org
URL: https://panda-helper.org/fr/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::ac43:449b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 09e5de207642d49fcb9668ad9adeee16386dc610993a2ea3b258c767ed0ab6f1

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://panda-helper.org/fr/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Fri, 29 Sep 2023 16:38:42 GMT
cf-cache-status: MISS
last-modified: Tue, 20 Sep 2022 17:01:03 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=M66Xt15OVj8mIU3mgFdytA9GvoAqgP2eSB2e%2BxB%2FTW9%2FUTgkiOUUirAt2tMbbm%2BtkUT0OHzpVAv5%2BzA1bSp6qK4tXCQWiaXNt8mAgHn%2BhnB%2Fs7B5SOpNnWdBfX5fGTnUIXHMB3y1xcwKsEat0FM%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 80e5a871fa78f15c-CDG
alt-svc: h3=":443"; ma=86400
content-length: 2787
expires: Sat, 27 Jan 2024 16:38:42 GMT

GET
H2 200 show_ads_impl_with_ama_fy2021.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202309260101/ 380 KB
129 KB 99ms
98ms Script
text/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202309260101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-2367824146894034&plah=panda-helper.org&bust=31078216

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

789d0e24d64153ef710b45317aa8778a642a8ce1b5bb3584b7d41351c596afd4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://panda-helper.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Fri, 29 Sep 2023 16:38:42 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 131777
x-xss-protection: 0
server: cafe
etag: 4055216727811660586
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Fri, 29 Sep 2023 16:38:42 GMT

GET
H2 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20230927/r20190131/ Frame 0B9D 10 KB
5 KB 82ms
24ms Document
text/html 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20230927/r20190131/zrt_lookup.html

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

041fe6e516177e777c651a95708ee4961723db34a974e8be9e6ba597a1313e51

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://panda-helper.org/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36
accept-language: fr-FR,fr;q=0.9

Response headers

age: 21275
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4471
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 29 Sep 2023 10:44:07 GMT
etag: 2603938475786422795
expires: Fri, 13 Oct 2023 10:44:07 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 cookie.js Show response
partner.googleadservices.com/gampad/ 399 B
605 B 167ms
35ms Script
text/javascript 2a00:1450:4001:81c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://partner.googleadservices.com/gampad/cookie.js?domain=panda-helper.org&callback=_gfp_s_&client=ca-pub-2367824146894034

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202309260101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-2367824146894034&plah=panda-helper.org&bust=31078216

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

5c6bd4319dd240c4fd2716ca703494594a38d85419595d26e6e9d19c414ee87a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://panda-helper.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Fri, 29 Sep 2023 16:38:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: text/javascript; charset=UTF-8
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 253
x-xss-protection: 0

GET
H2 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 7C5A 344 KB
78 KB 1711ms
1708ms Document
text/html 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2367824146894034&output=html&adk=1812271804&adf=3025194257&lmt=1695702037&plat=3%3A16%2C4%3A16%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C41%3A32%2C42%3A32&format=0x0&url=https%3A%2F%2Fpanda-helper.org%2Ffr%2F&ea=0&pra=5&wgl=1&easpi=0&asro=0&asiscm=1&aslmt=0.4&asamt=-1&asedf=0&asefa=1&aseiel=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1696005522240&bpp=15&bdt=254&idt=197&shv=r20230927&mjsv=m202309260101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=8620002823418&frm=20&pv=2&ga_vid=433295321.1696005522&ga_sid=1696005522&ga_hid=392041215&ga_fc=0&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C31078216%2C31078297&oid=2&pvsid=864622989496200&tmod=1336287825&uas=0&nvt=1&fsapi=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=1&uci=a!1&fsb=1&dtd=215

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d6b66ce9ce4e5915afacc41236d015945e1266a1ee842eaee16764a070180ee0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://panda-helper.org/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36
accept-language: fr-FR,fr;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 80119
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 29 Sep 2023 16:38:44 GMT
expires: Fri, 29 Sep 2023 16:38:44 GMT
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 77A1 122 KB
40 KB 837ms
835ms Document
text/html 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2367824146894034&output=html&h=280&adk=1474571092&adf=3081371720&pi=t.aa~a.3079517651~rp.4&w=1200&fwrn=4&fwrnh=100&lmt=1695702037&rafmt=1&to=qs&pwprc=3386368754&format=1200x280&url=https%3A%2F%2Fpanda-helper.org%2Ffr%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1696005522255&bpp=2&bdt=269&idt=203&shv=r20230927&mjsv=m202309260101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=2&correlator=8620002823418&frm=20&pv=1&ga_vid=433295321.1696005522&ga_sid=1696005522&ga_hid=392041215&ga_fc=0&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=1991&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C31078216%2C31078297&oid=2&pvsid=864622989496200&tmod=1336287825&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=2&uci=a!2&btvi=1&fsb=1&xpc=pa2ye6jArc&p=https%3A//panda-helper.org&dtd=205

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7ee68da37f65f61588481ae0fe98a184f893d5f0d0bacd68babf9ca6642be8f1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://panda-helper.org/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36
accept-language: fr-FR,fr;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 40816
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 29 Sep 2023 16:38:43 GMT
expires: Fri, 29 Sep 2023 16:38:43 GMT
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 css
fonts.googleapis.com/ Frame 77A1 15 KB
2 KB 92ms
35ms Stylesheet
text/css 2a00:1450:4001:81c::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500&display=swap

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2367824146894034&output=html&h=280&adk=1474571092&adf=3081371720&pi=t.aa~a.3079517651~rp.4&w=1200&fwrn=4&fwrnh=100&lmt=1695702037&rafmt=1&to=qs&pwprc=3386368754&format=1200x280&url=https%3A%2F%2Fpanda-helper.org%2Ffr%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1696005522255&bpp=2&bdt=269&idt=203&shv=r20230927&mjsv=m202309260101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=2&correlator=8620002823418&frm=20&pv=1&ga_vid=433295321.1696005522&ga_sid=1696005522&ga_hid=392041215&ga_fc=0&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=1991&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C31078216%2C31078297&oid=2&pvsid=864622989496200&tmod=1336287825&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=2&uci=a!2&btvi=1&fsb=1&xpc=pa2ye6jArc&p=https%3A//panda-helper.org&dtd=205

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

62218c89aeba998ce96c351c07bba16f0f37d591eb24b3a5c954fae4adda5cc1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Fri, 29 Sep 2023 16:38:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Fri, 29 Sep 2023 16:02:21 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Fri, 29 Sep 2023 16:38:43 GMT

GET
H2 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230927/r20110914/ Frame 77A1 23 KB
9 KB 105ms
28ms Script
text/javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230927/r20110914/abg_lite_fy2021.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9941d25da2d400e2cbc1c979d7ecae4a9b418158d3825d03e09650e0799dcefb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Thu, 28 Sep 2023 16:48:57 GMT
content-encoding: br
x-content-type-options: nosniff
age: 85786
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9135
x-xss-protection: 0
server: cafe
etag: 9583221549990841032
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 12 Oct 2023 16:48:57 GMT

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230927/r20110914/client/ Frame 77A1 3 KB
1 KB 35ms
32ms Script
text/javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230927/r20110914/client/window_focus_fy2021.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Fri, 29 Sep 2023 09:05:30 GMT
content-encoding: br
x-content-type-options: nosniff
age: 27193
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 13 Oct 2023 09:05:30 GMT

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230927/r20110914/client/ Frame 77A1 20 KB
8 KB 101ms
25ms Script
text/javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230927/r20110914/client/qs_click_protection_fy2021.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

113c3c3c7de8fe21fe5a6d4b6c367d658dab1dc5b5f820393e0b98fc11032771

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Thu, 28 Sep 2023 16:48:58 GMT
content-encoding: br
x-content-type-options: nosniff
age: 85785
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8282
x-xss-protection: 0
server: cafe
etag: 5314254467506293444
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 12 Oct 2023 16:48:58 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 77A1 182 KB
58 KB 110ms
40ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

71ba7e09487750d7426b3bd64cf57facb8eb119939eb7055138ee55f13bb6f05

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Fri, 29 Sep 2023 16:38:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 58285
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1695814262870679"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 29 Sep 2023 16:38:43 GMT

GET
H2 200 fda82c26911938d9c7ca79f9220f8b0c.js Show response
www.gstatic.com/mysidia/ Frame 77A1 36 KB
15 KB 81ms
25ms Script
text/javascript 2a00:1450:4001:82b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/fda82c26911938d9c7ca79f9220f8b0c.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8f1843ba4bdea64726280f2365f8ad8a47e70ee54327f98273daf7fac5120074

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Fri, 29 Sep 2023 10:18:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 22842
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15328
x-xss-protection: 0
last-modified: Mon, 25 Sep 2023 20:14:59 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Thu, 28 Dec 2023 10:18:01 GMT

GET
H2 200 14763004658117789537
tpc.googlesyndication.com/simgad/11719188037202564360/ Frame 77A1 12 KB
13 KB 32ms
31ms Image
image/jpeg 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/11719188037202564360/14763004658117789537?w=600&h=314

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8e77df26e9cb0a71ff8aedb4c07657472288e51405c0df8abdf920a01b4d501b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Wed, 27 Sep 2023 15:07:13 GMT
x-content-type-options: nosniff
age: 178290
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 12652
x-xss-protection: 0
last-modified: Mon, 27 Jun 2022 22:07:07 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Thu, 26 Sep 2024 15:07:13 GMT

GET
DATA 200
OK truncated
/ Frame 77A1 206 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 44eefef34507164f4234b958d8f6906488a2521071379498041568bae9499b2e

Request headers

accept-language: fr-FR,fr;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ Frame 77A1 209 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: d7779d95203bed5280ee3281f856607f95ac5df680547356656c7109d7d0a6a6

Request headers

accept-language: fr-FR,fr;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H2 200 4UasrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RPjIUvQ.woff2
fonts.gstatic.com/s/googlesans/v58/ Frame 77A1 33 KB
34 KB 81ms
25ms Font
font/woff2 2a00:1450:4001:831::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/googlesans/v58/4UasrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RPjIUvQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

65c99d3b9f1a1b905046e30d00a97f2d4d605e565c32917e7a89a35926e04b98

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://googleads.g.doubleclick.net
accept-language: fr-FR,fr;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Tue, 26 Sep 2023 09:09:18 GMT
x-content-type-options: nosniff
age: 286165
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 34108
x-xss-protection: 0
last-modified: Tue, 23 May 2023 16:35:55 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 25 Sep 2024 09:09:18 GMT

GET
DATA 200
OK truncated
/ Frame 77A1 217 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 201cf993bfa35adcc6dff3e2d5f3f252db1ae227b31fc3f66625170993320302

Request headers

accept-language: fr-FR,fr;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

Content-Type: image/png

GET
H3

200

/
www.googleadservices.com/pagead/ar-adview/ Frame 77A1
Redirect Chain

https://googleads.g.doubleclick.net/pagead/adview?ai=C44xJkv0WZZ3WKKWS18cPn-eSkALL7fXvbcDU9qb8D7z5teOgDhABIIiblBVg--GFg5wKoAGVtq-eA8gBCagDAcgDywSqBNoBT9CVt5iufc4TGbnsvy2_zSKqbsJ-HNJk6VJCymC45It4689...
https://www.googleadservices.com/pagead/ar-adview/?nrh={%22debug_key%22:%228290293435339784128%22,%22debug_reporting%22:true,%22destination%22:%22https://avast.com%22,%22event_report_window%22:%222...

