crezu.mx Open in urlscan Pro
34.94.124.239 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://cru.si/1SfWX
Effective URL:
https://crezu.mx/landing/offers/?sub1=caa333ef9ab34141b01072fdc4cfcac3&sub2=mx-sms-welcome1-n&sub3=&sub4=&sub5=&s...
Submission: On October 06 via manual (October 6th 2023, 6:19:25 pm UTC) from CO — Scanned from DE

Summary HTTP 183 Redirects Links 20 Behaviour Indicators

Summary

This website contacted 27 IPs in 5 countries across 18 domains to perform 183 HTTP transactions. The main IP is 34.94.124.239, located in Los Angeles, United States and belongs to GOOGLE-CLOUD-PLATFORM, US. The main domain is crezu.mx.
TLS certificate: Issued by R3 on September 24th 2023. Valid for: 3 months.

This is the only time crezu.mx was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 1	2606:4700:303... 2606:4700:3036::6815:3c5d	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 1	2606:4700:303... 2606:4700:3032::ac43:c37f	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 1	34.90.46.36 34.90.46.36	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
32	34.94.124.239 34.94.124.239	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
17	35.201.76.189 35.201.76.189	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1	34.77.94.206 34.77.94.206	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1	35.241.222.91 35.241.222.91	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
2	2a00:1450:400... 2a00:1450:4001:806::2008	15169 (GOOGLE) (GOOGLE)
2	2a03:2880:f08... 2a03:2880:f084:105:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
31	2a00:1450:400... 2a00:1450:4001:81c::2002	15169 (GOOGLE) (GOOGLE)
13	23.38.98.27 23.38.98.27	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
2	35.240.92.105 35.240.92.105	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
3	2001:4860:480... 2001:4860:4802:32::36	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:400c:c0c::9b	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:810::2003	15169 (GOOGLE) (GOOGLE)
2	2a03:2880:f17... 2a03:2880:f177:185:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
2 17	2a00:1450:400... 2a00:1450:4001:827::2002	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:80f::2002	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:829::2003	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:828::200a	15169 (GOOGLE) (GOOGLE)
20	2a00:1450:400... 2a00:1450:4001:82b::2001	15169 (GOOGLE) (GOOGLE)
4	2a00:1450:400... 2a00:1450:4001:812::2002	15169 (GOOGLE) (GOOGLE)
16	2606:4700:20:... 2606:4700:20::681a:ad1	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	142.250.186.35 142.250.186.35	15169 (GOOGLE) (GOOGLE)
6 8	142.250.186.98 142.250.186.98	15169 (GOOGLE) (GOOGLE)
4 8	104.18.26.193 104.18.26.193	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3 5	37.252.172.123 37.252.172.123	29990 (ASN-APPNEX) (ASN-APPNEX)
2 3	2a00:1450:400... 2a00:1450:4001:806::2004	15169 (GOOGLE) (GOOGLE)
4	142.250.186.66 142.250.186.66	15169 (GOOGLE) (GOOGLE)
183	27

1 2606:4700:3036::6815:3c5d (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

cru.si	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:3032::ac43:c37f (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

cru.si	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.90.46.36 (Groningen, Netherlands) 1 redirects

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 36.46.90.34.bc.googleusercontent.com

track.crezu.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

32 34.94.124.239 (Los Angeles, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 239.124.94.34.bc.googleusercontent.com

crezu.mx	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

17 35.201.76.189 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 189.76.201.35.bc.googleusercontent.com

cdn.crezu.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.77.94.206 (Brussels, Belgium)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 206.94.77.34.bc.googleusercontent.com

workers.crezu.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.241.222.91 (Brussels, Belgium)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 91.222.241.35.bc.googleusercontent.com

sl.crezu.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:806::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f084:105:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

31 2a00:1450:4001:81c::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

13 23.38.98.27 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a23-38-98-27.deploy.static.akamaitechnologies.com

analytics.tiktok.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.240.92.105 (Brussels, Belgium)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 105.92.240.35.bc.googleusercontent.com

events.crezu.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2001:4860:4802:32::36 (United States)

ASN15169 (GOOGLE, US)

region1.analytics.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400c:c0c::9b (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:810::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f177:185:face:b00c:0:25de (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

17 2a00:1450:4001:827::2002 (Frankfurt am Main, Germany) 2 redirects

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:80f::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

partner.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:829::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:828::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

20 2a00:1450:4001:82b::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:812::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

16 2606:4700:20::681a:ad1 (United States)

ASN13335 (CLOUDFLARENET, US)

ad4m.at	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
as.ad4m.at	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
assets.ad4m.at	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.186.35 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s04-in-f3.1e100.net

p4-h2uabqeu6o7fw-fxaxwqqm2s65csfk-if-v6exp3-v4.metric.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 142.250.186.98 (United States) 6 redirects

ASN15169 (GOOGLE, US)
PTR: fra24s06-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 104.18.26.193 (None, ) 4 redirects

ASN13335 (CLOUDFLARENET, US)

dsum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 37.252.172.123 (Frankfurt am Main, Germany) 3 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 868.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:806::2004 (Frankfurt am Main, Germany) 2 redirects

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 142.250.186.66 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s05-in-f2.1e100.net

www.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
51	googlesyndication.com pagead2.googlesyndication.com — Cisco Umbrella Rank: 108 tpc.googlesyndication.com — Cisco Umbrella Rank: 157	614 KB
32	crezu.mx crezu.mx	776 KB
26	doubleclick.net 8 redirects stats.g.doubleclick.net — Cisco Umbrella Rank: 98 googleads.g.doubleclick.net — Cisco Umbrella Rank: 45 cm.g.doubleclick.net — Cisco Umbrella Rank: 255	193 KB
22	crezu.net 1 redirects track.crezu.net cdn.crezu.net — Cisco Umbrella Rank: 906594 workers.crezu.net sl.crezu.net events.crezu.net — Cisco Umbrella Rank: 916861	490 KB
16	ad4m.at ad4m.at — Cisco Umbrella Rank: 12024 as.ad4m.at — Cisco Umbrella Rank: 34439 assets.ad4m.at — Cisco Umbrella Rank: 44524	115 KB
13	tiktok.com analytics.tiktok.com — Cisco Umbrella Rank: 766	249 KB
8	casalemedia.com 4 redirects dsum-sec.casalemedia.com — Cisco Umbrella Rank: 716	5 KB
6	google.com 2 redirects region1.analytics.google.com — Cisco Umbrella Rank: 2714 www.google.com — Cisco Umbrella Rank: 2	1 KB
5	adnxs.com 3 redirects ib.adnxs.com — Cisco Umbrella Rank: 261	4 KB
5	gstatic.com www.gstatic.com p4-h2uabqeu6o7fw-fxaxwqqm2s65csfk-if-v6exp3-v4.metric.gstatic.com	28 KB
5	googleadservices.com partner.googleadservices.com — Cisco Umbrella Rank: 1200 www.googleadservices.com — Cisco Umbrella Rank: 153	600 B
4	googletagservices.com www.googletagservices.com — Cisco Umbrella Rank: 223	235 KB
2	facebook.com www.facebook.com — Cisco Umbrella Rank: 116	216 B
2	facebook.net connect.facebook.net — Cisco Umbrella Rank: 187	88 KB
2	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 56	162 KB
2	cru.si 2 redirects cru.si	1 KB
1	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 49	2 KB
1	google.de www.google.de — Cisco Umbrella Rank: 6147	408 B
183	18

	Domain	Requested by
32	crezu.mx	crezu.mx
31	pagead2.googlesyndication.com	www.googletagmanager.com pagead2.googlesyndication.com googleads.g.doubleclick.net crezu.mx tpc.googlesyndication.com www.googletagservices.com
20	tpc.googlesyndication.com	googleads.g.doubleclick.net crezu.mx tpc.googlesyndication.com pagead2.googlesyndication.com
17	googleads.g.doubleclick.net	2 redirects pagead2.googlesyndication.com crezu.mx googleads.g.doubleclick.net
17	cdn.crezu.net	crezu.mx cdn.crezu.net
13	analytics.tiktok.com	crezu.mx analytics.tiktok.com
10	ad4m.at	crezu.mx googleads.g.doubleclick.net ad4m.at
8	dsum-sec.casalemedia.com	4 redirects googleads.g.doubleclick.net
8	cm.g.doubleclick.net	6 redirects googleads.g.doubleclick.net
5	ib.adnxs.com	3 redirects googleads.g.doubleclick.net
4	as.ad4m.at	ad4m.at as.ad4m.at
4	www.googleadservices.com	crezu.mx
4	www.googletagservices.com	googleads.g.doubleclick.net crezu.mx
3	www.google.com	2 redirects tpc.googlesyndication.com
3	www.gstatic.com	googleads.g.doubleclick.net
3	region1.analytics.google.com	www.googletagmanager.com
2	assets.ad4m.at	as.ad4m.at
2	p4-h2uabqeu6o7fw-fxaxwqqm2s65csfk-if-v6exp3-v4.metric.gstatic.com	googleads.g.doubleclick.net p4-h2uabqeu6o7fw-fxaxwqqm2s65csfk-if-v6exp3-v4.metric.gstatic.com
2	www.facebook.com	crezu.mx
2	events.crezu.net	cdn.crezu.net
2	connect.facebook.net	cdn.crezu.net connect.facebook.net
2	www.googletagmanager.com	cdn.crezu.net www.googletagmanager.com
2	cru.si	2 redirects
1	fonts.googleapis.com	googleads.g.doubleclick.net
1	partner.googleadservices.com	pagead2.googlesyndication.com
1	www.google.de	crezu.mx
1	stats.g.doubleclick.net	www.googletagmanager.com
1	sl.crezu.net	cdn.crezu.net
1	workers.crezu.net	cdn.crezu.net
1	track.crezu.net	1 redirects
183	30

This site contains links to these domains. Also see Links.

Domain
track.crezu.net
unsub.crezu.net
crezumx.onelink.me
crezu.es
crezu.co
crezu.pe
crezu.pl
crezu.ro
crezu.kz
crezu.ph
crezu.vn
crezu.lk

Subject Issuer	Validity	Valid
crezu.mx R3	`2023-09-24` - `2023-12-23`	3 months	crt.sh
cdn.crezu.net Sectigo RSA Domain Validation Secure Server CA	`2022-11-29` - `2023-12-30`	a year	crt.sh
workers.crezu.net R3	`2023-08-18` - `2023-11-16`	3 months	crt.sh
sl.crezu.net R3	`2023-08-31` - `2023-11-29`	3 months	crt.sh
*.google-analytics.com GTS CA 1C3	`2023-09-18` - `2023-12-11`	3 months	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2023-07-15` - `2023-10-13`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2023-09-18` - `2023-12-11`	3 months	crt.sh
*.tiktok.com RapidSSL ECC CA 2018	`2023-07-14` - `2024-08-13`	a year	crt.sh
events.crezu.net R3	`2023-08-27` - `2023-11-25`	3 months	crt.sh
www.google.de GTS CA 1C3	`2023-09-18` - `2023-12-11`	3 months	crt.sh
*.googleadservices.com GTS CA 1C3	`2023-09-18` - `2023-12-11`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2023-09-18` - `2023-12-11`	3 months	crt.sh
upload.video.google.com GTS CA 1C3	`2023-09-18` - `2023-12-11`	3 months	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2023-09-18` - `2023-12-11`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2023-05-07` - `2024-05-06`	a year	crt.sh
www.googleadservices.com GTS CA 1C3	`2023-09-18` - `2023-12-11`	3 months	crt.sh
*.google.com GTS CA 1C3	`2023-09-18` - `2023-12-11`	3 months	crt.sh

This page contains 25 frames:

Primary Page: https://crezu.mx/landing/offers/?sub1=caa333ef9ab34141b01072fdc4cfcac3&sub2=mx-sms-welcome1-n&sub3=&sub4=&sub5=&sub6=&sub7=&sub8=&sub9=
Frame ID: 9F3A082D9FE686CDBEFF5719F4718706
Requests: 84 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20231004/r20190131/zrt_lookup.html
Frame ID: D0DDF8DD5585BAC797CC993FB2C7E75A
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7720460051430832&output=html&h=280&slotname=7716873411&adk=8110835&adf=4183771420&pi=t.ma~as.7716873411&w=900&fwrn=4&fwrnh=100&lmt=1696426945&rafmt=1&format=900x280&url=https%3A%2F%2Fcrezu.mx%2Flanding%2Foffers%2F%3Fsub1%3Dcaa333ef9ab34141b01072fdc4cfcac3%26sub2%3Dmx-sms-welcome1-n%26sub3%26sub4%26sub5%26sub6%26sub7%26sub8%26sub9&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1696616360800&bpp=5&bdt=2169&idt=219&shv=r20231004&mjsv=m202310020101&ptt=9&saldr=aa&abxe=1&correlator=6000350294767&frm=20&pv=2&ga_vid=1075330997.1696616361&ga_sid=1696616361&ga_hid=437526755&ga_fc=1&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=350&ady=1411&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31078363%2C44795922%2C44804782&oid=2&pvsid=4203924318548781&tmod=1277085148&uas=0&nvt=1&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=1&uci=a!1&btvi=1&fsb=1&xpc=DndFcEtWXv&p=https%3A//crezu.mx&dtd=236
Frame ID: 6B159100BBFB17A9940F88EB0705D2E0
Requests: 9 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7720460051430832&output=html&adk=1812271804&adf=3025194257&lmt=1696426945&plat=9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C41%3A32%2C42%3A32&plas=308x945_l%7C308x945_r&format=0x0&url=https%3A%2F%2Fcrezu.mx%2Flanding%2Foffers%2F%3Fsub1%3Dcaa333ef9ab34141b01072fdc4cfcac3%26sub2%3Dmx-sms-welcome1-n%26sub3%26sub4%26sub5%26sub6%26sub7%26sub8%26sub9&ea=0&pra=7&wgl=1&easpi=0&asro=0&asiscm=1&aslmt=0.4&asamt=-1&asedf=0&asefa=1&aseiel=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1696616360860&bpp=2&bdt=2229&idt=182&shv=r20231004&mjsv=m202310020101&ptt=9&saldr=aa&abxe=1&prev_fmts=900x280&nras=1&correlator=6000350294767&frm=20&pv=1&ga_vid=1075330997.1696616361&ga_sid=1696616361&ga_hid=437526755&ga_fc=1&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31078363%2C44795922%2C44804782&oid=2&pvsid=4203924318548781&tmod=1277085148&uas=0&nvt=1&fsapi=1&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=2&uci=a!2&fsb=1&dtd=195
Frame ID: 602C31922A65EE11EF0385BE91516141
Requests: 2 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7720460051430832&output=html&adk=1812271804&adf=1573534164&lmt=1696426945&plat=9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C41%3A32%2C42%3A32&plas=308x945_l%7C308x945_r&format=0x0&url=https%3A%2F%2Fcrezu.mx%2Flanding%2Foffers%2F%3Fsub1%3Dcaa333ef9ab34141b01072fdc4cfcac3%26sub2%3Dmx-sms-welcome1-n%26sub3%26sub4%26sub5%26sub6%26sub7%26sub8%26sub9&ea=0&pra=5&wgl=1&easpi=0&asro=0&asiscm=1&aslmt=0.4&asamt=-1&asedf=0&asefa=1&aseiel=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1696616360862&bpp=1&bdt=2231&idt=199&shv=r20231004&mjsv=m202310020101&ptt=9&saldr=aa&abxe=1&prev_fmts=900x280%2C0x0&nras=2&correlator=6000350294767&frm=20&pv=1&ga_vid=1075330997.1696616361&ga_sid=1696616361&ga_hid=437526755&ga_fc=1&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31078363%2C44795922%2C44804782&oid=2&pvsid=4203924318548781&tmod=1277085148&uas=0&nvt=1&fsapi=1&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=3&uci=a!3&fsb=1&dtd=203
Frame ID: 91C668B682BAB9E944E5A5EB79D5B5EE
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20231004/r20110914/zrt_lookup.html?fsb=1
Frame ID: E203468B57ECB6684A985842B6E8941F
Requests: 13 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20231004/r20110914/zrt_lookup.html?fsb=1
Frame ID: 8492B7A1FF5406F805510CB599EFE627
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20231004/r20110914/zrt_lookup.html?fsb=1
Frame ID: E6941485CA4C638B7E4B701A708EBDBD
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CICHEhDb4oYCGL32lIABMAE&v=APEucNWl3jcIP2Rlo5-fEJJdSBXy2vS3tPRNOVUKssPliuFx9QeQ2MAh2SXdqesqGbDQdrQTmZoHRtmVyltVT70NVbzjJKUa-KzqtZ3fXxeRuWPAJfmxp6upUN0Uo4_F2rx1f1f-2RyjMF7u19Yf9VY0-m344i4JPLlZi3lb843UvVUSnREXME4
Frame ID: F4673E8549D7C9C391E00B438084B4B6
Requests: 5 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/js/dv3.js
Frame ID: BD0B0A5A541D3850F61E3C3D0AAA3F7E
Requests: 17 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CICHEhDb4oYCGL32lIABMAE&v=APEucNU8GyZVs6MNwgV0jgi3DVRuxBlNlpXv_acgSkcH8PkuePhrisW3KlMgFhH3uRYtsYXoJ3WSWdv1lvX0GxkapZt9fQndiTdrEMmz2vecoybADH5yY5F6h8uagnDAl9SjEpsDuN9IyklP-t5Nq-ZMLnNm6HwZ-kkCGAaybT5dD204tC_zwH4
Frame ID: 18056B3C440AA8AD423B8DFA1C79DDE8
Requests: 5 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/js/dv3.js
Frame ID: 490EEDC36B9FC0BF010ADAB127E78CAB
Requests: 17 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Frame ID: D82F2C4057C9635E862B6B7538A3AD8A
Requests: 2 HTTP requests in this frame

Frame: https://p4-h2uabqeu6o7fw-fxaxwqqm2s65csfk-if-v6exp3-v4.metric.gstatic.com/v6exp3/iframe.html
Frame ID: B5BACCEADBB1A8AACA05097FDA0163DC
Requests: 2 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Frame ID: CD6E0AABC952567DC1DA09D9B6484D96
Requests: 2 HTTP requests in this frame

Frame: https://ad4m.at/frame.html
Frame ID: 22F9131560EF0D2D32B145A5D90ED85B
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/FvrbBlV_jFWbJeQ31HKG04hrbzYZAPR58b-SgZjo0Pc.js
Frame ID: 3BA3E981B08B9D652757F1EF4AB17E4D
Requests: 1 HTTP requests in this frame

Frame: https://ad4m.at/frame.html
Frame ID: BB5F10077FB85CA113E3C4DC1F8E620D
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/FvrbBlV_jFWbJeQ31HKG04hrbzYZAPR58b-SgZjo0Pc.js
Frame ID: 49C862F5F4CF89F677DBEC8C7AB5EFCF
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 2279F4B46A47C326E103E95C21804F1E
Requests: 3 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 24F93E008AFFEBC7631D3A0B6F81BDF8
Requests: 3 HTTP requests in this frame

Frame: https://as.ad4m.at/ad/rar?a=121190&b=8RdFDf29AZHekzJTgHYt7HxtVjBHPTwT2jtk&f=ZxwtwfKWY1aR3eDfmHKtpHDCX89FVTXTWghJ&c=160&d=600&e=&g=d4a0789f1c2cbda9eec4c72d8c77962b%2F13672508586051743060&i=27903&j=22&k=0&l=0&m=0&n=&p=&q=&o=dbmPros&r=1696616362966&h=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%253Fsa%253DL%2526ai%253DC7EhqqU8gZeuYB6KriQa3qo6wBJumjORjrqn1-qcM8C4QASDjv6SEAWCV4pCCoAegAdyokOUCyAEJqQLNxqRQjaOxPqgDAcgDmwSqBP8BT9D4EeWPE1nj40VbPiyfGM-V9NgJ3DnOHT19red0t_hhTpatVR4dRcdl170GewR4yIATPxjw4kpUkCUxpmbOAZ2w-oWb3yMt7IkZRYhfPJhdZjXENyfgHq-6TgVBMBt16BnFcnKAC0ENAj2k0HpMPEZwMO-YexGV_HVZEfXap2EaYm7x6v50SNSPfhagpO7kflHyJh6le4KcsWVTtVZBZtsHnVB3mbJJ8NMnJa6rU6Q6G2KXbOpyH9zVqluKZSeFd-v3cmbT1MasgZO9aVyMh3tVG8IJurr13xMr5b_-OUlwN6cKgMmCElG6zG1zEWXzBhOgumfwAcnFWWOUqUBswATq_pn2pgLgBAOIBeL9pNgHkAYBoAZNgAeM1--aAagH2baxAqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBYIgOGAEBABGB8yAqoCOgKAQEi9_cE6gAoBmAsByAsBgAwBqg0CREXIDQGwE6PA9xTQEwDYEwrYFAHQFQH4FgGAFwHoFwE%2526ae%253D1%2526gclid%253DEAIaIQobChMIq5GZvITigQMVolXCCh03lQNGEAEYASAAEgJbD_D_BwE%2526num%253D1%2526cid%253DCAQSSwDICaaNVbcTiQwd4GyMtbhRFffHikXDQb1_IsOh0Pt7gB5V9gleMiT-DnhHfVladWuxlRSZAfbiGpPrdHzfnOBhczJfR9nfOJRkjxgB%2526sig%253DAOD64_0yiZcTR8E1Kg_GCREhgXZue4jXbA%2526client%253Dca-pub-7720460051430832%2526dbm_c%253DAKAmf-ASZCrAlyT21Ogz4dXOyGDNFecFJ54YI8CAlyXBVQ9St3tVwR79XugdqkZqB2E0S0URIq4ju2PZBPB_41CBkP2tUsHkO6K5w4XfKsU2LVeGpzFynfXewfFsNwKPDA8b2we5Nely_yvi2eu-VYdCiE2XLUbIUfUROXwrSFJ2hptczK5Rxyk%2526cry%253D1%2526dbm_d%253DAKAmf-Dbt-zoi8FewyBrc1PLZ0oVBg330E86JNZqo1LMjgIesgeiCeNkEe70J917F1i473ZzAIszLmiEp_OOOQAHAZ2R5WTtAJqmA4dulKeMVRbP7fmBdI5NknOKgmn-Zm-LjrZWfKKyHtX5Pc1PeRhbrzEZGFvNyIvLOKLiWAa8-aZuGwn0nbaYcmDeIk5RoOSpJF-_Z4fS7KNZTSzlShkhvTCX5sGG3pzDkP3J6xUPeCqRb9W7BLtFlOmNrvb_1FB9wMxFgMf5xLpQWYH5cSJR8JUvJZP9WLks2VjHkOO24QoH7dwnM2BmH_hAGQCqf8q03ZJOHlf7LQHjLLDn4-PBKEZ2PXgZuy-tAnoyK8Q50ZZ7wplBjQc_nVLczZI1EAKhgzgLeJyLCCSNMi7Jjse40O7YdA2DAaXGeB5m2owBrLPABQlAmYSK5oICgXYT_4H4U2fz5VuRkud7jrEs48DbeyFkzomTHKPIf4nJjwYA4ARj_Z8zRJOLVb53mUdYo9a_UEGPX5ogA2IWNJ4vKYbOtzcZMWfy19kHjRGHz0yj37HZMBDdCB0nm_YfiqCRyz6sPlfEsXNAIVyjKC-IVsjOGWZxiE8v8Mog3WHOEozXQvrO9tHwXhJsmO5E0CvC862glwzmwUGlFDegrnEREqrDyZBCgKQbDkFuGDeIknv_xx1iStkf1Uk%2526adurl%253D&y=1&s=&z=0
Frame ID: 780D5DA4E859DDFF7143C77A5887CC42
Requests: 3 HTTP requests in this frame

Frame: https://as.ad4m.at/ad/rar?a=121190&b=8RdFDf29AZHekzJTgHYt7HxtVjBHPTwT2jtk&f=ZxwtwfKWY1aR3eDfmHKtpHDCX89FVTXTWghJ&c=160&d=600&e=&g=78b0c0b5fd48118be2d992e8f6db940e%2F13236035799053118628&i=27903&j=22&k=0&l=0&m=0&n=&p=&q=&o=dbmPros&r=1696616362948&h=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%253Fsa%253DL%2526ai%253DC5A3iqU8gZeyYB6KriQa3qo6wBJumjORjrqn1-qcM8C4QASDjv6SEAWCV4pCCoAegAdyokOUCyAEJqQLNxqRQjaOxPqgDAcgDmwSqBP8BT9AHyFsN4fuLu8oQh0K9jlKoPMZh7GnuTw6IoglEcsN1PHNb3L29dfHv00rqXRO08idxz6QYb55E50YT_4FRLAbPLqV1eTw2GrghC_ukt0DHJ6ReKduYqhOrycDKr9V697rbS9KB8SKgGQJ9LwRD80x_CzZc_htwKqS0afLqENnJ1fDTzrSQn4PWRzVlpZ_lnRMyp9bFH0JjtXHTZjr0AM2szcUqU0nmz5JTqWHzNWwbSF4pq1GuaagQs6DJCZXlMrSMitF0PGJ-uTz7IA158rjhmkRwvIYOQYwh50t4fX7ykQ5BZPIzo9IQeVGOrD0OJRrJ_BGbPMY9fwsyq4nhwATq_pn2pgLgBAOIBeL9pNgHkAYBoAZNgAeM1--aAagH2baxAqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBYIgOGAEBABGB8yAqoCOgKAQEi9_cE6gAoBmAsByAsBgAwBqg0CREXIDQGwE6PA9xTQEwDYEwrYFAHQFQH4FgGAFwHoFwE%2526ae%253D1%2526gclid%253DEAIaIQobChMIrJGZvITigQMVolXCCh03lQNGEAEYASAAEgKDvvD_BwE%2526num%253D1%2526cid%253DCAQSSwDICaaNVbcTiQwd4GyMtbhRFffHikXDQb1_IsOh0Pt7gB5V9gleMiT-DnhHfVladWuxlRSZAfbiGpPrdHzfnOBhczJfR9nfOJRkjxgB%2526sig%253DAOD64_2_PQ0n886dR9WmU6B5jM0PUavWjw%2526client%253Dca-pub-7720460051430832%2526dbm_c%253DAKAmf-B5_UhbIN-5iBQE258XHeFVLDaoatigXBTUw8hFS8FJsUXPPjtIayCpPBrbK8jONZmd5ya90JBWUfwj2K-6urQ_9AsQ3n5Y9XN0enNHje-o57-Jri_40QgW-jR_p6y-KhnAfFUVYPxBtgiIi8l4eq4sF-MyDeRjPkanB_RsNOOADaGEBkI%2526cry%253D1%2526dbm_d%253DAKAmf-BxQ5kQOq0O6KtOZlwX-okDb2ymkHKYMnkrvm00exTDe6lFIHf0-BwjMc4wjUn6LtAnnwzzB581v8asdOXWxAxKDd0TtDt19mZU3j24vT6un4YF4hZxKyv_djmynTHPPTR2Bt8JYDL2WtQIchGCw5GTZkaYPJaU3RCHGSKp0x8cz4nOd-fRPbyGxpMKezCg5MwH0imTATOot10fOjtd4691TL61KYiGJebjF6aeCazwnOnct7VNKObbqESLVoCES_uUgyAwV_erimxkvLGZf4Lb0-n3Ei8uLvcw26EU-gVLT2ynvhef_o6XbCu1Lmp4DLdj7b2hpzqrLrWhBaAQ4XHvaFQK_JIAZAhqKXx7fwCOgWsqrf36HImnEBAiWtZsE039rUSEvwWA2_PIjYKaRVbUPPe9wPkjzbhVRaXM91BDmg1mqULDxYn_WVkSk4wncTi_bRMUbKAkjuhzzEUrF6wT6TdJGplb7G24rhkJsgsQwYzxwRRhqkUnS658pEwXdlefMqVKkinSiQ4UcNasnLeWqDafA9iqDktMJj4-nbh_si2LUKQV1gBYIv02HQcHAhw-J-LFQql4TOGLdVCWf36ZJgwsCGouRO4O_84P55h-OwqQ4oxXvfwGT4KanZE68ylPD0l-eqgD-crkM_do-1hbYFydYsfC4n4J9IBWDfxpeQNxyXI%2526adurl%253D&y=1&s=&z=0
Frame ID: FF0D1FFD8333A4623E0169B8B14336FB
Requests: 3 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 913210E95824BC29946DADA72A6D9C8F
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: B2573B78224712325D308D2E8655788A
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Ofertas de préstamos rápidos | Crezu

Page URL History Show full URLs

http://cru.si/1SfWX HTTP 301
https://cru.si/1SfWX HTTP 302
https://track.crezu.net/click?offer_id=216&pid=2&sub1=caa333ef9ab34141b01072fdc4cfcac3&sub2=mx-sms-w... HTTP 302
https://crezu.mx/landing/offers/?sub1=caa333ef9ab34141b01072fdc4cfcac3&sub2=mx-sms-welcome1-n... Page URL

Detected technologies

Nuxt.js (JavaScript Frameworks) Expand

Overall confidence: 100%
Detected patterns

/_nuxt/

Vue.js (JavaScript Frameworks) Expand

Overall confidence: 100%
Detected patterns

<[^>]+\sdata-v(?:ue)?-

AppNexus (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.(?:net|com)

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

//connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

Page Statistics

183
Requests

95 %
HTTPS

59 %
IPv6

18
Domains

30
Subdomains

27
IPs

5
Countries

2957 kB
Transfer

7427 kB
Size

30
Cookies

20 Outgoing links

These are links going to different origins than the main page.

URL: https://track.crezu.net/click?offer_id=52&pid=2&sub1=caa333ef9ab34141b01072fdc4cfcac3&sub2=mx-sms-welcome1-n-landing-offers&sub4=0&r=21
Title: Solicítalo ahora

Search URL Search Domain Scan URL

URL: https://track.crezu.net/click?offer_id=468&pid=2&sub1=caa333ef9ab34141b01072fdc4cfcac3&sub2=mx-sms-welcome1-n-landing-offers&sub4=1&r=558
Title: Solicítalо ahora

Search URL Search Domain Scan URL

URL: https://track.crezu.net/click?offer_id=34&pid=2&sub1=caa333ef9ab34141b01072fdc4cfcac3&sub2=mx-sms-welcome1-n-landing-offers&sub4=2&r=379
Title: Solicítalo ahora

Search URL Search Domain Scan URL

URL: https://track.crezu.net/click?offer_id=302&pid=2&sub1=caa333ef9ab34141b01072fdc4cfcac3&sub2=mx-sms-welcome1-n-landing-offers&sub4=3&r=789
Title: Solicítalo ahora

Search URL Search Domain Scan URL

URL: https://track.crezu.net/click?offer_id=469&pid=2&sub1=caa333ef9ab34141b01072fdc4cfcac3&sub2=mx-sms-welcome1-n-landing-offers&sub4=4&r=489
Title: Solicítalo ahora

Search URL Search Domain Scan URL

URL: https://track.crezu.net/click?offer_id=297&pid=2&sub1=caa333ef9ab34141b01072fdc4cfcac3&sub2=mx-sms-welcome1-n-landing-offers&sub4=5&r=776
Title: Quiero mi tarjeta

Search URL Search Domain Scan URL

URL: https://track.crezu.net/click?offer_id=53&pid=2&sub1=caa333ef9ab34141b01072fdc4cfcac3&sub2=mx-sms-welcome1-n-landing-offers&sub4=6&r=949
Title: Solicítalo ahora

Search URL Search Domain Scan URL

URL: https://track.crezu.net/click?offer_id=593&pid=2&sub1=caa333ef9ab34141b01072fdc4cfcac3&sub2=mx-sms-welcome1-n-landing-offers&sub4=7&r=546
Title: Contrata ahora

Search URL Search Domain Scan URL

URL: https://track.crezu.net/click?offer_id=30&pid=2&sub1=caa333ef9ab34141b01072fdc4cfcac3&sub2=mx-sms-welcome1-n-landing-offers&sub4=8&r=404
Title: Solicítalo ahora

Search URL Search Domain Scan URL

URL: https://unsub.crezu.net/gdpr?country=MX
Title: Darse de baja

Search URL Search Domain Scan URL

URL: https://crezumx.onelink.me/ACn4?af_xp=custom&pid=(direct)&c=(none)&af_channel=(none)

Search URL Search Domain Scan URL

URL: https://crezu.es/

Search URL Search Domain Scan URL

URL: https://crezu.co/

Search URL Search Domain Scan URL

URL: https://crezu.pe/

Search URL Search Domain Scan URL

URL: https://crezu.pl/

Search URL Search Domain Scan URL

URL: https://crezu.ro/

Search URL Search Domain Scan URL

URL: https://crezu.kz/

Search URL Search Domain Scan URL

URL: https://crezu.ph/

Search URL Search Domain Scan URL

URL: https://crezu.vn/

Search URL Search Domain Scan URL

URL: https://crezu.lk/

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://cru.si/1SfWX HTTP 301
https://cru.si/1SfWX HTTP 302
https://track.crezu.net/click?offer_id=216&pid=2&sub1=caa333ef9ab34141b01072fdc4cfcac3&sub2=mx-sms-welcome1-n HTTP 302
https://crezu.mx/landing/offers/?sub1=caa333ef9ab34141b01072fdc4cfcac3&sub2=mx-sms-welcome1-n&sub3=&sub4=&sub5=&sub6=&sub7=&sub8=&sub9= Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 117

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEG5rPn2b_cPPfguLMA4Ao7s&google_cver=1

Request Chain 118

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZSBPqtbFP8kkhWnNPuUeQAAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESENqmFJ5Wu80TgRlYMCfE1L4&google_cver=1

Request Chain 119

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESEOJHw9guXp34qs1Kbnit_7w&google_cver=1

Request Chain 120

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NzM0MDUwNjgxNjE1NzIzODgyMQ%3D%3D

Request Chain 124

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESENqmFJ5Wu80TgRlYMCfE1L4&google_cver=1

Request Chain 125

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZSBPqtbFP8kkhWnNPuUeQAAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESENqmFJ5Wu80TgRlYMCfE1L4&google_cver=1

Request Chain 126

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESEG0ljB9UwKHR5Ue2Oqo7mBs&google_cver=1

Request Chain 127

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NzM0MDUwNjgxNjE1NzIzODgyMQ%3D%3D

Request Chain 133

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Request Chain 141

https://googleads.g.doubleclick.net/pagead/adview?ai=CLdpFqU8gZeqYB6KriQa3qo6wBPvT7O9yha_c8q0R1IS7-5oCEAEg47-khAFgleKQgqAHoAGhwJjxKMgBAagDAcgDywSqBMYCT9BRB9eVHPWEO9WUii-AEnkN7OL0d0K7-d1XE4tt1SAGrqLzUcsCyQ6ZXqyk3AnmsUX4MA1nrxkbqc_g0i7s--QwW3VYgkrgpYydSTUvKJ-i3e-I-TdHxV1RD07QwmWJNg-FNzw8QodCU9fQIfgH5px5tIPUgImWd-ji0n2QVpMI60LJMRkn_nSAiHaBeaqkhqbFFVzjdLN2npTsRQ5Vq6yG-DwnFU-AvrehV9qsGdOHXYcuQtH0PQbflYpZ8W22UxayP-BDs3Dcu6c_ZqeJ5rKrV3CE204mwXu4FB5wJRB18jFez-brpgC3Y0DVHay6FT2oh7kScYxlQ24USlnLeT4sWcDqrQGqmF4sW2iwJiPw-vee5PD0sMMBItGiL_qfNlYQDBdUbLusiDvN9ltR9sDckcFnDZtxja_rqN6t3FY24i81pdTABKmTxLmkBIgFkI-hlEuSBQQIBBgBkgUECAUYBIAHnfykowSoB9m2sQKoB47OG6gHk9gbqAfulrECqAf-nrECqAeko7ECqAfVyRuoB6a-G9gHAfIHBBDFggfSCBYIgOGAEBABGB8yAqoCOgKAQEi9_cE6mgmAAmh0dHBzOi8vd3d3LnRlbXUuY29tL2RlL2t1aXBlci91bjEuaHRtbD9zdWJqPWZlZWQtdW4mX2JnX2ZzPTEmX3BfbWF0MV90eXBlPTEmX3BfanVtcF9pZD03MjUmX3hfdnN0X3NjZW5lPWFkZyZsb2NhbGVfb3ZlcnJpZGU9NzZ-ZGV-RVVSJmdvb2RzX2lkPTYwMTA5OTUxNDQ3MzM5MSZfcF9yZnM9MSZfeF9hZHNfc3ViX2NoYW5uZWw9b3RoZXImX3hfYWRzX2NoYW5uZWw9Z29vZ2xlJl94X2JnX2FkaWQ9Z2QyMzk1MjYtMiZ0b3BpY19jbGFzc2lmeT0xMTOACgHICwHYEwvQFQGAFwGyFxwKGggAEhRwdWItNzcyMDQ2MDA1MTQzMDgzMhgA&sigh=7oHTjTWkbpY&uach_m=[UACH]&ase=2&nis=4&cid=CAQSSwDICaaNVbcTiQwd4GyMtbhRFffHikXDQb1_IsOh0Pt7gB5V9gleMiT-DnhHfVladWuxlRSZAfbiGpPrdHzfnOBhczJfR9nfOJRkjxgB&cbvp=2&vis=1 HTTP 302
https://www.googleadservices.com/pagead/ar-adview/?nrh={%22debug_key%22:%2211843668169262942521%22,%22debug_reporting%22:true,%22destination%22:%22https://temu.com%22,%22event_report_window%22:%22259200%22,%22expiry%22:%222592000%22,%22filter_data%22:{%222%22:[%2210974797857%22],%224%22:[%2210-06%22],%226%22:[%22true%22]},%22priority%22:%22500%22,%22source_event_id%22:%2214812652655657077809%22}&andc=true

Request Chain 144

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Request Chain 149

https://googleads.g.doubleclick.net/pagead/adview?ai=ChQloqU8gZcGPBozYZov_qagG7KmCtXORgsGR-RHb2R4QASDjv6SEAWCV4pCCoAegAb_L5oUCyAECqAMByAPJBKoEwgJP0G1dlomeIZxpC39_kBtsy7TCeB1tdiPIuQVuIyz13BzCxM74Y6sH7W39YARJYvsxBrNWPeQIRRFH7SIcWX6-5RO_5NU4_e0qS4dnKGa0H0U6Dic6Pl8C6P669e_53dK4IdGQNSOnfr1mSKc_v0ggRBGDoqwPsM-hfpINU3aDx0DnuvJFSl3XFJaTFHeW08J80SjzZ-DcmVeEaSQA2XVFHk_BsP0jpUH-TimavPUpfl5vRgjhLTQsgphQV4yxPVWVUGtEVTiU3tGPAoxNrypVKQbA0a3Al7G5bzgPsr_O7jzeabEV7oriC6994W4v-Z0x14ASKN6--lwrdv_CGQw-EGbskB1Wl5ZRptNIsH9nuXC_eDlLWGxrdG3LV1-uSmGQZcP_obHOxhsqjPLUGnfdMCt8QEOkcvXu4TW5_8qVnz2xwATA17PMoASIBcT_na9EkgUECAQYAZIFBAgFGASgBgKAB_-8gbMCqAfZtrECqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhvYBwHyBwQQzbAD0ggWCIDhgBAQARgfMgKqAjoCgEBIvf3BOpoJ9gFodHRwczovL3d3dy5jb3Rvc2VuLmNvbS9ob3Qtc2FsZS8_dHNwdT1TUDIzMDgwMzBHM1EsU1AyMzA3MjBLTEhQLFNQMjMwMjIyQ1NEMCxTUDIzMDIwMk1KVEEsU1AyMzAxMTA0NjBRLFNQMjMwMzA5N1IxTCxTUDIzMDEwNk5SUlksU1AyMzAxMDY4RlA5LFNQMjMwNjA1N0ZBUyxTUDIxMDgxMVMyTjgsU1AyMzA1MjdBUFU2LFNQMjExMTIzSTZRWSxTUDIyMDkwMVAxV0QsU1AyMzA1MDIxMzhKLFNQMjIxMTAxTkpFNixTUDIzMDczMURWVziACgHICwHYEwvQFQGAFwGyFxwKGggAEhRwdWItNzcyMDQ2MDA1MTQzMDgzMhgA&sigh=IjjkHfCe8NQ&uach_m=[UACH]&ase=2&nis=4&cid=CAQSSwDICaaNEl0sejUNs258rP8af9r072B4lB5PljFqMuwFvOl566ppXrq5vvY2Cb0GwguFvUdeaHJnjkQiWQ-xlOsoGC7MCLai4yPnlBgB&cbvp=2&vis=1 HTTP 302
https://www.googleadservices.com/pagead/ar-adview/?nrh={%22debug_key%22:%2213291965271632458885%22,%22debug_reporting%22:true,%22destination%22:%22https://cotosen.com%22,%22event_report_window%22:%22259200%22,%22expiry%22:%222592000%22,%22filter_data%22:{%222%22:[%22549037503%22],%224%22:[%2210-06%22],%226%22:[%22true%22]},%22priority%22:%22500%22,%22source_event_id%22:%222143253146712181921%22}&andc=true

183 HTTP transactions
5 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request / Show response
crezu.mx/landing/offers/
Redirect Chain

http://cru.si/1SfWX
https://cru.si/1SfWX
https://track.crezu.net/click?offer_id=216&pid=2&sub1=caa333ef9ab34141b01072fdc4cfcac3&sub2=mx-sms-welcome1-n
https://crezu.mx/landing/offers/?sub1=caa333ef9ab34141b01072fdc4cfcac3&sub2=mx-sms-welcome1-n&sub3=&sub4=&sub5=&sub6=&sub7=&sub8=&sub9=

50 KB
10 KB

598ms
163ms

Document
text/html

34.94.124.239
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://crezu.mx/landing/offers/?sub1=caa333ef9ab34141b01072fdc4cfcac3&sub2=mx-sms-welcome1-n&sub3=&sub4=&sub5=&sub6=&sub7=&sub8=&sub9=

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

34.94.124.239 Los Angeles, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

239.124.94.34.bc.googleusercontent.com

Software

nginx /

Resource Hash

365ba661ce7dd81b4bc935c1458f4225e097c9a67304113b0c4c787bd0a06b02

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: no-cache
content-encoding: gzip
content-type: text/html
date: Fri, 06 Oct 2023 18:19:18 GMT
etag: W/"651d87e1-c636"
expires: Fri, 06 Oct 2023 18:19:17 GMT
last-modified: Wed, 04 Oct 2023 15:42:25 GMT
referrer-policy: no-referrer-when-downgrade
server: nginx
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

