nets4.com Open in urlscan Pro
2a06:98c1:3121::7 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://nets4.com/android-apps/com.darkodeb.souprn
Submission: On March 13 via api (March 13th 2022, 12:34:56 am UTC) from US — Scanned from DE

Summary HTTP 218 Redirects Links 14 Behaviour Indicators

Summary

This website contacted 35 IPs in 5 countries across 27 domains to perform 218 HTTP transactions. The main IP is 2a06:98c1:3121::7, located in United States and belongs to CLOUDFLARENET, US. The main domain is nets4.com.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on April 29th 2021. Valid for: a year.

This is the only time nets4.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
15	2a06:98c1:312... 2a06:98c1:3121::7	13335 (CLOUDFLAR...) (CLOUDFLARENET)
8	2606:4700::68... 2606:4700::6810:125e	13335 (CLOUDFLAR...) (CLOUDFLARENET)
22	2a00:1450:400... 2a00:1450:4001:82a::2016	15169 (GOOGLE) (GOOGLE)
20	2a00:1450:400... 2a00:1450:4001:813::2002	15169 (GOOGLE) (GOOGLE)
3 11	2a00:1450:400... 2a00:1450:4001:811::2004	15169 (GOOGLE) (GOOGLE)
1	2606:4700::68... 2606:4700::6810:5f41	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2a00:1450:400... 2a00:1450:4001:828::200e	15169 (GOOGLE) (GOOGLE)
2	2606:4700:10:... 2606:4700:10::6816:46c5	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2620:1ec:27::... 2620:1ec:27::cafe:1377	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
19	2a00:1450:400... 2a00:1450:4001:82f::2002	15169 (GOOGLE) (GOOGLE)
1	142.250.186.98 142.250.186.98	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:828::2002	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:827::2002	15169 (GOOGLE) (GOOGLE)
4	20.85.30.134 20.85.30.134	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
2	2a00:1450:400... 2a00:1450:4001:82b::200a	15169 (GOOGLE) (GOOGLE)
8	2a00:1450:400... 2a00:1450:4001:82b::2003	15169 (GOOGLE) (GOOGLE)
27	2a00:1450:400... 2a00:1450:4001:809::2001	15169 (GOOGLE) (GOOGLE)
5	2a00:1450:400... 2a00:1450:4001:82b::2002	15169 (GOOGLE) (GOOGLE)
3 18	142.250.186.34 142.250.186.34	15169 (GOOGLE) (GOOGLE)
3 5	2.18.234.21 2.18.234.21	16625 (AKAMAI-AS) (AKAMAI-AS)
2 3	185.33.221.53 185.33.221.53	29990 (ASN-APPNEX) (ASN-APPNEX)
1 2	52.50.243.239 52.50.243.239	16509 (AMAZON-02) (AMAZON-02)
21	2a00:1450:400... 2a00:1450:4001:82b::2006	15169 (GOOGLE) (GOOGLE)
2	142.250.185.66 142.250.185.66	15169 (GOOGLE) (GOOGLE)
2	142.250.185.67 142.250.185.67	15169 (GOOGLE) (GOOGLE)
2	2600:9000:215... 2600:9000:2156:c000:8:48e:53c0:93a1	16509 (AMAZON-02) (AMAZON-02)
9	104.244.36.20 104.244.36.20	7415 (ADSAFE-1) (ADSAFE-1)
2 3	2620:116:800d... 2620:116:800d:21:5a23:9c4e:e774:96c1	16509 (AMAZON-02) (AMAZON-02)
2 4	35.244.174.68 35.244.174.68	15169 (GOOGLE) (GOOGLE)
3	35.227.252.103 35.227.252.103	15169 (GOOGLE) (GOOGLE)
4 4	185.64.190.78 185.64.190.78	62713 (AS-PUBMATIC) (AS-PUBMATIC)
3 3	69.173.144.139 69.173.144.139	26667 (RUBICONPR...) (RUBICONPROJECT)
1	2a05:d01c:1d8... 2a05:d01c:1d8:8102:d28c:83ad:1b58:a2c4	16509 (AMAZON-02) (AMAZON-02)
2 2	34.246.234.200 34.246.234.200	16509 (AMAZON-02) (AMAZON-02)
2	142.250.186.35 142.250.186.35	15169 (GOOGLE) (GOOGLE)
1 2	52.142.114.2 52.142.114.2	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1 1	2620:1ec:c11:... 2620:1ec:c11::200	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
2	2606:4700::68... 2606:4700::6810:5e41	13335 (CLOUDFLAR...) (CLOUDFLARENET)
218	35