0
0

112ms
60ms

Fetch
text/css

216.58.206.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/ar-adview/?nrh={%22debug_key%22:%228290293435339784128%22,%22debug_reporting%22:true,%22destination%22:%22https://avast.com%22,%22event_report_window%22:%22259200%22,%22expiry%22:%222592000%22,%22filter_data%22:{%222%22:[%22868997909%22],%224%22:[%2209-29%22],%226%22:[%22true%22]},%22priority%22:%22500%22,%22source_event_id%22:%2212804059824424629553%22}&andc=true

Requested by

Host: panda-helper.org
URL: https://panda-helper.org/fr/

Protocol

Server

216.58.206.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lcfraa-aa-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Fri, 29 Sep 2023 16:38:43 GMT
x-content-type-options: nosniff
attribution-reporting-register-source: {"debug_key":"8290293435339784128","debug_reporting":true,"destination":"https://avast.com","event_report_window":"259200","expiry":"2592000","filter_data":{"2":["868997909"],"4":["09-29"],"6":["true"]},"priority":"500","source_event_id":"12804059824424629553"}
server: cafe
content-type: text/css; charset=UTF-8
access-control-allow-origin: https://googleads.g.doubleclick.net
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: private
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 29 Sep 2023 16:38:43 GMT

Redirect headers

content-security-policy: script-src 'none'; object-src 'none'
date: Fri, 29 Sep 2023 16:38:43 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
location: https://www.googleadservices.com/pagead/ar-adview/?nrh={"debug_key":"8290293435339784128","debug_reporting":true,"destination":"https://avast.com","event_report_window":"259200","expiry":"2592000","filter_data":{"2":["868997909"],"4":["09-29"],"6":["true"]},"priority":"500","source_event_id":"12804059824424629553"}&andc=true
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H2

200

B22807636.328317791;dc_pre=CLCHnvag0IEDFQDlEQgd4FEAdQ;dc_trk_aid=520608736;dc_trk_cid=117012770;ord=3777464884;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;gdpr=;gdpr_consent=;ltd=
ad.doubleclick.net/ddm/trackimp/N8714.2382313DOUBLECLICKBIDMANAG/ Frame 77A1
Redirect Chain

https://ad.doubleclick.net/ddm/trackimp/N8714.2382313DOUBLECLICKBIDMANAG/B22807636.328317791;dc_trk_aid=520608736;dc_trk_cid=117012770;ord=3777464884;dc_lat=;dc_rdid=;tag_for_child_directed_treatme...
https://ad.doubleclick.net/ddm/trackimp/N8714.2382313DOUBLECLICKBIDMANAG/B22807636.328317791;dc_pre=CLCHnvag0IEDFQDlEQgd4FEAdQ;dc_trk_aid=520608736;dc_trk_cid=117012770;ord=3777464884;dc_lat=;dc_rd...

42 B
247 B

49ms
48ms

Image
image/gif

142.250.185.166
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ad.doubleclick.net/ddm/trackimp/N8714.2382313DOUBLECLICKBIDMANAG/B22807636.328317791;dc_pre=CLCHnvag0IEDFQDlEQgd4FEAdQ;dc_trk_aid=520608736;dc_trk_cid=117012770;ord=3777464884;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;gdpr=;gdpr_consent=;ltd=?&cbvp=2

Requested by

Host: panda-helper.org
URL: https://panda-helper.org/fr/

Protocol

Server

142.250.185.166 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f6.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 29 Sep 2023 16:38:43 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Fri, 29 Sep 2023 16:38:43 GMT
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://ad.doubleclick.net/ddm/trackimp/N8714.2382313DOUBLECLICKBIDMANAG/B22807636.328317791;dc_pre=CLCHnvag0IEDFQDlEQgd4FEAdQ;dc_trk_aid=520608736;dc_trk_cid=117012770;ord=3777464884;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;gdpr=;gdpr_consent=;ltd=?&cbvp=2
content-type: text/html; charset=UTF-8
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
follow-only-when-prerender-shown: 1
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 fKmd0_GjkmbwxuPCHGJrquWY3DKtsFUpFSxCST8vOts.js Show response
pagead2.googlesyndication.com/bg/ Frame 8545 37 KB
14 KB 24ms
24ms Script
text/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/fKmd0_GjkmbwxuPCHGJrquWY3DKtsFUpFSxCST8vOts.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7ca99dd3f1a39266f0c6e3c21c626baae598dc32adb05529152c42493f2f3adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Tue, 26 Sep 2023 19:38:27 GMT
content-encoding: br
x-content-type-options: nosniff
age: 248416
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14789
x-xss-protection: 0
last-modified: Mon, 25 Sep 2023 09:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 25 Sep 2024 19:38:27 GMT

OPTIONS
H2 204 /
www.googleadservices.com/pagead/ar-adview/ Frame 0
0 130ms
59ms Preflight
text/html 216.58.206.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

216.58.206.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lcfraa-aa-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept: */*
Access-Control-Request-Headers: attribution-reporting-eligible
Access-Control-Request-Method: GET
Origin: https://googleads.g.doubleclick.net
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: attribution-reporting-eligible
access-control-allow-methods: POST, GET, OPTIONS
access-control-allow-origin: https://googleads.g.doubleclick.net
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
content-type: text/html; charset=UTF-8
date: Fri, 29 Sep 2023 16:38:43 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 16 KB
12 KB 125ms
74ms XHR
application/json 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20230927&st=env

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f4ec91b07ad5c9cca1e4cced46c59dc2629c2cfe4f1e9dba50f7160bad4dadb5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://panda-helper.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Fri, 29 Sep 2023 16:38:44 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 12119
x-xss-protection: 0

GET
H3 200 reactive_library_fy2021.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202309260101/ 153 KB
52 KB 74ms
74ms Script
text/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202309260101/reactive_library_fy2021.js?bust=31078216

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

463d23e4b4263e4491405dc4c30de5c1a137ccafe4f5b4b3cffc45be64e4b2fb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://panda-helper.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Fri, 29 Sep 2023 16:38:44 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 53269
x-xss-protection: 0
server: cafe
etag: 8016356212990101230
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=1209600
timing-allow-origin: *
expires: Fri, 29 Sep 2023 16:38:44 GMT

GET
H3 200 slotcar_library_fy2021.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202309260101/ 90 KB
31 KB 83ms
83ms Script
text/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202309260101/slotcar_library_fy2021.js?bust=31078216

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d544fde853a99d835a82be1ca3472592e12819019ce0d6428eeb465d3baed7e7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://panda-helper.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Fri, 29 Sep 2023 16:38:44 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 31688
x-xss-protection: 0
server: cafe
etag: 3082380309015931564
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=1209600
timing-allow-origin: *
expires: Fri, 29 Sep 2023 16:38:44 GMT

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame F4DA 127 KB
41 KB 857ms
857ms Document
text/html 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2367824146894034&output=html&h=280&adk=1213588912&adf=3416974341&pi=t.aa~a.2826166470~rp.1&w=1200&fwrn=4&fwrnh=100&lmt=1695702037&rafmt=1&to=qs&pwprc=3386368754&format=1200x280&url=https%3A%2F%2Fpanda-helper.org%2Ffr%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1696005524368&bpp=1&bdt=2381&idt=0&shv=r20230927&mjsv=m202309260101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D0ee212b87f97dcde-22528ed4b0de0051%3AT%3D1696005522%3ART%3D1696005522%3AS%3DALNI_MaMz4y-QGvnxZbmbjQAcsNuxpTI3Q&gpic=UID%3D00000c883deb3ba2%3AT%3D1696005522%3ART%3D1696005522%3AS%3DALNI_MZVFLS_xEtDHba2UuoUMHpGtqA2KQ&prev_fmts=0x0%2C1200x280&nras=3&correlator=8620002823418&frm=20&pv=1&ga_vid=433295321.1696005522&ga_sid=1696005522&ga_hid=392041215&ga_fc=0&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=1962&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C31078216%2C31078297&oid=2&psts=AOrYGsld08c72dXJsBu0PXty8nYJQumcvqvECHy8UpokGitRr5mg4xd9Ji4gbBY0MAZk-2H6_nxdUOLwghdqgd8P_3f9fg&pvsid=864622989496200&tmod=1336287825&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=3&uci=a!3&btvi=2&fsb=1&xpc=B9I5XhHIcH&p=https%3A//panda-helper.org&dtd=5

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

05a585462cab547021a23c78cf2da44e192a6d9e26ef16fccce12c23d4858e3f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://panda-helper.org/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36
accept-language: fr-FR,fr;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: br
content-length: 41485
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 29 Sep 2023 16:38:45 GMT
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20230927/r20110914/ Frame B223 10 KB
4 KB 25ms
24ms Document
text/html 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20230927/r20110914/zrt_lookup.html?fsb=1

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

041fe6e516177e777c651a95708ee4961723db34a974e8be9e6ba597a1313e51

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://panda-helper.org/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36
accept-language: fr-FR,fr;q=0.9