Redirect headers

access-control-allow-origin: *
content-length: 0
date: Fri, 06 Oct 2023 18:19:18 GMT
location: https://crezu.mx/landing/offers/?sub1=caa333ef9ab34141b01072fdc4cfcac3&sub2=mx-sms-welcome1-n&sub3=&sub4=&sub5=&sub6=&sub7=&sub8=&sub9=
server: nginx
x-adjust-use-original-forwarded-for: 1

GET
H2 200 f97ae6a.modern.js Show response
crezu.mx/_nuxt/ 3 KB
2 KB 166ms
164ms Script
application/javascript 34.94.124.239
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://crezu.mx/_nuxt/f97ae6a.modern.js
Requested by: Host: crezu.mx
URL: https://crezu.mx/landing/offers/?sub1=caa333ef9ab34141b01072fdc4cfcac3&sub2=mx-sms-welcome1-n&sub3=&sub4=&sub5=&sub6=&sub7=&sub8=&sub9=
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 34.94.124.239 Los Angeles, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 239.124.94.34.bc.googleusercontent.com
Software: nginx /
Resource Hash: 29020649181800734e62e4d5247328233c913bbaf4b95a02a91886e220a9e53b

Request headers

Referer: https://crezu.mx/landing/offers/?sub1=caa333ef9ab34141b01072fdc4cfcac3&sub2=mx-sms-welcome1-n&sub3=&sub4=&sub5=&sub6=&sub7=&sub8=&sub9=
Origin: https://crezu.mx
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Fri, 06 Oct 2023 18:19:18 GMT
content-encoding: gzip
last-modified: Wed, 04 Oct 2023 15:41:59 GMT
server: nginx
etag: W/"651d87c7-d89"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=31536000, public
expires: Sat, 05 Oct 2024 18:19:18 GMT

GET
H2 200 18157f5.modern.js Show response
crezu.mx/_nuxt/ 253 KB
81 KB 173ms
171ms Script
application/javascript 34.94.124.239
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://crezu.mx/_nuxt/18157f5.modern.js
Requested by: Host: crezu.mx
URL: https://crezu.mx/landing/offers/?sub1=caa333ef9ab34141b01072fdc4cfcac3&sub2=mx-sms-welcome1-n&sub3=&sub4=&sub5=&sub6=&sub7=&sub8=&sub9=
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 34.94.124.239 Los Angeles, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 239.124.94.34.bc.googleusercontent.com
Software: nginx /
Resource Hash: 410a655ef778c633ee7c66a2cdfc4fd765da972fcc0f732b210584a83d2abd9f

Request headers

Referer: https://crezu.mx/landing/offers/?sub1=caa333ef9ab34141b01072fdc4cfcac3&sub2=mx-sms-welcome1-n&sub3=&sub4=&sub5=&sub6=&sub7=&sub8=&sub9=
Origin: https://crezu.mx
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Fri, 06 Oct 2023 18:19:18 GMT
content-encoding: gzip
last-modified: Wed, 04 Oct 2023 15:41:59 GMT
server: nginx
etag: W/"651d87c7-3f3d9"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=31536000, public
expires: Sat, 05 Oct 2024 18:19:18 GMT

GET
H2 200 a855abf.modern.js Show response
crezu.mx/_nuxt/ 405 KB
123 KB 490ms
488ms Script
application/javascript 34.94.124.239
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://crezu.mx/_nuxt/a855abf.modern.js
Requested by: Host: crezu.mx
URL: https://crezu.mx/landing/offers/?sub1=caa333ef9ab34141b01072fdc4cfcac3&sub2=mx-sms-welcome1-n&sub3=&sub4=&sub5=&sub6=&sub7=&sub8=&sub9=
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 34.94.124.239 Los Angeles, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 239.124.94.34.bc.googleusercontent.com
Software: nginx /
Resource Hash: 23b989b7a16bf6914ad0d4cdfb9d87c1bc17250479d8b1dbf3727d7256b399bd

Request headers

Referer: https://crezu.mx/landing/offers/?sub1=caa333ef9ab34141b01072fdc4cfcac3&sub2=mx-sms-welcome1-n&sub3=&sub4=&sub5=&sub6=&sub7=&sub8=&sub9=
Origin: https://crezu.mx
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Fri, 06 Oct 2023 18:19:18 GMT
content-encoding: gzip
last-modified: Wed, 04 Oct 2023 15:41:59 GMT
server: nginx
etag: W/"651d87c7-655c6"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=31536000, public
expires: Sat, 05 Oct 2024 18:19:18 GMT

GET
H2 200 7afc8e1.modern.js Show response
crezu.mx/_nuxt/ 165 KB
38 KB 491ms
488ms Script
application/javascript 34.94.124.239
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://crezu.mx/_nuxt/7afc8e1.modern.js
Requested by: Host: crezu.mx
URL: https://crezu.mx/landing/offers/?sub1=caa333ef9ab34141b01072fdc4cfcac3&sub2=mx-sms-welcome1-n&sub3=&sub4=&sub5=&sub6=&sub7=&sub8=&sub9=
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 34.94.124.239 Los Angeles, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 239.124.94.34.bc.googleusercontent.com
Software: nginx /
Resource Hash: e455ea50853baebcf6bfdfbe7a3fe376e1fb273e4eae4edd45d659d6bc714dc4

Request headers

Referer: https://crezu.mx/landing/offers/?sub1=caa333ef9ab34141b01072fdc4cfcac3&sub2=mx-sms-welcome1-n&sub3=&sub4=&sub5=&sub6=&sub7=&sub8=&sub9=
Origin: https://crezu.mx
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Fri, 06 Oct 2023 18:19:18 GMT
content-encoding: gzip
last-modified: Wed, 04 Oct 2023 15:41:59 GMT
server: nginx
etag: W/"651d87c7-29220"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=31536000, public
expires: Sat, 05 Oct 2024 18:19:18 GMT

GET
H2 200 d87ce44.modern.js Show response
crezu.mx/_nuxt/ 2 KB
1 KB 491ms
489ms Script
application/javascript 34.94.124.239
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://crezu.mx/_nuxt/d87ce44.modern.js
Requested by: Host: crezu.mx
URL: https://crezu.mx/landing/offers/?sub1=caa333ef9ab34141b01072fdc4cfcac3&sub2=mx-sms-welcome1-n&sub3=&sub4=&sub5=&sub6=&sub7=&sub8=&sub9=
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 34.94.124.239 Los Angeles, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 239.124.94.34.bc.googleusercontent.com
Software: nginx /
Resource Hash: 9490c4f00bb14c899703d6c1564c7f1ad41def0023ebf61d5d61c9fdb8bc64a0

Request headers

Referer: https://crezu.mx/landing/offers/?sub1=caa333ef9ab34141b01072fdc4cfcac3&sub2=mx-sms-welcome1-n&sub3=&sub4=&sub5=&sub6=&sub7=&sub8=&sub9=
Origin: https://crezu.mx
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Fri, 06 Oct 2023 18:19:18 GMT
content-encoding: gzip
last-modified: Wed, 04 Oct 2023 15:41:59 GMT
server: nginx
etag: W/"651d87c7-90b"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=31536000, public
expires: Sat, 05 Oct 2024 18:19:18 GMT

GET
H2 200 8752885.modern.js Show response
crezu.mx/_nuxt/ 15 KB
4 KB 491ms
489ms Script
application/javascript 34.94.124.239
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://crezu.mx/_nuxt/8752885.modern.js
Requested by: Host: crezu.mx
URL: https://crezu.mx/landing/offers/?sub1=caa333ef9ab34141b01072fdc4cfcac3&sub2=mx-sms-welcome1-n&sub3=&sub4=&sub5=&sub6=&sub7=&sub8=&sub9=
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 34.94.124.239 Los Angeles, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 239.124.94.34.bc.googleusercontent.com
Software: nginx /
Resource Hash: 2357489ef54f3b5acfbf1996b3b8883879ac48c4ee245144952362bc5739d50b

Request headers

Referer: https://crezu.mx/landing/offers/?sub1=caa333ef9ab34141b01072fdc4cfcac3&sub2=mx-sms-welcome1-n&sub3=&sub4=&sub5=&sub6=&sub7=&sub8=&sub9=
Origin: https://crezu.mx
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Fri, 06 Oct 2023 18:19:18 GMT
content-encoding: gzip
last-modified: Wed, 04 Oct 2023 15:41:59 GMT
server: nginx
etag: W/"651d87c7-3bec"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=31536000, public
expires: Sat, 05 Oct 2024 18:19:18 GMT

GET
H2 200 b820e80.modern.js Show response
crezu.mx/_nuxt/ 30 KB
6 KB 491ms
489ms Script
application/javascript 34.94.124.239
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://crezu.mx/_nuxt/b820e80.modern.js
Requested by: Host: crezu.mx
URL: https://crezu.mx/landing/offers/?sub1=caa333ef9ab34141b01072fdc4cfcac3&sub2=mx-sms-welcome1-n&sub3=&sub4=&sub5=&sub6=&sub7=&sub8=&sub9=
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 34.94.124.239 Los Angeles, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 239.124.94.34.bc.googleusercontent.com
Software: nginx /
Resource Hash: 43c76398d17966c666af6a608b05793537933ce9df86051b8b18df77ae72b9a8

Request headers

Referer: https://crezu.mx/landing/offers/?sub1=caa333ef9ab34141b01072fdc4cfcac3&sub2=mx-sms-welcome1-n&sub3=&sub4=&sub5=&sub6=&sub7=&sub8=&sub9=
Origin: https://crezu.mx
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Fri, 06 Oct 2023 18:19:18 GMT
content-encoding: gzip
last-modified: Wed, 04 Oct 2023 15:41:59 GMT
server: nginx
etag: W/"651d87c7-7877"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=31536000, public
expires: Sat, 05 Oct 2024 18:19:18 GMT

GET
H2 200 state.js Show response
crezu.mx/_nuxt/static/1696434118/landing/offers/ 6 KB
2 KB 491ms
489ms Script
application/javascript 34.94.124.239
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://crezu.mx/_nuxt/static/1696434118/landing/offers/state.js
Requested by: Host: crezu.mx
URL: https://crezu.mx/landing/offers/?sub1=caa333ef9ab34141b01072fdc4cfcac3&sub2=mx-sms-welcome1-n&sub3=&sub4=&sub5=&sub6=&sub7=&sub8=&sub9=
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 34.94.124.239 Los Angeles, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 239.124.94.34.bc.googleusercontent.com
Software: nginx /
Resource Hash: b426143717a30b2eb45983c0a820696ac4ead348f3b1720b82713d48b86aaf41

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://crezu.mx/landing/offers/?sub1=caa333ef9ab34141b01072fdc4cfcac3&sub2=mx-sms-welcome1-n&sub3=&sub4=&sub5=&sub6=&sub7=&sub8=&sub9=
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Fri, 06 Oct 2023 18:19:18 GMT
content-encoding: gzip
last-modified: Wed, 04 Oct 2023 15:42:25 GMT
server: nginx
etag: W/"651d87e1-1987"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=31536000, public
expires: Sat, 05 Oct 2024 18:19:18 GMT

GET
H2 200 payload.js Show response
crezu.mx/_nuxt/static/1696434118/landing/offers/ 80 B
308 B 491ms
490ms Script
application/javascript 34.94.124.239
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://crezu.mx/_nuxt/static/1696434118/landing/offers/payload.js
Requested by: Host: crezu.mx
URL: https://crezu.mx/landing/offers/?sub1=caa333ef9ab34141b01072fdc4cfcac3&sub2=mx-sms-welcome1-n&sub3=&sub4=&sub5=&sub6=&sub7=&sub8=&sub9=
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 34.94.124.239 Los Angeles, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 239.124.94.34.bc.googleusercontent.com
Software: nginx /
Resource Hash: a7ef29d3fc71e75ad570a2faaa78d65cf17d29c8bffc019145d1d9599e01265d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://crezu.mx/landing/offers/?sub1=caa333ef9ab34141b01072fdc4cfcac3&sub2=mx-sms-welcome1-n&sub3=&sub4=&sub5=&sub6=&sub7=&sub8=&sub9=
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Fri, 06 Oct 2023 18:19:18 GMT
content-encoding: gzip
last-modified: Wed, 04 Oct 2023 15:42:25 GMT
server: nginx
etag: W/"651d87e1-50"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=31536000, public
expires: Sat, 05 Oct 2024 18:19:18 GMT

GET
H2 200 manifest.js Show response
crezu.mx/_nuxt/static/1696434118/ 1 KB
687 B 491ms
490ms Script
application/javascript 34.94.124.239
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://crezu.mx/_nuxt/static/1696434118/manifest.js
Requested by: Host: crezu.mx
URL: https://crezu.mx/landing/offers/?sub1=caa333ef9ab34141b01072fdc4cfcac3&sub2=mx-sms-welcome1-n&sub3=&sub4=&sub5=&sub6=&sub7=&sub8=&sub9=
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 34.94.124.239 Los Angeles, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 239.124.94.34.bc.googleusercontent.com
Software: nginx /
Resource Hash: 7a706d29ebced69475210c2fcf642bf549f1d6ec0d45cac70452818637774048

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://crezu.mx/landing/offers/?sub1=caa333ef9ab34141b01072fdc4cfcac3&sub2=mx-sms-welcome1-n&sub3=&sub4=&sub5=&sub6=&sub7=&sub8=&sub9=
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Fri, 06 Oct 2023 18:19:18 GMT
content-encoding: gzip
last-modified: Wed, 04 Oct 2023 15:42:28 GMT
server: nginx
etag: W/"651d87e4-54d"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=31536000, public
expires: Sat, 05 Oct 2024 18:19:18 GMT

GET
H2 200 SFProDisplay-Bold.woff2
crezu.mx/fonts/SF_Pro_Display/ 96 KB
97 KB 449ms
448ms Font
application/octet-stream 34.94.124.239
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://crezu.mx/fonts/SF_Pro_Display/SFProDisplay-Bold.woff2

Requested by

Host: crezu.mx
URL: https://crezu.mx/landing/offers/?sub1=caa333ef9ab34141b01072fdc4cfcac3&sub2=mx-sms-welcome1-n&sub3=&sub4=&sub5=&sub6=&sub7=&sub8=&sub9=

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

34.94.124.239 Los Angeles, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

239.124.94.34.bc.googleusercontent.com

Software

nginx /

Resource Hash

32b6db04338d853de4148e775afcacadfb2d0bd3e8f10192916f6688f34c6005

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://crezu.mx/landing/offers/?sub1=caa333ef9ab34141b01072fdc4cfcac3&sub2=mx-sms-welcome1-n&sub3=&sub4=&sub5=&sub6=&sub7=&sub8=&sub9=
Origin: https://crezu.mx
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Fri, 06 Oct 2023 18:19:18 GMT
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
last-modified: Wed, 04 Oct 2023 15:41:59 GMT
server: nginx
etag: "651d87c7-18198"
content-type: application/octet-stream
cache-control: max-age=31536000
accept-ranges: bytes
content-length: 98712
x-xss-protection: 1; mode=block
expires: Sat, 05 Oct 2024 18:19:18 GMT

GET
H2 200 SFProDisplay-Medium.woff2
crezu.mx/fonts/SF_Pro_Display/ 97 KB
98 KB 449ms
448ms Font
application/octet-stream 34.94.124.239
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://crezu.mx/fonts/SF_Pro_Display/SFProDisplay-Medium.woff2

Requested by

Host: crezu.mx
URL: https://crezu.mx/landing/offers/?sub1=caa333ef9ab34141b01072fdc4cfcac3&sub2=mx-sms-welcome1-n&sub3=&sub4=&sub5=&sub6=&sub7=&sub8=&sub9=

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

34.94.124.239 Los Angeles, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

239.124.94.34.bc.googleusercontent.com

Software

nginx /

Resource Hash

b8da67821e588e3ee5516083d99f1d9907c23a24fcb52dfb3c57cd38924dcef7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://crezu.mx/landing/offers/?sub1=caa333ef9ab34141b01072fdc4cfcac3&sub2=mx-sms-welcome1-n&sub3=&sub4=&sub5=&sub6=&sub7=&sub8=&sub9=
Origin: https://crezu.mx
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Fri, 06 Oct 2023 18:19:18 GMT
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
last-modified: Wed, 04 Oct 2023 15:41:59 GMT
server: nginx
etag: "651d87c7-184f4"
content-type: application/octet-stream
cache-control: max-age=31536000
accept-ranges: bytes
content-length: 99572
x-xss-protection: 1; mode=block
expires: Sat, 05 Oct 2024 18:19:18 GMT

GET
H2 200 SFProDisplay-Semibold.woff2
crezu.mx/fonts/SF_Pro_Display/ 98 KB
98 KB 449ms
448ms Font
application/octet-stream 34.94.124.239
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://crezu.mx/fonts/SF_Pro_Display/SFProDisplay-Semibold.woff2

Requested by

Host: crezu.mx
URL: https://crezu.mx/landing/offers/?sub1=caa333ef9ab34141b01072fdc4cfcac3&sub2=mx-sms-welcome1-n&sub3=&sub4=&sub5=&sub6=&sub7=&sub8=&sub9=

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

34.94.124.239 Los Angeles, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

239.124.94.34.bc.googleusercontent.com

Software

nginx /

Resource Hash

e80a61b2cbc6d6b3b3ed8b50bcd8f6a89f8f5b69460e03f47defe0554c3220d2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://crezu.mx/landing/offers/?sub1=caa333ef9ab34141b01072fdc4cfcac3&sub2=mx-sms-welcome1-n&sub3=&sub4=&sub5=&sub6=&sub7=&sub8=&sub9=
Origin: https://crezu.mx
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Fri, 06 Oct 2023 18:19:18 GMT
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
last-modified: Wed, 04 Oct 2023 15:41:59 GMT
server: nginx
etag: "651d87c7-18820"
content-type: application/octet-stream
cache-control: max-age=31536000
accept-ranges: bytes
content-length: 100384
x-xss-protection: 1; mode=block
expires: Sat, 05 Oct 2024 18:19:18 GMT

GET
H2 200 financial-services.webp
crezu.mx/img/ 171 KB
170 KB 424ms
419ms Image
image/webp 34.94.124.239
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://crezu.mx/img/financial-services.webp

Requested by

Host: crezu.mx
URL: https://crezu.mx/landing/offers/?sub1=caa333ef9ab34141b01072fdc4cfcac3&sub2=mx-sms-welcome1-n&sub3=&sub4=&sub5=&sub6=&sub7=&sub8=&sub9=

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

34.94.124.239 Los Angeles, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

239.124.94.34.bc.googleusercontent.com

Software

nginx /

Resource Hash

ad3475c7f4d70164e0c35e41f5e0af761328897f7a9f374759623ee496dbd65d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://crezu.mx/landing/offers/?sub1=caa333ef9ab34141b01072fdc4cfcac3&sub2=mx-sms-welcome1-n&sub3=&sub4=&sub5=&sub6=&sub7=&sub8=&sub9=
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Fri, 06 Oct 2023 18:19:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
last-modified: Wed, 04 Oct 2023 15:41:58 GMT
server: nginx
etag: W/"651d87c6-2acf0"
vary: Accept-Encoding
content-type: image/webp
cache-control: max-age=31536000
x-xss-protection: 1; mode=block
expires: Sat, 05 Oct 2024 18:19:18 GMT

GET
H2 200 logo.svg
crezu.mx/img/ 10 KB
4 KB 423ms
419ms Image
image/svg+xml 34.94.124.239
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://crezu.mx/img/logo.svg
Requested by: Host: crezu.mx
URL: https://crezu.mx/landing/offers/?sub1=caa333ef9ab34141b01072fdc4cfcac3&sub2=mx-sms-welcome1-n&sub3=&sub4=&sub5=&sub6=&sub7=&sub8=&sub9=
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 34.94.124.239 Los Angeles, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 239.124.94.34.bc.googleusercontent.com
Software: nginx /
Resource Hash: be4fe1eb14331ddfa357dee65ac3e9d82400e3b185b05e3f09dbf2f9019b6a12

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://crezu.mx/landing/offers/?sub1=caa333ef9ab34141b01072fdc4cfcac3&sub2=mx-sms-welcome1-n&sub3=&sub4=&sub5=&sub6=&sub7=&sub8=&sub9=
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Fri, 06 Oct 2023 18:19:18 GMT
content-encoding: gzip
last-modified: Wed, 04 Oct 2023 15:41:58 GMT
server: nginx
etag: W/"651d87c6-289f"
vary: Accept-Encoding
content-type: image/svg+xml
cache-control: max-age=31536000, public
expires: Sat, 05 Oct 2024 18:19:18 GMT

GET
H2 200 countryball_spain.svg
crezu.mx/img/seo/ 803 B
616 B 423ms
419ms Image
image/svg+xml 34.94.124.239
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://crezu.mx/img/seo/countryball_spain.svg
Requested by: Host: crezu.mx
URL: https://crezu.mx/landing/offers/?sub1=caa333ef9ab34141b01072fdc4cfcac3&sub2=mx-sms-welcome1-n&sub3=&sub4=&sub5=&sub6=&sub7=&sub8=&sub9=
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 34.94.124.239 Los Angeles, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 239.124.94.34.bc.googleusercontent.com
Software: nginx /
Resource Hash: 40f9822c8aa42d2c8a21edff1ff8f3f47e3c609819930c2d600dc6a9a68f3449

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://crezu.mx/landing/offers/?sub1=caa333ef9ab34141b01072fdc4cfcac3&sub2=mx-sms-welcome1-n&sub3=&sub4=&sub5=&sub6=&sub7=&sub8=&sub9=
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Fri, 06 Oct 2023 18:19:18 GMT
content-encoding: gzip
last-modified: Wed, 04 Oct 2023 15:41:58 GMT
server: nginx
etag: W/"651d87c6-323"
vary: Accept-Encoding
content-type: image/svg+xml
cache-control: max-age=31536000, public
expires: Sat, 05 Oct 2024 18:19:18 GMT

GET
H2 200 countryball_mexico.svg
crezu.mx/img/seo/ 1 KB
775 B 423ms
419ms Image
image/svg+xml 34.94.124.239
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://crezu.mx/img/seo/countryball_mexico.svg
Requested by: Host: crezu.mx
URL: https://crezu.mx/landing/offers/?sub1=caa333ef9ab34141b01072fdc4cfcac3&sub2=mx-sms-welcome1-n&sub3=&sub4=&sub5=&sub6=&sub7=&sub8=&sub9=
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 34.94.124.239 Los Angeles, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 239.124.94.34.bc.googleusercontent.com
Software: nginx /
Resource Hash: 2a45c21b79433a9b4d6b55022af7dee5406a06a1de25875d3e9df6a0a0ff625a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://crezu.mx/landing/offers/?sub1=caa333ef9ab34141b01072fdc4cfcac3&sub2=mx-sms-welcome1-n&sub3=&sub4=&sub5=&sub6=&sub7=&sub8=&sub9=
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Fri, 06 Oct 2023 18:19:18 GMT
content-encoding: gzip
last-modified: Wed, 04 Oct 2023 15:41:58 GMT
server: nginx
etag: W/"651d87c6-517"
vary: Accept-Encoding
content-type: image/svg+xml
cache-control: max-age=31536000, public
expires: Sat, 05 Oct 2024 18:19:18 GMT

GET
H2 200 countryball_colombia.svg
crezu.mx/img/seo/ 657 B
575 B 423ms
420ms Image
image/svg+xml 34.94.124.239
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://crezu.mx/img/seo/countryball_colombia.svg
Requested by: Host: crezu.mx
URL: https://crezu.mx/landing/offers/?sub1=caa333ef9ab34141b01072fdc4cfcac3&sub2=mx-sms-welcome1-n&sub3=&sub4=&sub5=&sub6=&sub7=&sub8=&sub9=
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 34.94.124.239 Los Angeles, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 239.124.94.34.bc.googleusercontent.com
Software: nginx /
Resource Hash: 8e2db6817343453d09b11709dc52332a605a51f24b22eed7673233ea8c7c90e8

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://crezu.mx/landing/offers/?sub1=caa333ef9ab34141b01072fdc4cfcac3&sub2=mx-sms-welcome1-n&sub3=&sub4=&sub5=&sub6=&sub7=&sub8=&sub9=
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Fri, 06 Oct 2023 18:19:18 GMT
content-encoding: gzip
last-modified: Wed, 04 Oct 2023 15:41:58 GMT
server: nginx
etag: W/"651d87c6-291"
vary: Accept-Encoding
content-type: image/svg+xml
cache-control: max-age=31536000, public
expires: Sat, 05 Oct 2024 18:19:18 GMT

GET
H2 200 countryball_peru.svg
crezu.mx/img/seo/ 698 B
563 B 423ms
420ms Image
image/svg+xml 34.94.124.239
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://crezu.mx/img/seo/countryball_peru.svg
Requested by: Host: crezu.mx
URL: https://crezu.mx/landing/offers/?sub1=caa333ef9ab34141b01072fdc4cfcac3&sub2=mx-sms-welcome1-n&sub3=&sub4=&sub5=&sub6=&sub7=&sub8=&sub9=
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 34.94.124.239 Los Angeles, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 239.124.94.34.bc.googleusercontent.com
Software: nginx /
Resource Hash: 3e20cf94885ec9fde4b91cfbb735ec0fbd84a9bf25a9eefa1d6ae6570ca737d2

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://crezu.mx/landing/offers/?sub1=caa333ef9ab34141b01072fdc4cfcac3&sub2=mx-sms-welcome1-n&sub3=&sub4=&sub5=&sub6=&sub7=&sub8=&sub9=
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Fri, 06 Oct 2023 18:19:18 GMT
content-encoding: gzip
last-modified: Wed, 04 Oct 2023 15:41:58 GMT
server: nginx
etag: W/"651d87c6-2ba"
vary: Accept-Encoding
content-type: image/svg+xml
cache-control: max-age=31536000, public
expires: Sat, 05 Oct 2024 18:19:18 GMT

GET
H2 200 countryball_poland.svg
crezu.mx/img/seo/ 506 B
484 B 423ms
420ms Image
image/svg+xml 34.94.124.239
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://crezu.mx/img/seo/countryball_poland.svg
Requested by: Host: crezu.mx
URL: https://crezu.mx/landing/offers/?sub1=caa333ef9ab34141b01072fdc4cfcac3&sub2=mx-sms-welcome1-n&sub3=&sub4=&sub5=&sub6=&sub7=&sub8=&sub9=
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 34.94.124.239 Los Angeles, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 239.124.94.34.bc.googleusercontent.com
Software: nginx /
Resource Hash: 56de204768600e666186737da41e893c7d3aacaea1c39fd80465f44392714d4a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://crezu.mx/landing/offers/?sub1=caa333ef9ab34141b01072fdc4cfcac3&sub2=mx-sms-welcome1-n&sub3=&sub4=&sub5=&sub6=&sub7=&sub8=&sub9=
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Fri, 06 Oct 2023 18:19:18 GMT
content-encoding: gzip
last-modified: Wed, 04 Oct 2023 15:41:58 GMT
server: nginx
etag: W/"651d87c6-1fa"
vary: Accept-Encoding
content-type: image/svg+xml
cache-control: max-age=31536000, public
expires: Sat, 05 Oct 2024 18:19:18 GMT

GET
H2 200 countryball_romania.svg
crezu.mx/img/seo/ 843 B
646 B 423ms
420ms Image
image/svg+xml 34.94.124.239
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://crezu.mx/img/seo/countryball_romania.svg
Requested by: Host: crezu.mx
URL: https://crezu.mx/landing/offers/?sub1=caa333ef9ab34141b01072fdc4cfcac3&sub2=mx-sms-welcome1-n&sub3=&sub4=&sub5=&sub6=&sub7=&sub8=&sub9=
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 34.94.124.239 Los Angeles, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 239.124.94.34.bc.googleusercontent.com
Software: nginx /
Resource Hash: 7b5795481ec5bafcc6dda4c3733dd67cd3e0de518f3a8b88b0ed4773540af566

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://crezu.mx/landing/offers/?sub1=caa333ef9ab34141b01072fdc4cfcac3&sub2=mx-sms-welcome1-n&sub3=&sub4=&sub5=&sub6=&sub7=&sub8=&sub9=
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Fri, 06 Oct 2023 18:19:18 GMT
content-encoding: gzip
last-modified: Wed, 04 Oct 2023 15:41:58 GMT
server: nginx
etag: W/"651d87c6-34b"
vary: Accept-Encoding
content-type: image/svg+xml
cache-control: max-age=31536000, public
expires: Sat, 05 Oct 2024 18:19:18 GMT

GET
H2 200 countryball_kazakhstan.svg
crezu.mx/img/seo/ 1 KB
797 B 424ms
421ms Image
image/svg+xml 34.94.124.239
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://crezu.mx/img/seo/countryball_kazakhstan.svg
Requested by: Host: crezu.mx
URL: https://crezu.mx/landing/offers/?sub1=caa333ef9ab34141b01072fdc4cfcac3&sub2=mx-sms-welcome1-n&sub3=&sub4=&sub5=&sub6=&sub7=&sub8=&sub9=
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 34.94.124.239 Los Angeles, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 239.124.94.34.bc.googleusercontent.com
Software: nginx /
Resource Hash: d0b8a0387614fa2bc4041cc1415388e91bd1c645231e778dfb7bc7d2475ad638

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://crezu.mx/landing/offers/?sub1=caa333ef9ab34141b01072fdc4cfcac3&sub2=mx-sms-welcome1-n&sub3=&sub4=&sub5=&sub6=&sub7=&sub8=&sub9=
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Fri, 06 Oct 2023 18:19:18 GMT
content-encoding: gzip
last-modified: Wed, 04 Oct 2023 15:41:58 GMT
server: nginx
etag: W/"651d87c6-503"
vary: Accept-Encoding
content-type: image/svg+xml
cache-control: max-age=31536000, public
expires: Sat, 05 Oct 2024 18:19:18 GMT

GET
H2 200 countryball_philippines.svg
crezu.mx/img/seo/ 2 KB
958 B 423ms
422ms Image
image/svg+xml 34.94.124.239
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://crezu.mx/img/seo/countryball_philippines.svg
Requested by: Host: crezu.mx
URL: https://crezu.mx/landing/offers/?sub1=caa333ef9ab34141b01072fdc4cfcac3&sub2=mx-sms-welcome1-n&sub3=&sub4=&sub5=&sub6=&sub7=&sub8=&sub9=
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 34.94.124.239 Los Angeles, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 239.124.94.34.bc.googleusercontent.com
Software: nginx /
Resource Hash: ba95cea0a3170d231a5d438b5089087b61dfbe09d8daa9140d2dcd14a6f5f922

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://crezu.mx/landing/offers/?sub1=caa333ef9ab34141b01072fdc4cfcac3&sub2=mx-sms-welcome1-n&sub3=&sub4=&sub5=&sub6=&sub7=&sub8=&sub9=
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Fri, 06 Oct 2023 18:19:18 GMT
content-encoding: gzip
last-modified: Wed, 04 Oct 2023 15:41:58 GMT
server: nginx
etag: W/"651d87c6-6bd"
vary: Accept-Encoding
content-type: image/svg+xml
cache-control: max-age=31536000, public
expires: Sat, 05 Oct 2024 18:19:18 GMT

GET
H2 200 countryball_vietnam.svg
crezu.mx/img/seo/ 606 B
553 B 423ms
422ms Image
image/svg+xml 34.94.124.239
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://crezu.mx/img/seo/countryball_vietnam.svg
Requested by: Host: crezu.mx
URL: https://crezu.mx/landing/offers/?sub1=caa333ef9ab34141b01072fdc4cfcac3&sub2=mx-sms-welcome1-n&sub3=&sub4=&sub5=&sub6=&sub7=&sub8=&sub9=
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 34.94.124.239 Los Angeles, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 239.124.94.34.bc.googleusercontent.com
Software: nginx /
Resource Hash: 1a538319189aa95195c40dd14147a90955ee910e191413c04270d842aabe0902

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://crezu.mx/landing/offers/?sub1=caa333ef9ab34141b01072fdc4cfcac3&sub2=mx-sms-welcome1-n&sub3=&sub4=&sub5=&sub6=&sub7=&sub8=&sub9=
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Fri, 06 Oct 2023 18:19:18 GMT
content-encoding: gzip
last-modified: Wed, 04 Oct 2023 15:41:58 GMT
server: nginx
etag: W/"651d87c6-25e"
vary: Accept-Encoding
content-type: image/svg+xml
cache-control: max-age=31536000, public
expires: Sat, 05 Oct 2024 18:19:18 GMT

GET
H2 200 countryball_sri-lanka.svg
crezu.mx/img/seo/ 2 KB
975 B 424ms
422ms Image
image/svg+xml 34.94.124.239
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://crezu.mx/img/seo/countryball_sri-lanka.svg
Requested by: Host: crezu.mx
URL: https://crezu.mx/landing/offers/?sub1=caa333ef9ab34141b01072fdc4cfcac3&sub2=mx-sms-welcome1-n&sub3=&sub4=&sub5=&sub6=&sub7=&sub8=&sub9=
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 34.94.124.239 Los Angeles, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 239.124.94.34.bc.googleusercontent.com
Software: nginx /
Resource Hash: 3e6375eb224adafea4e71b197cfe5408a0b0d8b26f6f68649b0fe69977e48166

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://crezu.mx/landing/offers/?sub1=caa333ef9ab34141b01072fdc4cfcac3&sub2=mx-sms-welcome1-n&sub3=&sub4=&sub5=&sub6=&sub7=&sub8=&sub9=
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Fri, 06 Oct 2023 18:19:18 GMT
content-encoding: gzip
last-modified: Wed, 04 Oct 2023 15:41:58 GMT
server: nginx
etag: W/"651d87c6-649"
vary: Accept-Encoding
content-type: image/svg+xml
cache-control: max-age=31536000, public
expires: Sat, 05 Oct 2024 18:19:18 GMT

GET
H2 200 515dce8.modern.js Show response
crezu.mx/_nuxt/ 25 KB
5 KB 164ms
163ms Script
application/javascript 34.94.124.239
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://crezu.mx/_nuxt/515dce8.modern.js
Requested by: Host: crezu.mx
URL: https://crezu.mx/_nuxt/f97ae6a.modern.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 34.94.124.239 Los Angeles, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 239.124.94.34.bc.googleusercontent.com
Software: nginx /
Resource Hash: 5ec2283ac7198b6e5e488b49a03f777f8999b75dfcc903d4a6d730b2c911e922

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://crezu.mx/landing/offers/?sub1=caa333ef9ab34141b01072fdc4cfcac3&sub2=mx-sms-welcome1-n&sub3=&sub4=&sub5=&sub6=&sub7=&sub8=&sub9=
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Fri, 06 Oct 2023 18:19:19 GMT
content-encoding: gzip
last-modified: Wed, 04 Oct 2023 15:41:59 GMT
server: nginx
etag: W/"651d87c7-6456"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=31536000, public
expires: Sat, 05 Oct 2024 18:19:19 GMT

GET
H2 200 style.css
cdn.crezu.net/offers/dist/ 60 KB
11 KB 251ms
19ms Stylesheet
text/css 35.201.76.189
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.crezu.net/offers/dist/style.css
Requested by: Host: crezu.mx
URL: https://crezu.mx/_nuxt/b820e80.modern.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.201.76.189 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 189.76.201.35.bc.googleusercontent.com
Software: nginx/1.14.0 (Ubuntu) /
Resource Hash: 92d16e1df1deed1cad305286a6f39912071e16747ca303d926e04040b5854b62

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://crezu.mx/landing/offers/?sub1=caa333ef9ab34141b01072fdc4cfcac3&sub2=mx-sms-welcome1-n&sub3&sub4&sub5&sub6&sub7&sub8&sub9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Mon, 02 Oct 2023 14:01:49 GMT
content-encoding: gzip
via: 1.1 google
last-modified: Mon, 02 Oct 2023 09:18:01 GMT
server: nginx/1.14.0 (Ubuntu)
age: 361051
etag: W/"651a8ac9-f04c"
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=604800,public
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11030
expires: Mon, 09 Oct 2023 14:01:49 GMT

GET
H2 200 offers.iife.js Show response
cdn.crezu.net/offers/dist/ 199 KB
60 KB 253ms
22ms Script
application/javascript 35.201.76.189
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.crezu.net/offers/dist/offers.iife.js
Requested by: Host: crezu.mx
URL: https://crezu.mx/_nuxt/b820e80.modern.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.201.76.189 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 189.76.201.35.bc.googleusercontent.com
Software: nginx/1.14.0 (Ubuntu) /
Resource Hash: 2c60934a4b0af0de2de96c9fee7dea5775a7a62197d6cff1744660c41fd3711c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://crezu.mx/landing/offers/?sub1=caa333ef9ab34141b01072fdc4cfcac3&sub2=mx-sms-welcome1-n&sub3&sub4&sub5&sub6&sub7&sub8&sub9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Mon, 02 Oct 2023 22:20:19 GMT
content-encoding: gzip
via: 1.1 google
last-modified: Mon, 02 Oct 2023 09:18:01 GMT
server: nginx/1.14.0 (Ubuntu)
age: 331141
etag: W/"651a8ac9-31ad9"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=604800,public
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 61412
expires: Mon, 09 Oct 2023 22:20:19 GMT

GET
H2 200 common.js Show response
cdn.crezu.net/common/dist/ 188 KB
55 KB 244ms
37ms Script
application/javascript 35.201.76.189
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.crezu.net/common/dist/common.js
Requested by: Host: crezu.mx
URL: https://crezu.mx/_nuxt/a855abf.modern.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.201.76.189 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 189.76.201.35.bc.googleusercontent.com
Software: nginx/1.14.0 (Ubuntu) /
Resource Hash: 18a49454b27284f8a409abfe02ee82f6aca81c42481091e6710bc2d8aa2ade16

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://crezu.mx/landing/offers/?sub1=caa333ef9ab34141b01072fdc4cfcac3&sub2=mx-sms-welcome1-n&sub3&sub4&sub5&sub6&sub7&sub8&sub9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Mon, 02 Oct 2023 09:21:24 GMT
content-encoding: gzip
via: 1.1 google
last-modified: Mon, 11 Sep 2023 15:37:30 GMT
server: nginx/1.14.0 (Ubuntu)
age: 377876
etag: W/"64ff343a-2f130"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=604800,public
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 56489
expires: Mon, 09 Oct 2023 09:21:24 GMT

GET
H/1.1 200
OK / Show response
workers.crezu.net/geoip/ 53 B
521 B 107ms
20ms Fetch
application/json 34.77.94.206
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://workers.crezu.net/geoip/
Requested by: Host: cdn.crezu.net
URL: https://cdn.crezu.net/offers/dist/offers.iife.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 34.77.94.206 Brussels, Belgium, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 206.94.77.34.bc.googleusercontent.com
Software: nginx/1.14.0 (Ubuntu) /
Resource Hash: 18dc7efbbf35c8f5b68c067252948fef7a3562c01163b73cacd0202ef9a4857f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://crezu.mx/landing/offers/?sub1=caa333ef9ab34141b01072fdc4cfcac3&sub2=mx-sms-welcome1-n&sub3&sub4&sub5&sub6&sub7&sub8&sub9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

Date: Fri, 06 Oct 2023 18:19:20 GMT
Server: nginx/1.14.0 (Ubuntu)
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: application/json
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length,Content-Range
Connection: keep-alive
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range, x-requested-with
Content-Length: 53

GET
H/1.1 200
OK sl-feed Show response
sl.crezu.net/ 68 B
551 B 207ms
70ms XHR
application/json 35.241.222.91
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://sl.crezu.net/sl-feed?lead_id=caa333ef9ab34141b01072fdc4cfcac3&page=landing-offers&direction=swap&experimental=broker
Requested by: Host: cdn.crezu.net
URL: https://cdn.crezu.net/offers/dist/offers.iife.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 35.241.222.91 Brussels, Belgium, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 91.222.241.35.bc.googleusercontent.com
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 2446a06920c92f06ddd5d728bf53a0cb464ab9443f7ca2b703ee5a99226c3614

Request headers

Accept: application/json, text/plain, */*
Referer: https://crezu.mx/landing/offers/?sub1=caa333ef9ab34141b01072fdc4cfcac3&sub2=mx-sms-welcome1-n&sub3&sub4&sub5&sub6&sub7&sub8&sub9
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

Date: Fri, 06 Oct 2023 18:19:20 GMT
Server: nginx/1.18.0 (Ubuntu)
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length,Content-Range
Connection: keep-alive
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range, x-requested-with
Content-Length: 68

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 205 KB
71 KB 143ms
59ms Script
application/javascript 2a00:1450:4001:806::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-NPS92WP

Requested by

Host: cdn.crezu.net
URL: https://cdn.crezu.net/common/dist/common.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

af0458020cbf7352f51fb2708b6a94acfa5d1c66d7b5136853d350604466048b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://crezu.mx/landing/offers/?sub1=caa333ef9ab34141b01072fdc4cfcac3&sub2=mx-sms-welcome1-n&sub3&sub4&sub5&sub6&sub7&sub8&sub9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Fri, 06 Oct 2023 18:19:20 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 71978
x-xss-protection: 0
last-modified: Fri, 06 Oct 2023 18:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Fri, 06 Oct 2023 18:19:20 GMT

GET
H2 200 fbevents.js Show response
connect.facebook.net/en_US/ 198 KB
53 KB 25ms
8ms Script
application/x-javascript 2a03:2880:f084:105:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: cdn.crezu.net
URL: https://cdn.crezu.net/common/dist/common.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f084:105:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