15 2a06:98c1:3121::7 (United States)

ASN13335 (CLOUDFLARENET, US)

nets4.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
img.nets4.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2606:4700::6810:125e (United States)

ASN13335 (CLOUDFLARENET, US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

22 2a00:1450:4001:82a::2016 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

play-lh.googleusercontent.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

20 2a00:1450:4001:813::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 2a00:1450:4001:811::2004 (Frankfurt am Main, Germany) 3 redirects

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:5f41 (United States)

ASN13335 (CLOUDFLARENET, US)

static.cloudflareinsights.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:828::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700:10::6816:46c5 (United States)

ASN13335 (CLOUDFLARENET, US)

static.addtoany.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2620:1ec:27::cafe:1377 (United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

www.clarity.ms	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

19 2a00:1450:4001:82f::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.186.98 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s06-in-f2.1e100.net

partner.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:828::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:827::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 20.85.30.134 (Boydton, United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

j.clarity.ms	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:82b::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2a00:1450:4001:82b::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

27 2a00:1450:4001:809::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:82b::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

18 142.250.186.34 (United States) 3 redirects

ASN15169 (GOOGLE, US)
PTR: fra24s04-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2.18.234.21 (Frankfurt am Main, Germany) 3 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a2-18-234-21.deploy.static.akamaitechnologies.com

dsum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 185.33.221.53 (Amsterdam, Netherlands) 2 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 718.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.50.243.239 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-52-50-243-239.eu-west-1.compute.amazonaws.com

fw.adsafeprotected.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

21 2a00:1450:4001:82b::2006 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

s0.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.185.66 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s48-in-f2.1e100.net

googleads4.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.185.67 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s48-in-f3.1e100.net

p4-eljpjziejsqdm-ydy3okyeyx4d4we5-if-v6exp3-v4.metric.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2600:9000:2156:c000:8:48e:53c0:93a1 (United States)

ASN16509 (AMAZON-02, US)

static.adsafeprotected.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 104.244.36.20 (United States)

ASN7415 (ADSAFE-1, US)
PTR: nyidt.adsafeprotected.com

dt.adsafeprotected.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2620:116:800d:21:5a23:9c4e:e774:96c1 (United States) 2 redirects

ASN16509 (AMAZON-02, US)

cms.quantserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 35.244.174.68 (Kansas City, United States) 2 redirects

ASN15169 (GOOGLE, US)
PTR: 68.174.244.35.bc.googleusercontent.com

id.rlcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 35.227.252.103 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 103.252.227.35.bc.googleusercontent.com

rtb.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 185.64.190.78 (United Kingdom) 4 redirects

ASN62713 (AS-PUBMATIC, US)

image6.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 69.173.144.139 (Frankfurt am Main, Germany) 3 redirects

ASN26667 (RUBICONPROJECT, US)

pixel.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a05:d01c:1d8:8102:d28c:83ad:1b58:a2c4 (London, United Kingdom)

ASN16509 (AMAZON-02, US)

ag.innovid.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.246.234.200 (Dublin, Ireland) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-34-246-234-200.eu-west-1.compute.amazonaws.com

pixel.everesttech.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.186.35 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s04-in-f3.1e100.net

p4-bmwns2zohdtqu-i4nbaq3t4q2r3r3c-if-v6exp3-v4.metric.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.142.114.2 (Dublin, Ireland) 1 redirects

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

c.clarity.ms	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2620:1ec:c11::200 (United States) 1 redirects

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

c.bing.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6810:5e41 (United States)