Response headers

age: 76175
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4471
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 28 Sep 2023 19:29:09 GMT
etag: 2603938475786422795
expires: Thu, 12 Oct 2023 19:29:09 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20230927/r20110914/ Frame 0A32 10 KB
4 KB 26ms
25ms Document
text/html 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20230927/r20110914/zrt_lookup.html?fsb=1

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

041fe6e516177e777c651a95708ee4961723db34a974e8be9e6ba597a1313e51

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://panda-helper.org/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36
accept-language: fr-FR,fr;q=0.9

Response headers

age: 76175
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4471
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 28 Sep 2023 19:29:09 GMT
etag: 2603938475786422795
expires: Thu, 12 Oct 2023 19:29:09 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
7 KB 41ms
41ms Script
text/javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://panda-helper.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Fri, 29 Sep 2023 16:38:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Fri, 29 Sep 2023 16:38:44 GMT

GET
H2 200 css2
fonts.googleapis.com/ Frame B223 4 KB
767 B 35ms
33ms Stylesheet
text/css 2a00:1450:4001:81c::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Roboto:wght@400;700&display=swap

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230927/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

2d0922bd18f06df3c7413fcd6a3f1c5ec9545b4b07b131e362f30df7275fc058

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Fri, 29 Sep 2023 16:38:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Fri, 29 Sep 2023 15:57:12 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Fri, 29 Sep 2023 16:38:44 GMT

GET
H2 200 feedback_grey600_24dp.png
www.gstatic.com/images/icons/material/system/2x/ Frame B223 205 B
520 B 26ms
25ms Image
image/png 2a00:1450:4001:82b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/images/icons/material/system/2x/feedback_grey600_24dp.png

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230927/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4d45982f2dc34f36c9045ee46a75a1943666bb7fd64e103cac8c7429e7012840

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Tue, 26 Sep 2023 09:09:18 GMT
x-content-type-options: nosniff
age: 286166
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 205
x-xss-protection: 0
last-modified: Thu, 20 Jul 2023 22:48:00 GMT
server: sffe
vary: Origin
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
expires: Wed, 25 Sep 2024 09:09:18 GMT

GET
H2 200 settings_grey600_24dp.png
www.gstatic.com/images/icons/material/system/2x/ Frame B223 604 B
695 B 27ms
26ms Image
image/png 2a00:1450:4001:82b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/images/icons/material/system/2x/settings_grey600_24dp.png

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230927/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5c4a713ee4250851232be9f9f68d41586be39b299528cfc7266e0b0e7e582e1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Wed, 27 Sep 2023 14:19:53 GMT
x-content-type-options: nosniff
age: 181131
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 604
x-xss-protection: 0
last-modified: Thu, 20 Jul 2023 22:48:00 GMT
server: sffe
vary: Origin
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
expires: Thu, 26 Sep 2024 14:19:53 GMT

GET
H2 200 fullscreen_api_adapter_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230927/r20110914/elements/html/ Frame B223 15 KB
7 KB 25ms
25ms Script
text/javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230927/r20110914/elements/html/fullscreen_api_adapter_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230927/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c6ece8077c8a8d8d057b5a03c892dcf1fed9da76ff1bc964cd17416008752c48

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Thu, 28 Sep 2023 21:24:57 GMT
content-encoding: br
x-content-type-options: nosniff
age: 69227
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6551
x-xss-protection: 0
server: cafe
etag: 511223485441000916
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 12 Oct 2023 21:24:57 GMT

GET
H2 200 interstitial_ad_frame_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230927/r20110914/elements/html/ Frame B223 20 KB
8 KB 27ms
27ms Script
text/javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230927/r20110914/elements/html/interstitial_ad_frame_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230927/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

bd91080d2c7f2120ad82727f5c07bbb439b810ed4035993ddb1825ca1611396b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Thu, 28 Sep 2023 17:10:26 GMT
content-encoding: br
x-content-type-options: nosniff
age: 84498
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8566
x-xss-protection: 0
server: cafe
etag: 5625731030761120726
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 12 Oct 2023 17:10:26 GMT

GET
H2 200 7a9087b9716ee70ebefd221ff96707f0.js Show response
www.gstatic.com/mysidia/ Frame 0A32 9 KB
4 KB 25ms
25ms Script
text/javascript 2a00:1450:4001:82b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/7a9087b9716ee70ebefd221ff96707f0.js?tag=client_fast_engine_2019

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230927/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ce8f9d182af5969cdafad9b5f0e5c1fb14d5d087b3d798c44ee208b00684cc35

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Fri, 29 Sep 2023 10:18:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 22843
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 3907
x-xss-protection: 0
last-modified: Mon, 25 Sep 2023 20:14:59 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Thu, 28 Dec 2023 10:18:01 GMT

GET
H2 200 e90fa93b117dc424f62dd20c7a276c74.js Show response
www.gstatic.com/mysidia/ Frame 0A32 11 KB
5 KB 27ms
26ms Script
text/javascript 2a00:1450:4001:82b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/e90fa93b117dc424f62dd20c7a276c74.js?tag=text/vanilla_highlight

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230927/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

86ba91ffdcece964d969b05cff1c7b3b94532e589870491f0714f6da82844971

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Fri, 29 Sep 2023 10:18:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 22843
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4835
x-xss-protection: 0
last-modified: Mon, 25 Sep 2023 20:14:59 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Thu, 28 Dec 2023 10:18:01 GMT

GET
H2 200 css
fonts.googleapis.com/ Frame 0A32 15 KB
1 KB 34ms
33ms Stylesheet
text/css 2a00:1450:4001:81c::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500&display=swap

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230927/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

62218c89aeba998ce96c351c07bba16f0f37d591eb24b3a5c954fae4adda5cc1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Fri, 29 Sep 2023 16:38:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Fri, 29 Sep 2023 15:34:34 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Fri, 29 Sep 2023 16:38:44 GMT

GET
H2 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230927/r20110914/ Frame 0A32 23 KB
9 KB 29ms
27ms Script
text/javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230927/r20110914/abg_lite_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230927/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9941d25da2d400e2cbc1c979d7ecae4a9b418158d3825d03e09650e0799dcefb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Thu, 28 Sep 2023 16:48:57 GMT
content-encoding: br
x-content-type-options: nosniff
age: 85787
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9135
x-xss-protection: 0
server: cafe
etag: 9583221549990841032
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 12 Oct 2023 16:48:57 GMT

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230927/r20110914/client/ Frame 0A32 3 KB
1 KB 31ms
30ms Script
text/javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230927/r20110914/client/window_focus_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230927/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Fri, 29 Sep 2023 09:05:30 GMT
content-encoding: br
x-content-type-options: nosniff
age: 27194
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 13 Oct 2023 09:05:30 GMT

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230927/r20110914/client/ Frame 0A32 20 KB
8 KB 25ms
24ms Script
text/javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230927/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230927/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

113c3c3c7de8fe21fe5a6d4b6c367d658dab1dc5b5f820393e0b98fc11032771

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Thu, 28 Sep 2023 16:48:58 GMT
content-encoding: br
x-content-type-options: nosniff
age: 85786
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8282
x-xss-protection: 0
server: cafe
etag: 5314254467506293444
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 12 Oct 2023 16:48:58 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 0A32 182 KB
57 KB 62ms
61ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230927/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

71ba7e09487750d7426b3bd64cf57facb8eb119939eb7055138ee55f13bb6f05

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Fri, 29 Sep 2023 16:38:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 58285
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1695814262870679"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 29 Sep 2023 16:38:44 GMT

GET
H2 200 fda82c26911938d9c7ca79f9220f8b0c.js Show response
www.gstatic.com/mysidia/ Frame 0A32 36 KB
15 KB 28ms
27ms Script
text/javascript 2a00:1450:4001:82b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/fda82c26911938d9c7ca79f9220f8b0c.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230927/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8f1843ba4bdea64726280f2365f8ad8a47e70ee54327f98273daf7fac5120074

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Fri, 29 Sep 2023 10:18:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 22843
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15328
x-xss-protection: 0
last-modified: Mon, 25 Sep 2023 20:14:59 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Thu, 28 Dec 2023 10:18:01 GMT

GET
H2 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame DB06 13 KB
5 KB 25ms
24ms Document
text/html 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://panda-helper.org/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36
accept-language: fr-FR,fr;q=0.9

Response headers

accept-ranges: bytes
age: 24370
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Fri, 29 Sep 2023 09:52:34 GMT
expires: Sat, 28 Sep 2024 09:52:34 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 aframe Show response
www.google.com/recaptcha/api2/ Frame D05B 829 B
1 KB 90ms
33ms Document
text/html 2a00:1450:4001:810::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

409b3027a41a3692aa0e2b60d389d84ef2e4fe71d996d3a25b6a291704254c5c

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-rWHQmHz8lgeS-Ux_rYeGDg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://panda-helper.org/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36
accept-language: fr-FR,fr;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=300
content-encoding: gzip
content-security-policy: script-src 'report-sample' 'nonce-rWHQmHz8lgeS-Ux_rYeGDg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Fri, 29 Sep 2023 16:38:44 GMT
expires: Fri, 29 Sep 2023 16:38:44 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H2 200 css
fonts.googleapis.com/ Frame 3D43 7 KB
795 B 33ms
33ms Stylesheet
text/css 2a00:1450:4001:81c::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto%3A300%2C400%2C700&display=swap

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230927/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

e40dbc6da95b47d932014e5a93f35b13a341a37ea6fe7559dca041dc77271cd6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Fri, 29 Sep 2023 16:38:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Fri, 29 Sep 2023 14:47:24 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Fri, 29 Sep 2023 16:38:44 GMT

GET
H3 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230927/r20110914/ Frame 3D43 23 KB
9 KB 25ms
24ms Script
text/javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230927/r20110914/abg_lite_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230927/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9941d25da2d400e2cbc1c979d7ecae4a9b418158d3825d03e09650e0799dcefb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Thu, 28 Sep 2023 16:48:57 GMT
content-encoding: br
x-content-type-options: nosniff
age: 85787
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9135
x-xss-protection: 0
server: cafe
etag: 9583221549990841032
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 12 Oct 2023 16:48:57 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230927/r20110914/client/ Frame 3D43 3 KB
1 KB 33ms
33ms Script
text/javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230927/r20110914/client/window_focus_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230927/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Fri, 29 Sep 2023 09:05:30 GMT
content-encoding: br
x-content-type-options: nosniff
age: 27194
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 13 Oct 2023 09:05:30 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230927/r20110914/client/ Frame 3D43 20 KB
8 KB 26ms
25ms Script
text/javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230927/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230927/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