47c1293d2a904a3a20bfab88c4aa50c63a0753570c68aa7bd5f8a245e515cb08

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://crezu.mx/landing/offers/?sub1=caa333ef9ab34141b01072fdc4cfcac3&sub2=mx-sms-welcome1-n&sub3&sub4&sub5&sub6&sub7&sub8&sub9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Fri, 06 Oct 2023 18:19:20 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 53353
x-xss-protection: 0
pragma: public
x-fb-debug: +5tBSxt93wiFPoKttU+1Tp384Js/TpaSyLTVGaVIhnmH0lMkT3yhD4iV/ADB8iyISWm5WWGOJTZ403SFDrFerQ==
cross-origin-opener-policy: same-origin-allow-popups
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
origin-agent-cluster: ?0
cache-control: public, max-age=1200
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 google-play-badge.svg
crezu.mx/svg/ 8 KB
3 KB 164ms
163ms Image
image/svg+xml 34.94.124.239
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://crezu.mx/svg/google-play-badge.svg
Requested by: Host: crezu.mx
URL: https://crezu.mx/landing/offers/?sub1=caa333ef9ab34141b01072fdc4cfcac3&sub2=mx-sms-welcome1-n&sub3&sub4&sub5&sub6&sub7&sub8&sub9
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 34.94.124.239 Los Angeles, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 239.124.94.34.bc.googleusercontent.com
Software: nginx /
Resource Hash: ff93bde29a517354bff84cdb622cd420f370026d74babb9a61a04f0d4b796d76

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://crezu.mx/landing/offers/?sub1=caa333ef9ab34141b01072fdc4cfcac3&sub2=mx-sms-welcome1-n&sub3&sub4&sub5&sub6&sub7&sub8&sub9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Fri, 06 Oct 2023 18:19:20 GMT
content-encoding: gzip
last-modified: Wed, 04 Oct 2023 15:41:58 GMT
server: nginx
etag: W/"651d87c6-1f38"
vary: Accept-Encoding
content-type: image/svg+xml
cache-control: max-age=31536000, public
expires: Sat, 05 Oct 2024 18:19:20 GMT

GET
H2 200 461067334443962 Show response
connect.facebook.net/signals/config/ 131 KB
34 KB 339ms
339ms Script
application/x-javascript 2a03:2880:f084:105:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/461067334443962?v=2.9.132&r=c2&domain=crezu.mx

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f084:105:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

3a02884857f44655bce399b1d1bb9319dcabd5bca07acd6458218d00e3a0aaf7

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://crezu.mx/landing/offers/?sub1=caa333ef9ab34141b01072fdc4cfcac3&sub2=mx-sms-welcome1-n&sub3&sub4&sub5&sub6&sub7&sub8&sub9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Fri, 06 Oct 2023 18:19:20 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
x-xss-protection: 0
pragma: public
x-fb-debug: AcVyU2J81yN3NzRJU6JHz/fLm0SWBqQkGh39tq8pU1qmuGfHubxcbKOnyxXH6WFHPBGLI0NnNFXenm0IFiyGpQ==
cross-origin-opener-policy: same-origin-allow-popups
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
origin-agent-cluster: ?0
cache-control: public, max-age=1200
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H3 200 mx_feed.json Show response
cdn.crezu.net/offers_data/configs/ 80 KB
10 KB 52ms
22ms XHR
application/json 35.201.76.189
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.crezu.net/offers_data/configs/mx_feed.json
Requested by: Host: cdn.crezu.net
URL: https://cdn.crezu.net/offers/dist/offers.iife.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 35.201.76.189 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 189.76.201.35.bc.googleusercontent.com
Software: nginx/1.14.0 (Ubuntu) /
Resource Hash: fdee56376443aaa197e6ab164d59377f0f628626a20b0e914ff55ccec731a1cd

Request headers

Accept: application/json, text/plain, */*
Referer: https://crezu.mx/landing/offers/?sub1=caa333ef9ab34141b01072fdc4cfcac3&sub2=mx-sms-welcome1-n&sub3&sub4&sub5&sub6&sub7&sub8&sub9
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Fri, 06 Oct 2023 18:19:20 GMT
content-encoding: gzip
via: 1.1 google
last-modified: Tue, 03 Oct 2023 15:52:14 GMT
server: nginx/1.14.0 (Ubuntu)
etag: W/"651c38ae-13ed2"
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

GET
H2 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ 144 KB
50 KB 202ms
113ms Script
text/javascript 2a00:1450:4001:81c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-NPS92WP

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

cf2fe9ea5dac716357cab4f59872d0e2abe136919c06795c1ae0798b8fbe6952

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://crezu.mx/landing/offers/?sub1=caa333ef9ab34141b01072fdc4cfcac3&sub2=mx-sms-welcome1-n&sub3&sub4&sub5&sub6&sub7&sub8&sub9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Fri, 06 Oct 2023 18:19:20 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 50844
x-xss-protection: 0
server: cafe
etag: 2587636762716941203
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Fri, 06 Oct 2023 18:19:20 GMT

GET
H2 200 events.js Show response
analytics.tiktok.com/i18n/pixel/ 5 KB
2 KB 186ms
115ms Script
application/javascript 23.38.98.27
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.tiktok.com/i18n/pixel/events.js?sdkid=CH9602RC77UDT6H4OT60&lib=ttq
Requested by: Host: crezu.mx
URL: https://crezu.mx/landing/offers/?sub1=caa333ef9ab34141b01072fdc4cfcac3&sub2=mx-sms-welcome1-n&sub3=&sub4=&sub5=&sub6=&sub7=&sub8=&sub9=
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.38.98.27 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-38-98-27.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: eb9a2ab8342457e7f9c6ce094c79addc0a0daa680648438f5d97b7cb3cd8ef19

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://crezu.mx/landing/offers/?sub1=caa333ef9ab34141b01072fdc4cfcac3&sub2=mx-sms-welcome1-n&sub3&sub4&sub5&sub6&sub7&sub8&sub9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

x-akamai-request-id: 56419d72.107d3463
date: Fri, 06 Oct 2023 18:19:20 GMT
content-encoding: gzip
x-tt-trace-tag: id=16;cdn-cache=miss;type=dyn
x-cache: TCP_MISS from a23-38-99-91.deploy.akamaitechnologies.com (AkamaiGHost/11.2.5.2-51606170) (-)
x-parent-response-time: 103,23.38.99.91
server-timing: cdn-cache; desc=MISS, edge; dur=97, origin; dur=7, inner; dur=3
content-length: 1584
pragma: no-cache
server: nginx
x-tt-logid: 20231006181920957EC1B9B49AACC6C69D
x-cache-remote: TCP_MISS from a23-220-104-198.deploy.akamaitechnologies.com (AkamaiGHost/11.2.5.2-51606170) (-)
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: max-age=0, no-cache, no-store
x-origin-response-time: 7,23.220.104.198
x-tt-trace-host: 0188d157cfa76ab16f5bb5379f0418d82d3331727ae5841bffa5e940fd9db14d28f835c1ea0784716f04d30a752bb537abf30978f7fb0958b4ed9b1a9bd4ca3978be19b7a94caec08b4d6b6f7619db683897cab74a4d115197b3661992106c90be77f1b5c44553dcd0c490b97b14b45dc7
expires: Fri, 06 Oct 2023 18:19:20 GMT

GET
H2 200 events.js Show response
analytics.tiktok.com/i18n/pixel/ 5 KB
2 KB 194ms
122ms Script
application/javascript 23.38.98.27
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.tiktok.com/i18n/pixel/events.js?sdkid=CHLMJBRC77U4TTM8PFH0&lib=ttq
Requested by: Host: crezu.mx
URL: https://crezu.mx/landing/offers/?sub1=caa333ef9ab34141b01072fdc4cfcac3&sub2=mx-sms-welcome1-n&sub3=&sub4=&sub5=&sub6=&sub7=&sub8=&sub9=
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.38.98.27 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-38-98-27.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: 2052108ad08e3c73539fad6203ec4246b489921db8e53a869817c3f1ded47385

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://crezu.mx/landing/offers/?sub1=caa333ef9ab34141b01072fdc4cfcac3&sub2=mx-sms-welcome1-n&sub3&sub4&sub5&sub6&sub7&sub8&sub9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

x-akamai-request-id: 780cd7b6.107d3468
date: Fri, 06 Oct 2023 18:19:20 GMT
content-encoding: gzip
x-tt-trace-tag: id=16;cdn-cache=miss;type=dyn
x-cache: TCP_MISS from a23-38-99-91.deploy.akamaitechnologies.com (AkamaiGHost/11.2.5.2-51606170) (-)
x-parent-response-time: 100,23.38.99.91
server-timing: cdn-cache; desc=MISS, edge; dur=93, origin; dur=7, inner; dur=3
content-length: 1722
pragma: no-cache
server: nginx
x-tt-logid: 20231006181920102DA16A8567D9C7632B
x-cache-remote: TCP_MISS from a23-220-104-203.deploy.akamaitechnologies.com (AkamaiGHost/11.2.5.2-51606170) (-)
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: max-age=0, no-cache, no-store
x-origin-response-time: 7,23.220.104.203
x-tt-trace-host: 0188d157cfa76ab16f5bb5379f0418d82d3331727ae5841bffa5e940fd9db14d2865f594fe9c0ffde92e197b9c81569edc2b5fc57c4c7b77ca8487ffc9e22f6e5605272ce09244e80d10d976d1a384247324b787a1ff2cb49c08e8b826f8b1d08948f5e1730f7419343df03b7602f831d5
expires: Fri, 06 Oct 2023 18:19:20 GMT

GET
H2 200 events.js Show response
analytics.tiktok.com/i18n/pixel/ 4 KB
2 KB 185ms
114ms Script
application/javascript 23.38.98.27
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.tiktok.com/i18n/pixel/events.js?sdkid=CHQSSJJC77UFB57TDSV0&lib=ttq
Requested by: Host: crezu.mx
URL: https://crezu.mx/landing/offers/?sub1=caa333ef9ab34141b01072fdc4cfcac3&sub2=mx-sms-welcome1-n&sub3=&sub4=&sub5=&sub6=&sub7=&sub8=&sub9=
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.38.98.27 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-38-98-27.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: b2270be6cb72aa236276dbd83eac9a1cd00f0858388a96d85a937015b8f0ce0b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://crezu.mx/landing/offers/?sub1=caa333ef9ab34141b01072fdc4cfcac3&sub2=mx-sms-welcome1-n&sub3&sub4&sub5&sub6&sub7&sub8&sub9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

x-akamai-request-id: 34acb6b7.107d3469
date: Fri, 06 Oct 2023 18:19:20 GMT
content-encoding: gzip
x-tt-trace-tag: id=16;cdn-cache=miss;type=dyn
x-cache: TCP_MISS from a23-38-99-91.deploy.akamaitechnologies.com (AkamaiGHost/11.2.5.2-51606170) (-)
x-parent-response-time: 96,23.38.99.91
server-timing: cdn-cache; desc=MISS, edge; dur=86, origin; dur=10, inner; dur=3
content-length: 1310
pragma: no-cache
server: nginx
x-tt-logid: 202310061819205B6B783662546EBAE9AB
x-cache-remote: TCP_MISS from a23-39-229-45.deploy.akamaitechnologies.com (AkamaiGHost/11.2.5.2-51606170) (-)
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: max-age=0, no-cache, no-store
x-origin-response-time: 10,23.39.229.45
x-tt-trace-host: 0188d157cfa76ab16f5bb5379f0418d82d3331727ae5841bffa5e940fd9db14d28552a56ae8c19dd2d599267e87db5046d7add661e8bcf266c4778a98686b595d4a2ca0435ae1ca1dd1bc283c7da40de49528c669243ea263bbcae99bb75b61e2f9766cc6be31d6c3a59d172245038f1bf
expires: Fri, 06 Oct 2023 18:19:20 GMT

GET
H2 200 events.js Show response
analytics.tiktok.com/i18n/pixel/ 4 KB
2 KB 192ms
121ms Script
application/javascript 23.38.98.27
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.tiktok.com/i18n/pixel/events.js?sdkid=CHSA4PBC77U8RIVT5K7G&lib=ttq
Requested by: Host: crezu.mx
URL: https://crezu.mx/landing/offers/?sub1=caa333ef9ab34141b01072fdc4cfcac3&sub2=mx-sms-welcome1-n&sub3=&sub4=&sub5=&sub6=&sub7=&sub8=&sub9=
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.38.98.27 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-38-98-27.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: 56400f27bcce7cd78a1d286f0f0b15699e75b8a3a982616de3269e7108fa76fa

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://crezu.mx/landing/offers/?sub1=caa333ef9ab34141b01072fdc4cfcac3&sub2=mx-sms-welcome1-n&sub3&sub4&sub5&sub6&sub7&sub8&sub9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

x-akamai-request-id: 59b1a44d.107d346a
date: Fri, 06 Oct 2023 18:19:20 GMT
content-encoding: gzip
x-tt-trace-tag: id=16;cdn-cache=miss;type=dyn
x-cache: TCP_MISS from a23-38-99-91.deploy.akamaitechnologies.com (AkamaiGHost/11.2.5.2-51606170) (-)
x-parent-response-time: 93,23.38.99.91
server-timing: cdn-cache; desc=MISS, edge; dur=87, origin; dur=7, inner; dur=3
content-length: 1311
pragma: no-cache
server: nginx
x-tt-logid: 20231006181920FE5CBB6EE1A169D0E905
x-cache-remote: TCP_MISS from a23-220-104-204.deploy.akamaitechnologies.com (AkamaiGHost/11.2.5.2-51606170) (-)
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: max-age=0, no-cache, no-store
x-origin-response-time: 7,23.220.104.204
x-tt-trace-host: 0188d157cfa76ab16f5bb5379f0418d82d3331727ae5841bffa5e940fd9db14d28d83fb7619ac266ed224e4a73d49234011e90bc13faef8add80824919e3db37e2c0e21d3ffb01f0ba35b0c01e3d9ba628a4cd2fbb01c66331461ec799241e8f4e90458573c60f8a9d51e126002b7b025a
expires: Fri, 06 Oct 2023 18:19:20 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 277 KB
92 KB 55ms
54ms Script
application/javascript 2a00:1450:4001:806::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-8PMFQDPCNZ&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-NPS92WP

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

1e8bbb60b78968d191a7964532d0f92782d8a8e661e8b98623a2200016c9e52e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://crezu.mx/landing/offers/?sub1=caa333ef9ab34141b01072fdc4cfcac3&sub2=mx-sms-welcome1-n&sub3&sub4&sub5&sub6&sub7&sub8&sub9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Fri, 06 Oct 2023 18:19:20 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 93746
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Fri, 06 Oct 2023 18:19:20 GMT

OPTIONS
H/1.1 204
No Content event
events.crezu.net/api/ Frame 0
0 129ms
18ms Preflight
text/plain 35.240.92.105
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://events.crezu.net/api/event
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 35.240.92.105 Brussels, Belgium, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 105.92.240.35.bc.googleusercontent.com
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://crezu.mx
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,X-API-KEY,If-Modified-Since,Cache-Control,Content-Type,Range
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Origin: *
Access-Control-Max-Age: 1728000
Connection: keep-alive
Content-Length: 0
Content-Type: text/plain; charset=utf-8
Date: Fri, 06 Oct 2023 18:19:20 GMT
Server: nginx/1.18.0 (Ubuntu)

POST
H/1.1 201
Created event Show response
events.crezu.net/api/ 0
402 B 25ms
24ms Fetch 35.240.92.105
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://events.crezu.net/api/event
Requested by: Host: cdn.crezu.net
URL: https://cdn.crezu.net/offers/dist/offers.iife.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 35.240.92.105 Brussels, Belgium, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 105.92.240.35.bc.googleusercontent.com
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: application/json
Referer: https://crezu.mx/landing/offers/?sub1=caa333ef9ab34141b01072fdc4cfcac3&sub2=mx-sms-welcome1-n&sub3&sub4&sub5&sub6&sub7&sub8&sub9
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36
Content-Type: application/json

Response headers

Date: Fri, 06 Oct 2023 18:19:20 GMT
Server: nginx/1.18.0 (Ubuntu)
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length,Content-Range
Connection: keep-alive
Access-Control-Allow-Headers: DNT,X-API-KEY,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
Content-Length: 0

GET
H2 200 best-offer-star.svg
cdn.crezu.net/offers/src/assets/svg/ 774 B
915 B 24ms
21ms Image
image/svg+xml 35.201.76.189
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.crezu.net/offers/src/assets/svg/best-offer-star.svg
Requested by: Host: crezu.mx
URL: https://crezu.mx/landing/offers/?sub1=caa333ef9ab34141b01072fdc4cfcac3&sub2=mx-sms-welcome1-n&sub3&sub4&sub5&sub6&sub7&sub8&sub9
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.201.76.189 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 189.76.201.35.bc.googleusercontent.com
Software: nginx/1.14.0 (Ubuntu) /
Resource Hash: 0f23a6515f7b40eccc40f02ee14a2b48588bfc56fec364959bbb87b5ab419d39

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://crezu.mx/landing/offers/?sub1=caa333ef9ab34141b01072fdc4cfcac3&sub2=mx-sms-welcome1-n&sub3&sub4&sub5&sub6&sub7&sub8&sub9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Mon, 02 Oct 2023 09:22:13 GMT
via: 1.1 google
last-modified: Mon, 11 Jul 2022 07:33:15 GMT
server: nginx/1.14.0 (Ubuntu)
age: 377827
etag: "62cbd23b-306"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=604800,public
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 774
expires: Mon, 09 Oct 2023 09:22:13 GMT

GET
H2 200 vivus.svg
cdn.crezu.net/offers_data/images/ 4 KB
4 KB 30ms
27ms Image
image/svg+xml 35.201.76.189
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.crezu.net/offers_data/images/vivus.svg
Requested by: Host: crezu.mx
URL: https://crezu.mx/landing/offers/?sub1=caa333ef9ab34141b01072fdc4cfcac3&sub2=mx-sms-welcome1-n&sub3&sub4&sub5&sub6&sub7&sub8&sub9
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.201.76.189 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 189.76.201.35.bc.googleusercontent.com
Software: nginx/1.14.0 (Ubuntu) /
Resource Hash: 6602085affe5aaa23b00b8c4e5f26332fdf9a8d119a5d92bb77f145ff598fea2

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://crezu.mx/landing/offers/?sub1=caa333ef9ab34141b01072fdc4cfcac3&sub2=mx-sms-welcome1-n&sub3&sub4&sub5&sub6&sub7&sub8&sub9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Mon, 02 Oct 2023 15:09:37 GMT
via: 1.1 google
last-modified: Tue, 05 Sep 2023 13:15:40 GMT
server: nginx/1.14.0 (Ubuntu)
age: 356983
etag: "64f729fc-f97"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=604800,public
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 3991
expires: Mon, 09 Oct 2023 15:09:37 GMT

GET
H2 200 recommend.svg
cdn.crezu.net/offers/src/assets/svg/ 1 KB
1 KB 29ms
26ms Image
image/svg+xml 35.201.76.189
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.crezu.net/offers/src/assets/svg/recommend.svg
Requested by: Host: crezu.mx
URL: https://crezu.mx/landing/offers/?sub1=caa333ef9ab34141b01072fdc4cfcac3&sub2=mx-sms-welcome1-n&sub3&sub4&sub5&sub6&sub7&sub8&sub9
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.201.76.189 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 189.76.201.35.bc.googleusercontent.com
Software: nginx/1.14.0 (Ubuntu) /
Resource Hash: 74d0431663359a569620f87cb9ae337c4591a15d617dd200fa7caa3cd418c8e7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://crezu.mx/landing/offers/?sub1=caa333ef9ab34141b01072fdc4cfcac3&sub2=mx-sms-welcome1-n&sub3&sub4&sub5&sub6&sub7&sub8&sub9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Mon, 02 Oct 2023 11:42:52 GMT
via: 1.1 google
last-modified: Mon, 11 Jul 2022 07:33:15 GMT
server: nginx/1.14.0 (Ubuntu)
age: 369388
etag: "62cbd23b-51f"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=604800,public
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1311
expires: Mon, 09 Oct 2023 11:42:52 GMT

GET
H2 200 hsbc_card.svg
cdn.crezu.net/offers_data/images/ 184 KB
185 KB 38ms
36ms Image
image/svg+xml 35.201.76.189
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.crezu.net/offers_data/images/hsbc_card.svg
Requested by: Host: crezu.mx
URL: https://crezu.mx/landing/offers/?sub1=caa333ef9ab34141b01072fdc4cfcac3&sub2=mx-sms-welcome1-n&sub3&sub4&sub5&sub6&sub7&sub8&sub9
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.201.76.189 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 189.76.201.35.bc.googleusercontent.com
Software: nginx/1.14.0 (Ubuntu) /
Resource Hash: 211e094c1dd908e57c089091b6009b69ab57c591aa1cac3aa6ff80339441c70d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://crezu.mx/landing/offers/?sub1=caa333ef9ab34141b01072fdc4cfcac3&sub2=mx-sms-welcome1-n&sub3&sub4&sub5&sub6&sub7&sub8&sub9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Fri, 06 Oct 2023 17:21:57 GMT
via: 1.1 google
last-modified: Fri, 22 Jul 2022 14:42:46 GMT
server: nginx/1.14.0 (Ubuntu)
age: 3443
etag: "62dab766-2e190"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=604800,public
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 188816
expires: Fri, 13 Oct 2023 17:21:57 GMT

GET
H2 200 popular-offer.svg
cdn.crezu.net/offers/src/assets/svg/ 1 KB
1 KB 28ms
25ms Image
image/svg+xml 35.201.76.189
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.crezu.net/offers/src/assets/svg/popular-offer.svg
Requested by: Host: crezu.mx
URL: https://crezu.mx/landing/offers/?sub1=caa333ef9ab34141b01072fdc4cfcac3&sub2=mx-sms-welcome1-n&sub3&sub4&sub5&sub6&sub7&sub8&sub9
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.201.76.189 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 189.76.201.35.bc.googleusercontent.com
Software: nginx/1.14.0 (Ubuntu) /
Resource Hash: 8240d70f143516a14011a49da493f4425f0a7981e2d9a795a14028df197d389b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://crezu.mx/landing/offers/?sub1=caa333ef9ab34141b01072fdc4cfcac3&sub2=mx-sms-welcome1-n&sub3&sub4&sub5&sub6&sub7&sub8&sub9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Tue, 03 Oct 2023 23:32:18 GMT
via: 1.1 google
last-modified: Mon, 11 Jul 2022 07:33:15 GMT
server: nginx/1.14.0 (Ubuntu)
age: 240422
etag: "62cbd23b-457"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=604800,public
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1111
expires: Tue, 10 Oct 2023 23:32:18 GMT

GET
H2 200 dineria.svg
cdn.crezu.net/offers_data/images/ 14 KB
14 KB 30ms
28ms Image
image/svg+xml 35.201.76.189
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.crezu.net/offers_data/images/dineria.svg
Requested by: Host: crezu.mx
URL: https://crezu.mx/landing/offers/?sub1=caa333ef9ab34141b01072fdc4cfcac3&sub2=mx-sms-welcome1-n&sub3&sub4&sub5&sub6&sub7&sub8&sub9
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.201.76.189 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 189.76.201.35.bc.googleusercontent.com
Software: nginx/1.14.0 (Ubuntu) /
Resource Hash: 8133d854013e9c449ca4033a45bc9d86303412f80e69c870042702ee83c2c2c6

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://crezu.mx/landing/offers/?sub1=caa333ef9ab34141b01072fdc4cfcac3&sub2=mx-sms-welcome1-n&sub3&sub4&sub5&sub6&sub7&sub8&sub9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Mon, 02 Oct 2023 18:31:20 GMT
via: 1.1 google
last-modified: Tue, 05 Sep 2023 13:15:40 GMT
server: nginx/1.14.0 (Ubuntu)
age: 344880
etag: "64f729fc-386b"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=604800,public
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14443
expires: Mon, 09 Oct 2023 18:31:20 GMT

GET
H2 200 Tarjeta_Coppel.svg
cdn.crezu.net/offers_data/images/ 51 KB
52 KB 33ms
31ms Image
image/svg+xml 35.201.76.189
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.crezu.net/offers_data/images/Tarjeta_Coppel.svg
Requested by: Host: crezu.mx
URL: https://crezu.mx/landing/offers/?sub1=caa333ef9ab34141b01072fdc4cfcac3&sub2=mx-sms-welcome1-n&sub3&sub4&sub5&sub6&sub7&sub8&sub9
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.201.76.189 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 189.76.201.35.bc.googleusercontent.com
Software: nginx/1.14.0 (Ubuntu) /
Resource Hash: 97d067ec411fe2fca3baca0556a1cfe331433d7a2e92a17edca9d2846d951883

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://crezu.mx/landing/offers/?sub1=caa333ef9ab34141b01072fdc4cfcac3&sub2=mx-sms-welcome1-n&sub3&sub4&sub5&sub6&sub7&sub8&sub9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Tue, 03 Oct 2023 12:00:03 GMT
via: 1.1 google
last-modified: Fri, 27 May 2022 10:18:03 GMT
server: nginx/1.14.0 (Ubuntu)
age: 281957
etag: "6290a55b-cddd"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=604800,public
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 52701
expires: Tue, 10 Oct 2023 12:00:03 GMT

GET
H2 200 nacional-monte-de-piedad-imagotipo.svg
cdn.crezu.net/offers_data/images/ 24 KB
24 KB 26ms
24ms Image
image/svg+xml 35.201.76.189
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.crezu.net/offers_data/images/nacional-monte-de-piedad-imagotipo.svg
Requested by: Host: crezu.mx
URL: https://crezu.mx/landing/offers/?sub1=caa333ef9ab34141b01072fdc4cfcac3&sub2=mx-sms-welcome1-n&sub3&sub4&sub5&sub6&sub7&sub8&sub9
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.201.76.189 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 189.76.201.35.bc.googleusercontent.com
Software: nginx/1.14.0 (Ubuntu) /
Resource Hash: fb57b135d0dd577a6106ac6eac66bfb6b63218c02b1ec0b086d573e2572dd8c1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://crezu.mx/landing/offers/?sub1=caa333ef9ab34141b01072fdc4cfcac3&sub2=mx-sms-welcome1-n&sub3&sub4&sub5&sub6&sub7&sub8&sub9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Tue, 03 Oct 2023 21:39:13 GMT
via: 1.1 google
last-modified: Fri, 22 Jul 2022 22:19:46 GMT
server: nginx/1.14.0 (Ubuntu)
age: 247207
etag: "62db2282-610b"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=604800,public
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 24843
expires: Tue, 10 Oct 2023 21:39:13 GMT

GET
H2 200 tarjetas_online_1.png
cdn.crezu.net/offers_data/images/ 43 KB
43 KB 23ms
22ms Image
image/png 35.201.76.189
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.crezu.net/offers_data/images/tarjetas_online_1.png
Requested by: Host: crezu.mx
URL: https://crezu.mx/landing/offers/?sub1=caa333ef9ab34141b01072fdc4cfcac3&sub2=mx-sms-welcome1-n&sub3&sub4&sub5&sub6&sub7&sub8&sub9
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.201.76.189 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 189.76.201.35.bc.googleusercontent.com
Software: nginx/1.14.0 (Ubuntu) /
Resource Hash: 56814b7d406e980f2304225a2a68993319fec77317a2fefc1b3223bf6237d855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://crezu.mx/landing/offers/?sub1=caa333ef9ab34141b01072fdc4cfcac3&sub2=mx-sms-welcome1-n&sub3&sub4&sub5&sub6&sub7&sub8&sub9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Tue, 03 Oct 2023 00:37:38 GMT
via: 1.1 google
last-modified: Wed, 03 Aug 2022 12:56:28 GMT
server: nginx/1.14.0 (Ubuntu)
age: 322902
etag: "62ea707c-aa2f"
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=604800,public
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43567
expires: Tue, 10 Oct 2023 00:37:38 GMT

GET
H2 200 credilikeme.svg
cdn.crezu.net/offers_data/images/ 11 KB
11 KB 35ms
33ms Image
image/svg+xml 35.201.76.189
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.crezu.net/offers_data/images/credilikeme.svg
Requested by: Host: crezu.mx
URL: https://crezu.mx/landing/offers/?sub1=caa333ef9ab34141b01072fdc4cfcac3&sub2=mx-sms-welcome1-n&sub3&sub4&sub5&sub6&sub7&sub8&sub9
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.201.76.189 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 189.76.201.35.bc.googleusercontent.com
Software: nginx/1.14.0 (Ubuntu) /
Resource Hash: 3382d8c931d8ea7d722b9a4a8e1e95a01dfc04009a0daefc2c8557d5e5a264cb

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://crezu.mx/landing/offers/?sub1=caa333ef9ab34141b01072fdc4cfcac3&sub2=mx-sms-welcome1-n&sub3&sub4&sub5&sub6&sub7&sub8&sub9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Fri, 06 Oct 2023 15:08:44 GMT
via: 1.1 google
last-modified: Tue, 05 Sep 2023 13:15:40 GMT
server: nginx/1.14.0 (Ubuntu)
age: 11436
etag: "64f729fc-2cd6"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=604800,public
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11478
expires: Fri, 13 Oct 2023 15:08:44 GMT

GET
H2 200 logo_1.png
cdn.crezu.net/offers_data/images/ 11 KB
11 KB 49ms
48ms Image
image/png 35.201.76.189
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.crezu.net/offers_data/images/logo_1.png
Requested by: Host: crezu.mx
URL: https://crezu.mx/landing/offers/?sub1=caa333ef9ab34141b01072fdc4cfcac3&sub2=mx-sms-welcome1-n&sub3&sub4&sub5&sub6&sub7&sub8&sub9
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.201.76.189 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 189.76.201.35.bc.googleusercontent.com
Software: nginx/1.14.0 (Ubuntu) /
Resource Hash: f30741e6a140ab5f6c8c4e7a72109e5bded24d7a60dd6e0f13616f05a2957f17

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://crezu.mx/landing/offers/?sub1=caa333ef9ab34141b01072fdc4cfcac3&sub2=mx-sms-welcome1-n&sub3&sub4&sub5&sub6&sub7&sub8&sub9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Fri, 06 Oct 2023 14:50:15 GMT
via: 1.1 google
last-modified: Fri, 15 Sep 2023 11:08:20 GMT
server: nginx/1.14.0 (Ubuntu)
age: 12545
etag: "65043b24-2c80"
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=604800,public
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11392
expires: Fri, 13 Oct 2023 14:50:15 GMT

GET
H2 200 avafin1.svg
cdn.crezu.net/offers_data/images/ 4 KB
4 KB 36ms
34ms Image
image/svg+xml 35.201.76.189
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.crezu.net/offers_data/images/avafin1.svg
Requested by: Host: crezu.mx
URL: https://crezu.mx/landing/offers/?sub1=caa333ef9ab34141b01072fdc4cfcac3&sub2=mx-sms-welcome1-n&sub3&sub4&sub5&sub6&sub7&sub8&sub9
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.201.76.189 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 189.76.201.35.bc.googleusercontent.com
Software: nginx/1.14.0 (Ubuntu) /
Resource Hash: 7ac00b67576f27c4b7d2d65b84ede1fb5191bfa25f776f2f2ee903a9c556215f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://crezu.mx/landing/offers/?sub1=caa333ef9ab34141b01072fdc4cfcac3&sub2=mx-sms-welcome1-n&sub3&sub4&sub5&sub6&sub7&sub8&sub9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Fri, 06 Oct 2023 15:15:38 GMT
via: 1.1 google
last-modified: Thu, 21 Sep 2023 14:33:48 GMT
server: nginx/1.14.0 (Ubuntu)
age: 11022
etag: "650c544c-109e"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=604800,public
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4254
expires: Fri, 13 Oct 2023 15:15:38 GMT

GET
DATA 200
OK truncated
/ 1 KB
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 70e4f06afb616e6a1f73c494f05d0c4615729cdc4570efd6c41f6eef607425e3

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H2 200 i-bank.svg
cdn.crezu.net/offers/src/assets/img/ 407 B
533 B 34ms
34ms Image
image/svg+xml 35.201.76.189
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.crezu.net/offers/src/assets/img/i-bank.svg
Requested by: Host: cdn.crezu.net
URL: https://cdn.crezu.net/offers/dist/style.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.201.76.189 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 189.76.201.35.bc.googleusercontent.com
Software: nginx/1.14.0 (Ubuntu) /
Resource Hash: 497cb0686a5f7b490fd58b319740c7b50a68918644b66f6c289d266b768be6e1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cdn.crezu.net/offers/dist/style.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Fri, 06 Oct 2023 17:21:24 GMT
via: 1.1 google
last-modified: Tue, 15 Mar 2022 13:43:22 GMT
server: nginx/1.14.0 (Ubuntu)
age: 3476
etag: "623097fa-197"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=604800,public
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 407
expires: Fri, 13 Oct 2023 17:21:24 GMT

POST
H2 204 collect
region1.analytics.google.com/g/ 0
240 B 70ms
28ms Ping
text/plain 2001:4860:4802:32::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.analytics.google.com/g/collect?v=2&tid=G-8PMFQDPCNZ&gtm=45je3a40&_p=437526755&_gaz=1&cid=1075330997.1696616361&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_s=1&sid=1696616360&sct=1&seg=0&dl=https%3A%2F%2Fcrezu.mx%2Flanding%2Foffers%2F%3Fsub1%3Dcaa333ef9ab34141b01072fdc4cfcac3%26sub2%3Dmx-sms-welcome1-n%26sub3%26sub4%26sub5%26sub6%26sub7%26sub8%26sub9&dt=Ofertas%20de%20pr%C3%A9stamos%20r%C3%A1pidos%20%7C%20Crezu&en=page_view&_fv=1&_nsi=1&_ss=1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-8PMFQDPCNZ&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://crezu.mx/landing/offers/?sub1=caa333ef9ab34141b01072fdc4cfcac3&sub2=mx-sms-welcome1-n&sub3&sub4&sub5&sub6&sub7&sub8&sub9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 06 Oct 2023 18:19:20 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://crezu.mx
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 collect
stats.g.doubleclick.net/g/ 0
240 B 70ms
26ms Ping
text/plain 2a00:1450:400c:c0c::9b
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://stats.g.doubleclick.net/g/collect?v=2&tid=G-8PMFQDPCNZ&cid=1075330997.1696616361&gtm=45je3a40&aip=1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-8PMFQDPCNZ&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:400c:c0c::9b Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://crezu.mx/landing/offers/?sub1=caa333ef9ab34141b01072fdc4cfcac3&sub2=mx-sms-welcome1-n&sub3&sub4&sub5&sub6&sub7&sub8&sub9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 06 Oct 2023 18:19:20 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://crezu.mx
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 collect
region1.analytics.google.com/g/ 0
45 B 63ms
28ms Ping
text/plain 2001:4860:4802:32::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.analytics.google.com/g/collect?v=2&tid=G-8PMFQDPCNZ&gtm=45je3a40&_p=437526755&cid=1075330997.1696616361&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_s=2&sid=1696616360&sct=1&seg=0&dl=https%3A%2F%2Fcrezu.mx%2Flanding%2Foffers%2F%3Fsub1%3Dcaa333ef9ab34141b01072fdc4cfcac3%26sub2%3Dmx-sms-welcome1-n%26sub3%26sub4%26sub5%26sub6%26sub7%26sub8%26sub9&dt=Ofertas%20de%20pr%C3%A9stamos%20r%C3%A1pidos%20%7C%20Crezu&en=feedSubmitted&_c=1&_et=6
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-8PMFQDPCNZ&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://crezu.mx/landing/offers/?sub1=caa333ef9ab34141b01072fdc4cfcac3&sub2=mx-sms-welcome1-n&sub3&sub4&sub5&sub6&sub7&sub8&sub9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 06 Oct 2023 18:19:20 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://crezu.mx
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.de/ads/ 42 B
408 B 162ms
65ms Image
image/gif 2a00:1450:4001:810::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-8PMFQDPCNZ&cid=1075330997.1696616361&gtm=45je3a40&aip=1&z=1157607229

Requested by

Host: crezu.mx
URL: https://crezu.mx/landing/offers/?sub1=caa333ef9ab34141b01072fdc4cfcac3&sub2=mx-sms-welcome1-n&sub3&sub4&sub5&sub6&sub7&sub8&sub9

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://crezu.mx/landing/offers/?sub1=caa333ef9ab34141b01072fdc4cfcac3&sub2=mx-sms-welcome1-n&sub3&sub4&sub5&sub6&sub7&sub8&sub9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 06 Oct 2023 18:19:20 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.facebook.com/tr/ 0
185 B 39ms
7ms Image
text/plain 2a03:2880:f177:185:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=461067334443962&ev=PageView&dl=https%3A%2F%2Fcrezu.mx%2Flanding%2Foffers%2F%3Fsub1%3Dcaa333ef9ab34141b01072fdc4cfcac3%26sub2%3Dmx-sms-welcome1-n%26sub3%26sub4%26sub5%26sub6%26sub7%26sub8%26sub9&rl=&if=false&ts=1696616360621&sw=1600&sh=1200&v=2.9.132&r=c2&ec=0&o=30&fbp=fb.1.1696616360619.225247911&ler=empty&it=1696616360222&coo=false&exp=a1&rqm=GET

Requested by

Host: crezu.mx
URL: https://crezu.mx/landing/offers/?sub1=caa333ef9ab34141b01072fdc4cfcac3&sub2=mx-sms-welcome1-n&sub3&sub4&sub5&sub6&sub7&sub8&sub9

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f177:185:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://crezu.mx/landing/offers/?sub1=caa333ef9ab34141b01072fdc4cfcac3&sub2=mx-sms-welcome1-n&sub3&sub4&sub5&sub6&sub7&sub8&sub9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
date: Fri, 06 Oct 2023 18:19:20 GMT
server: proxygen-bolt
content-type: text/plain
access-control-allow-origin
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 0

GET
H2 200 /
www.facebook.com/tr/ 0
31 B 39ms
7ms Image
text/plain 2a03:2880:f177:185:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=461067334443962&ev=feedSubmitted&dl=https%3A%2F%2Fcrezu.mx%2Flanding%2Foffers%2F%3Fsub1%3Dcaa333ef9ab34141b01072fdc4cfcac3%26sub2%3Dmx-sms-welcome1-n%26sub3%26sub4%26sub5%26sub6%26sub7%26sub8%26sub9&rl=&if=false&ts=1696616360623&cd[positions]=9&cd[source]=mx-sms-welcome1-n&cd[wall]=new-landing-offers&cd[withBrokers]=false&sw=1600&sh=1200&v=2.9.132&r=c2&ec=1&o=30&fbp=fb.1.1696616360619.225247911&ler=empty&it=1696616360222&coo=false&exp=a1&rqm=GET

Requested by

Host: crezu.mx
URL: https://crezu.mx/landing/offers/?sub1=caa333ef9ab34141b01072fdc4cfcac3&sub2=mx-sms-welcome1-n&sub3&sub4&sub5&sub6&sub7&sub8&sub9

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f177:185:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://crezu.mx/landing/offers/?sub1=caa333ef9ab34141b01072fdc4cfcac3&sub2=mx-sms-welcome1-n&sub3&sub4&sub5&sub6&sub7&sub8&sub9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
date: Fri, 06 Oct 2023 18:19:20 GMT
server: proxygen-bolt
content-type: text/plain
access-control-allow-origin
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 0

GET
H2 200 main.MWQ0NWRkZTlhMA.js Show response
analytics.tiktok.com/i18n/pixel/static/ 370 KB
99 KB 22ms
22ms Script
application/javascript 23.38.98.27
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.tiktok.com/i18n/pixel/static/main.MWQ0NWRkZTlhMA.js
Requested by: Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/events.js?sdkid=CHQSSJJC77UFB57TDSV0&lib=ttq
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.38.98.27 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-38-98-27.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: 20db7ce8e3049977535579a92d71232b26ed80f8ab0c1b7418ae67c403a6b321

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://crezu.mx/landing/offers/?sub1=caa333ef9ab34141b01072fdc4cfcac3&sub2=mx-sms-welcome1-n&sub3&sub4&sub5&sub6&sub7&sub8&sub9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

x-akamai-request-id: 107d3541
date: Fri, 06 Oct 2023 18:19:20 GMT
content-encoding: gzip
x-tt-trace-tag: id=16;cdn-cache=hit;type=static
server: nginx
x-tt-logid: 202309211238268CE2792AD74798C8C034
vary: Accept-Encoding
x-cache: TCP_HIT from a23-38-99-91.deploy.akamaitechnologies.com (AkamaiGHost/11.2.5.2-51606170) (-)
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
x-tt-trace-host: 011ac19494071d76beee4342ad107ebccade174fb1e572c2154428643d03638049434f1c422e80970085bb0e986be3b9513716afcfa1ff551a3a4d0b56be5efa44c2727797ecaa3c3a91fe092a89dd94cc9e8343b2b8b75f6efee498a087d60d66
server-timing: cdn-cache; desc=HIT, edge; dur=0, inner; dur=3
content-length: 100833

GET
H2 200 main.MWQ0NWRkZTlhMQ.js Show response
analytics.tiktok.com/i18n/pixel/static/ 389 KB
101 KB 38ms
37ms Script
application/javascript 23.38.98.27
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.tiktok.com/i18n/pixel/static/main.MWQ0NWRkZTlhMQ.js
Requested by: Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/events.js?sdkid=CHLMJBRC77U4TTM8PFH0&lib=ttq
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.38.98.27 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-38-98-27.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: 986333a99c0309f940f3cd10c2846221feaefe70f96f9005553eb85fb83ec875

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://crezu.mx/landing/offers/?sub1=caa333ef9ab34141b01072fdc4cfcac3&sub2=mx-sms-welcome1-n&sub3&sub4&sub5&sub6&sub7&sub8&sub9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

x-akamai-request-id: 107d3546
date: Fri, 06 Oct 2023 18:19:20 GMT
content-encoding: gzip
x-tt-trace-tag: id=16;cdn-cache=hit;type=static
server: nginx
x-tt-logid: 202309211238193D00C1DBC5E216CF896C
vary: Accept-Encoding
x-cache: TCP_HIT from a23-38-99-91.deploy.akamaitechnologies.com (AkamaiGHost/11.2.5.2-51606170) (-)
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
x-tt-trace-host: 015aa300b64d785990c83dcaa08303863393fe5a93f8f176e21ec52e836288657038923ce0bd83247061fbfc8cfb2b441f89ba2702d5b9f834c6793011f7146d57de3bb9b2085a974f0f3d438138b5eaeb3d9095ff8355dd557701f1cfca7d5ab5
server-timing: cdn-cache; desc=HIT, edge; dur=0, inner; dur=18
content-length: 102823

GET
H2 200 identify_7dd78.js Show response
analytics.tiktok.com/i18n/pixel/static/ 134 KB
36 KB 12ms
11ms Script
application/javascript 23.38.98.27
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.tiktok.com/i18n/pixel/static/identify_7dd78.js
Requested by: Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MWQ0NWRkZTlhMA.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.38.98.27 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-38-98-27.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: 7afaa861788cfa4b943b9a78a597edb2e73dcf6cf15cb34ce9a02c72373d9abe