ASN13335 (CLOUDFLARENET, US)

cloudflareinsights.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
47	googlesyndication.com pagead2.googlesyndication.com — Cisco Umbrella Rank: 90 tpc.googlesyndication.com — Cisco Umbrella Rank: 122	704 KB
38	doubleclick.net 3 redirects googleads.g.doubleclick.net — Cisco Umbrella Rank: 38 cm.g.doubleclick.net — Cisco Umbrella Rank: 176 googleads4.g.doubleclick.net — Cisco Umbrella Rank: 276	192 KB
22	googleusercontent.com play-lh.googleusercontent.com — Cisco Umbrella Rank: 453	2 MB
21	2mdn.net s0.2mdn.net — Cisco Umbrella Rank: 246	419 KB
15	nets4.com nets4.com img.nets4.com	79 KB
13	adsafeprotected.com 1 redirects fw.adsafeprotected.com — Cisco Umbrella Rank: 660 static.adsafeprotected.com — Cisco Umbrella Rank: 500 dt.adsafeprotected.com — Cisco Umbrella Rank: 458	96 KB
13	google.com 3 redirects www.google.com — Cisco Umbrella Rank: 2 adservice.google.com — Cisco Umbrella Rank: 57	25 KB
12	gstatic.com www.gstatic.com p4-eljpjziejsqdm-ydy3okyeyx4d4we5-if-v6exp3-v4.metric.gstatic.com p4-bmwns2zohdtqu-i4nbaq3t4q2r3r3c-if-v6exp3-v4.metric.gstatic.com	491 KB
8	cloudflare.com cdnjs.cloudflare.com — Cisco Umbrella Rank: 194	263 KB
7	clarity.ms 1 redirects www.clarity.ms — Cisco Umbrella Rank: 916 j.clarity.ms — Cisco Umbrella Rank: 1871 c.clarity.ms — Cisco Umbrella Rank: 547	25 KB
5	casalemedia.com 3 redirects dsum-sec.casalemedia.com — Cisco Umbrella Rank: 496	4 KB
5	googletagservices.com www.googletagservices.com — Cisco Umbrella Rank: 147	178 KB
4	pubmatic.com 4 redirects image6.pubmatic.com — Cisco Umbrella Rank: 571	2 KB
4	rlcdn.com 2 redirects id.rlcdn.com — Cisco Umbrella Rank: 565	1 KB
3	rubiconproject.com 3 redirects pixel.rubiconproject.com — Cisco Umbrella Rank: 289	1 KB
3	openx.net rtb.openx.net — Cisco Umbrella Rank: 1359	478 B
3	quantserve.com 2 redirects cms.quantserve.com — Cisco Umbrella Rank: 929	1 KB
3	adnxs.com 2 redirects ib.adnxs.com — Cisco Umbrella Rank: 205	3 KB
3	cloudflareinsights.com static.cloudflareinsights.com — Cisco Umbrella Rank: 1207 cloudflareinsights.com — Cisco Umbrella Rank: 1193	5 KB
2	everesttech.net 2 redirects pixel.everesttech.net — Cisco Umbrella Rank: 2828	754 B
2	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 35	2 KB
2	google.de adservice.google.de — Cisco Umbrella Rank: 8832	914 B
2	addtoany.com static.addtoany.com — Cisco Umbrella Rank: 3666	34 KB
2	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 31	20 KB
1	bing.com 1 redirects c.bing.com — Cisco Umbrella Rank: 193	553 B
1	innovid.com ag.innovid.com — Cisco Umbrella Rank: 1391	296 B
1	googleadservices.com partner.googleadservices.com — Cisco Umbrella Rank: 716	642 B
218	27