113c3c3c7de8fe21fe5a6d4b6c367d658dab1dc5b5f820393e0b98fc11032771

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Thu, 28 Sep 2023 16:48:58 GMT
content-encoding: br
x-content-type-options: nosniff
age: 85786
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8282
x-xss-protection: 0
server: cafe
etag: 5314254467506293444
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 12 Oct 2023 16:48:58 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 3D43 182 KB
57 KB 43ms
42ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230927/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

71ba7e09487750d7426b3bd64cf57facb8eb119939eb7055138ee55f13bb6f05

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Fri, 29 Sep 2023 16:38:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 58285
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1695814262870679"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 29 Sep 2023 16:38:44 GMT

GET
H2 200 fda82c26911938d9c7ca79f9220f8b0c.js Show response
www.gstatic.com/mysidia/ Frame 3D43 36 KB
15 KB 25ms
25ms Script
text/javascript 2a00:1450:4001:82b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/fda82c26911938d9c7ca79f9220f8b0c.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230927/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8f1843ba4bdea64726280f2365f8ad8a47e70ee54327f98273daf7fac5120074

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Fri, 29 Sep 2023 10:18:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 22843
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15328
x-xss-protection: 0
last-modified: Mon, 25 Sep 2023 20:14:59 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Thu, 28 Dec 2023 10:18:01 GMT

GET
H3 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame CAA7 143 B
166 B 25ms
25ms Document
text/html 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230927/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/html/r20230927/r20110914/zrt_lookup.html?fsb=1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36
accept-language: fr-FR,fr;q=0.9

Response headers

age: 901
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=3600
content-encoding: gzip
content-length: 145
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 29 Sep 2023 16:23:43 GMT
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 BAadeGEE1qHjsQ6c_rqFtjeXulPdvwUFIKdhRpM9mgY.js Show response
pagead2.googlesyndication.com/bg/ Frame DB06 37 KB
14 KB 26ms
24ms Script
text/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/BAadeGEE1qHjsQ6c_rqFtjeXulPdvwUFIKdhRpM9mgY.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

04069d786104d6a1e3b10e9cfeba85b63797ba53ddbf050520a76146933d9a06

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Fri, 29 Sep 2023 10:19:24 GMT
content-encoding: br
x-content-type-options: nosniff
age: 22760
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14550
x-xss-protection: 0
last-modified: Mon, 25 Sep 2023 09:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sat, 28 Sep 2024 10:19:24 GMT

POST
H3 204 ping
pagead2.googlesyndication.com/pagead/ 0
0 130ms
130ms Fetch
text/html 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://pagead2.googlesyndication.com/pagead/ping?e=1
Requested by: Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: https://panda-helper.org/
accept-language: fr-FR,fr;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

GET
H3

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame CAA7
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

0
17 B

34ms
34ms

Document
text/html

2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230927/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36
accept-language: fr-FR,fr;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 29 Sep 2023 16:38:44 GMT
expires: Fri, 29 Sep 2023 16:38:44 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
x-content-type-options: nosniff
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 29 Sep 2023 16:38:44 GMT
location: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 fKmd0_GjkmbwxuPCHGJrquWY3DKtsFUpFSxCST8vOts.js Show response
pagead2.googlesyndication.com/bg/ Frame CF5B 37 KB
14 KB 25ms
25ms Script
text/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/fKmd0_GjkmbwxuPCHGJrquWY3DKtsFUpFSxCST8vOts.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230927/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7ca99dd3f1a39266f0c6e3c21c626baae598dc32adb05529152c42493f2f3adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Tue, 26 Sep 2023 19:38:27 GMT
content-encoding: br
x-content-type-options: nosniff
age: 248417
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14789
x-xss-protection: 0
last-modified: Mon, 25 Sep 2023 09:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 25 Sep 2024 19:38:27 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame D05B 0
0 125ms
125ms Image
text/html 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gda_r20230927&jk=864622989496200&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

GET
H3

200

/
www.googleadservices.com/pagead/ar-adview/ Frame 0A32
Redirect Chain

https://googleads.g.doubleclick.net/pagead/adview?ai=C1g2ekv0WZY3kKauHn88Pyei56ArL7fXvbcDU9qb8D7z5teOgDhABIIiblBVg--GFg5wKoAGVtq-eA8gBAagDAcgDywSqBNoBT9C4NSMaHDMcpL8T53Jx424mFS6xgGnJETcGV1pCe2QX7pZ...
https://www.googleadservices.com/pagead/ar-adview/?nrh={%22debug_key%22:%2215408599115339769866%22,%22debug_reporting%22:true,%22destination%22:%22https://avast.com%22,%22event_report_window%22:%22...

0
0

61ms
60ms

Fetch
text/css

216.58.206.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/ar-adview/?nrh={%22debug_key%22:%2215408599115339769866%22,%22debug_reporting%22:true,%22destination%22:%22https://avast.com%22,%22event_report_window%22:%22259200%22,%22expiry%22:%222592000%22,%22filter_data%22:{%222%22:[%22868997909%22],%224%22:[%2209-29%22],%226%22:[%22true%22]},%22priority%22:%22500%22,%22source_event_id%22:%2218040749254449053265%22}&andc=true

Protocol

Server

216.58.206.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lcfraa-aa-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Fri, 29 Sep 2023 16:38:44 GMT
x-content-type-options: nosniff
attribution-reporting-register-source: {"debug_key":"15408599115339769866","debug_reporting":true,"destination":"https://avast.com","event_report_window":"259200","expiry":"2592000","filter_data":{"2":["868997909"],"4":["09-29"],"6":["true"]},"priority":"500","source_event_id":"18040749254449053265"}
server: cafe
content-type: text/css; charset=UTF-8
access-control-allow-origin: https://googleads.g.doubleclick.net
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: private
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 29 Sep 2023 16:38:44 GMT

Redirect headers

content-security-policy: script-src 'none'; object-src 'none'
date: Fri, 29 Sep 2023 16:38:44 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
location: https://www.googleadservices.com/pagead/ar-adview/?nrh={"debug_key":"15408599115339769866","debug_reporting":true,"destination":"https://avast.com","event_report_window":"259200","expiry":"2592000","filter_data":{"2":["868997909"],"4":["09-29"],"6":["true"]},"priority":"500","source_event_id":"18040749254449053265"}&andc=true
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H3

200

B22807636.328317791;dc_pre=CLCc2_ag0IEDFenvEQgdQJ8Cbg;dc_trk_aid=520608736;dc_trk_cid=117012770;ord=2777684727;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;gdpr=;gdpr_consent=;ltd=
ad.doubleclick.net/ddm/trackimp/N8714.2382313DOUBLECLICKBIDMANAG/ Frame 0A32
Redirect Chain

https://ad.doubleclick.net/ddm/trackimp/N8714.2382313DOUBLECLICKBIDMANAG/B22807636.328317791;dc_trk_aid=520608736;dc_trk_cid=117012770;ord=2777684727;dc_lat=;dc_rdid=;tag_for_child_directed_treatme...
https://ad.doubleclick.net/ddm/trackimp/N8714.2382313DOUBLECLICKBIDMANAG/B22807636.328317791;dc_pre=CLCc2_ag0IEDFenvEQgdQJ8Cbg;dc_trk_aid=520608736;dc_trk_cid=117012770;ord=2777684727;dc_lat=;dc_rd...

42 B
63 B

46ms
46ms

Image
image/gif

142.250.185.166
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ad.doubleclick.net/ddm/trackimp/N8714.2382313DOUBLECLICKBIDMANAG/B22807636.328317791;dc_pre=CLCc2_ag0IEDFenvEQgdQJ8Cbg;dc_trk_aid=520608736;dc_trk_cid=117012770;ord=2777684727;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;gdpr=;gdpr_consent=;ltd=?&cbvp=2

Protocol

Server

142.250.185.166 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f6.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 29 Sep 2023 16:38:44 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Fri, 29 Sep 2023 16:38:44 GMT
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://ad.doubleclick.net/ddm/trackimp/N8714.2382313DOUBLECLICKBIDMANAG/B22807636.328317791;dc_pre=CLCc2_ag0IEDFenvEQgdQJ8Cbg;dc_trk_aid=520608736;dc_trk_cid=117012770;ord=2777684727;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;gdpr=;gdpr_consent=;ltd=?&cbvp=2
content-type: text/html; charset=UTF-8
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
follow-only-when-prerender-shown: 1
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 fKmd0_GjkmbwxuPCHGJrquWY3DKtsFUpFSxCST8vOts.js Show response
pagead2.googlesyndication.com/bg/ Frame DE31 37 KB
14 KB 25ms
25ms Script
text/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/fKmd0_GjkmbwxuPCHGJrquWY3DKtsFUpFSxCST8vOts.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230927/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7ca99dd3f1a39266f0c6e3c21c626baae598dc32adb05529152c42493f2f3adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Tue, 26 Sep 2023 19:38:27 GMT
content-encoding: br
x-content-type-options: nosniff
age: 248417
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14789
x-xss-protection: 0
last-modified: Mon, 25 Sep 2023 09:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 25 Sep 2024 19:38:27 GMT

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame DB06 0
10 B 25ms
24ms Image
text/plain 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?g8AjSg
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Fri, 29 Sep 2023 16:38:44 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

OPTIONS
H2 204 /
www.googleadservices.com/pagead/ar-adview/ Frame 0
0 60ms
59ms Preflight
text/html 216.58.206.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

216.58.206.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lcfraa-aa-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept: */*
Access-Control-Request-Headers: attribution-reporting-eligible
Access-Control-Request-Method: GET
Origin: https://googleads.g.doubleclick.net
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: attribution-reporting-eligible
access-control-allow-methods: POST, GET, OPTIONS
access-control-allow-origin: https://googleads.g.doubleclick.net
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
content-type: text/html; charset=UTF-8
date: Fri, 29 Sep 2023 16:38:44 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 css
fonts.googleapis.com/ Frame F4DA 4 KB
641 B 36ms
35ms Stylesheet
text/css 2a00:1450:4001:81c::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Google%20Sans%20Display%3A400%2C500&display=swap