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://crezu.mx/landing/offers/?sub1=caa333ef9ab34141b01072fdc4cfcac3&sub2=mx-sms-welcome1-n&sub3&sub4&sub5&sub6&sub7&sub8&sub9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

x-akamai-request-id: 107d35aa
date: Fri, 06 Oct 2023 18:19:20 GMT
content-encoding: gzip
x-tt-trace-tag: id=16;cdn-cache=hit;type=static
server: nginx
x-tt-logid: 20230907110710A3E17FF6BA90138D5F3A
vary: Accept-Encoding
x-cache: TCP_MEM_HIT from a23-38-99-91.deploy.akamaitechnologies.com (AkamaiGHost/11.2.5.2-51606170) (-)
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
x-tt-trace-host: 018c2c88748710049b87b86c06511915036ae1509453e71224c1fc91378c16d101c5c9dc7d92ac9759f01aa2115b0d4be90b450d8c4f2cbb404e2358047aeedb2e683765dd1d4569cb7282425028a0c4eb7c7e1d64bec1036323fc3073cfe197be
server-timing: cdn-cache; desc=HIT, edge; dur=0, inner; dur=3
content-length: 35923

POST
H2 200 pixel
analytics.tiktok.com/api/v2/ 0
793 B 175ms
174ms Ping
text/plain 23.38.98.27
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.tiktok.com/api/v2/pixel
Requested by: Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MWQ0NWRkZTlhMA.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.38.98.27 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-38-98-27.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://crezu.mx/landing/offers/?sub1=caa333ef9ab34141b01072fdc4cfcac3&sub2=mx-sms-welcome1-n&sub3&sub4&sub5&sub6&sub7&sub8&sub9
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

x-akamai-request-id: 35e98ef6.107d35d2
date: Fri, 06 Oct 2023 18:19:20 GMT
x-tt-trace-tag: id=16;cdn-cache=miss;type=dyn
x-cache: TCP_MISS from a23-38-99-91.deploy.akamaitechnologies.com (AkamaiGHost/11.2.5.2-51606170) (-)
x-parent-response-time: 159,23.38.99.91
server-timing: cdn-cache; desc=MISS, edge; dur=93, origin; dur=73, inner; dur=66
content-length: 0
pragma: no-cache
server: nginx
x-tt-logid: 20231006181920C893B82343A0EDADB82F
x-cache-remote: TCP_MISS from a23-39-229-101.deploy.akamaitechnologies.com (AkamaiGHost/11.2.5.2-51606170) (-)
access-control-allow-methods: GET,POST,PUT,PATCH,DELETE,HEAD,OPTIONS,UPDATE
access-control-allow-origin: *
cache-control: max-age=0, no-cache, no-store
x-origin-response-time: 73,23.39.229.101
x-tt-trace-host: 0188d157cfa76ab16f5bb5379f0418d82d3331727ae5841bffa5e940fd9db14d2851fb269bd318f9e29211cebc610c39a79bb6ce0beafb40719a9bc8e4cb6825d2936efe996fedb62275bcde5444f9b959989ac8ef93650a204541d096dc07d8926ddb73bbe17aa88b8270595b1c54f021
access-control-allow-headers: Authorization,*
expires: Fri, 06 Oct 2023 18:19:20 GMT

POST
H2 200 pixel
analytics.tiktok.com/api/v2/ 0
649 B 146ms
145ms Ping
text/plain 23.38.98.27
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.tiktok.com/api/v2/pixel
Requested by: Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MWQ0NWRkZTlhMA.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.38.98.27 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-38-98-27.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://crezu.mx/landing/offers/?sub1=caa333ef9ab34141b01072fdc4cfcac3&sub2=mx-sms-welcome1-n&sub3&sub4&sub5&sub6&sub7&sub8&sub9
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

x-akamai-request-id: 107d35d3
date: Fri, 06 Oct 2023 18:19:20 GMT
x-tt-trace-tag: id=16;cdn-cache=miss;type=dyn
x-cache: TCP_MISS from a23-38-99-91.deploy.akamaitechnologies.com (AkamaiGHost/11.2.5.2-51606170) (-)
server-timing: inner; dur=35, cdn-cache; desc=MISS, edge; dur=6, origin; dur=129
content-length: 0
pragma: no-cache
server: nginx
x-tt-logid: 20231006181920328F55DEF4FD9AC6A0A6
access-control-allow-methods: GET,POST,PUT,PATCH,DELETE,HEAD,OPTIONS,UPDATE
access-control-allow-origin: *
cache-control: max-age=0, no-cache, no-store
x-origin-response-time: 129,23.38.99.91
x-tt-trace-host: 0188d157cfa76ab16f5bb5379f0418d82df5499a8149111135034c44dcfdc3e31dfb220077c0e13779cda9ba5d8f0e4636c1ffdba5a4c99cd1b5756e7a8fd0795c749b48c8db14b9ee80beb6418fee5278d4d7198aca3fc701f3e4b0fd5c26d976
access-control-allow-headers: Authorization,*
expires: Fri, 06 Oct 2023 18:19:20 GMT

POST
H2 200 pixel
analytics.tiktok.com/api/v2/ 0
649 B 189ms
189ms Ping
text/plain 23.38.98.27
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.tiktok.com/api/v2/pixel
Requested by: Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MWQ0NWRkZTlhMA.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.38.98.27 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-38-98-27.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://crezu.mx/landing/offers/?sub1=caa333ef9ab34141b01072fdc4cfcac3&sub2=mx-sms-welcome1-n&sub3&sub4&sub5&sub6&sub7&sub8&sub9
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

x-akamai-request-id: 107d35d4
date: Fri, 06 Oct 2023 18:19:20 GMT
x-tt-trace-tag: id=16;cdn-cache=miss;type=dyn
x-cache: TCP_MISS from a23-38-99-91.deploy.akamaitechnologies.com (AkamaiGHost/11.2.5.2-51606170) (-)
server-timing: inner; dur=79, cdn-cache; desc=MISS, edge; dur=7, origin; dur=172
content-length: 0
pragma: no-cache
server: nginx
x-tt-logid: 20231006181920ED43BCFF98F98AE2ED3E
access-control-allow-methods: GET,POST,PUT,PATCH,DELETE,HEAD,OPTIONS,UPDATE
access-control-allow-origin: *
cache-control: max-age=0, no-cache, no-store
x-origin-response-time: 172,23.38.99.91
x-tt-trace-host: 0188d157cfa76ab16f5bb5379f0418d82df5499a8149111135034c44dcfdc3e31db20446b99cd521fe3329dd42d2a3bff861d83ca21f48f3c4eb7b98fe55c7c129e014f7172ba8c1beb427fdecf64e1801e99699855b7c270a23e598584cc2b63a
access-control-allow-headers: Authorization,*
expires: Fri, 06 Oct 2023 18:19:20 GMT

POST
H2 200 pixel
analytics.tiktok.com/api/v2/ 0
647 B 156ms
156ms Ping
text/plain 23.38.98.27
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.tiktok.com/api/v2/pixel
Requested by: Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MWQ0NWRkZTlhMA.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.38.98.27 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-38-98-27.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://crezu.mx/landing/offers/?sub1=caa333ef9ab34141b01072fdc4cfcac3&sub2=mx-sms-welcome1-n&sub3&sub4&sub5&sub6&sub7&sub8&sub9
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

x-akamai-request-id: 107d35d5
date: Fri, 06 Oct 2023 18:19:20 GMT
x-tt-trace-tag: id=16;cdn-cache=miss;type=dyn
x-cache: TCP_MISS from a23-38-99-91.deploy.akamaitechnologies.com (AkamaiGHost/11.2.5.2-51606170) (-)
server-timing: inner; dur=49, cdn-cache; desc=MISS, edge; dur=8, origin; dur=139
content-length: 0
pragma: no-cache
server: nginx
x-tt-logid: 2023100618192069E78E288D17F0C7201B
access-control-allow-methods: GET,POST,PUT,PATCH,DELETE,HEAD,OPTIONS,UPDATE
access-control-allow-origin: *
cache-control: max-age=0, no-cache, no-store
x-origin-response-time: 140,23.38.99.91
x-tt-trace-host: 0188d157cfa76ab16f5bb5379f0418d82df5499a8149111135034c44dcfdc3e31dcee9aa4f3ee0ff4a32efbc6f9efdc900677042e4841b10de3a4e65a53121959ddf6a06e12870c104501da968f7d2ec492c1b0ff3bb407d4f145a1e17c7a2379e
access-control-allow-headers: Authorization,*
expires: Fri, 06 Oct 2023 18:19:20 GMT

POST
H2 200 pixel
analytics.tiktok.com/api/v2/ 0
793 B 153ms
153ms Ping
text/plain 23.38.98.27
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.tiktok.com/api/v2/pixel
Requested by: Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MWQ0NWRkZTlhMA.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.38.98.27 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-38-98-27.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://crezu.mx/landing/offers/?sub1=caa333ef9ab34141b01072fdc4cfcac3&sub2=mx-sms-welcome1-n&sub3&sub4&sub5&sub6&sub7&sub8&sub9
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

x-akamai-request-id: 1bfc2749.107d35d6
date: Fri, 06 Oct 2023 18:19:20 GMT
x-tt-trace-tag: id=16;cdn-cache=miss;type=dyn
x-cache: TCP_MISS from a23-38-99-91.deploy.akamaitechnologies.com (AkamaiGHost/11.2.5.2-51606170) (-)
x-parent-response-time: 138,23.38.99.91
server-timing: cdn-cache; desc=MISS, edge; dur=106, origin; dur=39, inner; dur=36
content-length: 0
pragma: no-cache
server: nginx
x-tt-logid: 20231006181920043DEF1FE87B6FB76DA0
x-cache-remote: TCP_MISS from a23-220-104-205.deploy.akamaitechnologies.com (AkamaiGHost/11.2.5.2-51606170) (-)
access-control-allow-methods: GET,POST,PUT,PATCH,DELETE,HEAD,OPTIONS,UPDATE
access-control-allow-origin: *
cache-control: max-age=0, no-cache, no-store
x-origin-response-time: 39,23.220.104.205
x-tt-trace-host: 0188d157cfa76ab16f5bb5379f0418d82d3331727ae5841bffa5e940fd9db14d285f2616e6e8de412347eea86a0e320af7d7e2d67ef87d8c8d341ebc80ed535025bc18f93eb0915d3be87b75f8c1eb59f1c39cbd08a391800a98c800a29777c6a2323fd38de26dfa185daa092edf2237ea
access-control-allow-headers: Authorization,*
expires: Fri, 06 Oct 2023 18:19:20 GMT

GET
H2 200 show_ads_impl_with_ama_fy2021.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202310020101/ 389 KB
132 KB 112ms
111ms Script
text/javascript 2a00:1450:4001:81c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202310020101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-7720460051430832&plah=crezu.mx

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c18ad22903d41b067f4fa19f2c5516e34ce2ccaba69e83ce8abede0a40ac5245

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://crezu.mx/landing/offers/?sub1=caa333ef9ab34141b01072fdc4cfcac3&sub2=mx-sms-welcome1-n&sub3&sub4&sub5&sub6&sub7&sub8&sub9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Fri, 06 Oct 2023 18:19:20 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 135178
x-xss-protection: 0
server: cafe
etag: 18038656603924723804
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Fri, 06 Oct 2023 18:19:20 GMT

GET
H2 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20231004/r20190131/ Frame D0DD 10 KB
5 KB 124ms
38ms Document
text/html 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20231004/r20190131/zrt_lookup.html

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

041fe6e516177e777c651a95708ee4961723db34a974e8be9e6ba597a1313e51

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://crezu.mx/landing/offers/?sub1=caa333ef9ab34141b01072fdc4cfcac3&sub2=mx-sms-welcome1-n&sub3&sub4&sub5&sub6&sub7&sub8&sub9
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 13851
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4471
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 06 Oct 2023 14:28:29 GMT
etag: 2603938475786422795
expires: Fri, 20 Oct 2023 14:28:29 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

POST
H2 200 act
analytics.tiktok.com/api/v2/pixel/ 0
791 B 234ms
234ms Ping
text/plain 23.38.98.27
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.tiktok.com/api/v2/pixel/act
Requested by: Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MWQ0NWRkZTlhMA.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.38.98.27 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-38-98-27.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://crezu.mx/landing/offers/?sub1=caa333ef9ab34141b01072fdc4cfcac3&sub2=mx-sms-welcome1-n&sub3&sub4&sub5&sub6&sub7&sub8&sub9
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

x-akamai-request-id: 290d302d.107d36a2
date: Fri, 06 Oct 2023 18:19:21 GMT
x-tt-trace-tag: id=16;cdn-cache=miss;type=dyn
x-cache: TCP_MISS from a23-38-99-91.deploy.akamaitechnologies.com (AkamaiGHost/11.2.5.2-51606170) (-)
x-parent-response-time: 216,23.38.99.91
server-timing: cdn-cache; desc=MISS, edge; dur=93, origin; dur=132, inner; dur=124
content-length: 0
pragma: no-cache
server: nginx
x-tt-logid: 2023100618192153E09C055AE001CE30AE
x-cache-remote: TCP_MISS from a23-39-229-22.deploy.akamaitechnologies.com (AkamaiGHost/11.2.5.2-51606170) (-)
access-control-allow-methods: GET,POST,PUT,PATCH,DELETE,HEAD,OPTIONS,UPDATE
access-control-allow-origin: *
cache-control: max-age=0, no-cache, no-store
x-origin-response-time: 132,23.39.229.22
x-tt-trace-host: 0188d157cfa76ab16f5bb5379f0418d82d3331727ae5841bffa5e940fd9db14d28f8be37640d8a6a68ab4aa7f6b5aa402d476d6b11221077f922dc20eda8c64451161965b33ba255565041405c4c2bdc9d58343d7d1bf19bb7c8f2703f68e64aad81e1112e1c3afb6b299a06c0ca8b6e60
access-control-allow-headers: Authorization,*
expires: Fri, 06 Oct 2023 18:19:21 GMT

GET
H2 200 cookie.js Show response
partner.googleadservices.com/gampad/ 383 B
600 B 144ms
46ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://partner.googleadservices.com/gampad/cookie.js?domain=crezu.mx&callback=_gfp_s_&client=ca-pub-7720460051430832

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202310020101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-7720460051430832&plah=crezu.mx

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

44f0415ef26867c13036d895bf62b2c275bf53af45fd826b8ad059cdc59b485c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://crezu.mx/landing/offers/?sub1=caa333ef9ab34141b01072fdc4cfcac3&sub2=mx-sms-welcome1-n&sub3&sub4&sub5&sub6&sub7&sub8&sub9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Fri, 06 Oct 2023 18:19:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: text/javascript; charset=UTF-8
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 248
x-xss-protection: 0

GET
H2 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 6B15 121 KB
42 KB 1097ms
1096ms Document
text/html 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7720460051430832&output=html&h=280&slotname=7716873411&adk=8110835&adf=4183771420&pi=t.ma~as.7716873411&w=900&fwrn=4&fwrnh=100&lmt=1696426945&rafmt=1&format=900x280&url=https%3A%2F%2Fcrezu.mx%2Flanding%2Foffers%2F%3Fsub1%3Dcaa333ef9ab34141b01072fdc4cfcac3%26sub2%3Dmx-sms-welcome1-n%26sub3%26sub4%26sub5%26sub6%26sub7%26sub8%26sub9&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1696616360800&bpp=5&bdt=2169&idt=219&shv=r20231004&mjsv=m202310020101&ptt=9&saldr=aa&abxe=1&correlator=6000350294767&frm=20&pv=2&ga_vid=1075330997.1696616361&ga_sid=1696616361&ga_hid=437526755&ga_fc=1&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=350&ady=1411&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31078363%2C44795922%2C44804782&oid=2&pvsid=4203924318548781&tmod=1277085148&uas=0&nvt=1&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=1&uci=a!1&btvi=1&fsb=1&xpc=DndFcEtWXv&p=https%3A//crezu.mx&dtd=236

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

fad86a74fa1f903d076cf2cbe5d40513170b594820f6a48f8ba45400986001c3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://crezu.mx/landing/offers/?sub1=caa333ef9ab34141b01072fdc4cfcac3&sub2=mx-sms-welcome1-n&sub3&sub4&sub5&sub6&sub7&sub8&sub9
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 42957
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 06 Oct 2023 18:19:22 GMT
expires: Fri, 06 Oct 2023 18:19:22 GMT
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 602C 252 KB
65 KB 715ms
714ms Document
text/html 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7720460051430832&output=html&adk=1812271804&adf=3025194257&lmt=1696426945&plat=9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C41%3A32%2C42%3A32&plas=308x945_l%7C308x945_r&format=0x0&url=https%3A%2F%2Fcrezu.mx%2Flanding%2Foffers%2F%3Fsub1%3Dcaa333ef9ab34141b01072fdc4cfcac3%26sub2%3Dmx-sms-welcome1-n%26sub3%26sub4%26sub5%26sub6%26sub7%26sub8%26sub9&ea=0&pra=7&wgl=1&easpi=0&asro=0&asiscm=1&aslmt=0.4&asamt=-1&asedf=0&asefa=1&aseiel=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1696616360860&bpp=2&bdt=2229&idt=182&shv=r20231004&mjsv=m202310020101&ptt=9&saldr=aa&abxe=1&prev_fmts=900x280&nras=1&correlator=6000350294767&frm=20&pv=1&ga_vid=1075330997.1696616361&ga_sid=1696616361&ga_hid=437526755&ga_fc=1&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31078363%2C44795922%2C44804782&oid=2&pvsid=4203924318548781&tmod=1277085148&uas=0&nvt=1&fsapi=1&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=2&uci=a!2&fsb=1&dtd=195

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

643da70419a079d384468d28e76cee8ab2d5ad7252eea203b9479f4f2cb3b25d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://crezu.mx/landing/offers/?sub1=caa333ef9ab34141b01072fdc4cfcac3&sub2=mx-sms-welcome1-n&sub3&sub4&sub5&sub6&sub7&sub8&sub9
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 65921
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 06 Oct 2023 18:19:21 GMT
expires: Fri, 06 Oct 2023 18:19:21 GMT
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 91C6 133 KB
30 KB 643ms
643ms Document
text/html 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7720460051430832&output=html&adk=1812271804&adf=1573534164&lmt=1696426945&plat=9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C41%3A32%2C42%3A32&plas=308x945_l%7C308x945_r&format=0x0&url=https%3A%2F%2Fcrezu.mx%2Flanding%2Foffers%2F%3Fsub1%3Dcaa333ef9ab34141b01072fdc4cfcac3%26sub2%3Dmx-sms-welcome1-n%26sub3%26sub4%26sub5%26sub6%26sub7%26sub8%26sub9&ea=0&pra=5&wgl=1&easpi=0&asro=0&asiscm=1&aslmt=0.4&asamt=-1&asedf=0&asefa=1&aseiel=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1696616360862&bpp=1&bdt=2231&idt=199&shv=r20231004&mjsv=m202310020101&ptt=9&saldr=aa&abxe=1&prev_fmts=900x280%2C0x0&nras=2&correlator=6000350294767&frm=20&pv=1&ga_vid=1075330997.1696616361&ga_sid=1696616361&ga_hid=437526755&ga_fc=1&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31078363%2C44795922%2C44804782&oid=2&pvsid=4203924318548781&tmod=1277085148&uas=0&nvt=1&fsapi=1&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=3&uci=a!3&fsb=1&dtd=203

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

553779f13bdc6cbd8dd60fedc12225fdba7e98a7a37f03209d3e370cc0132bfc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://crezu.mx/landing/offers/?sub1=caa333ef9ab34141b01072fdc4cfcac3&sub2=mx-sms-welcome1-n&sub3&sub4&sub5&sub6&sub7&sub8&sub9
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 30641
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 06 Oct 2023 18:19:21 GMT
expires: Fri, 06 Oct 2023 18:19:21 GMT
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 602C 0
20 B 138ms
138ms Ping
image/gif 2a00:1450:4001:81c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=jca&jc=39&version=r20231004&sample=0.01

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7720460051430832&output=html&adk=1812271804&adf=3025194257&lmt=1696426945&plat=9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C41%3A32%2C42%3A32&plas=308x945_l%7C308x945_r&format=0x0&url=https%3A%2F%2Fcrezu.mx%2Flanding%2Foffers%2F%3Fsub1%3Dcaa333ef9ab34141b01072fdc4cfcac3%26sub2%3Dmx-sms-welcome1-n%26sub3%26sub4%26sub5%26sub6%26sub7%26sub8%26sub9&ea=0&pra=7&wgl=1&easpi=0&asro=0&asiscm=1&aslmt=0.4&asamt=-1&asedf=0&asefa=1&aseiel=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1696616360860&bpp=2&bdt=2229&idt=182&shv=r20231004&mjsv=m202310020101&ptt=9&saldr=aa&abxe=1&prev_fmts=900x280&nras=1&correlator=6000350294767&frm=20&pv=1&ga_vid=1075330997.1696616361&ga_sid=1696616361&ga_hid=437526755&ga_fc=1&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31078363%2C44795922%2C44804782&oid=2&pvsid=4203924318548781&tmod=1277085148&uas=0&nvt=1&fsapi=1&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=2&uci=a!2&fsb=1&dtd=195

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 06 Oct 2023 18:19:21 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 reactive_library_fy2021.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202310020101/ 153 KB
52 KB 99ms
99ms Script
text/javascript 2a00:1450:4001:81c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202310020101/reactive_library_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7346905002e232c7fe012df1036e0ecfa778289b00a39393ccce5f8233cd6476

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://crezu.mx/landing/offers/?sub1=caa333ef9ab34141b01072fdc4cfcac3&sub2=mx-sms-welcome1-n&sub3&sub4&sub5&sub6&sub7&sub8&sub9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Fri, 06 Oct 2023 18:19:21 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 53324
x-xss-protection: 0
server: cafe
etag: 325595648262656629
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=1209600
timing-allow-origin: *
expires: Fri, 06 Oct 2023 18:19:21 GMT

GET
H3 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20231004/r20110914/ Frame E203 10 KB
4 KB 39ms
38ms Document
text/html 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20231004/r20110914/zrt_lookup.html?fsb=1

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

041fe6e516177e777c651a95708ee4961723db34a974e8be9e6ba597a1313e51

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://crezu.mx/landing/offers/?sub1=caa333ef9ab34141b01072fdc4cfcac3&sub2=mx-sms-welcome1-n&sub3&sub4&sub5&sub6&sub7&sub8&sub9
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 12323
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4471
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 06 Oct 2023 14:53:59 GMT
etag: 2603938475786422795
expires: Fri, 20 Oct 2023 14:53:59 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20231004/r20110914/ Frame 8492 10 KB
4 KB 39ms
38ms Document
text/html 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20231004/r20110914/zrt_lookup.html?fsb=1

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

041fe6e516177e777c651a95708ee4961723db34a974e8be9e6ba597a1313e51

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://crezu.mx/landing/offers/?sub1=caa333ef9ab34141b01072fdc4cfcac3&sub2=mx-sms-welcome1-n&sub3&sub4&sub5&sub6&sub7&sub8&sub9
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 12323
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4471
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 06 Oct 2023 14:53:59 GMT
etag: 2603938475786422795
expires: Fri, 20 Oct 2023 14:53:59 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20231004/r20110914/ Frame E694 10 KB
4 KB 39ms
38ms Document
text/html 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20231004/r20110914/zrt_lookup.html?fsb=1

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

041fe6e516177e777c651a95708ee4961723db34a974e8be9e6ba597a1313e51

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://crezu.mx/landing/offers/?sub1=caa333ef9ab34141b01072fdc4cfcac3&sub2=mx-sms-welcome1-n&sub3&sub4&sub5&sub6&sub7&sub8&sub9
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 12323
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4471
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 06 Oct 2023 14:53:59 GMT
etag: 2603938475786422795
expires: Fri, 20 Oct 2023 14:53:59 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 88cf7d8f92971695aa333eeba8ca195d.js Show response
www.gstatic.com/mysidia/ Frame E203 9 KB
4 KB 139ms
53ms Script
text/javascript 2a00:1450:4001:829::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/88cf7d8f92971695aa333eeba8ca195d.js?tag=client_fast_engine_2019

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231004/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ac4a4d48faf1670dd95aac541fd22c6728ab6528d9fbacfdbd2e58ab5cbc83c8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 12:45:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 106438
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 3923
x-xss-protection: 0
last-modified: Mon, 02 Oct 2023 14:46:38 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Wed, 03 Jan 2024 12:45:24 GMT

GET
H2 200 c068aa03e042373fde6c3960c7f33547.js Show response
www.gstatic.com/mysidia/ Frame E203 12 KB
5 KB 177ms
91ms Script
text/javascript 2a00:1450:4001:829::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/c068aa03e042373fde6c3960c7f33547.js?tag=text/vanilla_highlight

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231004/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e04b0d057a78fa056468465ce0f3ac37a952f9f76844eb55d7c8acc28eb49b9a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 02:13:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 144337
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 5158
x-xss-protection: 0
last-modified: Mon, 02 Oct 2023 14:46:38 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Wed, 03 Jan 2024 02:13:45 GMT

GET
H2 200 css
fonts.googleapis.com/ Frame E203 14 KB
2 KB 159ms
46ms Stylesheet
text/css 2a00:1450:4001:828::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231004/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

aade7746342f608807b7eb107059c842fe200e1ff09e146db822250055cecaed

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Fri, 06 Oct 2023 18:19:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Fri, 06 Oct 2023 17:42:59 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Fri, 06 Oct 2023 18:19:22 GMT

GET
H2 200 load_preloaded_resource_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231004/r20110914/client/ Frame E203 2 KB
973 B 198ms
85ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231004/r20110914/client/load_preloaded_resource_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231004/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3ab7853ddfc8ef3468082187bff5636436df85cd9d1e54653530c018cf9d9280

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Fri, 06 Oct 2023 13:38:14 GMT
content-encoding: br
x-content-type-options: nosniff
age: 16868
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 865
x-xss-protection: 0
server: cafe
etag: 5051423035144352294
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 20 Oct 2023 13:38:14 GMT

GET
H2 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231004/r20110914/ Frame E203 23 KB
9 KB 199ms
87ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231004/r20110914/abg_lite_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231004/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e0309fd597700b89310de557575438fb73dbee569cf734340057c0884ce91c20

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Fri, 06 Oct 2023 13:36:47 GMT
content-encoding: br
x-content-type-options: nosniff
age: 16955
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9151
x-xss-protection: 0
server: cafe
etag: 7930219084593097114
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 20 Oct 2023 13:36:47 GMT

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231004/r20110914/client/ Frame E203 3 KB
1 KB 207ms
95ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231004/r20110914/client/window_focus_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231004/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Fri, 06 Oct 2023 14:59:34 GMT
content-encoding: br
x-content-type-options: nosniff
age: 11988
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 20 Oct 2023 14:59:34 GMT

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231004/r20110914/client/ Frame E203 20 KB
9 KB 149ms
37ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231004/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231004/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

50a61db1134643f3360d0e1ff16c4e48fdf700090052d0fcf9301e95884ae9d9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Fri, 06 Oct 2023 13:33:40 GMT
content-encoding: br
x-content-type-options: nosniff
age: 17142
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8339
x-xss-protection: 0
server: cafe
etag: 16954770952846736976
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 20 Oct 2023 13:33:40 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame E203 187 KB
59 KB 174ms
62ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231004/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

89403ef16933d6911ecc68da312e1934f696994b35d4824928649954a5980bec

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Fri, 06 Oct 2023 18:19:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 60043
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1696419354076528"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 06 Oct 2023 18:19:22 GMT

GET
H2 200 f20a2b7dfb9062a0a08db52babdaa11c.js Show response
www.gstatic.com/mysidia/ Frame E203 37 KB
15 KB 138ms
55ms Script
text/javascript 2a00:1450:4001:829::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/f20a2b7dfb9062a0a08db52babdaa11c.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231004/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c9bb40cefe87d2b65103b30be083f0dc8f963f3c930f230d905b811b6eb82f47

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Fri, 06 Oct 2023 18:09:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 563
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15586
x-xss-protection: 0
last-modified: Mon, 02 Oct 2023 14:46:38 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Thu, 04 Jan 2024 18:09:59 GMT

GET
H2 200 1677222650507136750
tpc.googlesyndication.com/daca_images/simgad/ Frame 6B15 84 KB
84 KB 194ms
105ms Image
image/png 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/daca_images/simgad/1677222650507136750

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7720460051430832&output=html&h=280&slotname=7716873411&adk=8110835&adf=4183771420&pi=t.ma~as.7716873411&w=900&fwrn=4&fwrnh=100&lmt=1696426945&rafmt=1&format=900x280&url=https%3A%2F%2Fcrezu.mx%2Flanding%2Foffers%2F%3Fsub1%3Dcaa333ef9ab34141b01072fdc4cfcac3%26sub2%3Dmx-sms-welcome1-n%26sub3%26sub4%26sub5%26sub6%26sub7%26sub8%26sub9&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1696616360800&bpp=5&bdt=2169&idt=219&shv=r20231004&mjsv=m202310020101&ptt=9&saldr=aa&abxe=1&correlator=6000350294767&frm=20&pv=2&ga_vid=1075330997.1696616361&ga_sid=1696616361&ga_hid=437526755&ga_fc=1&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=350&ady=1411&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31078363%2C44795922%2C44804782&oid=2&pvsid=4203924318548781&tmod=1277085148&uas=0&nvt=1&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=1&uci=a!1&btvi=1&fsb=1&xpc=DndFcEtWXv&p=https%3A//crezu.mx&dtd=236

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4ab59ee2741c06b4e1a3315b3be66ac1e76e1fb37eaea4247648dc37e3381f12

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 12:08:05 GMT
x-content-type-options: nosniff
age: 108677
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 85700
x-xss-protection: 0
last-modified: Thu, 10 Aug 2023 08:51:29 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Fri, 04 Oct 2024 12:08:05 GMT

GET
H2 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231004/r20110914/ Frame 6B15 23 KB
9 KB 185ms
96ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231004/r20110914/abg_lite_fy2021.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e0309fd597700b89310de557575438fb73dbee569cf734340057c0884ce91c20

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Fri, 06 Oct 2023 13:36:47 GMT
content-encoding: br
x-content-type-options: nosniff
age: 16955
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9151
x-xss-protection: 0
server: cafe
etag: 7930219084593097114
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 20 Oct 2023 13:36:47 GMT

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231004/r20110914/client/ Frame 6B15 3 KB
1 KB 137ms
103ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231004/r20110914/client/window_focus_fy2021.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Fri, 06 Oct 2023 14:59:34 GMT
content-encoding: br
x-content-type-options: nosniff
age: 11988
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 20 Oct 2023 14:59:34 GMT

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231004/r20110914/client/ Frame 6B15 20 KB
8 KB 115ms
82ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231004/r20110914/client/qs_click_protection_fy2021.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

50a61db1134643f3360d0e1ff16c4e48fdf700090052d0fcf9301e95884ae9d9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Fri, 06 Oct 2023 13:33:40 GMT
content-encoding: br
x-content-type-options: nosniff
age: 17142
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8339
x-xss-protection: 0
server: cafe
etag: 16954770952846736976
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 20 Oct 2023 13:33:40 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 6B15 187 KB
59 KB 217ms
183ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

89403ef16933d6911ecc68da312e1934f696994b35d4824928649954a5980bec

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Fri, 06 Oct 2023 18:19:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 60043
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1696419354076528"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 06 Oct 2023 18:19:22 GMT

GET
H2 200 one_click_handler_one_afma_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231004/r20110914/client/ Frame 6B15 36 KB
15 KB 191ms
158ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231004/r20110914/client/one_click_handler_one_afma_fy2021.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

93340594a3f629999eacb6d03aac3d49a76ca9023c18a90bce7e7e8d3ef9a68c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Fri, 06 Oct 2023 10:47:16 GMT
content-encoding: br
x-content-type-options: nosniff
age: 27126
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14932
x-xss-protection: 0
server: cafe
etag: 14442377342001293717
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 20 Oct 2023 10:47:16 GMT

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame F467 624 B
246 B 80ms
78ms Document
text/html 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CICHEhDb4oYCGL32lIABMAE&v=APEucNWl3jcIP2Rlo5-fEJJdSBXy2vS3tPRNOVUKssPliuFx9QeQ2MAh2SXdqesqGbDQdrQTmZoHRtmVyltVT70NVbzjJKUa-KzqtZ3fXxeRuWPAJfmxp6upUN0Uo4_F2rx1f1f-2RyjMF7u19Yf9VY0-m344i4JPLlZi3lb843UvVUSnREXME4

Requested by

Host: crezu.mx
URL: https://crezu.mx/landing/offers/?sub1=caa333ef9ab34141b01072fdc4cfcac3&sub2=mx-sms-welcome1-n&sub3=&sub4=&sub5=&sub6=&sub7=&sub8=&sub9=

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/html/r20231004/r20110914/zrt_lookup.html?fsb=1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 222
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 06 Oct 2023 18:19:22 GMT
expires: Fri, 06 Oct 2023 18:19:22 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 dv3.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame BD0B 89 KB
31 KB 84ms
84ms Script
text/javascript 2a00:1450:4001:81c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/dv3.js

Requested by

Host: crezu.mx
URL: https://crezu.mx/landing/offers/?sub1=caa333ef9ab34141b01072fdc4cfcac3&sub2=mx-sms-welcome1-n&sub3=&sub4=&sub5=&sub6=&sub7=&sub8=&sub9=

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

6c0bd41a591f67aa54215c9f9c1f0e86935d86b6546a0ba0bf9cebbed53a9ebc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Fri, 06 Oct 2023 18:19:22 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 31491
x-xss-protection: 0
server: cafe
etag: 6167930392490353973
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=600
timing-allow-origin: *
expires: Fri, 06 Oct 2023 18:19:22 GMT

GET
H2 200 r62eglto.js Show response
ad4m.at/ Frame BD0B 25 KB
10 KB 64ms
34ms Script
application/javascript 2606:4700:20::681a:ad1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ad4m.at/r62eglto.js
Requested by: Host: crezu.mx
URL: https://crezu.mx/landing/offers/?sub1=caa333ef9ab34141b01072fdc4cfcac3&sub2=mx-sms-welcome1-n&sub3=&sub4=&sub5=&sub6=&sub7=&sub8=&sub9=
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:ad1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ba4a0c91bdda0c6f615970c6c39dbe9e47f84613f5460c2b21bf5d1eec6277a3

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Fri, 06 Oct 2023 18:19:22 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Tue, 11 Jul 2023 16:29:57 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 265738
etag: W/"8f7b47e4fef4e58c4cfeb4f6c445dcb6"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zVbCB9RUI4EbKJMwx5V%2F8lLGKcVxcyCz%2FtoxphS98HuOzg3Am9EB2wlUK%2F5k%2BpeZOraHnjLvTeX9r0vemWM3OXxYQXLZ9AgBkAnpGpbAd1pvp60XdZvsX6XC8b8kp9icO%2Fxld1c%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
cache-control: public, max-age=3600, must-revalidate, stale-while-revalidate=300
cf-ray: 811fe987cd909247-FRA
alt-svc: h3=":443"; ma=86400
expires: Tue, 03 Oct 2023 16:30:24 GMT

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231004/r20110914/client/ Frame BD0B 3 KB
1 KB 154ms
85ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231004/r20110914/client/window_focus_fy2021.js

Requested by

Host: crezu.mx
URL: https://crezu.mx/landing/offers/?sub1=caa333ef9ab34141b01072fdc4cfcac3&sub2=mx-sms-welcome1-n&sub3=&sub4=&sub5=&sub6=&sub7=&sub8=&sub9=

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Fri, 06 Oct 2023 14:59:34 GMT
content-encoding: br
x-content-type-options: nosniff
age: 11988
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 20 Oct 2023 14:59:34 GMT

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231004/r20110914/client/ Frame BD0B 20 KB
8 KB 112ms
42ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231004/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: crezu.mx
URL: https://crezu.mx/landing/offers/?sub1=caa333ef9ab34141b01072fdc4cfcac3&sub2=mx-sms-welcome1-n&sub3=&sub4=&sub5=&sub6=&sub7=&sub8=&sub9=

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

50a61db1134643f3360d0e1ff16c4e48fdf700090052d0fcf9301e95884ae9d9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Fri, 06 Oct 2023 13:33:40 GMT
content-encoding: br
x-content-type-options: nosniff
age: 17142
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8339
x-xss-protection: 0
server: cafe
etag: 16954770952846736976
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 20 Oct 2023 13:33:40 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame BD0B 187 KB
59 KB 198ms
128ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: crezu.mx
URL: https://crezu.mx/landing/offers/?sub1=caa333ef9ab34141b01072fdc4cfcac3&sub2=mx-sms-welcome1-n&sub3=&sub4=&sub5=&sub6=&sub7=&sub8=&sub9=

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

89403ef16933d6911ecc68da312e1934f696994b35d4824928649954a5980bec

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Fri, 06 Oct 2023 18:19:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 60043
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1696419354076528"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 06 Oct 2023 18:19:22 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame BD0B 42 B
63 B 151ms
150ms Image
image/gif 2a00:1450:4001:81c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-DPZVnhwk5c3ese3t8GXFJfGbYsnWvULjD26ZZvnGmIuYXYlv12QJ4eEJeTjMWY05_pocG9DEPVdtP6uLu6HKXtmnlL8IY2TOsruPllyiTTQiKiTb8

Requested by

Host: crezu.mx
URL: https://crezu.mx/landing/offers/?sub1=caa333ef9ab34141b01072fdc4cfcac3&sub2=mx-sms-welcome1-n&sub3=&sub4=&sub5=&sub6=&sub7=&sub8=&sub9=

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 06 Oct 2023 18:19:22 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame BD0B 0
20 B 151ms
151ms Image
image/gif 2a00:1450:4001:81c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=fetch&cor=17733811447608041489&x=1&ct=77

Requested by

Host: crezu.mx
URL: https://crezu.mx/landing/offers/?sub1=caa333ef9ab34141b01072fdc4cfcac3&sub2=mx-sms-welcome1-n&sub3=&sub4=&sub5=&sub6=&sub7=&sub8=&sub9=

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 06 Oct 2023 18:19:22 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 1805 624 B
246 B 82ms
80ms Document
text/html 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CICHEhDb4oYCGL32lIABMAE&v=APEucNU8GyZVs6MNwgV0jgi3DVRuxBlNlpXv_acgSkcH8PkuePhrisW3KlMgFhH3uRYtsYXoJ3WSWdv1lvX0GxkapZt9fQndiTdrEMmz2vecoybADH5yY5F6h8uagnDAl9SjEpsDuN9IyklP-t5Nq-ZMLnNm6HwZ-kkCGAaybT5dD204tC_zwH4

Requested by

Host: crezu.mx
URL: https://crezu.mx/landing/offers/?sub1=caa333ef9ab34141b01072fdc4cfcac3&sub2=mx-sms-welcome1-n&sub3=&sub4=&sub5=&sub6=&sub7=&sub8=&sub9=

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/html/r20231004/r20110914/zrt_lookup.html?fsb=1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 222
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 06 Oct 2023 18:19:22 GMT
expires: Fri, 06 Oct 2023 18:19:22 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 dv3.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame 490E 89 KB
31 KB 109ms
107ms Script
text/javascript 2a00:1450:4001:81c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/dv3.js

Requested by

Host: crezu.mx
URL: https://crezu.mx/landing/offers/?sub1=caa333ef9ab34141b01072fdc4cfcac3&sub2=mx-sms-welcome1-n&sub3=&sub4=&sub5=&sub6=&sub7=&sub8=&sub9=

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

6c0bd41a591f67aa54215c9f9c1f0e86935d86b6546a0ba0bf9cebbed53a9ebc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Fri, 06 Oct 2023 18:19:22 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 31491
x-xss-protection: 0
server: cafe
etag: 6167930392490353973
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=600
timing-allow-origin: *
expires: Fri, 06 Oct 2023 18:19:22 GMT

GET
H2 200 r62eglto.js Show response
ad4m.at/ Frame 490E 25 KB
10 KB 35ms
33ms Script
application/javascript 2606:4700:20::681a:ad1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ad4m.at/r62eglto.js
Requested by: Host: crezu.mx
URL: https://crezu.mx/landing/offers/?sub1=caa333ef9ab34141b01072fdc4cfcac3&sub2=mx-sms-welcome1-n&sub3=&sub4=&sub5=&sub6=&sub7=&sub8=&sub9=
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:ad1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ba4a0c91bdda0c6f615970c6c39dbe9e47f84613f5460c2b21bf5d1eec6277a3

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Fri, 06 Oct 2023 18:19:22 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Tue, 11 Jul 2023 16:29:57 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 265738
etag: W/"8f7b47e4fef4e58c4cfeb4f6c445dcb6"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=aVyLBCKhMb%2Fh1itT%2BlyRyvEc7bjkDZjRkL9Uq19pCMRJuQAy1lA0h%2B6zMifptSOZU9%2B1ywBQP1kV9eEk7tjuSl01Dz6eXthhhK%2FtkyUuESsT7Far6nZtIrLimYWrVF7KwIc3S6U%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
cache-control: public, max-age=3600, must-revalidate, stale-while-revalidate=300
cf-ray: 811fe987cd929247-FRA
alt-svc: h3=":443"; ma=86400
expires: Tue, 03 Oct 2023 16:30:24 GMT

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231004/r20110914/client/ Frame 490E 3 KB
1 KB 146ms
104ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231004/r20110914/client/window_focus_fy2021.js

Requested by

Host: crezu.mx
URL: https://crezu.mx/landing/offers/?sub1=caa333ef9ab34141b01072fdc4cfcac3&sub2=mx-sms-welcome1-n&sub3=&sub4=&sub5=&sub6=&sub7=&sub8=&sub9=

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Fri, 06 Oct 2023 14:59:34 GMT
content-encoding: br
x-content-type-options: nosniff
age: 11988
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 20 Oct 2023 14:59:34 GMT

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231004/r20110914/client/ Frame 490E 20 KB
8 KB 95ms
53ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231004/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: crezu.mx
URL: https://crezu.mx/landing/offers/?sub1=caa333ef9ab34141b01072fdc4cfcac3&sub2=mx-sms-welcome1-n&sub3=&sub4=&sub5=&sub6=&sub7=&sub8=&sub9=