	Domain	Requested by
27	tpc.googlesyndication.com	googleads.g.doubleclick.net nets4.com tpc.googlesyndication.com pagead2.googlesyndication.com
22	play-lh.googleusercontent.com	nets4.com
21	s0.2mdn.net	nets4.com s0.2mdn.net
20	pagead2.googlesyndication.com	nets4.com pagead2.googlesyndication.com googleads.g.doubleclick.net tpc.googlesyndication.com www.googletagservices.com
18	cm.g.doubleclick.net	3 redirects googleads.g.doubleclick.net nets4.com
18	googleads.g.doubleclick.net	pagead2.googlesyndication.com nets4.com googleads.g.doubleclick.net
12	nets4.com	nets4.com
11	www.google.com	3 redirects nets4.com googleads.g.doubleclick.net www.gstatic.com tpc.googlesyndication.com
9	dt.adsafeprotected.com	googleads.g.doubleclick.net nets4.com
8	www.gstatic.com	googleads.g.doubleclick.net www.google.com
8	cdnjs.cloudflare.com	nets4.com cdnjs.cloudflare.com s0.2mdn.net
5	dsum-sec.casalemedia.com	3 redirects googleads.g.doubleclick.net
5	www.googletagservices.com	nets4.com googleads.g.doubleclick.net
4	image6.pubmatic.com	4 redirects
4	id.rlcdn.com	2 redirects googleads.g.doubleclick.net
4	j.clarity.ms	www.clarity.ms j.clarity.ms
3	pixel.rubiconproject.com	3 redirects
3	rtb.openx.net	googleads.g.doubleclick.net
3	cms.quantserve.com	2 redirects googleads.g.doubleclick.net
3	ib.adnxs.com	2 redirects googleads.g.doubleclick.net
3	img.nets4.com	nets4.com
2	cloudflareinsights.com	static.cloudflareinsights.com
2	c.clarity.ms	1 redirects
2	p4-bmwns2zohdtqu-i4nbaq3t4q2r3r3c-if-v6exp3-v4.metric.gstatic.com	googleads.g.doubleclick.net p4-bmwns2zohdtqu-i4nbaq3t4q2r3r3c-if-v6exp3-v4.metric.gstatic.com
2	pixel.everesttech.net	2 redirects
2	static.adsafeprotected.com	googleads.g.doubleclick.net
2	p4-eljpjziejsqdm-ydy3okyeyx4d4we5-if-v6exp3-v4.metric.gstatic.com	googleads.g.doubleclick.net p4-eljpjziejsqdm-ydy3okyeyx4d4we5-if-v6exp3-v4.metric.gstatic.com
2	googleads4.g.doubleclick.net	nets4.com
2	fw.adsafeprotected.com	1 redirects nets4.com
2	fonts.googleapis.com	googleads.g.doubleclick.net
2	adservice.google.com	pagead2.googlesyndication.com
2	adservice.google.de	pagead2.googlesyndication.com
2	static.addtoany.com	nets4.com
2	www.google-analytics.com	nets4.com www.google-analytics.com
1	c.bing.com	1 redirects
1	ag.innovid.com	googleads.g.doubleclick.net
1	partner.googleadservices.com	pagead2.googlesyndication.com
1	www.clarity.ms	nets4.com
1	static.cloudflareinsights.com	nets4.com
218	39

This site contains links to these domains. Also see Links.

Domain
blog.nets4.com
link.nets4.com
play.google.com
pages.flycricket.io
www.addtoany.com

Subject Issuer	Validity	Valid
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2021-04-29` - `2022-04-28`	a year	crt.sh
edgestatic.com GTS CA 1C3	`2022-02-17` - `2022-05-12`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2022-02-17` - `2022-05-12`	3 months	crt.sh
www.google.com GTS CA 1C3	`2022-02-17` - `2022-05-12`	3 months	crt.sh
*.google-analytics.com GTS CA 1C3	`2022-02-17` - `2022-05-12`	3 months	crt.sh
www.clarity.ms DigiCert TLS RSA SHA256 2020 CA1	`2022-02-27` - `2023-02-27`	a year	crt.sh
*.googleadservices.com GTS CA 1C3	`2022-02-17` - `2022-05-12`	3 months	crt.sh
*.google.de GTS CA 1C3	`2022-02-17` - `2022-05-12`	3 months	crt.sh
*.google.com GTS CA 1C3	`2022-02-17` - `2022-05-12`	3 months	crt.sh
a.clarity.ms Microsoft RSA TLS CA 01	`2021-07-27` - `2022-07-27`	a year	crt.sh
upload.video.google.com GTS CA 1C3	`2022-02-17` - `2022-05-12`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2022-02-17` - `2022-05-12`	3 months	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2022-02-17` - `2022-05-12`	3 months	crt.sh
fw.adsafeprotected.com Amazon	`2021-08-11` - `2022-09-09`	a year	crt.sh
*.doubleclick.net GTS CA 1C3	`2022-02-17` - `2022-05-12`	3 months	crt.sh
static.adsafeprotected.com Amazon	`2021-09-05` - `2022-10-04`	a year	crt.sh
*.adsafeprotected.com Sectigo RSA Domain Validation Secure Server CA	`2021-05-26` - `2022-06-17`	a year	crt.sh
*.quantserve.com DigiCert TLS RSA SHA256 2020 CA1	`2021-09-22` - `2022-09-21`	a year	crt.sh
*.openx.net GeoTrust RSA CA 2018	`2021-07-08` - `2022-08-08`	a year	crt.sh
*.innovid.com RapidSSL RSA CA 2018	`2020-02-07` - `2022-04-07`	2 years	crt.sh
*.rlcdn.com Sectigo RSA Domain Validation Secure Server CA	`2022-02-03` - `2023-02-25`	a year	crt.sh