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2367824146894034&output=html&h=280&adk=1213588912&adf=3416974341&pi=t.aa~a.2826166470~rp.1&w=1200&fwrn=4&fwrnh=100&lmt=1695702037&rafmt=1&to=qs&pwprc=3386368754&format=1200x280&url=https%3A%2F%2Fpanda-helper.org%2Ffr%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1696005524368&bpp=1&bdt=2381&idt=0&shv=r20230927&mjsv=m202309260101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D0ee212b87f97dcde-22528ed4b0de0051%3AT%3D1696005522%3ART%3D1696005522%3AS%3DALNI_MaMz4y-QGvnxZbmbjQAcsNuxpTI3Q&gpic=UID%3D00000c883deb3ba2%3AT%3D1696005522%3ART%3D1696005522%3AS%3DALNI_MZVFLS_xEtDHba2UuoUMHpGtqA2KQ&prev_fmts=0x0%2C1200x280&nras=3&correlator=8620002823418&frm=20&pv=1&ga_vid=433295321.1696005522&ga_sid=1696005522&ga_hid=392041215&ga_fc=0&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=1962&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C31078216%2C31078297&oid=2&psts=AOrYGsld08c72dXJsBu0PXty8nYJQumcvqvECHy8UpokGitRr5mg4xd9Ji4gbBY0MAZk-2H6_nxdUOLwghdqgd8P_3f9fg&pvsid=864622989496200&tmod=1336287825&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=3&uci=a!3&btvi=2&fsb=1&xpc=B9I5XhHIcH&p=https%3A//panda-helper.org&dtd=5

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

15aca4df1408b29fcdb78e6e5e6dc3526b18cfceb22c7e1aa71a463ce6b4c328

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Fri, 29 Sep 2023 16:38:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Fri, 29 Sep 2023 16:06:44 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Fri, 29 Sep 2023 16:38:45 GMT

GET
H3 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230927/r20110914/ Frame F4DA 23 KB
9 KB 28ms
26ms Script
text/javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230927/r20110914/abg_lite_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9941d25da2d400e2cbc1c979d7ecae4a9b418158d3825d03e09650e0799dcefb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Thu, 28 Sep 2023 16:48:57 GMT
content-encoding: br
x-content-type-options: nosniff
age: 85788
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9135
x-xss-protection: 0
server: cafe
etag: 9583221549990841032
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 12 Oct 2023 16:48:57 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230927/r20110914/client/ Frame F4DA 3 KB
1 KB 25ms
25ms Script
text/javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230927/r20110914/client/window_focus_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Fri, 29 Sep 2023 09:05:30 GMT
content-encoding: br
x-content-type-options: nosniff
age: 27195
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 13 Oct 2023 09:05:30 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230927/r20110914/client/ Frame F4DA 20 KB
8 KB 28ms
27ms Script
text/javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230927/r20110914/client/qs_click_protection_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

113c3c3c7de8fe21fe5a6d4b6c367d658dab1dc5b5f820393e0b98fc11032771

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Thu, 28 Sep 2023 16:48:58 GMT
content-encoding: br
x-content-type-options: nosniff
age: 85787
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8282
x-xss-protection: 0
server: cafe
etag: 5314254467506293444
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 12 Oct 2023 16:48:58 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame F4DA 182 KB
57 KB 57ms
56ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

71ba7e09487750d7426b3bd64cf57facb8eb119939eb7055138ee55f13bb6f05

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Fri, 29 Sep 2023 16:38:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 58285
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1695814262870679"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 29 Sep 2023 16:38:45 GMT

GET
H3 200 fda82c26911938d9c7ca79f9220f8b0c.js Show response
www.gstatic.com/mysidia/ Frame F4DA 36 KB
15 KB 25ms
24ms Script
text/javascript 2a00:1450:4001:82b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/fda82c26911938d9c7ca79f9220f8b0c.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8f1843ba4bdea64726280f2365f8ad8a47e70ee54327f98273daf7fac5120074

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Fri, 29 Sep 2023 10:18:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 22844
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15328
x-xss-protection: 0
last-modified: Mon, 25 Sep 2023 20:14:59 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Thu, 28 Dec 2023 10:18:01 GMT

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame CB8C 1 KB
643 B 25ms
24ms Document
text/html 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36
accept-language: fr-FR,fr;q=0.9

Response headers

age: 31400
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=86400
content-encoding: br
content-length: 618
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 29 Sep 2023 07:55:25 GMT
etag: 48472445140208031
expires: Sat, 30 Sep 2023 07:55:25 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 6137984810067803391
tpc.googlesyndication.com/gpa_images/simgad/ Frame F4DA 11 KB
12 KB 28ms
27ms Image
image/jpeg 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/gpa_images/simgad/6137984810067803391?w=300&h=300

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c69b6633ac4d626d7105701e56cb59529e83fd55fc5385dc847b661ab301e1f6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Fri, 29 Sep 2023 07:37:26 GMT
x-content-type-options: nosniff
age: 32479
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11760
x-xss-protection: 0
last-modified: Sun, 21 May 2023 21:27:13 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Sat, 28 Sep 2024 07:37:26 GMT

GET
H3 200 11485212250087522084
tpc.googlesyndication.com/gpa_images/simgad/ Frame F4DA 21 KB
21 KB 29ms
27ms Image
image/jpeg 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/gpa_images/simgad/11485212250087522084?w=300&h=300

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

65ac22bc0f5cd5731445ac4dbb1f93bb6f0dd20d98d9a558573482b50ec37f5a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Fri, 29 Sep 2023 08:10:14 GMT
x-content-type-options: nosniff
age: 30511
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 21780
x-xss-protection: 0
last-modified: Sun, 21 May 2023 13:18:51 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Sat, 28 Sep 2024 08:10:14 GMT

GET
H3 200 11867194959874358916
tpc.googlesyndication.com/gpa_images/simgad/ Frame F4DA 17 KB
17 KB 40ms
38ms Image
image/jpeg 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/gpa_images/simgad/11867194959874358916?w=300&h=300

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e5bbb446ca6a7a3854f70d091d258cfea199b4736d7f183f9b82408d0d3a57e0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Fri, 29 Sep 2023 08:03:27 GMT
x-content-type-options: nosniff
age: 30918
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 17713
x-xss-protection: 0
last-modified: Fri, 19 May 2023 11:37:32 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Sat, 28 Sep 2024 08:03:27 GMT

GET
H3 200 13026541338535640986
tpc.googlesyndication.com/gpa_images/simgad/ Frame F4DA 30 KB
30 KB 50ms
48ms Image
image/jpeg 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/gpa_images/simgad/13026541338535640986?w=300&h=300

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

162bdc0e03e25e189d3a75029250f239091de4938e136cfa992892841a6ba650

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Fri, 29 Sep 2023 09:59:26 GMT
x-content-type-options: nosniff
age: 23959
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 30458
x-xss-protection: 0
last-modified: Sun, 21 May 2023 12:38:38 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Sat, 28 Sep 2024 09:59:26 GMT

GET
H3

200

14251315252457269813
tpc.googlesyndication.com/simgad/ Frame F4DA
Redirect Chain

https://tpc.googlesyndication.com/pageadimg/imgad?id=CICAgODc-ZmqUxCBARiAATIIpcZJRVLpa0A
https://tpc.googlesyndication.com/simgad/14251315252457269813

2 KB
2 KB

25ms
25ms

Image
image/png

2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/14251315252457269813

Requested by

Protocol

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d01cbb03fcaede38be343ca9cf8dc8108d48d27484572d1d62788ac002de06bf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Wed, 27 Sep 2023 22:27:20 GMT
x-content-type-options: nosniff
age: 151885
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1618
x-xss-protection: 0
last-modified: Wed, 30 Nov 2022 07:22:18 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Thu, 26 Sep 2024 22:27:20 GMT

Redirect headers

date: Fri, 29 Sep 2023 08:46:06 GMT
x-content-type-options: nosniff
server: cafe
age: 28359
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
location: https://tpc.googlesyndication.com/simgad/14251315252457269813
content-type: text/html; charset=UTF-8
cache-control: public, max-age=2592000
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Sun, 29 Oct 2023 08:46:06 GMT

GET
DATA 200
OK truncated
/ Frame F4DA 212 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: f9e245e40521a8dfb6c18f03baf4f2b41657a745774e59e807d9595e9f42ea6c

Request headers

accept-language: fr-FR,fr;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 ea8IacM9Wef3EJPWRrHjgE4B6CnlZxHVBg3etBD7TA.woff2
fonts.gstatic.com/s/googlesansdisplay/v21/ Frame F4DA 21 KB
21 KB 27ms
25ms Font
font/woff2 2a00:1450:4001:831::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/googlesansdisplay/v21/ea8IacM9Wef3EJPWRrHjgE4B6CnlZxHVBg3etBD7TA.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google%20Sans%20Display%3A400%2C500&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

92a7f8224a1ba2ccfa92d3e1fc55ee5aa7ae20a0fcd80d3331bd660878a090f5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://googleads.g.doubleclick.net
accept-language: fr-FR,fr;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Sat, 23 Sep 2023 05:15:19 GMT
x-content-type-options: nosniff
age: 559406
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 21428
x-xss-protection: 0
last-modified: Tue, 19 Apr 2022 19:32:46 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 22 Sep 2024 05:15:19 GMT

GET
H2 200 ea8FacM9Wef3EJPWRrHjgE4B6CnlZxHVDv79oQ.woff2
fonts.gstatic.com/s/googlesansdisplay/v21/ Frame F4DA 20 KB
20 KB 34ms
32ms Font
font/woff2 2a00:1450:4001:831::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/googlesansdisplay/v21/ea8FacM9Wef3EJPWRrHjgE4B6CnlZxHVDv79oQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google%20Sans%20Display%3A400%2C500&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

acc5497e76f832d950d14fcfa047dc3c864f7a0aae4c7a20521c0c655a53033b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://googleads.g.doubleclick.net
accept-language: fr-FR,fr;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Sat, 23 Sep 2023 07:15:13 GMT
x-content-type-options: nosniff
age: 552212
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20784
x-xss-protection: 0
last-modified: Tue, 19 Apr 2022 19:21:31 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 22 Sep 2024 07:15:13 GMT