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

50a61db1134643f3360d0e1ff16c4e48fdf700090052d0fcf9301e95884ae9d9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Fri, 06 Oct 2023 13:33:40 GMT
content-encoding: br
x-content-type-options: nosniff
age: 17142
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8339
x-xss-protection: 0
server: cafe
etag: 16954770952846736976
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 20 Oct 2023 13:33:40 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 490E 187 KB
59 KB 183ms
141ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: crezu.mx
URL: https://crezu.mx/landing/offers/?sub1=caa333ef9ab34141b01072fdc4cfcac3&sub2=mx-sms-welcome1-n&sub3=&sub4=&sub5=&sub6=&sub7=&sub8=&sub9=

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

89403ef16933d6911ecc68da312e1934f696994b35d4824928649954a5980bec

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Fri, 06 Oct 2023 18:19:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 60043
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1696419354076528"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 06 Oct 2023 18:19:22 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 490E 42 B
63 B 142ms
141ms Image
image/gif 2a00:1450:4001:81c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-BYNxyBISxRpp2V1zHhUdkhsvoXdxUG_ZjhLBHL694Z1PyfEGUAI1TuP2Uo4kir59_uWOQ2uhhNdf3yHuoZLuan_u_bd-whu3dga2jVm_t48PtURS8

Requested by

Host: crezu.mx
URL: https://crezu.mx/landing/offers/?sub1=caa333ef9ab34141b01072fdc4cfcac3&sub2=mx-sms-welcome1-n&sub3=&sub4=&sub5=&sub6=&sub7=&sub8=&sub9=

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 06 Oct 2023 18:19:22 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 490E 0
20 B 142ms
141ms Image
image/gif 2a00:1450:4001:81c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=fetch&cor=8100374063085218706&x=1&ct=77

Requested by

Host: crezu.mx
URL: https://crezu.mx/landing/offers/?sub1=caa333ef9ab34141b01072fdc4cfcac3&sub2=mx-sms-welcome1-n&sub3=&sub4=&sub5=&sub6=&sub7=&sub8=&sub9=

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 06 Oct 2023 18:19:22 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame D82F 143 B
166 B 42ms
40ms Document
text/html 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7720460051430832&output=html&h=280&slotname=7716873411&adk=8110835&adf=4183771420&pi=t.ma~as.7716873411&w=900&fwrn=4&fwrnh=100&lmt=1696426945&rafmt=1&format=900x280&url=https%3A%2F%2Fcrezu.mx%2Flanding%2Foffers%2F%3Fsub1%3Dcaa333ef9ab34141b01072fdc4cfcac3%26sub2%3Dmx-sms-welcome1-n%26sub3%26sub4%26sub5%26sub6%26sub7%26sub8%26sub9&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1696616360800&bpp=5&bdt=2169&idt=219&shv=r20231004&mjsv=m202310020101&ptt=9&saldr=aa&abxe=1&correlator=6000350294767&frm=20&pv=2&ga_vid=1075330997.1696616361&ga_sid=1696616361&ga_hid=437526755&ga_fc=1&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=350&ady=1411&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31078363%2C44795922%2C44804782&oid=2&pvsid=4203924318548781&tmod=1277085148&uas=0&nvt=1&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=1&uci=a!1&btvi=1&fsb=1&xpc=DndFcEtWXv&p=https%3A//crezu.mx&dtd=236
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 664
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=3600
content-encoding: gzip
content-length: 145
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 06 Oct 2023 18:08:18 GMT
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 redir.html Show response
p4-h2uabqeu6o7fw-fxaxwqqm2s65csfk-if-v6exp3-v4.metric.gstatic.com/v6exp3/ Frame B5BA 247 B
867 B 168ms
48ms Document
text/html 142.250.186.35
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://p4-h2uabqeu6o7fw-fxaxwqqm2s65csfk-if-v6exp3-v4.metric.gstatic.com/v6exp3/redir.html

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.35 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f3.1e100.net

Software

sffe /

Resource Hash

846df7abbf44ed3a332e8a4a2443329871c0a81c67b83546875d6bad254ee0a7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, must-revalidate
content-encoding: gzip
content-length: 203
content-security-policy-report-only: script-src 'nonce-IbekRe6BopiWx6GU3ObhsA' 'report-sample' 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' http: https:; object-src 'none'; report-uri https://csp.withgoogle.com/csp/static-on-bigtable; base-uri 'none'
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
cross-origin-resource-policy: cross-origin
date: Fri, 06 Oct 2023 18:19:22 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
last-modified: Mon, 02 Dec 2019 20:15:00 GMT
pragma: no-cache
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3

200

rum
dsum-sec.casalemedia.com/ Frame F467
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEG5rPn2b_cPPfguLMA4Ao7s&google_cver=1

43 B
730 B

25ms
25ms

Image
image/gif

104.18.26.193
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEG5rPn2b_cPPfguLMA4Ao7s&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CICHEhDb4oYCGL32lIABMAE&v=APEucNWl3jcIP2Rlo5-fEJJdSBXy2vS3tPRNOVUKssPliuFx9QeQ2MAh2SXdqesqGbDQdrQTmZoHRtmVyltVT70NVbzjJKUa-KzqtZ3fXxeRuWPAJfmxp6upUN0Uo4_F2rx1f1f-2RyjMF7u19Yf9VY0-m344i4JPLlZi3lb843UvVUSnREXME4
Protocol: H3
Server: 104.18.26.193 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 06 Oct 2023 18:19:22 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=w90WbP6pcRq05cWsjMa3%2FCVmHnypbDOrApS00hB8LlT2pzPBoP14HBuXOSk3SSEdZi48gOyGpNYHfFhQg1Rc7n5BskzWKDxrBcYNuynjB6BadA2KuXihM%2F7lVmy4bi3rFpIR0PtGSOKk3w%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type: image/gif
cache-control: no-cache
cf-ray: 811fe9898c75364d-FRA
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Fri, 06 Oct 2023 18:19:22 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEG5rPn2b_cPPfguLMA4Ao7s&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

rum
dsum-sec.casalemedia.com/ Frame F467
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZSBPqtbFP8kkhWnNPuUeQAAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESENqmFJ5Wu80TgRlYMCfE1L4&google_cver=1

43 B
741 B

38ms
38ms

Image
image/gif

104.18.26.193
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESENqmFJ5Wu80TgRlYMCfE1L4&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CICHEhDb4oYCGL32lIABMAE&v=APEucNWl3jcIP2Rlo5-fEJJdSBXy2vS3tPRNOVUKssPliuFx9QeQ2MAh2SXdqesqGbDQdrQTmZoHRtmVyltVT70NVbzjJKUa-KzqtZ3fXxeRuWPAJfmxp6upUN0Uo4_F2rx1f1f-2RyjMF7u19Yf9VY0-m344i4JPLlZi3lb843UvVUSnREXME4
Protocol: H3
Server: 104.18.26.193 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 06 Oct 2023 18:19:22 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=C3ZsQZufmIoZB9nybS7zFg4%2FasC8KgmEMu%2F3Gro0MidkMpDJ%2Bbz2FGbWN5m15ecu%2BFyHk5h503OKR8T1V0e%2F%2Bghz%2FjHizH0tetSuNyFbFa%2FJR88qkrw5uHq%2BXQvTdJP2%2B3uGk5Fgb68ZwA%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type: image/gif
cache-control: no-cache
cf-ray: 811fe9898c78364d-FRA
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Fri, 06 Oct 2023 18:19:22 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESENqmFJ5Wu80TgRlYMCfE1L4&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

setuid
ib.adnxs.com/ Frame F467
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEOJHw9guXp34qs1Kbnit_7w&google_cver=1

43 B
846 B

8ms
7ms

Image
image/gif

37.252.172.123
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=101&code=CAESEOJHw9guXp34qs1Kbnit_7w&google_cver=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CICHEhDb4oYCGL32lIABMAE&v=APEucNWl3jcIP2Rlo5-fEJJdSBXy2vS3tPRNOVUKssPliuFx9QeQ2MAh2SXdqesqGbDQdrQTmZoHRtmVyltVT70NVbzjJKUa-KzqtZ3fXxeRuWPAJfmxp6upUN0Uo4_F2rx1f1f-2RyjMF7u19Yf9VY0-m344i4JPLlZi3lb843UvVUSnREXME4

Protocol

Server

37.252.172.123 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

868.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.23.4 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 06 Oct 2023 18:19:22 GMT
an-x-request-uuid: 3d28dc45-f87b-4d84-8501-359e13d7d0f6
server: nginx/1.23.4
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: image/gif
cache-control: no-store, no-cache, private
x-proxy-origin: 185.213.155.146; 185.213.155.146; 868.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
content-length: 43
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Fri, 06 Oct 2023 18:19:22 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://ib.adnxs.com/setuid?entity=101&code=CAESEOJHw9guXp34qs1Kbnit_7w&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 290
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

pixel
cm.g.doubleclick.net/ Frame F467
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NzM0MDUwNjgxNjE1NzIzODgyMQ%3D%3D

170 B
232 B

83ms
67ms

Image
image/png

142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NzM0MDUwNjgxNjE1NzIzODgyMQ%3D%3D

Requested by

Protocol

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 06 Oct 2023 18:19:22 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Fri, 06 Oct 2023 18:19:22 GMT
an-x-request-uuid: c6e658ab-3369-4b3e-a5f3-bfc487b5fa92
server: nginx/1.23.4
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: text/html; charset=utf-8
access-control-allow-origin: *
cache-control: no-store, no-cache, private
access-control-allow-credentials: true
location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NzM0MDUwNjgxNjE1NzIzODgyMQ%3D%3D
x-proxy-origin: 185.213.155.146; 185.213.155.146; 868.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
content-length: 0
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame BD0B 0
20 B 140ms
140ms Ping
image/gif 2a00:1450:4001:81c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=running&ord=1553772743084&version=m202309260101

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 06 Oct 2023 18:19:22 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame BD0B 0
20 B 140ms
140ms Ping
image/gif 2a00:1450:4001:81c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tlbr&ord=1553772743084&version=m202309260101&ct=77&x=1&cor=17733811447608041000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 06 Oct 2023 18:19:22 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame BD0B 30 KB
18 KB 77ms
76ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-CPr20er4V_91g9uDeQs5eVWfPVunk8WAZh3zepz_moRVtuDY_5e-IMHYA-80a6csiL5cf8Dm7dBWn2hWJVVl5lVDbrBgRJUJoDi_u-5rQP7fUsmLNb2gwBgVqjo2qdrhd3TeRNTikvFwg1YdcjfT75WE6ngdPfsFHi4kn9L3DG_NykDmU&cry=1&dbm_d=AKAmf-DANG6SmTns77O1MTkcYxM4yIcdceKrXviTPZLZ1sci0tXulqOvsCov0a5mSASBLxLnhOkgqxwUKh6bMs-FQLT4FY4nuoxDbFwIUw9QDS8FlvuZrjLZftCAE6l3m94jEcUCY97d7QqdVfUkWVNAsCKTWCP5RCD2uIWVWLIvTWPEnaX_N6Mwsh4yPqzRVtFC9U3TDjXjeQk6aeVQ7b0Mk28lkjcNf5deEHZZULjq6SP-q_6ORcWegsJhcmczQ1-YKAMb7KOsRaxLj5q3tjgqVZOZUe386h3y-jUovtPDe8XWVas8uyJ4ydK33pawOMubMqPTGBNstRYWnldg50qgEg_3GBN0YcHxHGY9X94OhpCs-O55ZBjMpiOTYASgh--0AziMn2F_eMsmfwvQg1DpZLE8tuMl3Z4MJM-H5iROrTf7fs3TyCeHmV4w1Q40u30JsYoGDNXdWnh6lkXMMAjGGwgdTdlxbk_9Y8N5FR8qSke-ZDOW7S0cmsrveq1UdJeF1lmiT_eSldfFH8P-rwd0bS4GB-caLsjKvHFHGqGx9cuQQ8dl0iL3OzOQc0J1l-9nkNslm-vCCs6sTcpcFQAg0DDtJ1i3DcZvRgqmrNAbATd6tqfKo_kpBeHztTu9xQQWPEnYypy4j436-5PA4OQ82klln1q-y8wfASjt6MPmf2PuINLsONVNhd45ggtBxESo8EMiPUdxbUMMFv4GiylTOKG9hZe1q_BzC0n40EbmYwbO1eYuhANs_gQX8BkSew85Yo8_HDQ29B4y5D1ocOIdfCpXxkDUlNj-7qOvu-EnvfkzxYuVJx_q2hb79KkuLI5GGbt5AFzzQEG3EGsA_D186NhxJXM6H51hG80DKX9Lc176iAL2VsjfPnYSPuSdsbj2-6GTSASV3JZi-wpYF4Wc_KoC_2XgEfsPtHMXBdci5dMBIRxnubkIJWFz9jpE8KOlDXUgnzRB0D_LzZZUqtGaytupBZ8okDGPeqTVYzGzl953vC4rYXaa4bEW7w4SLEtdD3ivgZVMxTK8H297aesxNz5afbnB8g4qCzMyK8wNZHWnpHdpmmlGsDwEo1YW8DEy-I-KZpA1CoAAYXPsxmEZl0IEeN2XQPYHcQQcAMkA8U_XR0ILLr-AkumP-Gw1XpW29tmd1QLUlFEkzAdVaGblmYuaJL-6PCvBm0aXcRFeXlhdST0G3W3gFY3Ul8M0efGXdN7vAga2L9D8iUcY_ybhvKNqkZgiCbFLunGotkJd1DsEiH8-5oZLHKLHz2BJh-ZtDQPOR2zxUNzq-iPvMPXCayJ1gJk13dPnqhHE3QV_t8kQo0ieV0ZbUXQFdZpRYZBgAaZ3bwkrwQ11BjrXKKo_IbiJIj0pooIAOe9do6rPSN77YTwL88sNUHfbrXhCTaoZ3pzayDpZruKMTERqQT0v6VJaMA-heUOaUZFN54vK9lPn2YOGT_wXAf8GIowht_pPnHbtXT4YabhuasIm-roi7y57guVshzeZpGME6KiIu8bNOlElJKEdUJZqStIF9DWZslxPm_B9_-L0qH9cvBw671BL9Ch8VEkx67B6ooarsACSr3BhX9KYLMnzanW5VRhxh1mYOrsq_ukYrhu6FGFVgCVJGuinkyEhIVjI--if6Mx85fZSd_I8UwYTZuY-mBRVTy1jpVGJvtt6BBEXKzNoFO83NnF4EotizfJzKAsMhxcYr7AUXoCyFXU2KMGGYJW-6G38ujPcNvsP3RowvWgQnxQgwqvr-7a3VLmR72LnokyDlFFWRs0DJizckzv6MB4hDkuRNzmadxsk3J8MD1CfRXdlcxQxMMl1zCAp2bHHRKcxyuvET6EJqthPeKYh_D_MyZfVixCb7CiSEFK2lexrDOwbCFknMdgg4MSrbMKz3RmBvrnQY_N2l8q6Nb53F0kKNrN7CLnb9K25jNiW95-Nll2CqXaYOzLD5thJISJjubTS8YRE_CU2bd2MrbOEM6VPYhikyeQkD4oluEo4fBTSepjVPTjZLKC-Q1khCRp8vGm0-wgvE3M_tTeqKlXZ1Hwo3Ts6f-ZKwk37uKd3aIJlbgLHQhsRbliVWANg9NTY4JPB4SnK6zy-BuX1iqE-apiGWw5VG1xoiPMf6PbAhAVTnAO0vjY2wPkEJg8RnwGr-Bchn_g_K3rrcd2QPNBccm58tC3Mv0xhXSYaJEJLaRUZh7DZXertqC2THYf6LNTPDraFbjPqeECWu0zcu47PlcZhaX9urpVKLAOBLJizuYZRz8-yb1jsBFWDEpfOre_-3YihFTngVxq7s_4XbSZsGbRmazCFDqIODpljpXey9x6ycqZhNdB3qaEC5CzYccpdMYazq1Iot2J3q3P1E5f7tD68QSEk-4JYN4kFseMo96SR87Sp8ZdmLXbZp7cijtv238pAd8vGYE3FzwUQy390wScl8VlceYCQ3cl-ttTFvms3KtOX_h0n1Ku9qAOCejruRa2cbTG0LGcd1aTPPkf0k5gGxQJLVDasNF_njCNsySAH6WHQn40I-MV0yMbPjVsSuDmCmwZBdcydN_-aeRPrVNoY9Uas3zDKIj2expyAf-ls7iN358Ws6O6oYgkuX-2hGNX_JYOJo3olnbVv8BRpfccCtHe_6v5OqwVenqmnisleM0R1_mjVSTKrkdWkuiSMZxN8kJ_UTo71WzDUHmMwqbFs2M93dgKY4VaJvhuXq3WNAU-BAU4vU0gOsP-0thN5qNj9j-zrKafqHSsMBbciSxjfe0pFkVbI36Sz4EupXuuaB2iqKL9CP-YweZksPr6PmcUYv38tY11XTgNj1eVgqWh0gU_wQYDUeTPad0uVM4owDnCWv7WNxZuW6pduCcRxMbEKHBMUX2yB4gr2EEMJpJd1XrZ9E1JR89mDcgdT0hq54RPOlKKjYpzvM_9id2ohDJ7G4NvtbEtf663A61Fy0T4oJ68QhSZkP99Sd3f0U9wN-U1jL4YnqNCB9-4xxueM5PZaARR41kh3rQ3sJbiXVyg7yeN3k3W7_ij55_mdyMJWS3QWlvb6tj3YOhRjYCTL_KvfsIB3aUNo4_p2O-AIqVv_Bqi5HSa0D0Txx55-U-4-v0LnLWQhV1B9gT369e6Gw49XzNRvIdgu-0e9oG3pbKLjIeZwj02mUh8lP5fE_M2bRDAvg84ApNeQBBrqnuojsJq3P81q7xUQTRi7RmvHDPO1YllMc8pXt7l-zBQ0FWWlSQebQoL_j8yQuNvtv7HR7tb12KeKZDRav8Ewe32T7dFNuOibSwLNZtvZGWc-wAdLob7fVcaOTOceYAmB65nPGu0pZ34S_aPC57RVAUlqCEW_5_GxmB4RWIRJRXB81oCz7l3giQGs7g0kq-nebGDN6sLcH0hveKYnDIRbpBAiu4v7TnKpxSj5adE743vqxcVO-OtwPb9reibvWz04E6hRthe1D110b1nxVKeIeyQttl-rX8XtPknqTEPbDNVr9la01dkY9v_nNhq6XAxQ3DTUEg7gUvUfbltVVA6KtdU55D5j-vMyofxtLxBAROgfhkjfxHsBZ9y1HXTeIyovuEf8JpvNe6h7fuKVuMG2yesXPFOCjqfPfc5KGaiXvxBLuN99SJ5Nm49S5ApHaLnZgbRsDAwrh2dnY6jMwJYju_tDBeW3sdFJChwIE1fdsLVu-1dHFwjOZdnsU8-JorZ7zK_qHsBq9Wc8EH24KEiy_2HNYqlYg39iSnz7bIPca8gWorhylSHq2ZJt8QsSSVJpj3ppRfpZBhM6HYghl36hZNWZUdMsKeY-tl935gktPBa_chrzalphakEDmHcOhbexLduEAvDoQ6LvWjRQellYwkFIZALNblZCbTstfU4i462MraueldTDGcYYH0SYqQfKWsdG3s3ouDdnEsJpJ_NQfOVd17nLNWU9i1sg&cid=CAQSSwDICaaNVbcTiQwd4GyMtbhRFffHikXDQb1_IsOh0Pt7gB5V9gleMiT-DnhHfVladWuxlRSZAfbiGpPrdHzfnOBhczJfR9nfOJRkjxgB&dv3_ver=m202309260101&rfl=https%3A%2F%2Fcrezu.mx%2Flanding%2Foffers%2F&ds=l&xdt=1&iif=1&cor=17733811447608041000&adk=2988274607&idt=93&cac=0&dtd=31

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

647e7c0d7b0d7187235b2136172874a862d80352ae7b5e75990b531a8209fa38

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/html/r20231004/r20110914/zrt_lookup.html?fsb=1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 06 Oct 2023 18:19:22 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 18348
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

rum
dsum-sec.casalemedia.com/ Frame 1805
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESENqmFJ5Wu80TgRlYMCfE1L4&google_cver=1

43 B
732 B

24ms
24ms

Image
image/gif

104.18.26.193
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESENqmFJ5Wu80TgRlYMCfE1L4&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CICHEhDb4oYCGL32lIABMAE&v=APEucNU8GyZVs6MNwgV0jgi3DVRuxBlNlpXv_acgSkcH8PkuePhrisW3KlMgFhH3uRYtsYXoJ3WSWdv1lvX0GxkapZt9fQndiTdrEMmz2vecoybADH5yY5F6h8uagnDAl9SjEpsDuN9IyklP-t5Nq-ZMLnNm6HwZ-kkCGAaybT5dD204tC_zwH4
Protocol: H3
Server: 104.18.26.193 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 06 Oct 2023 18:19:22 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=SZ6weCUkEdkVjIPk79FwNqXXatt1eIUMAsyNbOgMLJx53ZVfT1ZxOoXIaRwLk%2Btvin1X7aFBsNNLUFu4D7tByjPs6y%2Bre2L0c0ECb4KLbXlzN0%2FtFt1370jM8J24fqwPAlk1ZL29GSRLPg%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type: image/gif
cache-control: no-cache
cf-ray: 811fe9898c70364d-FRA
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Fri, 06 Oct 2023 18:19:22 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESENqmFJ5Wu80TgRlYMCfE1L4&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

rum
dsum-sec.casalemedia.com/ Frame 1805
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZSBPqtbFP8kkhWnNPuUeQAAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESENqmFJ5Wu80TgRlYMCfE1L4&google_cver=1

43 B
736 B

24ms
24ms

Image
image/gif

104.18.26.193
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESENqmFJ5Wu80TgRlYMCfE1L4&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CICHEhDb4oYCGL32lIABMAE&v=APEucNU8GyZVs6MNwgV0jgi3DVRuxBlNlpXv_acgSkcH8PkuePhrisW3KlMgFhH3uRYtsYXoJ3WSWdv1lvX0GxkapZt9fQndiTdrEMmz2vecoybADH5yY5F6h8uagnDAl9SjEpsDuN9IyklP-t5Nq-ZMLnNm6HwZ-kkCGAaybT5dD204tC_zwH4
Protocol: H3
Server: 104.18.26.193 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 06 Oct 2023 18:19:22 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lMmIeT9Cb7p%2BeoMt5YnpUm4KNDziz%2FoLtwNNV8vYaEoWNkiy23vyFhBkFBQ1ghNQSvUAvhkgDB4wJ82VSa6Eu%2Fv5hTBGb%2FM8%2FKbWnTh%2Bq3neng8bUzJMNUFmDYhRt9igDjixvWktm62vzQ%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type: image/gif
cache-control: no-cache
cf-ray: 811fe98a2db1364d-FRA
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Fri, 06 Oct 2023 18:19:22 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESENqmFJ5Wu80TgRlYMCfE1L4&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

setuid
ib.adnxs.com/ Frame 1805
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEG0ljB9UwKHR5Ue2Oqo7mBs&google_cver=1

43 B
841 B

7ms
6ms

Image
image/gif

37.252.172.123
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=101&code=CAESEG0ljB9UwKHR5Ue2Oqo7mBs&google_cver=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CICHEhDb4oYCGL32lIABMAE&v=APEucNU8GyZVs6MNwgV0jgi3DVRuxBlNlpXv_acgSkcH8PkuePhrisW3KlMgFhH3uRYtsYXoJ3WSWdv1lvX0GxkapZt9fQndiTdrEMmz2vecoybADH5yY5F6h8uagnDAl9SjEpsDuN9IyklP-t5Nq-ZMLnNm6HwZ-kkCGAaybT5dD204tC_zwH4

Protocol

Server

37.252.172.123 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

868.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.23.4 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 06 Oct 2023 18:19:22 GMT
an-x-request-uuid: 7753656c-e313-4a22-8b01-b629862c154d
server: nginx/1.23.4
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: image/gif
cache-control: no-store, no-cache, private
x-proxy-origin: 185.213.155.146; 185.213.155.146; 868.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
content-length: 43
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Fri, 06 Oct 2023 18:19:22 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://ib.adnxs.com/setuid?entity=101&code=CAESEG0ljB9UwKHR5Ue2Oqo7mBs&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 290
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

pixel
cm.g.doubleclick.net/ Frame 1805
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NzM0MDUwNjgxNjE1NzIzODgyMQ%3D%3D

170 B
243 B

54ms
54ms

Image
image/png

142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NzM0MDUwNjgxNjE1NzIzODgyMQ%3D%3D

Requested by

Protocol

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 06 Oct 2023 18:19:22 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Fri, 06 Oct 2023 18:19:22 GMT
an-x-request-uuid: adc72eca-2a67-4c6f-ad74-190d41c68430
server: nginx/1.23.4
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: text/html; charset=utf-8
access-control-allow-origin: *
cache-control: no-store, no-cache, private
access-control-allow-credentials: true
location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NzM0MDUwNjgxNjE1NzIzODgyMQ%3D%3D
x-proxy-origin: 185.213.155.146; 185.213.155.146; 868.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
content-length: 0
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame CD6E 143 B
166 B 39ms
38ms Document
text/html 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231004/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/html/r20231004/r20110914/zrt_lookup.html?fsb=1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 664
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=3600
content-encoding: gzip
content-length: 145
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 06 Oct 2023 18:08:18 GMT
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame E203 213 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 245f627047d87dc759fac404319192eae4862c64e066f3499a4d5fe9930c2221

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

Content-Type: image/png

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 490E 0
20 B 140ms
140ms Ping
image/gif 2a00:1450:4001:81c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=running&ord=4588591676923&version=m202309260101

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 06 Oct 2023 18:19:22 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 490E 0
20 B 139ms
139ms Ping
image/gif 2a00:1450:4001:81c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tlbr&ord=4588591676923&version=m202309260101&ct=77&x=1&cor=8100374063085219000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 06 Oct 2023 18:19:22 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 490E 30 KB
18 KB 86ms
84ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-CzeJRO8JRU2JYfvwnNmWfPy1His-Ma4UQ-pYLi7SU7-SHDRwu5OuJDLcRm0oc2dR5G3Wz2vlFDY6RmO6xQdqiTlf4_181zauvwHBpNm2B73vo9-c0IfzAx7cTdpnFU99qpWvLjfQH9AC-b7zr9RpjJ30VsadYrNfB4kPAjjZ5-Rv7-WbM&cry=1&dbm_d=AKAmf-BORwALX2yyzRK11bvjmGGDCx57uTjVMmj2zRT0Lgivw1aYxZuFG6rAvAwH8j1JBwdfVMrBHEAoUmMnpevU4SihTDUZyzKsgQOHOZokIQpNtn9HBkuAHkbYgMFU-m43IipA0btVBfapOcThdvPv1DmHAOBUIvf-cJA-0KA7xBnBInQOoQyjwo94oqEytAs0Jl6RZVuRG51mJr3HZGfVbevQJAruz4acZagSro_I8C_VoBUFKiwuWmERJg29McIHZS15CxubLn_wtNQF1v5YXHpVRib6b05fMbCoLCF25Lr6LM7hCdzCYRE53gcKK3vaJkT-ixZhS474E8NXp6cv0-pqFvXWResWdbHbt2zNqjvSW2yl37K6Wc7jwXH0wFmhRl7CTwa2QK80CWuuMITeJq_2DIFeG6SVkeQXrM_bheCSiwp5JDcDdRA8NsyT245KsjX7xKYjtlpTM3W97BDc4FN_Ww8FKK5xEjSInUJxFAxDLW3EZXYj59VR1J1zh0tAyvBM2THdf9jVtSq4tiwxcr7hSDk0flbLsdYsL48WiW0zsOlNqZFQuBWcj8_X-r0JMMKSmbIcms82SPid5XL47ILhWDU7QjxtN6oak4fqDufZa0dHHSqfYKxB4oUwCFTTqPKcjhPojEvi9o02KwbhDY-pZZ0zp-_gGTkdT3b2pZ2dU0UZYk6avJkctPcrttTh-1A94Q0VeXgDY5-2XuRYsLkdIB00rGaaRvIMY3cqqRcq0vkgspHZU6fgHvYud7peAyhLRCcpIN4ArsomtW4msbK7wxWREevilyoHmlHzXR5OXerNZBAAdTgBFd2IqHpVDhLB501-ymLByPo5bzOiqwgzbPEngHyMt-05wmShe1Vhnh20gh5osJkje57NJxX8ubMina7n9U1Z1yNazyVqBUog836078g_9whW7gi3WMJcQIfz_q_CpoHfgjCXIzlvi9vDU280mN-WsRCg7sNbeVhOgrh4qCByCyQJger0rnGmlyHPkKIKYomZhjtnu5_qQR4bJS1HjHIoHI5EL_CQOJ5oiAYkR_i-G4qmX3xZUrxCyDri-M_PUdtnJ3ycI9dwXS6mXXui89BF1koH6oO5qm0Bb7u7ZKN827Ls9FyjBb62mwpZlfswRn1LDchgP4I2h_QyRMSuJOAgkjmoW8-E1pQ-lj3WmTlh7CEhd5h3kg6DyICG0OoLNeOHpJb6D4q-6b5YgmcPQIl-X1uBZPreIUgjzHDndJAIVXu7uPC88oX3myiMvQfgD2rfMlWUyEOKpAKwiaVMt4lJdkbmjvoWueiWJ5ibyyAzy-4fTpJ2J63wUFAQp1Zu8EZoLaFPAAJP4leEanzs8aoIUJ9RYhPbL4p2wpiQ23hbrbyp7scjhDSSiwvtlpziJU88C_vsSrIUT0thkmIBR600ww7FIsUEPVwYMHcF9u4sTftznomSwfvks3kjaV6k-ESRAEwwaFR3PoSN5OpXQV0Uum0bYoAlU21ohlTqLbmBQsPBkBz15h_3A_pWfE-osWqdfvOOXrZjQcAlm3BE9E5_NGUv9tGrd_NBMRFJaU2MKl6vpy-ADJ2BtskW9Q7b-_RVFpsIJsDH-4hrNd4sTtFSNQTH5_fyYqrUZVnqgMo8WHknnoBjS-sykGWxxV3dXUYJuHENCDXOD1n0Hi7z-3epI_c0wC1qs9WVpJYq4OEWZJGdbuHpPZWKYpn8PLEKSB9aLkWWQO1IY9jGLnQblpoOELMV9o2oRzJa3TjQMBM46UzM9w2ZWQ0hQ0WmcCTfL-gYjV_PSmONTpoyUUHhFHi-7a7X1ycZ3aN1xus53vKCLieC68ZZp6ApXNNtPtZ5BK0SrnWSU2p8WGlsCda7DESalAtzvq8k5ukCD5OuzZD0RiV64zAba_Kcq2k3A9WrVqS7DyybwN1KK2sLkRFDvTFa_x6gHV_FoSAeZ55Y7rdbZM-AsS5c-4e3j4463AseTAXUvmepY0NnZ8Hm3R1wjgrnBc2U-64zLV7KJ_2pFImX4Gp_ZbiH7KbWc0JsJw_7XeW1xLPw4mmKPd3l-jq1-gAqSCYyeGCYdkYBPiIiajIL3LL_rJY_UiHpAY3b-xkb3NCgO5TYc-8gTzjeWcppWibGutCAm3dFwa0cywzF9RdQhbEX2vl0uJ72Yk9i1a_TbRVNWMFKikxk5TvTUm11MbZCEdp05vWusSsIEKeiFj_ZkPr5T1JnkTzCNZQfxyv-pjmyewquBXbUdBmS70bVw1jIRaoByj17HAgbp5oleKa9jRSywyWYkT5seS2nlORR--nSlKl55umXhdUznQ3ZpF2AgreqFwqyh6QG-4RKwwjZuxKgKOQ-_irENLgo3h_IZ8ClSrmjEXMBvB9tLdFb5Z5ggoycR6kNfbGrXbq1QKGidtKFDiWBWM2L3aoIXh-l06c1kK5awEOnwJEXHGQyy9Vi5sEuZSjRT2NEekzmmY7hFn35v_C1rHMNWCBPOOZfhfQuiVKqmEXwdw6EO_Xk0fPbu5uyfWOBeHQLw812tWy5ve_OYtau_OhkcAsonAbvv6FUZTJ7Fq4Z_at1FezgdN_ALwuEB0_Jfl7hLpuhMB-6ehq2xFFVkM2s7TeGynJZPrVzg0Eb1mMWTxwYcoZx7pFlNvq9NHsOyunsQiIDaMCbmDMMk2Cm_A-8-eW-YIh22ARf55zwGHitOBMM8-4RNU5Pz-eenlrVk7rcQdYM1NWxORgEhOIIBxK20-dBHszQer44rNMvq9RvjvdRvno8MRs3hLN8Z72gZOma_hbJ8YnMAKnE2qQ7EO4Dai5dwuCz4PSymqZP0IBUcOOpLJYrE3YjCe3pbo5cHprhEcMoS-JVnDvwXCFYdlHXVw_n2X2hramhZ8wmEQY_jbS_GAb0-pQ30cWXQ_Ycv0V3P7CP-UatU7lBZeNoVLua6cVZQpi82TJp1jTQAyR9tguM4xV0dEYxPp1LeKPvSnwfcB5Kg6y6OeAATwzssrUFP-lN1Et8UOXy07bBbYjRVHvF4RTtBi4_HPY-TCkIdiUcpeiGuNORSCFHR8fguMVl7KfszSmQd_278J2ym-eKYxTRAkNpc_FUpOKe3zvIUAnYAkPF46zGu5d45E00bGhjfwtrF2dwRaTYqo90J3tyyHEwR7k0qEhL7_Fv3-cFQSoVwurn0TSR9-Vf2XLPiwisIRqbhox93SEb_KgE_BYsCPb3k-zyFf9b_PJgc1pMJlkqRIWnBNnPlzfWCdkpRKXd2oWb-rN2IgWJ6qejftziyF3Yf9I5PBfPBoX5x4e8Ao8swi9SCkL8oJFffuzC3Dm3ZUy2UG55m1-yPbp1POhq9SpUKvz8NWuHOGdrRlHfu_va3DMAloDF74Y4tQ3qJ50a4eG8aNmNB9ZGJp3yngvA_wYZLmJpEmtLy_Bsk2RaECt1kUjZ9xCWizysC5SAHk8F_xTUySzZTvoXeWkOF0oNqYKtmPRtHoXpknrE_9odG_G-sdCJ1HY1V5Y384Dh9JExAW0GMFxYWd7209G3WsXtOeBTG54FMwfN-3qZEiH1Re9_A4EtoC71EaYzpnM_fHjozdw6WxIbRT7r0n2YEqzfPBSbMM3FvJsBRUl_ycsvszVd70OyBY1Fv7ZAn5W1z2RnUiSPYw9LKpAUIzq2wkYdxI4An8yiH3zqNo86ojwMKuBG5uLzwMEDBmjz__5zsWr1j_E6id18Y9gys6pI9fnLgMzzYxywQnZqyHHQoBz7HuPdwvKOO8-fW7WHEsMLHghqy_vtWuov6azNifrTNjGNvoZ20c-88w827BiA5T4LJdjoALr4e18ALA95iGMyQdhmKIxd_6nblAjlYoJhEyxiUQwM8cRl85uKhAAuXK9i752aImMo8uauDZ38s5-MacHonK-hfjoMRSNQM3QbEtuKlNVt_Ti0&cid=CAQSSwDICaaNVbcTiQwd4GyMtbhRFffHikXDQb1_IsOh0Pt7gB5V9gleMiT-DnhHfVladWuxlRSZAfbiGpPrdHzfnOBhczJfR9nfOJRkjxgB&dv3_ver=m202309260101&rfl=https%3A%2F%2Fcrezu.mx%2Flanding%2Foffers%2F&ds=l&xdt=1&iif=1&cor=8100374063085219000&adk=2935317967&idt=144&cac=0&dtd=9

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9006724f0ef2ac6cec03386f92e316f4b88f8511836891f663a630cb6f6c3f94

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/html/r20231004/r20110914/zrt_lookup.html?fsb=1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 06 Oct 2023 18:19:22 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 18335
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame D82F
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

0
17 B

75ms
74ms

Document
text/html

2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 06 Oct 2023 18:19:22 GMT
expires: Fri, 06 Oct 2023 18:19:22 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
x-content-type-options: nosniff
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 06 Oct 2023 18:19:22 GMT
location: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

POST
H2 204 collect
region1.analytics.google.com/g/ 0
45 B 19ms
17ms Ping
text/plain 2001:4860:4802:32::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.analytics.google.com/g/collect?v=2&tid=G-8PMFQDPCNZ&gtm=45je3a40&_p=437526755&cid=1075330997.1696616361&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_s=3&sid=1696616360&sct=1&seg=0&dl=https%3A%2F%2Fcrezu.mx%2Flanding%2Foffers%2F%3Fsub1%3Dcaa333ef9ab34141b01072fdc4cfcac3%26sub2%3Dmx-sms-welcome1-n%26sub3%26sub4%26sub5%26sub6%26sub7%26sub8%26sub9&dt=Ofertas%20de%20pr%C3%A9stamos%20r%C3%A1pidos%20%7C%20Crezu&en=gtag_get_api_event&_et=20&up.client_id=1075330997.1696616361.
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-8PMFQDPCNZ&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://crezu.mx/landing/offers/?sub1=caa333ef9ab34141b01072fdc4cfcac3&sub2=mx-sms-welcome1-n&sub3&sub4&sub5&sub6&sub7&sub8&sub9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 06 Oct 2023 18:19:22 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://crezu.mx
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20231004/r20110914/ Frame BD0B 30 KB
11 KB 39ms
39ms Script
text/javascript 2a00:1450:4001:81c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20231004/r20110914/abg_lite.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-CPr20er4V_91g9uDeQs5eVWfPVunk8WAZh3zepz_moRVtuDY_5e-IMHYA-80a6csiL5cf8Dm7dBWn2hWJVVl5lVDbrBgRJUJoDi_u-5rQP7fUsmLNb2gwBgVqjo2qdrhd3TeRNTikvFwg1YdcjfT75WE6ngdPfsFHi4kn9L3DG_NykDmU&cry=1&dbm_d=AKAmf-DANG6SmTns77O1MTkcYxM4yIcdceKrXviTPZLZ1sci0tXulqOvsCov0a5mSASBLxLnhOkgqxwUKh6bMs-FQLT4FY4nuoxDbFwIUw9QDS8FlvuZrjLZftCAE6l3m94jEcUCY97d7QqdVfUkWVNAsCKTWCP5RCD2uIWVWLIvTWPEnaX_N6Mwsh4yPqzRVtFC9U3TDjXjeQk6aeVQ7b0Mk28lkjcNf5deEHZZULjq6SP-q_6ORcWegsJhcmczQ1-YKAMb7KOsRaxLj5q3tjgqVZOZUe386h3y-jUovtPDe8XWVas8uyJ4ydK33pawOMubMqPTGBNstRYWnldg50qgEg_3GBN0YcHxHGY9X94OhpCs-O55ZBjMpiOTYASgh--0AziMn2F_eMsmfwvQg1DpZLE8tuMl3Z4MJM-H5iROrTf7fs3TyCeHmV4w1Q40u30JsYoGDNXdWnh6lkXMMAjGGwgdTdlxbk_9Y8N5FR8qSke-ZDOW7S0cmsrveq1UdJeF1lmiT_eSldfFH8P-rwd0bS4GB-caLsjKvHFHGqGx9cuQQ8dl0iL3OzOQc0J1l-9nkNslm-vCCs6sTcpcFQAg0DDtJ1i3DcZvRgqmrNAbATd6tqfKo_kpBeHztTu9xQQWPEnYypy4j436-5PA4OQ82klln1q-y8wfASjt6MPmf2PuINLsONVNhd45ggtBxESo8EMiPUdxbUMMFv4GiylTOKG9hZe1q_BzC0n40EbmYwbO1eYuhANs_gQX8BkSew85Yo8_HDQ29B4y5D1ocOIdfCpXxkDUlNj-7qOvu-EnvfkzxYuVJx_q2hb79KkuLI5GGbt5AFzzQEG3EGsA_D186NhxJXM6H51hG80DKX9Lc176iAL2VsjfPnYSPuSdsbj2-6GTSASV3JZi-wpYF4Wc_KoC_2XgEfsPtHMXBdci5dMBIRxnubkIJWFz9jpE8KOlDXUgnzRB0D_LzZZUqtGaytupBZ8okDGPeqTVYzGzl953vC4rYXaa4bEW7w4SLEtdD3ivgZVMxTK8H297aesxNz5afbnB8g4qCzMyK8wNZHWnpHdpmmlGsDwEo1YW8DEy-I-KZpA1CoAAYXPsxmEZl0IEeN2XQPYHcQQcAMkA8U_XR0ILLr-AkumP-Gw1XpW29tmd1QLUlFEkzAdVaGblmYuaJL-6PCvBm0aXcRFeXlhdST0G3W3gFY3Ul8M0efGXdN7vAga2L9D8iUcY_ybhvKNqkZgiCbFLunGotkJd1DsEiH8-5oZLHKLHz2BJh-ZtDQPOR2zxUNzq-iPvMPXCayJ1gJk13dPnqhHE3QV_t8kQo0ieV0ZbUXQFdZpRYZBgAaZ3bwkrwQ11BjrXKKo_IbiJIj0pooIAOe9do6rPSN77YTwL88sNUHfbrXhCTaoZ3pzayDpZruKMTERqQT0v6VJaMA-heUOaUZFN54vK9lPn2YOGT_wXAf8GIowht_pPnHbtXT4YabhuasIm-roi7y57guVshzeZpGME6KiIu8bNOlElJKEdUJZqStIF9DWZslxPm_B9_-L0qH9cvBw671BL9Ch8VEkx67B6ooarsACSr3BhX9KYLMnzanW5VRhxh1mYOrsq_ukYrhu6FGFVgCVJGuinkyEhIVjI--if6Mx85fZSd_I8UwYTZuY-mBRVTy1jpVGJvtt6BBEXKzNoFO83NnF4EotizfJzKAsMhxcYr7AUXoCyFXU2KMGGYJW-6G38ujPcNvsP3RowvWgQnxQgwqvr-7a3VLmR72LnokyDlFFWRs0DJizckzv6MB4hDkuRNzmadxsk3J8MD1CfRXdlcxQxMMl1zCAp2bHHRKcxyuvET6EJqthPeKYh_D_MyZfVixCb7CiSEFK2lexrDOwbCFknMdgg4MSrbMKz3RmBvrnQY_N2l8q6Nb53F0kKNrN7CLnb9K25jNiW95-Nll2CqXaYOzLD5thJISJjubTS8YRE_CU2bd2MrbOEM6VPYhikyeQkD4oluEo4fBTSepjVPTjZLKC-Q1khCRp8vGm0-wgvE3M_tTeqKlXZ1Hwo3Ts6f-ZKwk37uKd3aIJlbgLHQhsRbliVWANg9NTY4JPB4SnK6zy-BuX1iqE-apiGWw5VG1xoiPMf6PbAhAVTnAO0vjY2wPkEJg8RnwGr-Bchn_g_K3rrcd2QPNBccm58tC3Mv0xhXSYaJEJLaRUZh7DZXertqC2THYf6LNTPDraFbjPqeECWu0zcu47PlcZhaX9urpVKLAOBLJizuYZRz8-yb1jsBFWDEpfOre_-3YihFTngVxq7s_4XbSZsGbRmazCFDqIODpljpXey9x6ycqZhNdB3qaEC5CzYccpdMYazq1Iot2J3q3P1E5f7tD68QSEk-4JYN4kFseMo96SR87Sp8ZdmLXbZp7cijtv238pAd8vGYE3FzwUQy390wScl8VlceYCQ3cl-ttTFvms3KtOX_h0n1Ku9qAOCejruRa2cbTG0LGcd1aTPPkf0k5gGxQJLVDasNF_njCNsySAH6WHQn40I-MV0yMbPjVsSuDmCmwZBdcydN_-aeRPrVNoY9Uas3zDKIj2expyAf-ls7iN358Ws6O6oYgkuX-2hGNX_JYOJo3olnbVv8BRpfccCtHe_6v5OqwVenqmnisleM0R1_mjVSTKrkdWkuiSMZxN8kJ_UTo71WzDUHmMwqbFs2M93dgKY4VaJvhuXq3WNAU-BAU4vU0gOsP-0thN5qNj9j-zrKafqHSsMBbciSxjfe0pFkVbI36Sz4EupXuuaB2iqKL9CP-YweZksPr6PmcUYv38tY11XTgNj1eVgqWh0gU_wQYDUeTPad0uVM4owDnCWv7WNxZuW6pduCcRxMbEKHBMUX2yB4gr2EEMJpJd1XrZ9E1JR89mDcgdT0hq54RPOlKKjYpzvM_9id2ohDJ7G4NvtbEtf663A61Fy0T4oJ68QhSZkP99Sd3f0U9wN-U1jL4YnqNCB9-4xxueM5PZaARR41kh3rQ3sJbiXVyg7yeN3k3W7_ij55_mdyMJWS3QWlvb6tj3YOhRjYCTL_KvfsIB3aUNo4_p2O-AIqVv_Bqi5HSa0D0Txx55-U-4-v0LnLWQhV1B9gT369e6Gw49XzNRvIdgu-0e9oG3pbKLjIeZwj02mUh8lP5fE_M2bRDAvg84ApNeQBBrqnuojsJq3P81q7xUQTRi7RmvHDPO1YllMc8pXt7l-zBQ0FWWlSQebQoL_j8yQuNvtv7HR7tb12KeKZDRav8Ewe32T7dFNuOibSwLNZtvZGWc-wAdLob7fVcaOTOceYAmB65nPGu0pZ34S_aPC57RVAUlqCEW_5_GxmB4RWIRJRXB81oCz7l3giQGs7g0kq-nebGDN6sLcH0hveKYnDIRbpBAiu4v7TnKpxSj5adE743vqxcVO-OtwPb9reibvWz04E6hRthe1D110b1nxVKeIeyQttl-rX8XtPknqTEPbDNVr9la01dkY9v_nNhq6XAxQ3DTUEg7gUvUfbltVVA6KtdU55D5j-vMyofxtLxBAROgfhkjfxHsBZ9y1HXTeIyovuEf8JpvNe6h7fuKVuMG2yesXPFOCjqfPfc5KGaiXvxBLuN99SJ5Nm49S5ApHaLnZgbRsDAwrh2dnY6jMwJYju_tDBeW3sdFJChwIE1fdsLVu-1dHFwjOZdnsU8-JorZ7zK_qHsBq9Wc8EH24KEiy_2HNYqlYg39iSnz7bIPca8gWorhylSHq2ZJt8QsSSVJpj3ppRfpZBhM6HYghl36hZNWZUdMsKeY-tl935gktPBa_chrzalphakEDmHcOhbexLduEAvDoQ6LvWjRQellYwkFIZALNblZCbTstfU4i462MraueldTDGcYYH0SYqQfKWsdG3s3ouDdnEsJpJ_NQfOVd17nLNWU9i1sg&cid=CAQSSwDICaaNVbcTiQwd4GyMtbhRFffHikXDQb1_IsOh0Pt7gB5V9gleMiT-DnhHfVladWuxlRSZAfbiGpPrdHzfnOBhczJfR9nfOJRkjxgB&dv3_ver=m202309260101&rfl=https%3A%2F%2Fcrezu.mx%2Flanding%2Foffers%2F&ds=l&xdt=1&iif=1&cor=17733811447608041000&adk=2988274607&idt=93&cac=0&dtd=31