This page contains 31 frames:

Primary Page: https://nets4.com/android-apps/com.darkodeb.souprn
Frame ID: C1BDD89DF9886D62FFE6FE4F19DCB633
Requests: 69 HTTP requests in this frame

Frame: https://static.addtoany.com/menu/sm.22.html
Frame ID: 8F6CD6B1D9282902C3EBFF5C815292E5
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20220308/r20190131/zrt_lookup.html
Frame ID: E11584C7FF33F3D0E2D7DBBE06F95663
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8744459230456906&output=html&adk=1812271804&adf=3025194257&lmt=1647114591&plat=3%3A32%2C4%3A32%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&format=0x0&url=https%3A%2F%2Fnets4.com%2Fandroid-apps%2Fcom.darkodeb.souprn&ea=0&flash=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&dt=1647131689354&bpp=2&bdt=364&idt=82&shv=r20220308&mjsv=m202203030101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=5166200400636&frm=20&pv=2&ga_vid=1864642650.1647131689&ga_sid=1647131689&ga_hid=1522820835&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759837%2C42531397%2C44750774%2C44758396%2C31065566%2C44756897%2C44758227&oid=2&pvsid=2517347526824419&pem=769&tmod=77995381&uas=0&nvt=1&eae=2&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=1&uci=a!1&fsb=1&dtd=98
Frame ID: 2DEEB96CD2453CA00FD87A5DBAF4E29A
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8744459230456906&output=html&h=280&adk=2425089809&adf=3167432231&pi=t.aa~a.3621136341~i.2~rp.1&w=783&fwrn=4&fwrnh=100&lmt=1647114591&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=8995418946&psa=0&ad_type=text_image&format=783x280&url=https%3A%2F%2Fnets4.com%2Fandroid-apps%2Fcom.darkodeb.souprn&flash=0&fwr=0&pra=3&rh=196&rw=783&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&dt=1647131689990&bpp=2&bdt=1000&idt=-M&shv=r20220308&mjsv=m202203030101&ptt=9&saldr=aa&abxe=1&cookie=ID%3De76e1d7f951292ab-220e3ae45acd0021%3AT%3D1647131689%3ART%3D1647131689%3AS%3DALNI_MZf-097QFK_pDj_urpzHblre87SFA&prev_fmts=0x0&nras=2&correlator=5166200400636&frm=20&pv=1&ga_vid=1864642650.1647131689&ga_sid=1647131689&ga_hid=1522820835&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=266&ady=1416&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759837%2C42531397%2C44750774%2C44758396%2C31065566%2C44756897%2C44758227&oid=2&pvsid=2517347526824419&pem=769&tmod=77995381&uas=0&nvt=1&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=2&uci=a!2&btvi=1&fsb=1&xpc=3TjGIQkSfd&p=https%3A//nets4.com&dtd=20
Frame ID: 8C6B0E8DBAD6F85AB3553926750AB7DC
Requests: 10 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8744459230456906&output=html&h=280&adk=2425089809&adf=1831791976&pi=t.aa~a.3621136341~i.10~rp.1&w=783&fwrn=4&fwrnh=100&lmt=1647114591&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=8995418946&psa=0&ad_type=text_image&format=783x280&url=https%3A%2F%2Fnets4.com%2Fandroid-apps%2Fcom.darkodeb.souprn&flash=0&fwr=0&pra=3&rh=196&rw=783&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&dt=1647131689990&bpp=1&bdt=1000&idt=-M&shv=r20220308&mjsv=m202203030101&ptt=9&saldr=aa&abxe=1&cookie=ID%3De76e1d7f951292ab-220e3ae45acd0021%3AT%3D1647131689%3ART%3D1647131689%3AS%3DALNI_MZf-097QFK_pDj_urpzHblre87SFA&prev_fmts=0x0%2C783x280