GET
H2

200

/
r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/ Frame CB8C
Redirect Chain

https://ad.turn.com/r/cs?pid=3&google_gid=CAESEAx9woZTiYuhm1a4jyJTTRY&google_cver=1&google_push=AXcoOmSe08bqTyGykYSQkTapxoMe3nBt8CfdT60dChQmqixKZwgPr7shNa4D6K5L228_hIv6C2wPKgGygPrwjnnaEOsgN3iCRlNp3g
https://cm.g.doubleclick.net/pixel?google_nid=turn1&google_cm&google_sc&google_hm=ODkxMDU4MTg1NTY2NzA2MDYwNQ==&gdpr=&gdpr_consent=
https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?gdpr=&gdpr_consent=&google_gid=CAESEAx9woZTiYuhm1a4jyJTTRY&google_cver=1

43 B
398 B

50ms
25ms

Image
image/gif

2001:678:cb4:bbbb::11
AMOBEE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?gdpr=&gdpr_consent=&google_gid=CAESEAx9woZTiYuhm1a4jyJTTRY&google_cver=1
Protocol: H2
Server: 2001:678:cb4:bbbb::11 , United Kingdom, ASN56396 (AMOBEE, GB),
Reverse DNS
Software: /
Resource Hash: 48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

content-type: image/gif
pragma: no-cache
date: Fri, 29 Sep 2023 16:38:45 GMT
cache-control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
content-length: 43
p3p: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"

Redirect headers

pragma: no-cache
date: Fri, 29 Sep 2023 16:38:45 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?gdpr=&gdpr_consent=&google_gid=CAESEAx9woZTiYuhm1a4jyJTTRY&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 329
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 sync
x.bidswitch.net/ Frame CB8C 43 B
146 B 80ms
22ms Image
image/gif 3.127.97.70
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://x.bidswitch.net/sync?ssp=google&google_gid=CAESEN8whgfidulxHH_mKoVSGRo&google_cver=1&google_push=AXcoOmSBVRA30hOL9DoMIpcOcWeHQweWK4hoH4ZPDUDhxmY1WoMzV4uqr_8pJ2USALvSfWHRVnQqxr2ashUSHI54kYe68ckf2cKj2w
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2367824146894034&output=html&h=280&adk=1213588912&adf=3416974341&pi=t.aa~a.2826166470~rp.1&w=1200&fwrn=4&fwrnh=100&lmt=1695702037&rafmt=1&to=qs&pwprc=3386368754&format=1200x280&url=https%3A%2F%2Fpanda-helper.org%2Ffr%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1696005524368&bpp=1&bdt=2381&idt=0&shv=r20230927&mjsv=m202309260101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D0ee212b87f97dcde-22528ed4b0de0051%3AT%3D1696005522%3ART%3D1696005522%3AS%3DALNI_MaMz4y-QGvnxZbmbjQAcsNuxpTI3Q&gpic=UID%3D00000c883deb3ba2%3AT%3D1696005522%3ART%3D1696005522%3AS%3DALNI_MZVFLS_xEtDHba2UuoUMHpGtqA2KQ&prev_fmts=0x0%2C1200x280&nras=3&correlator=8620002823418&frm=20&pv=1&ga_vid=433295321.1696005522&ga_sid=1696005522&ga_hid=392041215&ga_fc=0&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=1962&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C31078216%2C31078297&oid=2&psts=AOrYGsld08c72dXJsBu0PXty8nYJQumcvqvECHy8UpokGitRr5mg4xd9Ji4gbBY0MAZk-2H6_nxdUOLwghdqgd8P_3f9fg&pvsid=864622989496200&tmod=1336287825&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=3&uci=a!3&btvi=2&fsb=1&xpc=B9I5XhHIcH&p=https%3A//panda-helper.org&dtd=5
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.127.97.70 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-127-97-70.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Fri, 29 Sep 2023 16:38:45 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 43
content-type: image/gif

GET
H2

200

pixel
cm.g.doubleclick.net/ Frame CB8C
Redirect Chain

https://pr-bh.ybp.yahoo.com/sync/adx?google_gid=CAESEP6c8hE98xZfUNaFfBIDJA0&google_cver=1&google_push=AXcoOmScGV4lom5SdWOuBZ_riO8ga18FJIXW8mOqfiCJTYKuvL1HnIUEaR-lwkRptiC0bJNC9fo-aSh-u8VcE9GYI3g-U6c...
https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=AXcoOmScGV4lom5SdWOuBZ_riO8ga18FJIXW8mOqfiCJTYKuvL1HnIUEaR-lwkRptiC0bJNC9fo-aSh-u8VcE9GYI3g-U6c6OKlP&google_hm=eS1lM2dxSVI1RTJwRm83MW...

170 B
232 B

35ms
35ms

Image
image/png

172.217.16.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=AXcoOmScGV4lom5SdWOuBZ_riO8ga18FJIXW8mOqfiCJTYKuvL1HnIUEaR-lwkRptiC0bJNC9fo-aSh-u8VcE9GYI3g-U6c6OKlP&google_hm=eS1lM2dxSVI1RTJwRm83MW5xMGx1TWMzZU9WNjBPeTVyMX5B

Protocol

Server

172.217.16.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s08-in-f194.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 29 Sep 2023 16:38:45 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Fri, 29 Sep 2023 16:38:45 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
server: ATS
content-security-policy: sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
age: 0
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-frame-options: DENY
location: https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=AXcoOmScGV4lom5SdWOuBZ_riO8ga18FJIXW8mOqfiCJTYKuvL1HnIUEaR-lwkRptiC0bJNC9fo-aSh-u8VcE9GYI3g-U6c6OKlP&google_hm=eS1lM2dxSVI1RTJwRm83MW5xMGx1TWMzZU9WNjBPeTVyMX5B
content-length: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame CB8C
Redirect Chain

https://c1.adform.net/serving/cookie/match/?party=1&google_gid=CAESENWqfdYAovunqrX6CCpTZpU&google_cver=1&google_push=AXcoOmRfOiNDsA126hwCwxxTSUrg6Kk47QufLRf8Hmd9rt4K-tKJtberFfitseTNQ08Ghv7oJrggEB5F...
https://c1.adform.net/serving/cookie/match/?CC=1&party=1&google_gid=CAESENWqfdYAovunqrX6CCpTZpU&google_cver=1&google_push=AXcoOmRfOiNDsA126hwCwxxTSUrg6Kk47QufLRf8Hmd9rt4K-tKJtberFfitseTNQ08Ghv7oJrg...
https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=NjkxMTQzNzY2NTY3OTE1NzEwNQ&google_push=AXcoOmRfOiNDsA126hwCwxxTSUrg6Kk47QufLRf8Hmd9rt4K-tKJtberFfitseTNQ08Ghv7oJrggEB...

170 B
188 B

35ms
35ms

Image
image/png

172.217.16.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=NjkxMTQzNzY2NTY3OTE1NzEwNQ&google_push=AXcoOmRfOiNDsA126hwCwxxTSUrg6Kk47QufLRf8Hmd9rt4K-tKJtberFfitseTNQ08Ghv7oJrggEB5FCx-JIpFvHBcZp7Iyh9E8CQ

Protocol

Server

172.217.16.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s08-in-f194.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 29 Sep 2023 16:38:45 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Fri, 29 Sep 2023 16:38:45 GMT
strict-transport-security: max-age=31536000; includeSubDomains
server: nginx
accept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version
access-control-max-age: 86400
access-control-allow-methods: GET
location: https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=NjkxMTQzNzY2NTY3OTE1NzEwNQ&google_push=AXcoOmRfOiNDsA126hwCwxxTSUrg6Kk47QufLRf8Hmd9rt4K-tKJtberFfitseTNQ08Ghv7oJrggEB5FCx-JIpFvHBcZp7Iyh9E8CQ
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
content-length: 0
expires: -1

GET googleredir
googlecm.hit.gemius.pl/ Frame CB8C 0
0

GET
H2

200

pixel
cm.g.doubleclick.net/ Frame CB8C
Redirect Chain

https://ius.ctnsnet.com/int/cm?exc=1&acc=crimtan_holdings_limited&google_gid=CAESEIj5NCBcraa_PxFsFjGBGvg&google_cver=1&google_push=AXcoOmSj4T3GEypEp-LldmTDXlo6PEC73VOnvd5-ZCH8ybqje5G4qfwg1oqhTmncZR...
https://cm.g.doubleclick.net/pixel?google_nid=crimtan_holdings_limited&google_push=AXcoOmSj4T3GEypEp-LldmTDXlo6PEC73VOnvd5-ZCH8ybqje5G4qfwg1oqhTmncZRepk86oEjZtoEe575ztInJ64FRO2-TArWaB9ds&google_hm=...

170 B
329 B

36ms
36ms

Image
image/png

172.217.16.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=crimtan_holdings_limited&google_push=AXcoOmSj4T3GEypEp-LldmTDXlo6PEC73VOnvd5-ZCH8ybqje5G4qfwg1oqhTmncZRepk86oEjZtoEe575ztInJ64FRO2-TArWaB9ds&google_hm=PLO-qVjlQO6xK7t1M4viQGU

Protocol

Server

172.217.16.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s08-in-f194.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 29 Sep 2023 16:38:45 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Fri, 29 Sep 2023 16:38:44 GMT
via: 1.1 google
server: Apache-Coyote/1.1
p3p: CP="NOI DSP COR NID CUR OUR NOR"
status: 302
location: https://cm.g.doubleclick.net/pixel?google_nid=crimtan_holdings_limited&google_push=AXcoOmSj4T3GEypEp-LldmTDXlo6PEC73VOnvd5-ZCH8ybqje5G4qfwg1oqhTmncZRepk86oEjZtoEe575ztInJ64FRO2-TArWaB9ds&google_hm=PLO-qVjlQO6xK7t1M4viQGU
content-type: text/html;charset=UTF-8
cache-control: no-cache, must-revalidate
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 1; mode=block
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

report
sync.teads.tv/um/ Frame CB8C
Redirect Chain

https://sync.teads.tv/um?ssb_provider_id=3&uid=&google_nid=teadstv_ab&fb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dteadstv_ab%26google_hm%3D%5BVID_B64%5D&google_gid=CAESEHhYERNsKDgr...
https://cm.g.doubleclick.net/pixel?google_nid=teadstv_ab&google_hm=&google_push=AXcoOmSeBCJ9WLiiZsfxHz-_kWgM-DlpY-LM-kwAZBELwaReOjTCCv1m_tONVbQEuolYdrF5y56_SgVItnzzumkpWRGx19k5OK8botE
https://sync.teads.tv/um/report?eid=3&google_nid=teadstv_ab