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

4fcc2c45e5c8be67198b1d2c38bef90e3373e59b91be75e915711bfa7c10d22a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Fri, 06 Oct 2023 13:57:20 GMT
content-encoding: br
x-content-type-options: nosniff
age: 15722
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11602
x-xss-protection: 0
server: cafe
etag: 2362517075893974484
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 20 Oct 2023 13:57:20 GMT

GET
H2 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame BD0B 41 KB
14 KB 40ms
39ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Fri, 06 Oct 2023 06:58:24 GMT
content-encoding: br
x-content-type-options: nosniff
age: 40858
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13692
x-xss-protection: 0
last-modified: Sun, 25 Jun 2023 02:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 05 Oct 2024 06:58:24 GMT

GET
H2 200 iframe.html Show response
p4-h2uabqeu6o7fw-fxaxwqqm2s65csfk-if-v6exp3-v4.metric.gstatic.com/v6exp3/ Frame B5BA 5 KB
2 KB 47ms
46ms Document
text/html 142.250.186.35
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://p4-h2uabqeu6o7fw-fxaxwqqm2s65csfk-if-v6exp3-v4.metric.gstatic.com/v6exp3/iframe.html

Requested by

Host: p4-h2uabqeu6o7fw-fxaxwqqm2s65csfk-if-v6exp3-v4.metric.gstatic.com
URL: https://p4-h2uabqeu6o7fw-fxaxwqqm2s65csfk-if-v6exp3-v4.metric.gstatic.com/v6exp3/redir.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.35 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f3.1e100.net

Software

sffe /

Resource Hash

c1c40a573b80bb8b6970916eeea5a809647df2807601120a0a15559e40b57c87

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://p4-h2uabqeu6o7fw-fxaxwqqm2s65csfk-if-v6exp3-v4.metric.gstatic.com/v6exp3/redir.html
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, must-revalidate
content-encoding: gzip
content-length: 1984
content-security-policy-report-only: script-src 'nonce-ggHYuwetcKZgcAN5phx0ow' 'report-sample' 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' http: https:; object-src 'none'; report-uri https://csp.withgoogle.com/csp/static-on-bigtable; base-uri 'none'
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
cross-origin-resource-policy: cross-origin
date: Fri, 06 Oct 2023 18:19:22 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
last-modified: Fri, 03 Feb 2023 22:38:00 GMT
pragma: no-cache
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame 6B15 209 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: a19f48cc70625900f4e6a12fc2d089378270040735812d222ec5e8c6fe6c26c6

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 r62eglto.js
ad4m.at/ Frame BD0B 25 KB
10 KB 22ms
21ms Other
application/javascript 2606:4700:20::681a:ad1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ad4m.at/r62eglto.js
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231004/r20110914/zrt_lookup.html?fsb=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:ad1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ba4a0c91bdda0c6f615970c6c39dbe9e47f84613f5460c2b21bf5d1eec6277a3

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Fri, 06 Oct 2023 18:19:22 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Tue, 11 Jul 2023 16:29:57 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 265738
etag: W/"8f7b47e4fef4e58c4cfeb4f6c445dcb6"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gZ5IE3DCpnurf77j0bMBFcg8%2F3fz7%2FtsadMcdvlfeMhSMquDgCJDEst%2Baocr%2FUzya5EuVD936OkrgSHoT63UN8oUvlNjf8lgtmwh9cWHLM6ej4JrQikXwlSwkgCoUJgjYtp%2B%2BFc%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
cache-control: public, max-age=3600, must-revalidate, stale-while-revalidate=300
cf-ray: 811fe98a28cf9247-FRA
alt-svc: h3=":443"; ma=86400
expires: Tue, 03 Oct 2023 16:30:24 GMT

GET
H2 200 frame.html Show response
ad4m.at/ Frame 22F9 2 KB
1 KB 20ms
20ms Document
text/html 2606:4700:20::681a:ad1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ad4m.at/frame.html
Requested by: Host: ad4m.at
URL: https://ad4m.at/r62eglto.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:ad1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5d485f783c7cc440cba21bb750ce67e191bce0783bfc6cff5f98e236e401b7ab

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 602496
alt-svc: h3=":443"; ma=86400
cache-control: public, max-age=3600
cf-cache-status: HIT
cf-ray: 811fe98a48ed9247-FRA
content-encoding: br
content-language: en
content-type: text/html; charset=utf-8
date: Fri, 06 Oct 2023 18:19:22 GMT
expires: Sat, 09 Sep 2023 00:14:58 GMT
last-modified: Thu, 25 Aug 2022 14:12:41 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=W5kZfzdnT1Y9xPk6wlSglFLEGpx6J%2B3Y1i0PtzoRtUN3ipjftUgP3%2BsPjG5JeYQGdrHvf9RodmUfdnxEuDsaZ9jWSSRo2Dp6W6U8CGAhpHDavuTtfQq36NVsS7j5HRLQwRnG5wM%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding

GET
H3

200

/
www.googleadservices.com/pagead/ar-adview/ Frame E203
Redirect Chain

https://googleads.g.doubleclick.net/pagead/adview?ai=CLdpFqU8gZeqYB6KriQa3qo6wBPvT7O9yha_c8q0R1IS7-5oCEAEg47-khAFgleKQgqAHoAGhwJjxKMgBAagDAcgDywSqBMYCT9BRB9eVHPWEO9WUii-AEnkN7OL0d0K7-d1XE4tt1SAGrqL...
https://www.googleadservices.com/pagead/ar-adview/?nrh={%22debug_key%22:%2211843668169262942521%22,%22debug_reporting%22:true,%22destination%22:%22https://temu.com%22,%22event_report_window%22:%222...

0
0

155ms
73ms

Fetch
text/css

142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/ar-adview/?nrh={%22debug_key%22:%2211843668169262942521%22,%22debug_reporting%22:true,%22destination%22:%22https://temu.com%22,%22event_report_window%22:%22259200%22,%22expiry%22:%222592000%22,%22filter_data%22:{%222%22:[%2210974797857%22],%224%22:[%2210-06%22],%226%22:[%22true%22]},%22priority%22:%22500%22,%22source_event_id%22:%2214812652655657077809%22}&andc=true

Requested by

Host: crezu.mx
URL: https://crezu.mx/landing/offers/?sub1=caa333ef9ab34141b01072fdc4cfcac3&sub2=mx-sms-welcome1-n&sub3&sub4&sub5&sub6&sub7&sub8&sub9

Protocol

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Fri, 06 Oct 2023 18:19:22 GMT
x-content-type-options: nosniff
attribution-reporting-register-source: {"debug_key":"11843668169262942521","debug_reporting":true,"destination":"https://temu.com","event_report_window":"259200","expiry":"2592000","filter_data":{"2":["10974797857"],"4":["10-06"],"6":["true"]},"priority":"500","source_event_id":"14812652655657077809"}
server: cafe
content-type: text/css; charset=UTF-8
access-control-allow-origin: https://googleads.g.doubleclick.net
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: private
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 06 Oct 2023 18:19:22 GMT

Redirect headers

content-security-policy: script-src 'none'; object-src 'none'
date: Fri, 06 Oct 2023 18:19:22 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
location: https://www.googleadservices.com/pagead/ar-adview/?nrh={"debug_key":"11843668169262942521","debug_reporting":true,"destination":"https://temu.com","event_report_window":"259200","expiry":"2592000","filter_data":{"2":["10974797857"],"4":["10-06"],"6":["true"]},"priority":"500","source_event_id":"14812652655657077809"}&andc=true
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20231004/r20110914/ Frame 490E 30 KB
11 KB 38ms
38ms Script
text/javascript 2a00:1450:4001:81c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20231004/r20110914/abg_lite.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-CzeJRO8JRU2JYfvwnNmWfPy1His-Ma4UQ-pYLi7SU7-SHDRwu5OuJDLcRm0oc2dR5G3Wz2vlFDY6RmO6xQdqiTlf4_181zauvwHBpNm2B73vo9-c0IfzAx7cTdpnFU99qpWvLjfQH9AC-b7zr9RpjJ30VsadYrNfB4kPAjjZ5-Rv7-WbM&cry=1&dbm_d=AKAmf-BORwALX2yyzRK11bvjmGGDCx57uTjVMmj2zRT0Lgivw1aYxZuFG6rAvAwH8j1JBwdfVMrBHEAoUmMnpevU4SihTDUZyzKsgQOHOZokIQpNtn9HBkuAHkbYgMFU-m43IipA0btVBfapOcThdvPv1DmHAOBUIvf-cJA-0KA7xBnBInQOoQyjwo94oqEytAs0Jl6RZVuRG51mJr3HZGfVbevQJAruz4acZagSro_I8C_VoBUFKiwuWmERJg29McIHZS15CxubLn_wtNQF1v5YXHpVRib6b05fMbCoLCF25Lr6LM7hCdzCYRE53gcKK3vaJkT-ixZhS474E8NXp6cv0-pqFvXWResWdbHbt2zNqjvSW2yl37K6Wc7jwXH0wFmhRl7CTwa2QK80CWuuMITeJq_2DIFeG6SVkeQXrM_bheCSiwp5JDcDdRA8NsyT245KsjX7xKYjtlpTM3W97BDc4FN_Ww8FKK5xEjSInUJxFAxDLW3EZXYj59VR1J1zh0tAyvBM2THdf9jVtSq4tiwxcr7hSDk0flbLsdYsL48WiW0zsOlNqZFQuBWcj8_X-r0JMMKSmbIcms82SPid5XL47ILhWDU7QjxtN6oak4fqDufZa0dHHSqfYKxB4oUwCFTTqPKcjhPojEvi9o02KwbhDY-pZZ0zp-_gGTkdT3b2pZ2dU0UZYk6avJkctPcrttTh-1A94Q0VeXgDY5-2XuRYsLkdIB00rGaaRvIMY3cqqRcq0vkgspHZU6fgHvYud7peAyhLRCcpIN4ArsomtW4msbK7wxWREevilyoHmlHzXR5OXerNZBAAdTgBFd2IqHpVDhLB501-ymLByPo5bzOiqwgzbPEngHyMt-05wmShe1Vhnh20gh5osJkje57NJxX8ubMina7n9U1Z1yNazyVqBUog836078g_9whW7gi3WMJcQIfz_q_CpoHfgjCXIzlvi9vDU280mN-WsRCg7sNbeVhOgrh4qCByCyQJger0rnGmlyHPkKIKYomZhjtnu5_qQR4bJS1HjHIoHI5EL_CQOJ5oiAYkR_i-G4qmX3xZUrxCyDri-M_PUdtnJ3ycI9dwXS6mXXui89BF1koH6oO5qm0Bb7u7ZKN827Ls9FyjBb62mwpZlfswRn1LDchgP4I2h_QyRMSuJOAgkjmoW8-E1pQ-lj3WmTlh7CEhd5h3kg6DyICG0OoLNeOHpJb6D4q-6b5YgmcPQIl-X1uBZPreIUgjzHDndJAIVXu7uPC88oX3myiMvQfgD2rfMlWUyEOKpAKwiaVMt4lJdkbmjvoWueiWJ5ibyyAzy-4fTpJ2J63wUFAQp1Zu8EZoLaFPAAJP4leEanzs8aoIUJ9RYhPbL4p2wpiQ23hbrbyp7scjhDSSiwvtlpziJU88C_vsSrIUT0thkmIBR600ww7FIsUEPVwYMHcF9u4sTftznomSwfvks3kjaV6k-ESRAEwwaFR3PoSN5OpXQV0Uum0bYoAlU21ohlTqLbmBQsPBkBz15h_3A_pWfE-osWqdfvOOXrZjQcAlm3BE9E5_NGUv9tGrd_NBMRFJaU2MKl6vpy-ADJ2BtskW9Q7b-_RVFpsIJsDH-4hrNd4sTtFSNQTH5_fyYqrUZVnqgMo8WHknnoBjS-sykGWxxV3dXUYJuHENCDXOD1n0Hi7z-3epI_c0wC1qs9WVpJYq4OEWZJGdbuHpPZWKYpn8PLEKSB9aLkWWQO1IY9jGLnQblpoOELMV9o2oRzJa3TjQMBM46UzM9w2ZWQ0hQ0WmcCTfL-gYjV_PSmONTpoyUUHhFHi-7a7X1ycZ3aN1xus53vKCLieC68ZZp6ApXNNtPtZ5BK0SrnWSU2p8WGlsCda7DESalAtzvq8k5ukCD5OuzZD0RiV64zAba_Kcq2k3A9WrVqS7DyybwN1KK2sLkRFDvTFa_x6gHV_FoSAeZ55Y7rdbZM-AsS5c-4e3j4463AseTAXUvmepY0NnZ8Hm3R1wjgrnBc2U-64zLV7KJ_2pFImX4Gp_ZbiH7KbWc0JsJw_7XeW1xLPw4mmKPd3l-jq1-gAqSCYyeGCYdkYBPiIiajIL3LL_rJY_UiHpAY3b-xkb3NCgO5TYc-8gTzjeWcppWibGutCAm3dFwa0cywzF9RdQhbEX2vl0uJ72Yk9i1a_TbRVNWMFKikxk5TvTUm11MbZCEdp05vWusSsIEKeiFj_ZkPr5T1JnkTzCNZQfxyv-pjmyewquBXbUdBmS70bVw1jIRaoByj17HAgbp5oleKa9jRSywyWYkT5seS2nlORR--nSlKl55umXhdUznQ3ZpF2AgreqFwqyh6QG-4RKwwjZuxKgKOQ-_irENLgo3h_IZ8ClSrmjEXMBvB9tLdFb5Z5ggoycR6kNfbGrXbq1QKGidtKFDiWBWM2L3aoIXh-l06c1kK5awEOnwJEXHGQyy9Vi5sEuZSjRT2NEekzmmY7hFn35v_C1rHMNWCBPOOZfhfQuiVKqmEXwdw6EO_Xk0fPbu5uyfWOBeHQLw812tWy5ve_OYtau_OhkcAsonAbvv6FUZTJ7Fq4Z_at1FezgdN_ALwuEB0_Jfl7hLpuhMB-6ehq2xFFVkM2s7TeGynJZPrVzg0Eb1mMWTxwYcoZx7pFlNvq9NHsOyunsQiIDaMCbmDMMk2Cm_A-8-eW-YIh22ARf55zwGHitOBMM8-4RNU5Pz-eenlrVk7rcQdYM1NWxORgEhOIIBxK20-dBHszQer44rNMvq9RvjvdRvno8MRs3hLN8Z72gZOma_hbJ8YnMAKnE2qQ7EO4Dai5dwuCz4PSymqZP0IBUcOOpLJYrE3YjCe3pbo5cHprhEcMoS-JVnDvwXCFYdlHXVw_n2X2hramhZ8wmEQY_jbS_GAb0-pQ30cWXQ_Ycv0V3P7CP-UatU7lBZeNoVLua6cVZQpi82TJp1jTQAyR9tguM4xV0dEYxPp1LeKPvSnwfcB5Kg6y6OeAATwzssrUFP-lN1Et8UOXy07bBbYjRVHvF4RTtBi4_HPY-TCkIdiUcpeiGuNORSCFHR8fguMVl7KfszSmQd_278J2ym-eKYxTRAkNpc_FUpOKe3zvIUAnYAkPF46zGu5d45E00bGhjfwtrF2dwRaTYqo90J3tyyHEwR7k0qEhL7_Fv3-cFQSoVwurn0TSR9-Vf2XLPiwisIRqbhox93SEb_KgE_BYsCPb3k-zyFf9b_PJgc1pMJlkqRIWnBNnPlzfWCdkpRKXd2oWb-rN2IgWJ6qejftziyF3Yf9I5PBfPBoX5x4e8Ao8swi9SCkL8oJFffuzC3Dm3ZUy2UG55m1-yPbp1POhq9SpUKvz8NWuHOGdrRlHfu_va3DMAloDF74Y4tQ3qJ50a4eG8aNmNB9ZGJp3yngvA_wYZLmJpEmtLy_Bsk2RaECt1kUjZ9xCWizysC5SAHk8F_xTUySzZTvoXeWkOF0oNqYKtmPRtHoXpknrE_9odG_G-sdCJ1HY1V5Y384Dh9JExAW0GMFxYWd7209G3WsXtOeBTG54FMwfN-3qZEiH1Re9_A4EtoC71EaYzpnM_fHjozdw6WxIbRT7r0n2YEqzfPBSbMM3FvJsBRUl_ycsvszVd70OyBY1Fv7ZAn5W1z2RnUiSPYw9LKpAUIzq2wkYdxI4An8yiH3zqNo86ojwMKuBG5uLzwMEDBmjz__5zsWr1j_E6id18Y9gys6pI9fnLgMzzYxywQnZqyHHQoBz7HuPdwvKOO8-fW7WHEsMLHghqy_vtWuov6azNifrTNjGNvoZ20c-88w827BiA5T4LJdjoALr4e18ALA95iGMyQdhmKIxd_6nblAjlYoJhEyxiUQwM8cRl85uKhAAuXK9i752aImMo8uauDZ38s5-MacHonK-hfjoMRSNQM3QbEtuKlNVt_Ti0&cid=CAQSSwDICaaNVbcTiQwd4GyMtbhRFffHikXDQb1_IsOh0Pt7gB5V9gleMiT-DnhHfVladWuxlRSZAfbiGpPrdHzfnOBhczJfR9nfOJRkjxgB&dv3_ver=m202309260101&rfl=https%3A%2F%2Fcrezu.mx%2Flanding%2Foffers%2F&ds=l&xdt=1&iif=1&cor=8100374063085219000&adk=2935317967&idt=144&cac=0&dtd=9

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

4fcc2c45e5c8be67198b1d2c38bef90e3373e59b91be75e915711bfa7c10d22a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Fri, 06 Oct 2023 13:57:20 GMT
content-encoding: br
x-content-type-options: nosniff
age: 15722
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11602
x-xss-protection: 0
server: cafe
etag: 2362517075893974484
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 20 Oct 2023 13:57:20 GMT

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame 490E 41 KB
13 KB 44ms
44ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Fri, 06 Oct 2023 06:58:24 GMT
content-encoding: br
x-content-type-options: nosniff
age: 40858
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13692
x-xss-protection: 0
last-modified: Sun, 25 Jun 2023 02:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 05 Oct 2024 06:58:24 GMT

GET
H3

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame CD6E
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

0
17 B

50ms
49ms

Document
text/html

2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231004/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 06 Oct 2023 18:19:22 GMT
expires: Fri, 06 Oct 2023 18:19:22 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
x-content-type-options: nosniff
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 06 Oct 2023 18:19:22 GMT
location: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 FvrbBlV_jFWbJeQ31HKG04hrbzYZAPR58b-SgZjo0Pc.js Show response
pagead2.googlesyndication.com/bg/ Frame 3BA3 37 KB
14 KB 39ms
39ms Script
text/javascript 2a00:1450:4001:81c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/FvrbBlV_jFWbJeQ31HKG04hrbzYZAPR58b-SgZjo0Pc.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231004/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

16fadb06557f8c559b25e437d47286d3886b6f361900f479f1bf928198e8d0f7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 13:22:57 GMT
content-encoding: br
x-content-type-options: nosniff
age: 104185
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14696
x-xss-protection: 0
last-modified: Mon, 02 Oct 2023 14:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 04 Oct 2024 13:22:57 GMT

GET
H3 200 r62eglto.js
ad4m.at/ Frame 490E 25 KB
10 KB 27ms
27ms Other
application/javascript 2606:4700:20::681a:ad1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ad4m.at/r62eglto.js
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231004/r20110914/zrt_lookup.html?fsb=1
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::681a:ad1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ba4a0c91bdda0c6f615970c6c39dbe9e47f84613f5460c2b21bf5d1eec6277a3

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Fri, 06 Oct 2023 18:19:22 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Tue, 11 Jul 2023 16:29:57 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 265727
etag: W/"8f7b47e4fef4e58c4cfeb4f6c445dcb6"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=OXZ5XJ0dQ3ew3XkVMXY5Um1wvJR%2B4DBU5pCagf4qoZpZmu8pcagRYQG4QD5jtSih8od05KVMR%2Bp4SZeNt%2FXU%2FDHsB2T3UOC5vB1PS3LhAic1WxzPXVyNrDWZ90P5XR3r1n3jv9s%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
cache-control: public, max-age=3600, must-revalidate, stale-while-revalidate=300
cf-ray: 811fe98acf3b2c75-FRA
alt-svc: h3=":443"; ma=86400
expires: Tue, 03 Oct 2023 16:30:24 GMT

GET
H3 200 frame.html Show response
ad4m.at/ Frame BB5F 2 KB
1 KB 27ms
27ms Document
text/html 2606:4700:20::681a:ad1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ad4m.at/frame.html
Requested by: Host: ad4m.at
URL: https://ad4m.at/r62eglto.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::681a:ad1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5d485f783c7cc440cba21bb750ce67e191bce0783bfc6cff5f98e236e401b7ab

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 867579
alt-svc: h3=":443"; ma=86400
cache-control: public, max-age=3600
cf-cache-status: HIT
cf-ray: 811fe98acf432c75-FRA
content-encoding: br
content-language: en
content-type: text/html; charset=utf-8
date: Fri, 06 Oct 2023 18:19:22 GMT
expires: Sat, 09 Sep 2023 00:14:58 GMT
last-modified: Thu, 25 Aug 2022 14:12:41 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lMBjsb2dzL%2FMxKa%2FTYaVNpbd0NWiJznGapMoRULrOKlOuESRffYXlBuZHCHMktxIsWzeDumii%2BnXeUBsrWG61sJzj3tmeqhkg47uEanhgcI7v1xas%2FBaXORKKbsa8EhKb8nQ8Uw%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding

OPTIONS
H2 204 /
www.googleadservices.com/pagead/ar-adview/ Frame 0
0 175ms
73ms Preflight
text/html 142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept: */*
Access-Control-Request-Headers: attribution-reporting-eligible
Access-Control-Request-Method: GET
Origin: https://googleads.g.doubleclick.net
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: attribution-reporting-eligible
access-control-allow-methods: POST, GET, OPTIONS
access-control-allow-origin: https://googleads.g.doubleclick.net
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
content-type: text/html; charset=UTF-8
date: Fri, 06 Oct 2023 18:19:22 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3

200

/
www.googleadservices.com/pagead/ar-adview/ Frame 6B15
Redirect Chain

https://googleads.g.doubleclick.net/pagead/adview?ai=ChQloqU8gZcGPBozYZov_qagG7KmCtXORgsGR-RHb2R4QASDjv6SEAWCV4pCCoAegAb_L5oUCyAECqAMByAPJBKoEwgJP0G1dlomeIZxpC39_kBtsy7TCeB1tdiPIuQVuIyz13BzCxM74Y6s...
https://www.googleadservices.com/pagead/ar-adview/?nrh={%22debug_key%22:%2213291965271632458885%22,%22debug_reporting%22:true,%22destination%22:%22https://cotosen.com%22,%22event_report_window%22:%...

0
0

154ms
73ms

Fetch
text/css

142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/ar-adview/?nrh={%22debug_key%22:%2213291965271632458885%22,%22debug_reporting%22:true,%22destination%22:%22https://cotosen.com%22,%22event_report_window%22:%22259200%22,%22expiry%22:%222592000%22,%22filter_data%22:{%222%22:[%22549037503%22],%224%22:[%2210-06%22],%226%22:[%22true%22]},%22priority%22:%22500%22,%22source_event_id%22:%222143253146712181921%22}&andc=true

Requested by

Host: crezu.mx
URL: https://crezu.mx/landing/offers/?sub1=caa333ef9ab34141b01072fdc4cfcac3&sub2=mx-sms-welcome1-n&sub3&sub4&sub5&sub6&sub7&sub8&sub9

Protocol

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Fri, 06 Oct 2023 18:19:22 GMT
x-content-type-options: nosniff
attribution-reporting-register-source: {"debug_key":"13291965271632458885","debug_reporting":true,"destination":"https://cotosen.com","event_report_window":"259200","expiry":"2592000","filter_data":{"2":["549037503"],"4":["10-06"],"6":["true"]},"priority":"500","source_event_id":"2143253146712181921"}
server: cafe
content-type: text/css; charset=UTF-8
access-control-allow-origin: https://googleads.g.doubleclick.net
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: private
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 06 Oct 2023 18:19:22 GMT

Redirect headers

content-security-policy: script-src 'none'; object-src 'none'
date: Fri, 06 Oct 2023 18:19:22 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
location: https://www.googleadservices.com/pagead/ar-adview/?nrh={"debug_key":"13291965271632458885","debug_reporting":true,"destination":"https://cotosen.com","event_report_window":"259200","expiry":"2592000","filter_data":{"2":["549037503"],"4":["10-06"],"6":["true"]},"priority":"500","source_event_id":"2143253146712181921"}&andc=true
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H3 200 FvrbBlV_jFWbJeQ31HKG04hrbzYZAPR58b-SgZjo0Pc.js Show response
pagead2.googlesyndication.com/bg/ Frame 49C8 37 KB
14 KB 38ms
38ms Script
text/javascript 2a00:1450:4001:81c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/FvrbBlV_jFWbJeQ31HKG04hrbzYZAPR58b-SgZjo0Pc.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

16fadb06557f8c559b25e437d47286d3886b6f361900f479f1bf928198e8d0f7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 13:22:57 GMT
content-encoding: br
x-content-type-options: nosniff
age: 104185
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14696
x-xss-protection: 0
last-modified: Mon, 02 Oct 2023 14:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 04 Oct 2024 13:22:57 GMT

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 2279 22 KB
8 KB 39ms
38ms Document
text/html 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 102590
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 8395
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Thu, 05 Oct 2023 13:49:32 GMT
expires: Fri, 04 Oct 2024 13:49:32 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 24F9 22 KB
8 KB 39ms
38ms Document
text/html 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 102590
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 8395
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Thu, 05 Oct 2023 13:49:32 GMT
expires: Fri, 04 Oct 2024 13:49:32 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

OPTIONS
H2 204 /
www.googleadservices.com/pagead/ar-adview/ Frame 0
0 77ms
73ms Preflight
text/html 142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept: */*
Access-Control-Request-Headers: attribution-reporting-eligible
Access-Control-Request-Method: GET
Origin: https://googleads.g.doubleclick.net
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: attribution-reporting-eligible
access-control-allow-methods: POST, GET, OPTIONS
access-control-allow-origin: https://googleads.g.doubleclick.net
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
content-type: text/html; charset=UTF-8
date: Fri, 06 Oct 2023 18:19:22 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 16 KB
12 KB 165ms
87ms XHR
application/json 2a00:1450:4001:81c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20231004&st=env

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

843d1ef05e0032e3add78ba4f7fab0405180b152afebd584324c0093d7c2c729

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://crezu.mx/landing/offers/?sub1=caa333ef9ab34141b01072fdc4cfcac3&sub2=mx-sms-welcome1-n&sub3&sub4&sub5&sub6&sub7&sub8&sub9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Fri, 06 Oct 2023 18:19:23 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 12008
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame BD0B 212 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 5be127696e664a35f467a1c61c1415875641df0930ba555d04a9327f3267a2d7

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame 490E 211 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 719d72da85730794157992632094b847d6c92dee770dd626a5c46e4a36ab70c9

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 FvrbBlV_jFWbJeQ31HKG04hrbzYZAPR58b-SgZjo0Pc.js Show response
pagead2.googlesyndication.com/bg/ Frame 2279 37 KB
14 KB 38ms
38ms Script
text/javascript 2a00:1450:4001:81c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/FvrbBlV_jFWbJeQ31HKG04hrbzYZAPR58b-SgZjo0Pc.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

16fadb06557f8c559b25e437d47286d3886b6f361900f479f1bf928198e8d0f7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 13:22:57 GMT
content-encoding: br
x-content-type-options: nosniff
age: 104185
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14696
x-xss-protection: 0
last-modified: Mon, 02 Oct 2023 14:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 04 Oct 2024 13:22:57 GMT

GET
H3 200 FvrbBlV_jFWbJeQ31HKG04hrbzYZAPR58b-SgZjo0Pc.js Show response
pagead2.googlesyndication.com/bg/ Frame 24F9 37 KB
14 KB 39ms
39ms Script
text/javascript 2a00:1450:4001:81c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/FvrbBlV_jFWbJeQ31HKG04hrbzYZAPR58b-SgZjo0Pc.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

16fadb06557f8c559b25e437d47286d3886b6f361900f479f1bf928198e8d0f7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 13:22:57 GMT
content-encoding: br
x-content-type-options: nosniff
age: 104185
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14696
x-xss-protection: 0
last-modified: Mon, 02 Oct 2023 14:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 04 Oct 2024 13:22:57 GMT

POST
H3 200 rs Show response
ad4m.at/ Frame BD0B 2 KB
2 KB 35ms
35ms XHR
text/plain 2606:4700:20::681a:ad1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ad4m.at/rs
Requested by: Host: ad4m.at
URL: https://ad4m.at/r62eglto.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::681a:ad1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a1a4e8085302822637d4be4170bfbcc44e44551c8f3befde359f8857d7c5fff3

Request headers

Referer: https://googleads.g.doubleclick.net/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36
Content-Type: application/json

Response headers

date: Fri, 06 Oct 2023 18:19:22 GMT
via: 1.1 google
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=G21CWf8v9tcktt5KHTRTq%2BZrIJLwNnD92dvpS9uKNg3JF3TWWWP89ONZ3b78dIGeZ%2BnJYasba%2FCU%2FS4HBmbJ8kN%2BR8wx%2BmReoJh1FYjU%2FH9OTrBl9OX2ASOIyEsp9CqWP4AMJxM%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/plain
access-control-allow-origin: https://googleads.g.doubleclick.net
access-control-allow-credentials: true
cf-ray: 811fe98c6bd62bf6-FRA
x-backend-server: aa-reachservice-group-europe-west1-jnb0
alt-svc: h3=":443"; ma=86400

OPTIONS
H3 200 rs
ad4m.at/ Frame 0
0 40ms
30ms Preflight
text/plain 2606:4700:20::681a:ad1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ad4m.at/rs
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::681a:ad1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://googleads.g.doubleclick.net
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: content-type
access-control-allow-methods: GET,PATCH,POST,OPTIONS,DELETE
access-control-allow-origin: https://googleads.g.doubleclick.net
access-control-max-age: 1800
allow: HEAD,POST,GET,OPTIONS
alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 811fe98c3b982bf6-FRA
content-length: 24
content-type: text/plain
date: Fri, 06 Oct 2023 18:19:22 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=J133ncvZMGIGHZ4Pc9ggXPj%2F7kUWPhUZrKUgiD42cyiJ%2Fd2MfWHamRYlZ5LQ1uQINuycnAWoHjzIanrVvT0lrf1XA3D09H9sishpbRKZoPJxoHoPalPD%2BA1fcLvoCT%2Fjo4rW6TE%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
via: 1.1 google
x-backend-server: aa-reachservice-group-europe-west1-cmjn

POST
H3 200 rs Show response
ad4m.at/ Frame 490E 2 KB
2 KB 40ms
40ms XHR
text/plain 2606:4700:20::681a:ad1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ad4m.at/rs
Requested by: Host: ad4m.at
URL: https://ad4m.at/r62eglto.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::681a:ad1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ad2c75448f58781c7dd1a7dc49befeda2606b57915b998181f3e6f784bc740b1

Request headers

Referer: https://googleads.g.doubleclick.net/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36
Content-Type: application/json

Response headers

date: Fri, 06 Oct 2023 18:19:22 GMT
via: 1.1 google
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FpqTAODKn16GkkUNd7BTiaoeCcXiDmMaTLRDdtXPJpsdjBKTQT7Bms91WcJ%2FCuylhZ10%2Fbj1TCrdWOGHG2AqgLbYd1AnfJE4YINWTLdjZ%2FM5ellhcJFZ4tOWDLfKttXPDurx3G0%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/plain
access-control-allow-origin: https://googleads.g.doubleclick.net
access-control-allow-credentials: true
cf-ray: 811fe98c7be52bf6-FRA
x-backend-server: aa-reachservice-group-europe-west1-cmjn
alt-svc: h3=":443"; ma=86400

OPTIONS
H3 200 rs
ad4m.at/ Frame 0
0 29ms
29ms Preflight
text/plain 2606:4700:20::681a:ad1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ad4m.at/rs
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::681a:ad1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://googleads.g.doubleclick.net
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: content-type
access-control-allow-methods: GET,PATCH,POST,OPTIONS,DELETE
access-control-allow-origin: https://googleads.g.doubleclick.net
access-control-max-age: 1800
allow: HEAD,POST,GET,OPTIONS
alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 811fe98c4bab2bf6-FRA
content-length: 24
content-type: text/plain
date: Fri, 06 Oct 2023 18:19:22 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=oWh%2FqMC8LXs0%2FqWGdzs36P8olaD3Ion5NkidzeKKPT6rB49bI6HPhm%2F2bhSThVSaOw70lT2IDxdF2giKKExObaoCVnm%2FAgQXY5xmnec2tu%2BIstsrW3sGg4%2BzanzU63roRcoR64Q%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
via: 1.1 google
x-backend-server: aa-reachservice-group-europe-west1-jnb0

GET
H2 200 rar Show response
as.ad4m.at/ad/ Frame 780D 3 KB
3 KB 45ms
34ms Document
text/html 2606:4700:20::681a:ad1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://as.ad4m.at/ad/rar?a=121190&b=8RdFDf29AZHekzJTgHYt7HxtVjBHPTwT2jtk&f=ZxwtwfKWY1aR3eDfmHKtpHDCX89FVTXTWghJ&c=160&d=600&e=&g=d4a0789f1c2cbda9eec4c72d8c77962b%2F13672508586051743060&i=27903&j=22&k=0&l=0&m=0&n=&p=&q=&o=dbmPros&r=1696616362966&h=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%253Fsa%253DL%2526ai%253DC7EhqqU8gZeuYB6KriQa3qo6wBJumjORjrqn1-qcM8C4QASDjv6SEAWCV4pCCoAegAdyokOUCyAEJqQLNxqRQjaOxPqgDAcgDmwSqBP8BT9D4EeWPE1nj40VbPiyfGM-V9NgJ3DnOHT19red0t_hhTpatVR4dRcdl170GewR4yIATPxjw4kpUkCUxpmbOAZ2w-oWb3yMt7IkZRYhfPJhdZjXENyfgHq-6TgVBMBt16BnFcnKAC0ENAj2k0HpMPEZwMO-YexGV_HVZEfXap2EaYm7x6v50SNSPfhagpO7kflHyJh6le4KcsWVTtVZBZtsHnVB3mbJJ8NMnJa6rU6Q6G2KXbOpyH9zVqluKZSeFd-v3cmbT1MasgZO9aVyMh3tVG8IJurr13xMr5b_-OUlwN6cKgMmCElG6zG1zEWXzBhOgumfwAcnFWWOUqUBswATq_pn2pgLgBAOIBeL9pNgHkAYBoAZNgAeM1--aAagH2baxAqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBYIgOGAEBABGB8yAqoCOgKAQEi9_cE6gAoBmAsByAsBgAwBqg0CREXIDQGwE6PA9xTQEwDYEwrYFAHQFQH4FgGAFwHoFwE%2526ae%253D1%2526gclid%253DEAIaIQobChMIq5GZvITigQMVolXCCh03lQNGEAEYASAAEgJbD_D_BwE%2526num%253D1%2526cid%253DCAQSSwDICaaNVbcTiQwd4GyMtbhRFffHikXDQb1_IsOh0Pt7gB5V9gleMiT-DnhHfVladWuxlRSZAfbiGpPrdHzfnOBhczJfR9nfOJRkjxgB%2526sig%253DAOD64_0yiZcTR8E1Kg_GCREhgXZue4jXbA%2526client%253Dca-pub-7720460051430832%2526dbm_c%253DAKAmf-ASZCrAlyT21Ogz4dXOyGDNFecFJ54YI8CAlyXBVQ9St3tVwR79XugdqkZqB2E0S0URIq4ju2PZBPB_41CBkP2tUsHkO6K5w4XfKsU2LVeGpzFynfXewfFsNwKPDA8b2we5Nely_yvi2eu-VYdCiE2XLUbIUfUROXwrSFJ2hptczK5Rxyk%2526cry%253D1%2526dbm_d%253DAKAmf-Dbt-zoi8FewyBrc1PLZ0oVBg330E86JNZqo1LMjgIesgeiCeNkEe70J917F1i473ZzAIszLmiEp_OOOQAHAZ2R5WTtAJqmA4dulKeMVRbP7fmBdI5NknOKgmn-Zm-LjrZWfKKyHtX5Pc1PeRhbrzEZGFvNyIvLOKLiWAa8-aZuGwn0nbaYcmDeIk5RoOSpJF-_Z4fS7KNZTSzlShkhvTCX5sGG3pzDkP3J6xUPeCqRb9W7BLtFlOmNrvb_1FB9wMxFgMf5xLpQWYH5cSJR8JUvJZP9WLks2VjHkOO24QoH7dwnM2BmH_hAGQCqf8q03ZJOHlf7LQHjLLDn4-PBKEZ2PXgZuy-tAnoyK8Q50ZZ7wplBjQc_nVLczZI1EAKhgzgLeJyLCCSNMi7Jjse40O7YdA2DAaXGeB5m2owBrLPABQlAmYSK5oICgXYT_4H4U2fz5VuRkud7jrEs48DbeyFkzomTHKPIf4nJjwYA4ARj_Z8zRJOLVb53mUdYo9a_UEGPX5ogA2IWNJ4vKYbOtzcZMWfy19kHjRGHz0yj37HZMBDdCB0nm_YfiqCRyz6sPlfEsXNAIVyjKC-IVsjOGWZxiE8v8Mog3WHOEozXQvrO9tHwXhJsmO5E0CvC862glwzmwUGlFDegrnEREqrDyZBCgKQbDkFuGDeIknv_xx1iStkf1Uk%2526adurl%253D&y=1&s=&z=0

Requested by

Host: ad4m.at
URL: https://ad4m.at/r62eglto.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:ad1 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

efc33fb6c96df8a38ab6b918f5b0f79ced1c3778ff2f13b7cc9ba9249d497788

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content; report-to report-endpoint;report-uri /ad/rcv; upgrade-insecure-requests;sandbox allow-scripts allow-same-origin allow-popups allow-popups-to-escape-sandbox;base-uri https:;child-src ;connect-src https:;default-src 'self';font-src ;form-action 'none';frame-src ;img-src https: data:;manifest-src 'none';media-src 'none';object-src 'none';worker-src 'none';script-src https: 'unsafe-inline' 'unsafe-eval';style-src 'unsafe-inline'
Strict-Transport-Security	max-age=86400; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: no-store, no-cache, must-revalidate, proxy-revalidate
cf-cache-status: DYNAMIC
cf-ray: 811fe98ccca89247-FRA
content-encoding: br
content-security-policy: block-all-mixed-content; report-to report-endpoint;report-uri /ad/rcv; upgrade-insecure-requests;sandbox allow-scripts allow-same-origin allow-popups allow-popups-to-escape-sandbox;base-uri https:;child-src *;connect-src https:;default-src 'self';font-src *;form-action 'none';frame-src *;img-src https: data:;manifest-src 'none';media-src 'none';object-src 'none';worker-src 'none';script-src https: 'unsafe-inline' 'unsafe-eval';style-src * 'unsafe-inline'
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: unsafe-none
cross-origin-opener-policy: unsafe-none
cross-origin-resource-policy: cross-origin
date: Fri, 06 Oct 2023 18:19:23 GMT
expires: 0
nel: {"failure_fraction":"1.0","max_age":86400,"report_to":"report-endpoint","success_fraction":"0.0","include_subdomains":true}
permissions-policy: accelerometer=(),autoplay=(self),camera=(),display-capture=(),encrypted-media=(self),fullscreen=(),gamepad=(),geolocation=(),gyroscope=(),hid=(),identity-credentials-get=(),idle-detection=*,local-fonts=*,magnetometer=(),microphone=(),midi=(),otp-credentials=(),payment=(),picture-in-picture=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=(),web-share=*,xr-spatial-tracking=()
pragma: no-cache
referrer-policy: same-origin
report-to: {"endpoints":[{"url":"/ad/vre"}],"group":"report-endpoint","max_age":86400}
server: cloudflare
strict-transport-security: max-age=86400; includeSubDomains; preload
surrogate-control: no-store
vary: accept-encoding
via: 1.1 google
x-content-type-options: nosniff
x-download-options: noopen
x-xss-protection: 1; mode=block

GET
H2 200 rar Show response
as.ad4m.at/ad/ Frame FF0D 3 KB
2 KB 35ms
34ms Document
text/html 2606:4700:20::681a:ad1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://as.ad4m.at/ad/rar?a=121190&b=8RdFDf29AZHekzJTgHYt7HxtVjBHPTwT2jtk&f=ZxwtwfKWY1aR3eDfmHKtpHDCX89FVTXTWghJ&c=160&d=600&e=&g=78b0c0b5fd48118be2d992e8f6db940e%2F13236035799053118628&i=27903&j=22&k=0&l=0&m=0&n=&p=&q=&o=dbmPros&r=1696616362948&h=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%253Fsa%253DL%2526ai%253DC5A3iqU8gZeyYB6KriQa3qo6wBJumjORjrqn1-qcM8C4QASDjv6SEAWCV4pCCoAegAdyokOUCyAEJqQLNxqRQjaOxPqgDAcgDmwSqBP8BT9AHyFsN4fuLu8oQh0K9jlKoPMZh7GnuTw6IoglEcsN1PHNb3L29dfHv00rqXRO08idxz6QYb55E50YT_4FRLAbPLqV1eTw2GrghC_ukt0DHJ6ReKduYqhOrycDKr9V697rbS9KB8SKgGQJ9LwRD80x_CzZc_htwKqS0afLqENnJ1fDTzrSQn4PWRzVlpZ_lnRMyp9bFH0JjtXHTZjr0AM2szcUqU0nmz5JTqWHzNWwbSF4pq1GuaagQs6DJCZXlMrSMitF0PGJ-uTz7IA158rjhmkRwvIYOQYwh50t4fX7ykQ5BZPIzo9IQeVGOrD0OJRrJ_BGbPMY9fwsyq4nhwATq_pn2pgLgBAOIBeL9pNgHkAYBoAZNgAeM1--aAagH2baxAqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBYIgOGAEBABGB8yAqoCOgKAQEi9_cE6gAoBmAsByAsBgAwBqg0CREXIDQGwE6PA9xTQEwDYEwrYFAHQFQH4FgGAFwHoFwE%2526ae%253D1%2526gclid%253DEAIaIQobChMIrJGZvITigQMVolXCCh03lQNGEAEYASAAEgKDvvD_BwE%2526num%253D1%2526cid%253DCAQSSwDICaaNVbcTiQwd4GyMtbhRFffHikXDQb1_IsOh0Pt7gB5V9gleMiT-DnhHfVladWuxlRSZAfbiGpPrdHzfnOBhczJfR9nfOJRkjxgB%2526sig%253DAOD64_2_PQ0n886dR9WmU6B5jM0PUavWjw%2526client%253Dca-pub-7720460051430832%2526dbm_c%253DAKAmf-B5_UhbIN-5iBQE258XHeFVLDaoatigXBTUw8hFS8FJsUXPPjtIayCpPBrbK8jONZmd5ya90JBWUfwj2K-6urQ_9AsQ3n5Y9XN0enNHje-o57-Jri_40QgW-jR_p6y-KhnAfFUVYPxBtgiIi8l4eq4sF-MyDeRjPkanB_RsNOOADaGEBkI%2526cry%253D1%2526dbm_d%253DAKAmf-BxQ5kQOq0O6KtOZlwX-okDb2ymkHKYMnkrvm00exTDe6lFIHf0-BwjMc4wjUn6LtAnnwzzB581v8asdOXWxAxKDd0TtDt19mZU3j24vT6un4YF4hZxKyv_djmynTHPPTR2Bt8JYDL2WtQIchGCw5GTZkaYPJaU3RCHGSKp0x8cz4nOd-fRPbyGxpMKezCg5MwH0imTATOot10fOjtd4691TL61KYiGJebjF6aeCazwnOnct7VNKObbqESLVoCES_uUgyAwV_erimxkvLGZf4Lb0-n3Ei8uLvcw26EU-gVLT2ynvhef_o6XbCu1Lmp4DLdj7b2hpzqrLrWhBaAQ4XHvaFQK_JIAZAhqKXx7fwCOgWsqrf36HImnEBAiWtZsE039rUSEvwWA2_PIjYKaRVbUPPe9wPkjzbhVRaXM91BDmg1mqULDxYn_WVkSk4wncTi_bRMUbKAkjuhzzEUrF6wT6TdJGplb7G24rhkJsgsQwYzxwRRhqkUnS658pEwXdlefMqVKkinSiQ4UcNasnLeWqDafA9iqDktMJj4-nbh_si2LUKQV1gBYIv02HQcHAhw-J-LFQql4TOGLdVCWf36ZJgwsCGouRO4O_84P55h-OwqQ4oxXvfwGT4KanZE68ylPD0l-eqgD-crkM_do-1hbYFydYsfC4n4J9IBWDfxpeQNxyXI%2526adurl%253D&y=1&s=&z=0

Requested by

Host: ad4m.at
URL: https://ad4m.at/r62eglto.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:ad1 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f4d505854d57e5fc6e2dbfa230ea66dd0d008ccab4495c9e32562928c8467aa2

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content; report-to report-endpoint;report-uri /ad/rcv; upgrade-insecure-requests;sandbox allow-scripts allow-same-origin allow-popups allow-popups-to-escape-sandbox;base-uri https:;child-src ;connect-src https:;default-src 'self';font-src ;form-action 'none';frame-src ;img-src https: data:;manifest-src 'none';media-src 'none';object-src 'none';worker-src 'none';script-src https: 'unsafe-inline' 'unsafe-eval';style-src 'unsafe-inline'
Strict-Transport-Security	max-age=86400; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: no-store, no-cache, must-revalidate, proxy-revalidate
cf-cache-status: DYNAMIC
cf-ray: 811fe98cecc69247-FRA
content-encoding: br
content-security-policy: block-all-mixed-content; report-to report-endpoint;report-uri /ad/rcv; upgrade-insecure-requests;sandbox allow-scripts allow-same-origin allow-popups allow-popups-to-escape-sandbox;base-uri https:;child-src *;connect-src https:;default-src 'self';font-src *;form-action 'none';frame-src *;img-src https: data:;manifest-src 'none';media-src 'none';object-src 'none';worker-src 'none';script-src https: 'unsafe-inline' 'unsafe-eval';style-src * 'unsafe-inline'
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: unsafe-none
cross-origin-opener-policy: unsafe-none
cross-origin-resource-policy: cross-origin
date: Fri, 06 Oct 2023 18:19:23 GMT
expires: 0
nel: {"failure_fraction":"1.0","max_age":86400,"report_to":"report-endpoint","success_fraction":"0.0","include_subdomains":true}
permissions-policy: accelerometer=(),autoplay=(self),camera=(),display-capture=(),encrypted-media=(self),fullscreen=(),gamepad=(),geolocation=(),gyroscope=(),hid=(),identity-credentials-get=(),idle-detection=*,local-fonts=*,magnetometer=(),microphone=(),midi=(),otp-credentials=(),payment=(),picture-in-picture=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=(),web-share=*,xr-spatial-tracking=()
pragma: no-cache
referrer-policy: same-origin
report-to: {"endpoints":[{"url":"/ad/vre"}],"group":"report-endpoint","max_age":86400}
server: cloudflare
strict-transport-security: max-age=86400; includeSubDomains; preload
surrogate-control: no-store
vary: accept-encoding
via: 1.1 google
x-content-type-options: nosniff
x-download-options: noopen
x-xss-protection: 1; mode=block

GET
H3 200 default.css
as.ad4m.at/ad/style/0.1.49/one-ad/ Frame 780D 115 KB
14 KB 32ms
31ms Stylesheet
text/css 2606:4700:20::681a:ad1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://as.ad4m.at/ad/style/0.1.49/one-ad/default.css
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=121190&b=8RdFDf29AZHekzJTgHYt7HxtVjBHPTwT2jtk&f=ZxwtwfKWY1aR3eDfmHKtpHDCX89FVTXTWghJ&c=160&d=600&e=&g=d4a0789f1c2cbda9eec4c72d8c77962b%2F13672508586051743060&i=27903&j=22&k=0&l=0&m=0&n=&p=&q=&o=dbmPros&r=1696616362966&h=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%253Fsa%253DL%2526ai%253DC7EhqqU8gZeuYB6KriQa3qo6wBJumjORjrqn1-qcM8C4QASDjv6SEAWCV4pCCoAegAdyokOUCyAEJqQLNxqRQjaOxPqgDAcgDmwSqBP8BT9D4EeWPE1nj40VbPiyfGM-V9NgJ3DnOHT19red0t_hhTpatVR4dRcdl170GewR4yIATPxjw4kpUkCUxpmbOAZ2w-oWb3yMt7IkZRYhfPJhdZjXENyfgHq-6TgVBMBt16BnFcnKAC0ENAj2k0HpMPEZwMO-YexGV_HVZEfXap2EaYm7x6v50SNSPfhagpO7kflHyJh6le4KcsWVTtVZBZtsHnVB3mbJJ8NMnJa6rU6Q6G2KXbOpyH9zVqluKZSeFd-v3cmbT1MasgZO9aVyMh3tVG8IJurr13xMr5b_-OUlwN6cKgMmCElG6zG1zEWXzBhOgumfwAcnFWWOUqUBswATq_pn2pgLgBAOIBeL9pNgHkAYBoAZNgAeM1--aAagH2baxAqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBYIgOGAEBABGB8yAqoCOgKAQEi9_cE6gAoBmAsByAsBgAwBqg0CREXIDQGwE6PA9xTQEwDYEwrYFAHQFQH4FgGAFwHoFwE%2526ae%253D1%2526gclid%253DEAIaIQobChMIq5GZvITigQMVolXCCh03lQNGEAEYASAAEgJbD_D_BwE%2526num%253D1%2526cid%253DCAQSSwDICaaNVbcTiQwd4GyMtbhRFffHikXDQb1_IsOh0Pt7gB5V9gleMiT-DnhHfVladWuxlRSZAfbiGpPrdHzfnOBhczJfR9nfOJRkjxgB%2526sig%253DAOD64_0yiZcTR8E1Kg_GCREhgXZue4jXbA%2526client%253Dca-pub-7720460051430832%2526dbm_c%253DAKAmf-ASZCrAlyT21Ogz4dXOyGDNFecFJ54YI8CAlyXBVQ9St3tVwR79XugdqkZqB2E0S0URIq4ju2PZBPB_41CBkP2tUsHkO6K5w4XfKsU2LVeGpzFynfXewfFsNwKPDA8b2we5Nely_yvi2eu-VYdCiE2XLUbIUfUROXwrSFJ2hptczK5Rxyk%2526cry%253D1%2526dbm_d%253DAKAmf-Dbt-zoi8FewyBrc1PLZ0oVBg330E86JNZqo1LMjgIesgeiCeNkEe70J917F1i473ZzAIszLmiEp_OOOQAHAZ2R5WTtAJqmA4dulKeMVRbP7fmBdI5NknOKgmn-Zm-LjrZWfKKyHtX5Pc1PeRhbrzEZGFvNyIvLOKLiWAa8-aZuGwn0nbaYcmDeIk5RoOSpJF-_Z4fS7KNZTSzlShkhvTCX5sGG3pzDkP3J6xUPeCqRb9W7BLtFlOmNrvb_1FB9wMxFgMf5xLpQWYH5cSJR8JUvJZP9WLks2VjHkOO24QoH7dwnM2BmH_hAGQCqf8q03ZJOHlf7LQHjLLDn4-PBKEZ2PXgZuy-tAnoyK8Q50ZZ7wplBjQc_nVLczZI1EAKhgzgLeJyLCCSNMi7Jjse40O7YdA2DAaXGeB5m2owBrLPABQlAmYSK5oICgXYT_4H4U2fz5VuRkud7jrEs48DbeyFkzomTHKPIf4nJjwYA4ARj_Z8zRJOLVb53mUdYo9a_UEGPX5ogA2IWNJ4vKYbOtzcZMWfy19kHjRGHz0yj37HZMBDdCB0nm_YfiqCRyz6sPlfEsXNAIVyjKC-IVsjOGWZxiE8v8Mog3WHOEozXQvrO9tHwXhJsmO5E0CvC862glwzmwUGlFDegrnEREqrDyZBCgKQbDkFuGDeIknv_xx1iStkf1Uk%2526adurl%253D&y=1&s=&z=0
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::681a:ad1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5f5a0db09b2c7d59fce00d749f6b857d80edafcca6897c038c5b77fb942f1393

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://as.ad4m.at/ad/rar?a=121190&b=8RdFDf29AZHekzJTgHYt7HxtVjBHPTwT2jtk&f=ZxwtwfKWY1aR3eDfmHKtpHDCX89FVTXTWghJ&c=160&d=600&e=&g=d4a0789f1c2cbda9eec4c72d8c77962b%2F13672508586051743060&i=27903&j=22&k=0&l=0&m=0&n=&p=&q=&o=dbmPros&r=1696616362966&h=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%253Fsa%253DL%2526ai%253DC7EhqqU8gZeuYB6KriQa3qo6wBJumjORjrqn1-qcM8C4QASDjv6SEAWCV4pCCoAegAdyokOUCyAEJqQLNxqRQjaOxPqgDAcgDmwSqBP8BT9D4EeWPE1nj40VbPiyfGM-V9NgJ3DnOHT19red0t_hhTpatVR4dRcdl170GewR4yIATPxjw4kpUkCUxpmbOAZ2w-oWb3yMt7IkZRYhfPJhdZjXENyfgHq-6TgVBMBt16BnFcnKAC0ENAj2k0HpMPEZwMO-YexGV_HVZEfXap2EaYm7x6v50SNSPfhagpO7kflHyJh6le4KcsWVTtVZBZtsHnVB3mbJJ8NMnJa6rU6Q6G2KXbOpyH9zVqluKZSeFd-v3cmbT1MasgZO9aVyMh3tVG8IJurr13xMr5b_-OUlwN6cKgMmCElG6zG1zEWXzBhOgumfwAcnFWWOUqUBswATq_pn2pgLgBAOIBeL9pNgHkAYBoAZNgAeM1--aAagH2baxAqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBYIgOGAEBABGB8yAqoCOgKAQEi9_cE6gAoBmAsByAsBgAwBqg0CREXIDQGwE6PA9xTQEwDYEwrYFAHQFQH4FgGAFwHoFwE%2526ae%253D1%2526gclid%253DEAIaIQobChMIq5GZvITigQMVolXCCh03lQNGEAEYASAAEgJbD_D_BwE%2526num%253D1%2526cid%253DCAQSSwDICaaNVbcTiQwd4GyMtbhRFffHikXDQb1_IsOh0Pt7gB5V9gleMiT-DnhHfVladWuxlRSZAfbiGpPrdHzfnOBhczJfR9nfOJRkjxgB%2526sig%253DAOD64_0yiZcTR8E1Kg_GCREhgXZue4jXbA%2526client%253Dca-pub-7720460051430832%2526dbm_c%253DAKAmf-ASZCrAlyT21Ogz4dXOyGDNFecFJ54YI8CAlyXBVQ9St3tVwR79XugdqkZqB2E0S0URIq4ju2PZBPB_41CBkP2tUsHkO6K5w4XfKsU2LVeGpzFynfXewfFsNwKPDA8b2we5Nely_yvi2eu-VYdCiE2XLUbIUfUROXwrSFJ2hptczK5Rxyk%2526cry%253D1%2526dbm_d%253DAKAmf-Dbt-zoi8FewyBrc1PLZ0oVBg330E86JNZqo1LMjgIesgeiCeNkEe70J917F1i473ZzAIszLmiEp_OOOQAHAZ2R5WTtAJqmA4dulKeMVRbP7fmBdI5NknOKgmn-Zm-LjrZWfKKyHtX5Pc1PeRhbrzEZGFvNyIvLOKLiWAa8-aZuGwn0nbaYcmDeIk5RoOSpJF-_Z4fS7KNZTSzlShkhvTCX5sGG3pzDkP3J6xUPeCqRb9W7BLtFlOmNrvb_1FB9wMxFgMf5xLpQWYH5cSJR8JUvJZP9WLks2VjHkOO24QoH7dwnM2BmH_hAGQCqf8q03ZJOHlf7LQHjLLDn4-PBKEZ2PXgZuy-tAnoyK8Q50ZZ7wplBjQc_nVLczZI1EAKhgzgLeJyLCCSNMi7Jjse40O7YdA2DAaXGeB5m2owBrLPABQlAmYSK5oICgXYT_4H4U2fz5VuRkud7jrEs48DbeyFkzomTHKPIf4nJjwYA4ARj_Z8zRJOLVb53mUdYo9a_UEGPX5ogA2IWNJ4vKYbOtzcZMWfy19kHjRGHz0yj37HZMBDdCB0nm_YfiqCRyz6sPlfEsXNAIVyjKC-IVsjOGWZxiE8v8Mog3WHOEozXQvrO9tHwXhJsmO5E0CvC862glwzmwUGlFDegrnEREqrDyZBCgKQbDkFuGDeIknv_xx1iStkf1Uk%2526adurl%253D&y=1&s=&z=0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Fri, 06 Oct 2023 18:19:23 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-goog-meta-goog-reserved-file-mtime: 1694166205
age: 30568
cf-polished: origSize=118430
x-guploader-uploadid: ADPycdvRNDSrLsq4rFUBrYyffZGk57AlA6TL7aGiXTaN2eXe7Da_6kEdpo2XHnuDhOFVbuKqZ3BrvbcSkuQiB84ETmeFsA
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=86400
cf-bgj: minify
last-modified: Fri, 08 Sep 2023 09:43:56 GMT
server: cloudflare
etag: W/"486507ccce9ac587d11c0ef3f32a109a"
vary: Accept-Encoding
x-goog-generation: 1694166236174866
content-type: text/css
x-goog-hash: crc32c=4fid0Q==, md5=SGUHzM6axYfRHA7z8yoQmg==
cache-control: public, max-age=3600
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3Jz%2BFVxAoebykkv6LWSfhYXxuEG%2BOww14XD9fRu8iR60JzyWHGjkHOOE1sHcACNHO4ZEIZKxPN43jsZOpnq7UQQSkBfO7Zl6y%2BeCKVVsWQVFAOmSHBSMljYINASOxXY9khxyKjGsRzQ%3D"}],"group":"cf-nel","max_age":604800}
x-goog-stored-content-length: 118430
cf-ray: 811fe98d1a6d2c75-FRA
expires: Fri, 06 Oct 2023 19:19:23 GMT

GET
H2 200 2FE38D80323E4A045A917946D70FA9DFB462FFAC59CE923F938285D0D5335A868233020219D7BACA360BF3E2DC6BD700ED49225A599457A567F8333D090F8110
assets.ad4m.at/ Frame 780D 18 KB
18 KB 26ms
18ms Image
image/webp 2606:4700:20::681a:ad1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.ad4m.at/2FE38D80323E4A045A917946D70FA9DFB462FFAC59CE923F938285D0D5335A868233020219D7BACA360BF3E2DC6BD700ED49225A599457A567F8333D090F8110
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=121190&b=8RdFDf29AZHekzJTgHYt7HxtVjBHPTwT2jtk&f=ZxwtwfKWY1aR3eDfmHKtpHDCX89FVTXTWghJ&c=160&d=600&e=&g=d4a0789f1c2cbda9eec4c72d8c77962b%2F13672508586051743060&i=27903&j=22&k=0&l=0&m=0&n=&p=&q=&o=dbmPros&r=1696616362966&h=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%253Fsa%253DL%2526ai%253DC7EhqqU8gZeuYB6KriQa3qo6wBJumjORjrqn1-qcM8C4QASDjv6SEAWCV4pCCoAegAdyokOUCyAEJqQLNxqRQjaOxPqgDAcgDmwSqBP8BT9D4EeWPE1nj40VbPiyfGM-V9NgJ3DnOHT19red0t_hhTpatVR4dRcdl170GewR4yIATPxjw4kpUkCUxpmbOAZ2w-oWb3yMt7IkZRYhfPJhdZjXENyfgHq-6TgVBMBt16BnFcnKAC0ENAj2k0HpMPEZwMO-YexGV_HVZEfXap2EaYm7x6v50SNSPfhagpO7kflHyJh6le4KcsWVTtVZBZtsHnVB3mbJJ8NMnJa6rU6Q6G2KXbOpyH9zVqluKZSeFd-v3cmbT1MasgZO9aVyMh3tVG8IJurr13xMr5b_-OUlwN6cKgMmCElG6zG1zEWXzBhOgumfwAcnFWWOUqUBswATq_pn2pgLgBAOIBeL9pNgHkAYBoAZNgAeM1--aAagH2baxAqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBYIgOGAEBABGB8yAqoCOgKAQEi9_cE6gAoBmAsByAsBgAwBqg0CREXIDQGwE6PA9xTQEwDYEwrYFAHQFQH4FgGAFwHoFwE%2526ae%253D1%2526gclid%253DEAIaIQobChMIq5GZvITigQMVolXCCh03lQNGEAEYASAAEgJbD_D_BwE%2526num%253D1%2526cid%253DCAQSSwDICaaNVbcTiQwd4GyMtbhRFffHikXDQb1_IsOh0Pt7gB5V9gleMiT-DnhHfVladWuxlRSZAfbiGpPrdHzfnOBhczJfR9nfOJRkjxgB%2526sig%253DAOD64_0yiZcTR8E1Kg_GCREhgXZue4jXbA%2526client%253Dca-pub-7720460051430832%2526dbm_c%253DAKAmf-ASZCrAlyT21Ogz4dXOyGDNFecFJ54YI8CAlyXBVQ9St3tVwR79XugdqkZqB2E0S0URIq4ju2PZBPB_41CBkP2tUsHkO6K5w4XfKsU2LVeGpzFynfXewfFsNwKPDA8b2we5Nely_yvi2eu-VYdCiE2XLUbIUfUROXwrSFJ2hptczK5Rxyk%2526cry%253D1%2526dbm_d%253DAKAmf-Dbt-zoi8FewyBrc1PLZ0oVBg330E86JNZqo1LMjgIesgeiCeNkEe70J917F1i473ZzAIszLmiEp_OOOQAHAZ2R5WTtAJqmA4dulKeMVRbP7fmBdI5NknOKgmn-Zm-LjrZWfKKyHtX5Pc1PeRhbrzEZGFvNyIvLOKLiWAa8-aZuGwn0nbaYcmDeIk5RoOSpJF-_Z4fS7KNZTSzlShkhvTCX5sGG3pzDkP3J6xUPeCqRb9W7BLtFlOmNrvb_1FB9wMxFgMf5xLpQWYH5cSJR8JUvJZP9WLks2VjHkOO24QoH7dwnM2BmH_hAGQCqf8q03ZJOHlf7LQHjLLDn4-PBKEZ2PXgZuy-tAnoyK8Q50ZZ7wplBjQc_nVLczZI1EAKhgzgLeJyLCCSNMi7Jjse40O7YdA2DAaXGeB5m2owBrLPABQlAmYSK5oICgXYT_4H4U2fz5VuRkud7jrEs48DbeyFkzomTHKPIf4nJjwYA4ARj_Z8zRJOLVb53mUdYo9a_UEGPX5ogA2IWNJ4vKYbOtzcZMWfy19kHjRGHz0yj37HZMBDdCB0nm_YfiqCRyz6sPlfEsXNAIVyjKC-IVsjOGWZxiE8v8Mog3WHOEozXQvrO9tHwXhJsmO5E0CvC862glwzmwUGlFDegrnEREqrDyZBCgKQbDkFuGDeIknv_xx1iStkf1Uk%2526adurl%253D&y=1&s=&z=0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:ad1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5d5178b85f33eb7cb6974b23a2953b6607c71ac6b300a86f3cc8bebcbf5c635a

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Fri, 06 Oct 2023 18:19:23 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 12034
cf-polished: qual=85, origFmt=jpeg, origSize=120811
alt-svc: h3=":443"; ma=86400
content-length: 17992
cf-bgj: imgq:85,h2pri
last-modified: Fri, 04 Aug 2023 11:51:53 GMT
server: cloudflare
etag: "7128bc1903cf2a0d96f8ada1a93e0bb0"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ka1zYmXMqR28ru8ZsfqzCrZQrGq49ltbPukPWlVGZPmVi8491gZ2Aw0B9yjUwL6Y9QgpB6IK%2FjXyASxHTQ54sHWYMzrzpWPR6yKHM1%2F9PUcbrrbsJPicf4DKcdMpDKbOcN2hMEaQzVI0ivnz"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
cache-control: public, max-age=86400
accept-ranges: bytes
cf-ray: 811fe98d2d369247-FRA
expires: Sat, 07 Oct 2023 18:19:23 GMT

GET
H3 200 default.css
as.ad4m.at/ad/style/0.1.49/one-ad/ Frame FF0D 115 KB
14 KB 37ms
36ms Stylesheet
text/css 2606:4700:20::681a:ad1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://as.ad4m.at/ad/style/0.1.49/one-ad/default.css
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=121190&b=8RdFDf29AZHekzJTgHYt7HxtVjBHPTwT2jtk&f=ZxwtwfKWY1aR3eDfmHKtpHDCX89FVTXTWghJ&c=160&d=600&e=&g=78b0c0b5fd48118be2d992e8f6db940e%2F13236035799053118628&i=27903&j=22&k=0&l=0&m=0&n=&p=&q=&o=dbmPros&r=1696616362948&h=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%253Fsa%253DL%2526ai%253DC5A3iqU8gZeyYB6KriQa3qo6wBJumjORjrqn1-qcM8C4QASDjv6SEAWCV4pCCoAegAdyokOUCyAEJqQLNxqRQjaOxPqgDAcgDmwSqBP8BT9AHyFsN4fuLu8oQh0K9jlKoPMZh7GnuTw6IoglEcsN1PHNb3L29dfHv00rqXRO08idxz6QYb55E50YT_4FRLAbPLqV1eTw2GrghC_ukt0DHJ6ReKduYqhOrycDKr9V697rbS9KB8SKgGQJ9LwRD80x_CzZc_htwKqS0afLqENnJ1fDTzrSQn4PWRzVlpZ_lnRMyp9bFH0JjtXHTZjr0AM2szcUqU0nmz5JTqWHzNWwbSF4pq1GuaagQs6DJCZXlMrSMitF0PGJ-uTz7IA158rjhmkRwvIYOQYwh50t4fX7ykQ5BZPIzo9IQeVGOrD0OJRrJ_BGbPMY9fwsyq4nhwATq_pn2pgLgBAOIBeL9pNgHkAYBoAZNgAeM1--aAagH2baxAqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBYIgOGAEBABGB8yAqoCOgKAQEi9_cE6gAoBmAsByAsBgAwBqg0CREXIDQGwE6PA9xTQEwDYEwrYFAHQFQH4FgGAFwHoFwE%2526ae%253D1%2526gclid%253DEAIaIQobChMIrJGZvITigQMVolXCCh03lQNGEAEYASAAEgKDvvD_BwE%2526num%253D1%2526cid%253DCAQSSwDICaaNVbcTiQwd4GyMtbhRFffHikXDQb1_IsOh0Pt7gB5V9gleMiT-DnhHfVladWuxlRSZAfbiGpPrdHzfnOBhczJfR9nfOJRkjxgB%2526sig%253DAOD64_2_PQ0n886dR9WmU6B5jM0PUavWjw%2526client%253Dca-pub-7720460051430832%2526dbm_c%253DAKAmf-B5_UhbIN-5iBQE258XHeFVLDaoatigXBTUw8hFS8FJsUXPPjtIayCpPBrbK8jONZmd5ya90JBWUfwj2K-6urQ_9AsQ3n5Y9XN0enNHje-o57-Jri_40QgW-jR_p6y-KhnAfFUVYPxBtgiIi8l4eq4sF-MyDeRjPkanB_RsNOOADaGEBkI%2526cry%253D1%2526dbm_d%253DAKAmf-BxQ5kQOq0O6KtOZlwX-okDb2ymkHKYMnkrvm00exTDe6lFIHf0-BwjMc4wjUn6LtAnnwzzB581v8asdOXWxAxKDd0TtDt19mZU3j24vT6un4YF4hZxKyv_djmynTHPPTR2Bt8JYDL2WtQIchGCw5GTZkaYPJaU3RCHGSKp0x8cz4nOd-fRPbyGxpMKezCg5MwH0imTATOot10fOjtd4691TL61KYiGJebjF6aeCazwnOnct7VNKObbqESLVoCES_uUgyAwV_erimxkvLGZf4Lb0-n3Ei8uLvcw26EU-gVLT2ynvhef_o6XbCu1Lmp4DLdj7b2hpzqrLrWhBaAQ4XHvaFQK_JIAZAhqKXx7fwCOgWsqrf36HImnEBAiWtZsE039rUSEvwWA2_PIjYKaRVbUPPe9wPkjzbhVRaXM91BDmg1mqULDxYn_WVkSk4wncTi_bRMUbKAkjuhzzEUrF6wT6TdJGplb7G24rhkJsgsQwYzxwRRhqkUnS658pEwXdlefMqVKkinSiQ4UcNasnLeWqDafA9iqDktMJj4-nbh_si2LUKQV1gBYIv02HQcHAhw-J-LFQql4TOGLdVCWf36ZJgwsCGouRO4O_84P55h-OwqQ4oxXvfwGT4KanZE68ylPD0l-eqgD-crkM_do-1hbYFydYsfC4n4J9IBWDfxpeQNxyXI%2526adurl%253D&y=1&s=&z=0
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::681a:ad1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5f5a0db09b2c7d59fce00d749f6b857d80edafcca6897c038c5b77fb942f1393

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://as.ad4m.at/ad/rar?a=121190&b=8RdFDf29AZHekzJTgHYt7HxtVjBHPTwT2jtk&f=ZxwtwfKWY1aR3eDfmHKtpHDCX89FVTXTWghJ&c=160&d=600&e=&g=78b0c0b5fd48118be2d992e8f6db940e%2F13236035799053118628&i=27903&j=22&k=0&l=0&m=0&n=&p=&q=&o=dbmPros&r=1696616362948&h=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%253Fsa%253DL%2526ai%253DC5A3iqU8gZeyYB6KriQa3qo6wBJumjORjrqn1-qcM8C4QASDjv6SEAWCV4pCCoAegAdyokOUCyAEJqQLNxqRQjaOxPqgDAcgDmwSqBP8BT9AHyFsN4fuLu8oQh0K9jlKoPMZh7GnuTw6IoglEcsN1PHNb3L29dfHv00rqXRO08idxz6QYb55E50YT_4FRLAbPLqV1eTw2GrghC_ukt0DHJ6ReKduYqhOrycDKr9V697rbS9KB8SKgGQJ9LwRD80x_CzZc_htwKqS0afLqENnJ1fDTzrSQn4PWRzVlpZ_lnRMyp9bFH0JjtXHTZjr0AM2szcUqU0nmz5JTqWHzNWwbSF4pq1GuaagQs6DJCZXlMrSMitF0PGJ-uTz7IA158rjhmkRwvIYOQYwh50t4fX7ykQ5BZPIzo9IQeVGOrD0OJRrJ_BGbPMY9fwsyq4nhwATq_pn2pgLgBAOIBeL9pNgHkAYBoAZNgAeM1--aAagH2baxAqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBYIgOGAEBABGB8yAqoCOgKAQEi9_cE6gAoBmAsByAsBgAwBqg0CREXIDQGwE6PA9xTQEwDYEwrYFAHQFQH4FgGAFwHoFwE%2526ae%253D1%2526gclid%253DEAIaIQobChMIrJGZvITigQMVolXCCh03lQNGEAEYASAAEgKDvvD_BwE%2526num%253D1%2526cid%253DCAQSSwDICaaNVbcTiQwd4GyMtbhRFffHikXDQb1_IsOh0Pt7gB5V9gleMiT-DnhHfVladWuxlRSZAfbiGpPrdHzfnOBhczJfR9nfOJRkjxgB%2526sig%253DAOD64_2_PQ0n886dR9WmU6B5jM0PUavWjw%2526client%253Dca-pub-7720460051430832%2526dbm_c%253DAKAmf-B5_UhbIN-5iBQE258XHeFVLDaoatigXBTUw8hFS8FJsUXPPjtIayCpPBrbK8jONZmd5ya90JBWUfwj2K-6urQ_9AsQ3n5Y9XN0enNHje-o57-Jri_40QgW-jR_p6y-KhnAfFUVYPxBtgiIi8l4eq4sF-MyDeRjPkanB_RsNOOADaGEBkI%2526cry%253D1%2526dbm_d%253DAKAmf-BxQ5kQOq0O6KtOZlwX-okDb2ymkHKYMnkrvm00exTDe6lFIHf0-BwjMc4wjUn6LtAnnwzzB581v8asdOXWxAxKDd0TtDt19mZU3j24vT6un4YF4hZxKyv_djmynTHPPTR2Bt8JYDL2WtQIchGCw5GTZkaYPJaU3RCHGSKp0x8cz4nOd-fRPbyGxpMKezCg5MwH0imTATOot10fOjtd4691TL61KYiGJebjF6aeCazwnOnct7VNKObbqESLVoCES_uUgyAwV_erimxkvLGZf4Lb0-n3Ei8uLvcw26EU-gVLT2ynvhef_o6XbCu1Lmp4DLdj7b2hpzqrLrWhBaAQ4XHvaFQK_JIAZAhqKXx7fwCOgWsqrf36HImnEBAiWtZsE039rUSEvwWA2_PIjYKaRVbUPPe9wPkjzbhVRaXM91BDmg1mqULDxYn_WVkSk4wncTi_bRMUbKAkjuhzzEUrF6wT6TdJGplb7G24rhkJsgsQwYzxwRRhqkUnS658pEwXdlefMqVKkinSiQ4UcNasnLeWqDafA9iqDktMJj4-nbh_si2LUKQV1gBYIv02HQcHAhw-J-LFQql4TOGLdVCWf36ZJgwsCGouRO4O_84P55h-OwqQ4oxXvfwGT4KanZE68ylPD0l-eqgD-crkM_do-1hbYFydYsfC4n4J9IBWDfxpeQNxyXI%2526adurl%253D&y=1&s=&z=0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Fri, 06 Oct 2023 18:19:23 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-goog-meta-goog-reserved-file-mtime: 1694166205
age: 30568
cf-polished: origSize=118430
x-guploader-uploadid: ADPycdvRNDSrLsq4rFUBrYyffZGk57AlA6TL7aGiXTaN2eXe7Da_6kEdpo2XHnuDhOFVbuKqZ3BrvbcSkuQiB84ETmeFsA
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=86400
cf-bgj: minify
last-modified: Fri, 08 Sep 2023 09:43:56 GMT
server: cloudflare
etag: W/"486507ccce9ac587d11c0ef3f32a109a"
vary: Accept-Encoding
x-goog-generation: 1694166236174866
content-type: text/css
x-goog-hash: crc32c=4fid0Q==, md5=SGUHzM6axYfRHA7z8yoQmg==
cache-control: public, max-age=3600
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pFqFdubznnkld5Q4c3OK7sBiUfgVqoUDU3%2BssvtG6PQBTX87IZ7sLuSY6hdmnORNZP806cBrdStpSs%2Fb0%2B25SPmQVJpRiA7uzKgxsTB72Zvedr9IQRquwR2swvN6l5%2FZIwRgim4Seeo%3D"}],"group":"cf-nel","max_age":604800}
x-goog-stored-content-length: 118430
cf-ray: 811fe98d3a992c75-FRA
expires: Fri, 06 Oct 2023 19:19:23 GMT

GET
H2 200 2FE38D80323E4A045A917946D70FA9DFB462FFAC59CE923F938285D0D5335A868233020219D7BACA360BF3E2DC6BD700ED49225A599457A567F8333D090F8110
assets.ad4m.at/ Frame FF0D 18 KB
18 KB 18ms
16ms Image
image/webp 2606:4700:20::681a:ad1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.ad4m.at/2FE38D80323E4A045A917946D70FA9DFB462FFAC59CE923F938285D0D5335A868233020219D7BACA360BF3E2DC6BD700ED49225A599457A567F8333D090F8110
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=121190&b=8RdFDf29AZHekzJTgHYt7HxtVjBHPTwT2jtk&f=ZxwtwfKWY1aR3eDfmHKtpHDCX89FVTXTWghJ&c=160&d=600&e=&g=78b0c0b5fd48118be2d992e8f6db940e%2F13236035799053118628&i=27903&j=22&k=0&l=0&m=0&n=&p=&q=&o=dbmPros&r=1696616362948&h=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%253Fsa%253DL%2526ai%253DC5A3iqU8gZeyYB6KriQa3qo6wBJumjORjrqn1-qcM8C4QASDjv6SEAWCV4pCCoAegAdyokOUCyAEJqQLNxqRQjaOxPqgDAcgDmwSqBP8BT9AHyFsN4fuLu8oQh0K9jlKoPMZh7GnuTw6IoglEcsN1PHNb3L29dfHv00rqXRO08idxz6QYb55E50YT_4FRLAbPLqV1eTw2GrghC_ukt0DHJ6ReKduYqhOrycDKr9V697rbS9KB8SKgGQJ9LwRD80x_CzZc_htwKqS0afLqENnJ1fDTzrSQn4PWRzVlpZ_lnRMyp9bFH0JjtXHTZjr0AM2szcUqU0nmz5JTqWHzNWwbSF4pq1GuaagQs6DJCZXlMrSMitF0PGJ-uTz7IA158rjhmkRwvIYOQYwh50t4fX7ykQ5BZPIzo9IQeVGOrD0OJRrJ_BGbPMY9fwsyq4nhwATq_pn2pgLgBAOIBeL9pNgHkAYBoAZNgAeM1--aAagH2baxAqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBYIgOGAEBABGB8yAqoCOgKAQEi9_cE6gAoBmAsByAsBgAwBqg0CREXIDQGwE6PA9xTQEwDYEwrYFAHQFQH4FgGAFwHoFwE%2526ae%253D1%2526gclid%253DEAIaIQobChMIrJGZvITigQMVolXCCh03lQNGEAEYASAAEgKDvvD_BwE%2526num%253D1%2526cid%253DCAQSSwDICaaNVbcTiQwd4GyMtbhRFffHikXDQb1_IsOh0Pt7gB5V9gleMiT-DnhHfVladWuxlRSZAfbiGpPrdHzfnOBhczJfR9nfOJRkjxgB%2526sig%253DAOD64_2_PQ0n886dR9WmU6B5jM0PUavWjw%2526client%253Dca-pub-7720460051430832%2526dbm_c%253DAKAmf-B5_UhbIN-5iBQE258XHeFVLDaoatigXBTUw8hFS8FJsUXPPjtIayCpPBrbK8jONZmd5ya90JBWUfwj2K-6urQ_9AsQ3n5Y9XN0enNHje-o57-Jri_40QgW-jR_p6y-KhnAfFUVYPxBtgiIi8l4eq4sF-MyDeRjPkanB_RsNOOADaGEBkI%2526cry%253D1%2526dbm_d%253DAKAmf-BxQ5kQOq0O6KtOZlwX-okDb2ymkHKYMnkrvm00exTDe6lFIHf0-BwjMc4wjUn6LtAnnwzzB581v8asdOXWxAxKDd0TtDt19mZU3j24vT6un4YF4hZxKyv_djmynTHPPTR2Bt8JYDL2WtQIchGCw5GTZkaYPJaU3RCHGSKp0x8cz4nOd-fRPbyGxpMKezCg5MwH0imTATOot10fOjtd4691TL61KYiGJebjF6aeCazwnOnct7VNKObbqESLVoCES_uUgyAwV_erimxkvLGZf4Lb0-n3Ei8uLvcw26EU-gVLT2ynvhef_o6XbCu1Lmp4DLdj7b2hpzqrLrWhBaAQ4XHvaFQK_JIAZAhqKXx7fwCOgWsqrf36HImnEBAiWtZsE039rUSEvwWA2_PIjYKaRVbUPPe9wPkjzbhVRaXM91BDmg1mqULDxYn_WVkSk4wncTi_bRMUbKAkjuhzzEUrF6wT6TdJGplb7G24rhkJsgsQwYzxwRRhqkUnS658pEwXdlefMqVKkinSiQ4UcNasnLeWqDafA9iqDktMJj4-nbh_si2LUKQV1gBYIv02HQcHAhw-J-LFQql4TOGLdVCWf36ZJgwsCGouRO4O_84P55h-OwqQ4oxXvfwGT4KanZE68ylPD0l-eqgD-crkM_do-1hbYFydYsfC4n4J9IBWDfxpeQNxyXI%2526adurl%253D&y=1&s=&z=0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:ad1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5d5178b85f33eb7cb6974b23a2953b6607c71ac6b300a86f3cc8bebcbf5c635a