23 B
163 B

46ms
46ms

Image
image/gif

104.102.35.84
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.teads.tv/um/report?eid=3&google_nid=teadstv_ab
Protocol: H2
Server: 104.102.35.84 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-102-35-84.deploy.static.akamaitechnologies.com
Software: akka-http/10.2.10 /
Resource Hash: 328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

expires: Fri, 29 Sep 2023 16:38:45 GMT
pragma: no-cache
date: Fri, 29 Sep 2023 16:38:45 GMT
cache-control: max-age=0, no-cache, no-store
server: akka-http/10.2.10
content-length: 23
content-type: image/gif

Redirect headers

pragma: no-cache
date: Fri, 29 Sep 2023 16:38:45 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://sync.teads.tv/um/report?eid=3&google_nid=teadstv_ab
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 260
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 204 attr
cm.g.doubleclick.net/pixel/ Frame CB8C 0
139 B 118ms
34ms Image
text/html 172.217.16.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13IW85hOFvQ7FxqI9Tb01tDGZU-UGRKaw70J_B_tpaos8hVc5lG-tbfwwkwpI_QTLZnxVLF3ZQsU

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.16.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s08-in-f194.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Fri, 29 Sep 2023 16:38:45 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ 0
0 130ms
130ms Image
text/html 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gda_r20230927&jk=864622989496200&bg=!mZqlmtXNAAYEJRtnJCU7ADQBe5WfOLcorCFCvHhfNwTdqeZNRFwBn2xxBDiiR69wPctyKWNJV68xEDWGLK_-E4L81xmbAgAAANNSAAAACGgBB5kCza9J05WcI8gMeGUz7DffmiA_j2spPgta7XFxCH_UK1fJMBOdUuIsRrWjeud693xGRtxmDrG62NDWAObgfCKnUS91m3_eXnm6rPHfgXde5ONgsCEcSz1vWhy_cDS-gEFTtxAyXaURvsqR3CVFnwANqQ-VfbKC727WGB94L3E0iat4vZrXyKak6VJNsJCjk09Jc3zMx5udNPgURnohxOxB4uqOaclwM4Ig189Ja8bUs8tJ5aDFrUwnamU-I6Ik4DbCUtwKtyNBmhh51Z34pxwr8rEmU0_GQLvXIOV5i7Kj5FLAodYjyH5bh5UPSX3qTzs8jDqEbcIz85ZeECOSI3FkypgwFOEH9SaWghgC4lV8SKWEog28YbMPYtKSgMrNULaufNrujfHhk8mDvYn9YSGyQkdeZ8PbfONfX3QaNM0iH4i2CrrbcEjWQIwSZ5fiJu_Mwes5wvwoguE0pURzw7F-2jTxkijw3ZmeEqwzkxsZOZ0YmsDHKZkZD6ZfBDnoHA8cKaBe48DmRl3qM3Z0b3l6te_w2B3OXqoVgkltLoEQfoeKtUxZj-s4eQ8jxJ3JqOUJt4K-lxTkD7_WWn47QRydddBvqre-R3K_NqXmy3HlB0BAk-cHVrOXGQhDM3UWe1d9xu_LAS4ybmYMxw_RISA2S8ee3VKETQV3nNWbtlrBCvwclKuUSrqbYYoRBq1h3uVkl2-WI7-_NRIOCsQ6_Liyg5ITZYQP6gow1-HImR9BN6CKR9C1wcMKFDYHeK0v2vnz6c4PLAqQ2aq9fjE5ZK7n3K_scymD4jKBy0RM-VdouqXoMFSpZFU6wc6n0TMOXLYMj3Hd8MsL59i-7u1UsU2XaHml20UTnkOztmJk1TY_TRW-pKZ9ziAGXkhp8Xxmddp2a-apQon1V5N0L6e6Ll7gw7kt5M-QDppIwytK2Bf8HbGkvwz55PavRlh48RMq-g
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://panda-helper.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

GET
H3

200

/
www.googleadservices.com/pagead/ar-adview/ Frame F4DA
Redirect Chain

https://googleads.g.doubleclick.net/pagead/adview?ai=CeSqFlP0WZczNHPibv8IP8JS6-AGn8fCVc7WWrv3YEdmlwPidPxABIIiblBVg--GFg5wKoAGLpITcKMgBCagDAcgDy4SAgASqBNUBT9D1ivjQeGssNW05bTompGAccZy321b32XmOMZjbH3h...
https://www.googleadservices.com/pagead/ar-adview/?nrh={%22debug_key%22:%2215717796904343063769%22,%22debug_reporting%22:true,%22destination%22:%22https://freebcc.com%22,%22event_report_window%22:%...

0
0

60ms
59ms

Fetch
text/css

216.58.206.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/ar-adview/?nrh={%22debug_key%22:%2215717796904343063769%22,%22debug_reporting%22:true,%22destination%22:%22https://freebcc.com%22,%22event_report_window%22:%22259200%22,%22expiry%22:%222592000%22,%22filter_data%22:{%222%22:[%2210930426379%22],%224%22:[%2209-29%22],%226%22:[%22true%22]},%22priority%22:%22500%22,%22source_event_id%22:%22329545059006341649%22}&andc=true

Protocol

Server

216.58.206.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lcfraa-aa-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Fri, 29 Sep 2023 16:38:45 GMT
x-content-type-options: nosniff
attribution-reporting-register-source: {"debug_key":"15717796904343063769","debug_reporting":true,"destination":"https://freebcc.com","event_report_window":"259200","expiry":"2592000","filter_data":{"2":["10930426379"],"4":["09-29"],"6":["true"]},"priority":"500","source_event_id":"329545059006341649"}
server: cafe
content-type: text/css; charset=UTF-8
access-control-allow-origin: https://googleads.g.doubleclick.net
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: private
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 29 Sep 2023 16:38:45 GMT

Redirect headers

content-security-policy: script-src 'none'; object-src 'none'
date: Fri, 29 Sep 2023 16:38:45 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
location: https://www.googleadservices.com/pagead/ar-adview/?nrh={"debug_key":"15717796904343063769","debug_reporting":true,"destination":"https://freebcc.com","event_report_window":"259200","expiry":"2592000","filter_data":{"2":["10930426379"],"4":["09-29"],"6":["true"]},"priority":"500","source_event_id":"329545059006341649"}&andc=true
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H3 200 fKmd0_GjkmbwxuPCHGJrquWY3DKtsFUpFSxCST8vOts.js Show response
pagead2.googlesyndication.com/bg/ Frame 6034 37 KB
14 KB 25ms
24ms Script
text/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/fKmd0_GjkmbwxuPCHGJrquWY3DKtsFUpFSxCST8vOts.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7ca99dd3f1a39266f0c6e3c21c626baae598dc32adb05529152c42493f2f3adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Tue, 26 Sep 2023 19:38:27 GMT
content-encoding: br
x-content-type-options: nosniff
age: 248418
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14789
x-xss-protection: 0
last-modified: Mon, 25 Sep 2023 09:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 25 Sep 2024 19:38:27 GMT

OPTIONS
H3 204 /
www.googleadservices.com/pagead/ar-adview/ Frame 0
0 59ms
59ms Preflight
text/html 216.58.206.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Protocol

Security

QUIC, , AES_128_GCM

Server

216.58.206.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lcfraa-aa-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept: */*
Access-Control-Request-Headers: attribution-reporting-eligible
Access-Control-Request-Method: GET
Origin: https://googleads.g.doubleclick.net
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: attribution-reporting-eligible
access-control-allow-methods: POST, GET, OPTIONS
access-control-allow-origin: https://googleads.g.doubleclick.net
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
content-type: text/html; charset=UTF-8
date: Fri, 29 Sep 2023 16:38:45 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: googlecm.hit.gemius.pl
URL: https://googlecm.hit.gemius.pl/googleredir?rid=tknhntsqez&id=ndBK6L_fzwx7rssCbe8.iLes3yi8eMbF6r2JE6Xu.b7.N7&google_gid=CAESEBcZAm7oZ8By37VDfVT-hf4&google_cver=1&google_push=AXcoOmRbIdV-U2jxhYb71bXso3_RuDIFlNeDG4wfepOJUML4lP1x_yeWA9O_ap5bmKJKCOoINYwMqfA1FP1iUQoXF2t9Thow9OLGOS8

Verdicts & Comments Add Verdict or Comment

128 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

21 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
panda-helper.org/	1970-01-20 23:52:21	Name: pll_language Value: fr
panda-helper.org/	1970-01-20 15:06:49	Name: _gauges_unique_hour Value: 1
panda-helper.org/	1970-01-20 15:08:11	Name: _gauges_unique_day Value: 1
panda-helper.org/	1970-01-20 15:51:23	Name: _gauges_unique_month Value: 1
panda-helper.org/	1970-01-20 23:52:21	Name: _gauges_unique_year Value: 1
panda-helper.org/	1970-01-20 23:52:21	Name: _gauges_unique Value: 1
panda-helper.org/	1970-01-20 23:52:21	Name: wptouch-device-type Value: tablet
panda-helper.org/	1970-01-20 23:52:21	Name: wptouch-device-orientation Value: landscape
.panda-helper.org/	1970-01-21 00:28:21	Name: __gads Value: ID=0ee212b87f97dcde-22528ed4b0de0051:T=1696005522:RT=1696005522:S=ALNI_MaMz4y-QGvnxZbmbjQAcsNuxpTI3Q
.panda-helper.org/	1970-01-21 00:28:21	Name: __gpi Value: UID=00000c883deb3ba2:T=1696005522:RT=1696005522:S=ALNI_MZVFLS_xEtDHba2UuoUMHpGtqA2KQ
.doubleclick.net/	1970-01-21 00:28:21	Name: IDE Value: AHWqTUn2wcqW5iqP3wXKeuuCe-9IABqUzWtxpZSR_PV6wwQrw2oRWw7ymBc7_JfgZx8
.doubleclick.net/	1970-01-20 19:25:57	Name: APC Value: AfxxVi6_-MlZXLue8xUT-VOtxBYJEL4FeJSU2Qg1E-nutV5D-7KxBQ
.googleadservices.com/	1970-01-20 17:16:21	Name: ar_debug Value: 1
.doubleclick.net/	1970-01-20 15:06:46	Name: test_cookie Value: CheckForPermission
.doubleclick.net/	1970-01-20 15:06:49	Name: DSID Value: NO_DATA
.ctnsnet.com/	1970-01-20 23:52:21	Name: cid_3cb3bea958e540eeb12bbb75338be240 Value: 1
.ctnsnet.com/	1970-01-20 23:52:21	Name: gid_CAESEIj5NCBcraa_PxFsFjGBGvg Value: 1
.turn.com/	1970-01-20 19:25:57	Name: uid Value: 8910581855667060605
.yahoo.com/	1970-01-20 23:52:43	Name: A3 Value: d=AQABBJX9FmUCEJ4XtsTY5DYiqb4cQP2fkMAFEgEBAQFPGGUgZQAAAAAA_eMAAA&S=AQAAAk_22Q3qhvVIznyU0i8jWXE
.adform.net/	1970-01-20 15:49:57	Name: C Value: 1
.adform.net/	1970-01-20 16:33:09	Name: uid Value: 6911437665679157105