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Fri, 06 Oct 2023 18:19:23 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 12034
cf-polished: qual=85, origFmt=jpeg, origSize=120811
alt-svc: h3=":443"; ma=86400
content-length: 17992
cf-bgj: imgq:85,h2pri
last-modified: Fri, 04 Aug 2023 11:51:53 GMT
server: cloudflare
etag: "7128bc1903cf2a0d96f8ada1a93e0bb0"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fFn%2FzCl5R%2FvC09mZQwE7VKxHdzx9Lo8Bhx9j7MiNZ5OcbhusNTX4v%2FURNBpBR2hzvxC5%2FK5L3aaYxOl6JyL9Tkx80fO8gKSRHdSjqEvK6LkDEQuj1Ox2yq9cRk2qbSmDRc1hN3D7cWj5NAVd"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
cache-control: public, max-age=86400
accept-ranges: bytes
cf-ray: 811fe98d3d559247-FRA
expires: Sat, 07 Oct 2023 18:19:23 GMT

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
6 KB 70ms
70ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://crezu.mx/landing/offers/?sub1=caa333ef9ab34141b01072fdc4cfcac3&sub2=mx-sms-welcome1-n&sub3&sub4&sub5&sub6&sub7&sub8&sub9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Fri, 06 Oct 2023 18:19:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Fri, 06 Oct 2023 18:19:23 GMT

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 9132 13 KB
5 KB 40ms
39ms Document
text/html 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://crezu.mx/landing/offers/?sub1=caa333ef9ab34141b01072fdc4cfcac3&sub2=mx-sms-welcome1-n&sub3&sub4&sub5&sub6&sub7&sub8&sub9
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 6171
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Fri, 06 Oct 2023 16:36:32 GMT
expires: Sat, 05 Oct 2024 16:36:32 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 aframe Show response
www.google.com/recaptcha/api2/ Frame B257 829 B
560 B 49ms
48ms Document
text/html 2a00:1450:4001:806::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

385189020ada6744a3bb4491a7a8ead09e19dbc072d31719d440638bb348b0e0

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-vXVrwCClAPyT4_ky4Kv-qQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://crezu.mx/landing/offers/?sub1=caa333ef9ab34141b01072fdc4cfcac3&sub2=mx-sms-welcome1-n&sub3&sub4&sub5&sub6&sub7&sub8&sub9
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=300
content-encoding: gzip
content-security-policy: script-src 'report-sample' 'nonce-vXVrwCClAPyT4_ky4Kv-qQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Fri, 06 Oct 2023 18:19:23 GMT
expires: Fri, 06 Oct 2023 18:19:23 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 24F9 0
20 B 146ms
145ms Image
image/gif 2a00:1450:4001:81c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BHxNFqk8gZbD7GOT2x_AP0NyPgAcAAAAAOAHgBAI&bg=!Z2SlZCvNAAYMG8UMLBs7ADQBe5WfOMNnjBSnByTYK7wMH7Jz9lWeMowYqD29XM0CXWas_zQug2tVH5kEdEoLpnk3SMcjAgAAALtSAAAACWgBBwoATIVhg0_HDYO3C7sLVOzPFLEVowi-HZ61npNuCyLX7tVolT4CpZQ4w49FEb3o5EgYq1iSJmPUKvOQLX1f-ifCrmVL-wGulqY7ybA-NwOZAv44YepDkQEa6UZbohDSBDphD3xZdOC3R6OFc1VjWdChPlXt_x5YnLElbaXNg0H0CZJENUdcFqEy7phZaH-rxlagEQPExcdCnYrXDxmTjJYzQZPxZCMcfZvjMK8t3Nj22HzanIA0YxGoCvxwhil9CMro3qEt2pgTUAj1-QydZAYflcHoK3h0qjTIlDVTiE8SHfRxjW-JYB_TCjsx36c89PXCUqaZ2SXtB6buebVo3RHpAltp7sIV6sQCoGZDl-v_rFSj1hVkSxUhDcl_cjXHHog51ZA3EOEYShJKE0YfqoFaYC8Pmfkf9OAempfWbB0bSDaUoaDnUurseDKjRE8h-fr4ETZmx2U8kXYEFY6XVhJhISGzcsZU1R1YCOsxcaD6GcdGJlEHyJ78UQbm0P4x8Ru-Am_zhIImSITeRLD_pS63mr91adtVkthCe6EaEgY236-3JknjHCWYg2Iil2RBaM0bWEoseWR6glBO9GL57zyey5-e_rzq6H6ElS9fxm-iJr4y5H1BioFY44tNbvBFsR-gWupXVvDg1omg29uixn-uojgYrW4ACLZGxYZJSaGmWF0JCCW--kuZy277C7XIWepJO6FIPNkdfj1mHp9xFcZiwur4V7YcIk3Y4Kf6HViYJSO0jH1Mk88y601U2PtSkn6oIgCjQzecgI_K5zqpBhXhXTQCSIW2G8AyfnERbCxFsoA1PDZRfUGYL0rJNrQl6nEUpJ2Z9apMe2Xz6uk0dnyvOLZqRaA_jv9HYwZMnuMIZFqyzLGo7pHWgm8rOauXkCSSB9tHVE5BYAnSYdBxq8tDj8nplA6GVa9mRgGoNZVOM6bUf8Cm88_IQ1wAO43JcKBKv-k6L_iqF9hmBY0qSQuMkT12PTXHtpMZXZ5cyPsZ9gtr_MkmfJ4NPti-bwS154kwaV19RiV-OtBHuvfppWLeGfhQkHaL_b4qGdT0PQDe79JVxviawO22gDd2a5D9-pL6v_1Els9jTzdHTSC57dL5dSx945h3BdUUSxcDP0uq

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 06 Oct 2023 18:19:23 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 2279 0
20 B 143ms
143ms Image
image/gif 2a00:1450:4001:81c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BI-tKqk8gZfjCFMirjuwP57-_sA8AAAAAOAHgBAI&bg=!dnWldTrNAAYMG8UMLBs7ADQBe5WfOCg_aVO6KisZBbDN2y3ErHWcd5i2dfulWYOOwKpnb3fGh_Jpt-e6zI7P29QS0rKLAgAAAMpSAAAAImgBB5kC-r2rn_VUKh9bhRdTkOAmNIjQ_jitB3jgcohvlwAemAu29Kvgb1-wSCEEm6JwLiULpC1DNpVHmXa7N__gY-lIh7tGhMFhxKKqNr4v7EB15Xicw0lU_OPxRBRIBQ3sR-WN2HFLmvsTCsO5Be7UuzP9nTJ3zMjp_lRvCUQJR9zjBjkjXgInUwUYukt0GbNKwL2eFueRyBR57NbMBPFZ0o6LTOobsNv51FuOOgmD8NhoiTXPaVIfWiSnKTueC4Kyi_Ar_oCfivesg3Dk6P0Jsp9q_YMv3VclF_nj1mFD9ZN3XPCsRvgkW1bPI1HJsNK1SxqnXn2ulV9M6Lenxve4EmRJi5ZkYBoKFHQQQEbrsnbrmB9vm3A9EcXdtfybwzhXgZJliNWHll4gG3z_PQL572AhdAP-qvNf3AGrzgWFBshHg3nK5jiUBtj8kQlIrV7bKlzpEOsFOLlf6cBEg5QTZ-hN0n4g70a7hGuRIyYPvNMV3BAu-nOdkEA0egG7IF71tA92uaeDDZzlZq6VZLI5pleBR87uPZR0kWr4QhkR9LrvgY4HC9KJCwhaYwEOgW_kQXfTaueOGjpFKYKamLLM-rdpL42X_J7qvcK_jGuYDPnj3eo2HgwZGle040HpsGq2TvwC49k45tm9lYhAb2jhQs8dgScj9Sq-UyFi9DPvbgnaWoocXSgKj8iEJzR8JODaXv2HCniuZ93AOfovlWwTWBS8E8vpFd-xEtanJVh0l6P68UJvsuJm2hK2jgI8TV6r7DGsth8GZUPoXf8Ka9XVONX-CYeVNE6r81RX4b0lLzlmdSdm-sGAtOqHKBbEgFqNVP9RL36Q7VLvR9cBPHMtnm16h759BGc_DBzdHWSYNhW1-6USmeqE5o8rVkIareCCxv39o4II5Vthai76VjWh7Hl76D630v705jNByIMjNiyOE8Zep7eWcvJukvx8oGB9iVrzeEJYNe_IJ1TJp6mG6PZFsaZo9NGDtdDauzgMFeilPxa2hiEZvVm4ATtQoA

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 06 Oct 2023 18:19:23 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 YeTNF82ErcXtSc42GSWrie2SEIEL8DxR64dbf1nZkSc.js Show response
pagead2.googlesyndication.com/bg/ Frame 9132 37 KB
14 KB 39ms
38ms Script
text/javascript 2a00:1450:4001:81c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/YeTNF82ErcXtSc42GSWrie2SEIEL8DxR64dbf1nZkSc.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61e4cd17cd84adc5ed49ce361925ab89ed9210810bf03c51eb875b7f59d99127

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Fri, 06 Oct 2023 16:36:32 GMT
content-encoding: br
x-content-type-options: nosniff
age: 6171
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14663
x-xss-protection: 0
last-modified: Mon, 02 Oct 2023 14:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sat, 05 Oct 2024 16:36:32 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame B257 0
0 141ms
141ms Image
text/html 2a00:1450:4001:81c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gda_r20231004&jk=4203924318548781&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:81c::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame 9132 0
10 B 38ms
38ms Image
text/plain 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?Zd0Bzw
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Fri, 06 Oct 2023 18:19:23 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame BD0B 0
20 B 141ms
141ms Ping
image/gif 2a00:1450:4001:81c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tler&ord=1553772743084&version=m202309260101&ct=77&x=1&cor=17733811447608041000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 06 Oct 2023 18:19:23 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 490E 0
20 B 139ms
138ms Ping
image/gif 2a00:1450:4001:81c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tler&ord=4588591676923&version=m202309260101&ct=77&x=1&cor=8100374063085219000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 06 Oct 2023 18:19:23 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame E203 42 B
64 B 146ms
143ms Fetch
image/gif 2a00:1450:4001:81c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjssIj6Dn9cVwHUbVvv3OurMz7Ar-x6tzzyDZQmo9BswZ8F4Nsh0fb6PItETS62nLxZNqWB0sfaK7g0azYaKKUwaEw7pyo9HNsMJFFprxPeC65k9ESs_kBHg7_ECZzwMsJ9MpgFlJrEzVkfiL&sai=AMfl-YRAaTaiUA4my6n1RbW8y8mQRWRp3MX56Hc5OH0sBg_uKLM5uBTNglSvcXZEG69jbFBik6QhcVf-VW7oW-zABdEmHyJpm-pLThXeI9lxGETe25HzCxcE-ZmpdlaZuprq8jhSqVggJnv7E-J3&sig=Cg0ArKJSzCxkJoMjWp8qEAE&cid=CAQSSwDICaaNVbcTiQwd4GyMtbhRFffHikXDQb1_IsOh0Pt7gB5V9gleMiT-DnhHfVladWuxlRSZAfbiGpPrdHzfnOBhczJfR9nfOJRkjxgB&id=lidar2&mcvt=1010&p=-17,-138,107,867&mtos=0,0,1010,1270,1270&tos=0,0,1010,260,0&v=20231004&bin=7&avms=nio&bs=0,0&mc=0.51&if=1&vu=1&app=0&itpl=22&adk=1812271801&rs=2&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ%3D%3D&vs=4&r=v&rst=1696616362070&rpt=542&met=mue&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 06 Oct 2023 18:19:23 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ 0
0 147ms
145ms Image
text/html 2a00:1450:4001:81c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gda_r20231004&jk=4203924318548781&bg=!iYqlisXNAAbjlzx0w5c7ADQBe5WfOKhxrAygaglhLghe9jO6GcQsekf9aD_deWr5yGXfVPGr9k_QmEJ4SzCNl2N3w01mAgAAAGtSAAAAB2gBBwoAB4EVDOfjD0qZAq12X8UwyWDJPVtxCt0HC3a9Wr0rV2COp2NjctvrA0n91r7rOAjCbPpzWVsPfU0XKhOqztwX2IffkJKQaUrZGk0y79_8B1ickaJ-bAoUkwN2owIXWxUB3SNDHI73PQfkcJOLJLherzhGeHyWAXs-e71q1q0C5h4UciNidb9E_bYuxyf9cHIwWZB6Q_teoDJ9Hn0XpT9sJXOtXrId23HGim7UDHyAE_1pMfQa8YHIZuVMP0fNUYHeG4xNrAzD1jM0-T6OcXaOf1o0GdCEW7yNDONhPaGreMI_C4AV-mBs__pjKwcvJjw2kJyBfwh2eO30JWCN4Jo8uZUxOJ5sAjz1HVhb6Gl7Mqp2euuMp58PPeg4eJWzDOBqZLkqXwEtvv347IFwr3_i7g9YPgI8JaV17x0jV7EEg1i_qW7tgxvKJ3zDujuLEiSuEbh5cCcO6BkY5V9UY6A0ZTg3IYAYBSpJbO5UxQnn7CdCNXS9YXhvScIdhfWlbsZ8Z8XtOWFzbzN92Vbgp77atCa9NdUdhlzUvPn96XUZuuUVpUC_QfYHIZ77zSKMrhwjCBE1xhUFsoPHiNnzkbPRMyuEOvGvH8yC_e8kQe1vl6KFMb9Cw2SONNxRj2jelKdXeuWBflILrstuAWFnmBYQY8RtwA6y2alOrphbZrDdaw1660s4oXz3K7BkuLiJuindrRSJQ9MyhKlQZAd9rbOqHbY_v6BvNG7oLgRD0O7tLUP3uwSb93ajBXKlFCeQdfJrJI281gVkh3rcSUTILJXdimFRN48vuDoq2Et3CHnH2D46btmmetSGuXRVdmnmRi7HQWWcPYv1gitjB6poIg1Ts2OOlGbR3fm4417iUkiG9R_Tn8gC3DGnKDPWMkXprvsIb3vg3DveE8YD1pSYN3tS3Yr1Y629ZOC-
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:81c::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://crezu.mx/landing/offers/?sub1=caa333ef9ab34141b01072fdc4cfcac3&sub2=mx-sms-welcome1-n&sub3&sub4&sub5&sub6&sub7&sub8&sub9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame BD0B 42 B
64 B 144ms
144ms Fetch
image/gif 2a00:1450:4001:81c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjstaWdCXNpR4JesCRWqLHxzRibexAk7kHNHzHKRH4ha7K0h3BBtSj0XVZBIh2AReVQlKjxZmgi07YdWX5tVpW62MrWm-54KVp1fxW_539XXxn-LesDrecGPJuKUmPXwARLpIiBQbJ9TahF6O&sai=AMfl-YReQtu1fge4TLY_7LQnspZDqlMY-c3BuJST_tq_1cjHSZfGZ0xzMVWC0jSz_xCIcXTQ9r-UQ0_2AcUMtemOuhiL_C-etjLr2n1pIPPKKOoC_5phOnD2ZAJQg_8vstgq6w__4IeZmZ5caBRR&sig=Cg0ArKJSzARVPyVfDwRmEAE&cid=CAQSSwDICaaNVbcTiQwd4GyMtbhRFffHikXDQb1_IsOh0Pt7gB5V9gleMiT-DnhHfVladWuxlRSZAfbiGpPrdHzfnOBhczJfR9nfOJRkjxgB&id=lidar2&mcvt=1000&p=0,119,40,160&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20231004&bin=7&avms=nio&bs=0,0&mc=1&if=1&app=0&itpl=20&adk=1812271803&rs=2&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ%3D%3D&vs=4&r=v&rst=1696616362168&rpt=497&met=ie&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 06 Oct 2023 18:19:24 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 490E 42 B
64 B 144ms
144ms Fetch
image/gif 2a00:1450:4001:81c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjstexEukhl6H8lhEn-5CCBKpNY3Q9L3uHikFKMxLjaHxebaq_FtOJfbFoUAIOONf0_SvyPTLBLwEinrPZb-rQWSeAEuiH0UVMLk5AJ8EmU1ekR4PC7sv0UREHsFhImDxvES7GcQYf5brL_NV&sai=AMfl-YQUy2DYuWB-_r2iBuNInE7MU40nQDtiQ5oeuVI0SYAU1qps0WU4S_i-6isWHQDUjwhOBAXiUzAjSKZ_bPvH_u7Rn4hA7F7qzB7XSNw2pTvvIGJFAq_5A17gIpPxsPQm1rBIJ5-G2cDhFQi5&sig=Cg0ArKJSzD67aeGo8imXEAE&cid=CAQSSwDICaaNVbcTiQwd4GyMtbhRFffHikXDQb1_IsOh0Pt7gB5V9gleMiT-DnhHfVladWuxlRSZAfbiGpPrdHzfnOBhczJfR9nfOJRkjxgB&id=lidar2&mcvt=1001&p=0,119,40,160&mtos=1001,1001,1001,1001,1001&tos=1001,0,0,0,0&v=20231004&bin=7&avms=nio&bs=0,0&mc=1&if=1&app=0&itpl=20&adk=1812271804&rs=2&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ%3D%3D&vs=4&r=v&rst=1696616362195&rpt=510&met=ie&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 06 Oct 2023 18:19:24 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 done.svg
crezu.mx/svg/ 235 B
393 B 170ms
163ms Image
image/svg+xml 34.94.124.239
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://crezu.mx/svg/done.svg
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 34.94.124.239 Los Angeles, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 239.124.94.34.bc.googleusercontent.com
Software: nginx /
Resource Hash: fc52eb0bdcab53c8cdd4e4a03c6958c2c10a179d91eeb601435b1a668b20c735

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://crezu.mx/landing/offers/?sub1=caa333ef9ab34141b01072fdc4cfcac3&sub2=mx-sms-welcome1-n&sub3&sub4&sub5&sub6&sub7&sub8&sub9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Fri, 06 Oct 2023 18:19:24 GMT
content-encoding: gzip
last-modified: Wed, 04 Oct 2023 15:41:58 GMT
server: nginx
etag: W/"651d87c6-eb"
vary: Accept-Encoding
content-type: image/svg+xml
cache-control: max-age=31536000, public
expires: Sat, 05 Oct 2024 18:19:24 GMT

GET
H2 200 close-green.svg
crezu.mx/svg/ 235 B
386 B 170ms
163ms Image
image/svg+xml 34.94.124.239
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://crezu.mx/svg/close-green.svg
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 34.94.124.239 Los Angeles, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 239.124.94.34.bc.googleusercontent.com
Software: nginx /
Resource Hash: 35388c215dad3ef4ce5523aea6900f5c434b4dbee600a9cf35ceea6012507fa3

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://crezu.mx/landing/offers/?sub1=caa333ef9ab34141b01072fdc4cfcac3&sub2=mx-sms-welcome1-n&sub3&sub4&sub5&sub6&sub7&sub8&sub9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Fri, 06 Oct 2023 18:19:24 GMT
content-encoding: gzip
last-modified: Wed, 04 Oct 2023 15:41:58 GMT
server: nginx
etag: W/"651d87c6-eb"
vary: Accept-Encoding
content-type: image/svg+xml
cache-control: max-age=31536000, public
expires: Sat, 05 Oct 2024 18:19:24 GMT

GET
H2 200 polygon-push.svg
crezu.mx/svg/ 308 B
436 B 170ms
164ms Image
image/svg+xml 34.94.124.239
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://crezu.mx/svg/polygon-push.svg
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 34.94.124.239 Los Angeles, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 239.124.94.34.bc.googleusercontent.com
Software: nginx /
Resource Hash: 5b0270cfaec64a3f0b274938da05903c44076025308fff5ed8fefe70b5771362

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://crezu.mx/landing/offers/?sub1=caa333ef9ab34141b01072fdc4cfcac3&sub2=mx-sms-welcome1-n&sub3&sub4&sub5&sub6&sub7&sub8&sub9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Fri, 06 Oct 2023 18:19:24 GMT
content-encoding: gzip
last-modified: Wed, 04 Oct 2023 15:41:58 GMT
server: nginx
etag: W/"651d87c6-134"
vary: Accept-Encoding
content-type: image/svg+xml
cache-control: max-age=31536000, public
expires: Sat, 05 Oct 2024 18:19:24 GMT

GET
H2 200 push-image.webp
crezu.mx/img/ 24 KB
24 KB 333ms
326ms Image
image/webp 34.94.124.239
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://crezu.mx/img/push-image.webp

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

34.94.124.239 Los Angeles, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

239.124.94.34.bc.googleusercontent.com

Software

nginx /

Resource Hash

4a3ee46fe9819898f7a5a560968276a9a29b11e0b8b2b1b2e2695c76a5e6cd24

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://crezu.mx/landing/offers/?sub1=caa333ef9ab34141b01072fdc4cfcac3&sub2=mx-sms-welcome1-n&sub3&sub4&sub5&sub6&sub7&sub8&sub9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Fri, 06 Oct 2023 18:19:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
last-modified: Wed, 04 Oct 2023 15:41:58 GMT
server: nginx
etag: W/"651d87c6-5e94"
vary: Accept-Encoding
content-type: image/webp
cache-control: max-age=31536000
x-xss-protection: 1; mode=block
expires: Sat, 05 Oct 2024 18:19:24 GMT

Verdicts & Comments Add Verdict or Comment

82 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

30 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
track.crezu.net/	1970-01-21 00:02:32	Name: afclick Value: 65204fa629305300019b9b92
track.crezu.net/	1970-01-21 00:02:32	Name: afoffers Value: {"216":1696616358}
crezu.mx/	1970-01-21 00:02:32	Name: i18n_redirected Value: MX
crezu.mx/	1970-01-20 15:16:58	Name: landingOffersVisit Value: {"sub1":"caa333ef9ab34141b01072fdc4cfcac3","sub2":"mx-sms-welcome1-n"}
.crezu.mx/	1970-01-20 19:36:08	Name: sbjs_migrations Value: 1418474375998%3D1
.crezu.mx/	1970-01-20 19:36:08	Name: sbjs_current_add Value: fd%3D2023-10-06%2020%3A19%3A20%7C%7C%7Cep%3Dhttps%3A%2F%2Fcrezu.mx%2Flanding%2Foffers%2F%3Fsub1%3Dcaa333ef9ab34141b01072fdc4cfcac3%26sub2%3Dmx-sms-welcome1-n%26sub3%26sub4%26sub5%26sub6%26sub7%26sub8%26sub9%7C%7C%7Crf%3D%28none%29
.crezu.mx/	1970-01-20 19:36:08	Name: sbjs_first_add Value: fd%3D2023-10-06%2020%3A19%3A20%7C%7C%7Cep%3Dhttps%3A%2F%2Fcrezu.mx%2Flanding%2Foffers%2F%3Fsub1%3Dcaa333ef9ab34141b01072fdc4cfcac3%26sub2%3Dmx-sms-welcome1-n%26sub3%26sub4%26sub5%26sub6%26sub7%26sub8%26sub9%7C%7C%7Crf%3D%28none%29
.crezu.mx/	1970-01-20 19:36:08	Name: sbjs_current Value: typ%3Dtypein%7C%7C%7Csrc%3D%28direct%29%7C%7C%7Cmdm%3D%28none%29%7C%7C%7Ccmp%3D%28none%29%7C%7C%7Ccnt%3D%28none%29%7C%7C%7Ctrm%3D%28none%29
.crezu.mx/	1970-01-20 19:36:08	Name: sbjs_first Value: typ%3Dtypein%7C%7C%7Csrc%3D%28direct%29%7C%7C%7Cmdm%3D%28none%29%7C%7C%7Ccmp%3D%28none%29%7C%7C%7Ccnt%3D%28none%29%7C%7C%7Ctrm%3D%28none%29
.crezu.mx/	1970-01-20 19:36:08	Name: sbjs_udata Value: vst%3D1%7C%7C%7Cuip%3D%28none%29%7C%7C%7Cuag%3DMozilla%2F5.0%20%28Windows%20NT%2010.0%3B%20Win64%3B%20x64%29%20AppleWebKit%2F537.36%20%28KHTML%2C%20like%20Gecko%29%20Chrome%2F117.0.5938.149%20Safari%2F537.36
.crezu.mx/	1970-01-20 15:16:58	Name: sbjs_session Value: pgs%3D1%7C%7C%7Ccpg%3Dhttps%3A%2F%2Fcrezu.mx%2Flanding%2Foffers%2F%3Fsub1%3Dcaa333ef9ab34141b01072fdc4cfcac3%26sub2%3Dmx-sms-welcome1-n%26sub3%26sub4%26sub5%26sub6%26sub7%26sub8%26sub9
.crezu.mx/	1970-01-20 17:26:32	Name: _gcl_au Value: 1.1.1874869079.1696616360
crezu.mx/	1970-01-20 15:16:58	Name: uuidv4 Value: a989a6a1-df08-4c01-8c52-bff7135de3ed
.crezu.mx/	1970-01-21 00:52:56	Name: _ga Value: GA1.1.1075330997.1696616361
.tiktok.com/	1970-01-21 00:38:32	Name: _ttp Value: 2WOvIVIE2tStoU2QShGIb1TsAMZ
.crezu.mx/	1970-01-20 17:26:32	Name: _fbp Value: fb.1.1696616360619.225247911
.crezu.mx/	1970-01-21 00:38:32	Name: _tt_enable_cookie Value: 1
.crezu.mx/	1970-01-21 00:38:32	Name: _ttp Value: 80nozzGXy3n6A-xWFNVzvKEX43a
.doubleclick.net/	1970-01-21 00:38:32	Name: IDE Value: AHWqTUmW0chpZj0ZV8Qj7krNAikTdxumWY1LlCu-uveUUU56MKMTvYOwFaFqo383
.adnxs.com/	1970-01-20 17:26:32	Name: uuid2 Value: 7340506816157238821
.casalemedia.com/	1970-01-20 17:26:32	Name: CMPS Value: 1219
.casalemedia.com/	1970-01-21 00:02:32	Name: CMID Value: ZSBPqtbFP8kkhWnNPuUeQAAA
.casalemedia.com/	1970-01-20 17:26:32	Name: CMPRO Value: 3343
.crezu.mx/	1970-01-21 00:38:32	Name: __gads Value: ID=529a5352297c9c98:T=1696616361:RT=1696616361:S=ALNI_MbZZBHp0mtyV4QPKHIYuuf7tkzYIQ
.crezu.mx/	1970-01-21 00:38:32	Name: __gpi Value: UID=00000cb82d645610:T=1696616361:RT=1696616361:S=ALNI_MZrT2plPSYbtXaNJ8E5TDBbGaS3Rw
.doubleclick.net/	1970-01-20 19:36:08	Name: APC Value: AfxxVi4USQJwNoO1mF8lwAB5WLxO-uivdWqNpbSnj3VYQyTybU1e8Q
.adnxs.com/	1970-01-20 17:26:32	Name: anj Value: dTM7k!M41.D>6NRF']wIg2E>5Cil?F!@wnfH8K6pQK`!5=E<L5?%M>gK6nNbjqN!kZKght[`3_V#HCB`_.`elCU%nugO%v4VB%nnFW+%_N
.doubleclick.net/	1970-01-20 15:16:59	Name: DSID Value: NO_DATA
.crezu.mx/	1970-01-21 00:52:56	Name: _ga_8PMFQDPCNZ Value: GS1.1.1696616360.1.0.1696616362.58.0.0
.googleadservices.com/	1970-01-20 17:26:32	Name: ar_debug Value: 1

2 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
security	warning	Message: Error with Permissions-Policy header: Unrecognized feature: 'web-share'.
security	warning	Message: Error with Permissions-Policy header: Unrecognized feature: 'web-share'.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ad4m.at
analytics.tiktok.com
as.ad4m.at
assets.ad4m.at
cdn.crezu.net
cm.g.doubleclick.net
connect.facebook.net
crezu.mx
cru.si
dsum-sec.casalemedia.com
events.crezu.net
fonts.googleapis.com
googleads.g.doubleclick.net
ib.adnxs.com
p4-h2uabqeu6o7fw-fxaxwqqm2s65csfk-if-v6exp3-v4.metric.gstatic.com
pagead2.googlesyndication.com
partner.googleadservices.com
region1.analytics.google.com
sl.crezu.net
stats.g.doubleclick.net
tpc.googlesyndication.com
track.crezu.net
workers.crezu.net
www.facebook.com
www.google.com
www.google.de
www.googleadservices.com
www.googletagmanager.com
www.googletagservices.com
www.gstatic.com
104.18.26.193
142.250.186.35
142.250.186.66
142.250.186.98
2001:4860:4802:32::36
23.38.98.27
2606:4700:20::681a:ad1
2606:4700:3032::ac43:c37f
2606:4700:3036::6815:3c5d
2a00:1450:4001:806::2004
2a00:1450:4001:806::2008
2a00:1450:4001:80f::2002
2a00:1450:4001:810::2003
2a00:1450:4001:812::2002
2a00:1450:4001:81c::2002
2a00:1450:4001:827::2002
2a00:1450:4001:828::200a
2a00:1450:4001:829::2003
2a00:1450:4001:82b::2001
2a00:1450:400c:c0c::9b
2a03:2880:f084:105:face:b00c:0:3
2a03:2880:f177:185:face:b00c:0:25de
34.77.94.206
34.90.46.36
34.94.124.239
35.201.76.189
35.240.92.105
35.241.222.91
37.252.172.123
041fe6e516177e777c651a95708ee4961723db34a974e8be9e6ba597a1313e51
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0f23a6515f7b40eccc40f02ee14a2b48588bfc56fec364959bbb87b5ab419d39
127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b
16fadb06557f8c559b25e437d47286d3886b6f361900f479f1bf928198e8d0f7
18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421
18a49454b27284f8a409abfe02ee82f6aca81c42481091e6710bc2d8aa2ade16
18dc7efbbf35c8f5b68c067252948fef7a3562c01163b73cacd0202ef9a4857f
1a538319189aa95195c40dd14147a90955ee910e191413c04270d842aabe0902
1e8bbb60b78968d191a7964532d0f92782d8a8e661e8b98623a2200016c9e52e
2052108ad08e3c73539fad6203ec4246b489921db8e53a869817c3f1ded47385
20db7ce8e3049977535579a92d71232b26ed80f8ab0c1b7418ae67c403a6b321
211e094c1dd908e57c089091b6009b69ab57c591aa1cac3aa6ff80339441c70d
2357489ef54f3b5acfbf1996b3b8883879ac48c4ee245144952362bc5739d50b
23b989b7a16bf6914ad0d4cdfb9d87c1bc17250479d8b1dbf3727d7256b399bd
2446a06920c92f06ddd5d728bf53a0cb464ab9443f7ca2b703ee5a99226c3614
245f627047d87dc759fac404319192eae4862c64e066f3499a4d5fe9930c2221
29020649181800734e62e4d5247328233c913bbaf4b95a02a91886e220a9e53b
2a45c21b79433a9b4d6b55022af7dee5406a06a1de25875d3e9df6a0a0ff625a
2c60934a4b0af0de2de96c9fee7dea5775a7a62197d6cff1744660c41fd3711c
3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5
32b6db04338d853de4148e775afcacadfb2d0bd3e8f10192916f6688f34c6005
3382d8c931d8ea7d722b9a4a8e1e95a01dfc04009a0daefc2c8557d5e5a264cb
35388c215dad3ef4ce5523aea6900f5c434b4dbee600a9cf35ceea6012507fa3
365ba661ce7dd81b4bc935c1458f4225e097c9a67304113b0c4c787bd0a06b02
385189020ada6744a3bb4491a7a8ead09e19dbc072d31719d440638bb348b0e0
3a02884857f44655bce399b1d1bb9319dcabd5bca07acd6458218d00e3a0aaf7
3ab7853ddfc8ef3468082187bff5636436df85cd9d1e54653530c018cf9d9280
3e20cf94885ec9fde4b91cfbb735ec0fbd84a9bf25a9eefa1d6ae6570ca737d2
3e6375eb224adafea4e71b197cfe5408a0b0d8b26f6f68649b0fe69977e48166
40f9822c8aa42d2c8a21edff1ff8f3f47e3c609819930c2d600dc6a9a68f3449
410a655ef778c633ee7c66a2cdfc4fd765da972fcc0f732b210584a83d2abd9f
43c76398d17966c666af6a608b05793537933ce9df86051b8b18df77ae72b9a8
44f0415ef26867c13036d895bf62b2c275bf53af45fd826b8ad059cdc59b485c
47c1293d2a904a3a20bfab88c4aa50c63a0753570c68aa7bd5f8a245e515cb08
497cb0686a5f7b490fd58b319740c7b50a68918644b66f6c289d266b768be6e1
4a3ee46fe9819898f7a5a560968276a9a29b11e0b8b2b1b2e2695c76a5e6cd24
4ab59ee2741c06b4e1a3315b3be66ac1e76e1fb37eaea4247648dc37e3381f12
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4fcc2c45e5c8be67198b1d2c38bef90e3373e59b91be75e915711bfa7c10d22a
5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f
50a61db1134643f3360d0e1ff16c4e48fdf700090052d0fcf9301e95884ae9d9
553779f13bdc6cbd8dd60fedc12225fdba7e98a7a37f03209d3e370cc0132bfc
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
56400f27bcce7cd78a1d286f0f0b15699e75b8a3a982616de3269e7108fa76fa
56814b7d406e980f2304225a2a68993319fec77317a2fefc1b3223bf6237d855
56de204768600e666186737da41e893c7d3aacaea1c39fd80465f44392714d4a
5b0270cfaec64a3f0b274938da05903c44076025308fff5ed8fefe70b5771362
5be127696e664a35f467a1c61c1415875641df0930ba555d04a9327f3267a2d7
5d485f783c7cc440cba21bb750ce67e191bce0783bfc6cff5f98e236e401b7ab
5d5178b85f33eb7cb6974b23a2953b6607c71ac6b300a86f3cc8bebcbf5c635a
5ec2283ac7198b6e5e488b49a03f777f8999b75dfcc903d4a6d730b2c911e922
5f5a0db09b2c7d59fce00d749f6b857d80edafcca6897c038c5b77fb942f1393
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
61e4cd17cd84adc5ed49ce361925ab89ed9210810bf03c51eb875b7f59d99127
643da70419a079d384468d28e76cee8ab2d5ad7252eea203b9479f4f2cb3b25d
647e7c0d7b0d7187235b2136172874a862d80352ae7b5e75990b531a8209fa38
6602085affe5aaa23b00b8c4e5f26332fdf9a8d119a5d92bb77f145ff598fea2
6c0bd41a591f67aa54215c9f9c1f0e86935d86b6546a0ba0bf9cebbed53a9ebc
70e4f06afb616e6a1f73c494f05d0c4615729cdc4570efd6c41f6eef607425e3
719d72da85730794157992632094b847d6c92dee770dd626a5c46e4a36ab70c9
7346905002e232c7fe012df1036e0ecfa778289b00a39393ccce5f8233cd6476
74d0431663359a569620f87cb9ae337c4591a15d617dd200fa7caa3cd418c8e7
7a706d29ebced69475210c2fcf642bf549f1d6ec0d45cac70452818637774048
7ac00b67576f27c4b7d2d65b84ede1fb5191bfa25f776f2f2ee903a9c556215f
7afaa861788cfa4b943b9a78a597edb2e73dcf6cf15cb34ce9a02c72373d9abe
7b5795481ec5bafcc6dda4c3733dd67cd3e0de518f3a8b88b0ed4773540af566
8133d854013e9c449ca4033a45bc9d86303412f80e69c870042702ee83c2c2c6
8240d70f143516a14011a49da493f4425f0a7981e2d9a795a14028df197d389b
843d1ef05e0032e3add78ba4f7fab0405180b152afebd584324c0093d7c2c729
846df7abbf44ed3a332e8a4a2443329871c0a81c67b83546875d6bad254ee0a7
89403ef16933d6911ecc68da312e1934f696994b35d4824928649954a5980bec
8e2db6817343453d09b11709dc52332a605a51f24b22eed7673233ea8c7c90e8
9006724f0ef2ac6cec03386f92e316f4b88f8511836891f663a630cb6f6c3f94
92d16e1df1deed1cad305286a6f39912071e16747ca303d926e04040b5854b62
93340594a3f629999eacb6d03aac3d49a76ca9023c18a90bce7e7e8d3ef9a68c
9490c4f00bb14c899703d6c1564c7f1ad41def0023ebf61d5d61c9fdb8bc64a0
97d067ec411fe2fca3baca0556a1cfe331433d7a2e92a17edca9d2846d951883
986333a99c0309f940f3cd10c2846221feaefe70f96f9005553eb85fb83ec875
9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120
a19f48cc70625900f4e6a12fc2d089378270040735812d222ec5e8c6fe6c26c6
a1a4e8085302822637d4be4170bfbcc44e44551c8f3befde359f8857d7c5fff3
a7ef29d3fc71e75ad570a2faaa78d65cf17d29c8bffc019145d1d9599e01265d
aade7746342f608807b7eb107059c842fe200e1ff09e146db822250055cecaed
ac4a4d48faf1670dd95aac541fd22c6728ab6528d9fbacfdbd2e58ab5cbc83c8
ad2c75448f58781c7dd1a7dc49befeda2606b57915b998181f3e6f784bc740b1
ad3475c7f4d70164e0c35e41f5e0af761328897f7a9f374759623ee496dbd65d
af0458020cbf7352f51fb2708b6a94acfa5d1c66d7b5136853d350604466048b
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b2270be6cb72aa236276dbd83eac9a1cd00f0858388a96d85a937015b8f0ce0b
b426143717a30b2eb45983c0a820696ac4ead348f3b1720b82713d48b86aaf41
b8da67821e588e3ee5516083d99f1d9907c23a24fcb52dfb3c57cd38924dcef7
ba4a0c91bdda0c6f615970c6c39dbe9e47f84613f5460c2b21bf5d1eec6277a3
ba95cea0a3170d231a5d438b5089087b61dfbe09d8daa9140d2dcd14a6f5f922
be4fe1eb14331ddfa357dee65ac3e9d82400e3b185b05e3f09dbf2f9019b6a12
c18ad22903d41b067f4fa19f2c5516e34ce2ccaba69e83ce8abede0a40ac5245
c1c40a573b80bb8b6970916eeea5a809647df2807601120a0a15559e40b57c87
c9bb40cefe87d2b65103b30be083f0dc8f963f3c930f230d905b811b6eb82f47
cf2fe9ea5dac716357cab4f59872d0e2abe136919c06795c1ae0798b8fbe6952
d0b8a0387614fa2bc4041cc1415388e91bd1c645231e778dfb7bc7d2475ad638
e0309fd597700b89310de557575438fb73dbee569cf734340057c0884ce91c20
e04b0d057a78fa056468465ce0f3ac37a952f9f76844eb55d7c8acc28eb49b9a
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e455ea50853baebcf6bfdfbe7a3fe376e1fb273e4eae4edd45d659d6bc714dc4
e80a61b2cbc6d6b3b3ed8b50bcd8f6a89f8f5b69460e03f47defe0554c3220d2
eb9a2ab8342457e7f9c6ce094c79addc0a0daa680648438f5d97b7cb3cd8ef19
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
efc33fb6c96df8a38ab6b918f5b0f79ced1c3778ff2f13b7cc9ba9249d497788
f30741e6a140ab5f6c8c4e7a72109e5bded24d7a60dd6e0f13616f05a2957f17
f4d505854d57e5fc6e2dbfa230ea66dd0d008ccab4495c9e32562928c8467aa2
fad86a74fa1f903d076cf2cbe5d40513170b594820f6a48f8ba45400986001c3
fb57b135d0dd577a6106ac6eac66bfb6b63218c02b1ec0b086d573e2572dd8c1
fc52eb0bdcab53c8cdd4e4a03c6958c2c10a179d91eeb601435b1a668b20c735
fdee56376443aaa197e6ab164d59377f0f628626a20b0e914ff55ccec731a1cd
ff93bde29a517354bff84cdb622cd420f370026d74babb9a61a04f0d4b796d76

crezu.mx Open in urlscan Pro 34.94.124.239 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

183 Requests

95 %HTTPS

59 %IPv6

18 Domains

30 Subdomains

27 IPs

5 Countries

2957 kBTransfer

7427 kBSize

30 Cookies

20 Outgoing links

Page URL History

Redirected requests

183 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 5 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

crezu.mx Open in urlscan Pro
34.94.124.239 Public Scan

Screenshot
Live screenshot

Full Image

183
Requests

95 %
HTTPS

59 %
IPv6

18
Domains

30
Subdomains

27
IPs

5
Countries

2957 kB
Transfer

7427 kB
Size

30
Cookies

183 HTTP transactions
5 data transactions