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ad.doubleclick.net
ad.turn.com
c1.adform.net
cdnjs.cloudflare.com
cm.g.doubleclick.net
d2fuc4clr7gvcn.cloudfront.net
fonts.googleapis.com
fonts.gstatic.com
googleads.g.doubleclick.net
googlecm.hit.gemius.pl
ius.ctnsnet.com
pagead2.googlesyndication.com
panda-helper.org
partner.googleadservices.com
pr-bh.ybp.yahoo.com
r.turn.com
sync.teads.tv
tpc.googlesyndication.com
track.gaug.es
www.google.com
www.googleadservices.com
www.googletagservices.com
www.gstatic.com
x.bidswitch.net
googlecm.hit.gemius.pl
104.102.35.84
13.249.12.112
142.250.185.166
172.217.16.194
2001:678:cb4:bbbb::11
216.58.206.34
2606:4700:20::ac43:449b
2606:4700::6811:180e
2a00:1450:4001:810::2004
2a00:1450:4001:811::2002
2a00:1450:4001:813::2002
2a00:1450:4001:81c::2002
2a00:1450:4001:81c::200a
2a00:1450:4001:82b::2003
2a00:1450:4001:82f::2002
2a00:1450:4001:831::2001
2a00:1450:4001:831::2003
2a05:d018:d29:3601:bf41:b326:fa86:2937
3.127.97.70
35.186.193.173
37.157.3.20
54.161.77.199
04069d786104d6a1e3b10e9cfeba85b63797ba53ddbf050520a76146933d9a06
041fe6e516177e777c651a95708ee4961723db34a974e8be9e6ba597a1313e51
05a585462cab547021a23c78cf2da44e192a6d9e26ef16fccce12c23d4858e3f
05cd91541a76b8b47c82a4b504fc50f6e1c2e6e34f7f6a9d4562b5501190f0a9
09e5de207642d49fcb9668ad9adeee16386dc610993a2ea3b258c767ed0ab6f1
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0fd28fece9ebd606b8b071460ebd3fc2ed7bc7a66ef91c8834f11dfacab4a849
113c3c3c7de8fe21fe5a6d4b6c367d658dab1dc5b5f820393e0b98fc11032771
11fcbd228e7d2b1ba69bf1863b629404fc8fc3ca082e24ac9995b7ba5c7bf1cd
15aca4df1408b29fcdb78e6e5e6dc3526b18cfceb22c7e1aa71a463ce6b4c328
162bdc0e03e25e189d3a75029250f239091de4938e136cfa992892841a6ba650
18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421
1cc5fba1b17b26c8975d63d581f375152c583264b4ba58a2d2eacac2d11d90ee
201cf993bfa35adcc6dff3e2d5f3f252db1ae227b31fc3f66625170993320302
2d0922bd18f06df3c7413fcd6a3f1c5ec9545b4b07b131e362f30df7275fc058
2e36bd3bdbb929f427e79a6c84b7922b4375589386981eba29eb0cff57b02b1b
3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5
328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7
38a7584182deac86805099edb422b67d984aaf14a7c6e7587b158763320dad98
409b3027a41a3692aa0e2b60d389d84ef2e4fe71d996d3a25b6a291704254c5c
40d4cb30d26c1301383bc7445dd80bf4e3279374d2ff74c771aa4c3db182358f
44eefef34507164f4234b958d8f6906488a2521071379498041568bae9499b2e
459386386a93a7e2f17759288436f8ed0c24a62dfb118bd85495c7b1d9c39aea
463d23e4b4263e4491405dc4c30de5c1a137ccafe4f5b4b3cffc45be64e4b2fb
48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438
4c145f5f47b58e72811ff0a2b2bd2f4e63d3a6ade08c96e7271a6ec9f3f17bdb
4d45982f2dc34f36c9045ee46a75a1943666bb7fd64e103cac8c7429e7012840
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
5a5f39391fbf5b06db84b8f9716d53de575ee97a627d2c5f12f79a991a671eb5
5c4a713ee4250851232be9f9f68d41586be39b299528cfc7266e0b0e7e582e1b
5c6bd4319dd240c4fd2716ca703494594a38d85419595d26e6e9d19c414ee87a
5d9683b392d6a226b8de5a6fd3d73b1582012b3be3220d0ecc1bb9e88d0cb6e3
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
62218c89aeba998ce96c351c07bba16f0f37d591eb24b3a5c954fae4adda5cc1
65ac22bc0f5cd5731445ac4dbb1f93bb6f0dd20d98d9a558573482b50ec37f5a
65c99d3b9f1a1b905046e30d00a97f2d4d605e565c32917e7a89a35926e04b98
68ebf0f65fdbf1e57713f094f426e2f5dbba1a819dfd1959fe4b4e92a2e698aa
71ba7e09487750d7426b3bd64cf57facb8eb119939eb7055138ee55f13bb6f05
789d0e24d64153ef710b45317aa8778a642a8ce1b5bb3584b7d41351c596afd4
7ca99dd3f1a39266f0c6e3c21c626baae598dc32adb05529152c42493f2f3adb
7ee68da37f65f61588481ae0fe98a184f893d5f0d0bacd68babf9ca6642be8f1
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
86ba91ffdcece964d969b05cff1c7b3b94532e589870491f0714f6da82844971
8809f39a7b6fa8f457102b6fa5b8ba97af706c45435227d71d27c995c19e25b4
8ceb3992861ed1fda25855c2e500e76842ae0d788405e50e3a9f45df36499cf6
8e77df26e9cb0a71ff8aedb4c07657472288e51405c0df8abdf920a01b4d501b
8f1843ba4bdea64726280f2365f8ad8a47e70ee54327f98273daf7fac5120074
92a7f8224a1ba2ccfa92d3e1fc55ee5aa7ae20a0fcd80d3331bd660878a090f5
9941d25da2d400e2cbc1c979d7ecae4a9b418158d3825d03e09650e0799dcefb
9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062
9ead0704cbd80a4162c462393a627d0b45bb2b60647fed6be4f543617207d0ab
acc5497e76f832d950d14fcfa047dc3c864f7a0aae4c7a20521c0c655a53033b
bc9c387b513b4d43675910f780fa03e92b9a4b58432b402a8f0a801a0d5ae855
bd91080d2c7f2120ad82727f5c07bbb439b810ed4035993ddb1825ca1611396b
c37e6a1934424134d5d0feb6b8863558b80aadf90aa4a02b7e85ec759676f1c7
c69b6633ac4d626d7105701e56cb59529e83fd55fc5385dc847b661ab301e1f6
c6ece8077c8a8d8d057b5a03c892dcf1fed9da76ff1bc964cd17416008752c48
cb41292903f6bd996333bdfe6fbc58e1dbdb6109074505ee3ea46373bb23be70
ce8f9d182af5969cdafad9b5f0e5c1fb14d5d087b3d798c44ee208b00684cc35
d01cbb03fcaede38be343ca9cf8dc8108d48d27484572d1d62788ac002de06bf
d544fde853a99d835a82be1ca3472592e12819019ce0d6428eeb465d3baed7e7
d6b66ce9ce4e5915afacc41236d015945e1266a1ee842eaee16764a070180ee0
d7779d95203bed5280ee3281f856607f95ac5df680547356656c7109d7d0a6a6
de7d0914bae9fe1f3559ee1dc90dfdb16e3212daa99455f18acdffa3e820304a
df2698e6cf74ed890afa92da10051f880df2ce0b3257b73c5d9ae2f6bea82d3c
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e40dbc6da95b47d932014e5a93f35b13a341a37ea6fe7559dca041dc77271cd6
e5bbb446ca6a7a3854f70d091d258cfea199b4736d7f183f9b82408d0d3a57e0
e9a8768c59fb97194bf8bc1b3c1045bc46fc5c332a69611a044b2a8f2f0c5ad7
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f3d170cc7ec7d8ce2c47e64ab73aca0da7c6dadf2e66f30f07a9c70ec9e2f593
f4ec91b07ad5c9cca1e4cced46c59dc2629c2cfe4f1e9dba50f7160bad4dadb5
f66d7cc6eac121652784cd3913397795decbd586dd1e32189357eca6104e60b2
f9e245e40521a8dfb6c18f03baf4f2b41657a745774e59e807d9595e9f42ea6c

panda-helper.org Open in urlscan Pro 2606:4700:20::ac43:449b Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

104 Requests

88 %HTTPS

59 %IPv6

18 Domains

24 Subdomains

20 IPs

5 Countries

1364 kBTransfer

3598 kBSize

21 Cookies

3 Outgoing links

Redirected requests

104 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 7 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

panda-helper.org Open in urlscan Pro
2606:4700:20::ac43:449b Public Scan

Screenshot
Live screenshot

Full Image

104
Requests

88 %
HTTPS

59 %
IPv6

18
Domains

24
Subdomains

20
IPs

5
Countries

1364 kB
Transfer

3598 kB
Size

21
Cookies

104 HTTP transactions
7 data transactions