&nras=3&correlator=5166200400636&frm=20&pv=1&ga_vid=1864642650.1647131689&ga_sid=1647131689&ga_hid=1522820835&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=266&ady=1936&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759837%2C42531397%2C44750774%2C44758396%2C31065566%2C44756897%2C44758227&oid=2&pvsid=2517347526824419&pem=769&tmod=77995381&uas=0&nvt=1&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=3&uci=a!3&btvi=2&fsb=1&xpc=VKTyc5joIq&p=https%3A//nets4.com&dtd=30
Frame ID: A99BB8D7DE17057565977730EC0CB02D
Requests: 10 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8744459230456906&output=html&h=240&adk=2847333973&adf=3755323566&pi=t.aa~a.1553042639~rp.4&w=285&fwrn=4&fwrnh=100&lmt=1647114591&rafmt=1&to=qs&pwprc=8995418946&psa=0&format=285x240&url=https%3A%2F%2Fnets4.com%2Fandroid-apps%2Fcom.darkodeb.souprn&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=4&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&dt=1647131689990&bpp=1&bdt=1000&idt=0&shv=r20220308&mjsv=m202203030101&ptt=9&saldr=aa&abxe=1&cookie=ID%3De76e1d7f951292ab-220e3ae45acd0021%3AT%3D1647131689%3ART%3D1647131689%3AS%3DALNI_MZf-097QFK_pDj_urpzHblre87SFA&prev_fmts=0x0%2C783x280%2C783x280&nras=4&correlator=5166200400636&frm=20&pv=1&ga_vid=1864642650.1647131689&ga_sid=1647131689&ga_hid=1522820835&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1085&ady=1306&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759837%2C42531397%2C44750774%2C44758396%2C31065566%2C44756897%2C44758227&oid=2&pvsid=2517347526824419&pem=769&tmod=77995381&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=4&uci=a!4&btvi=3&fsb=1&xpc=bXPmQ0hDrA&p=https%3A//nets4.com&dtd=33
Frame ID: E8DF8DCEFFD9175777316154B1A43E5B
Requests: 10 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20220308/r20110914/zrt_lookup.html?fsb=1
Frame ID: 3D312D6274864AC1805994C3E767FBF2
Requests: 5 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20220308/r20110914/zrt_lookup.html?fsb=1
Frame ID: 1D4BEB3C47D71EA7001D035AD97798F1
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CM6njwIQ8cnEggIYo4m_vQEwAQ&v=APEucNVI-qgjxEq6fKzqcjraKoVCjkaXdIkrIg8mh5KWkyvGw3dgdbemDbA48uDrlSWEXX2tjog69jqNOxJZK2d--ITsTJDRgRbmfm-wRldD3RxSYN0jBUTg3poN-o2ZVTOQZS2DtQfhPx77BoZFb86Enx-j8ollJKQZNFdvNpqXkGgCcBCNr20
Frame ID: 4C9604AC5234E7AAC2F5F079D53D7126
Requests: 5 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-AKRPTtymdlzSIQtotaq5Dj5_sKF8RwyPvcG6x6V27GyLCN-SzIkE6ezy-o2aN94FakROxH8agdYkfIgrN8vrWCt3aJgrkQOPMmXmCNhJfAqCwh9Kf9oQ2qx4QQ0nW8HCsinodY3-f4shMSwz6OiEx5KnQXng&dbm_d=AKAmf-AYMfiWXve_zmnbw9p99EVmjS9KjrSETGC5tABn0VbVKy4gV-kYWVLL5ULuK71Qv-Kog2oJzGdEaO_q8V7faIC_zC9lAUb-rWv1ilYmmysjiZE1huFsQu00JszcMmYaM-nRtR-2xIKCBggcdnI-70IekTC1G1R26BqdFupTYMnzw3QqAnIlJZGX5x_HDORKFd4Dm11pkWlo01owtx3OP-Zvnvsuait0rUJLa35R8IWkxYJzXupGObm_AS45rHrZjN4LUbI7qEGnU_JEJXz-kelhxEtBofuv12HePm0uZOa3yIs8mCj5Y_1YXIxbqaMb89uIdCsQlQo7XoU4J0PnHhcvpdYrJtABaHphOHTGDICrmIubjO6sC3KI-w0DVsv9Yem-MLOS8PkcJXLk-DSgvwso5CZA19FEYb-o5TkStPCNbkOQ7IybWwy1BuBh6oo4c1UHqCZX1yFbuwWARhFE2yJ6EWIIOpCXRI4t93hWfZyb4Zw5rzFMZSVYD1FdV1jHKIdPIfrJKe5IXS07eTlnvRGzS7JC600hSicHsSqjPMcwz_8s__QpVh0gGdVI6fweQw2seQrUUnwJD67McO0_q_JWosn-hxmhoRrjAb0l72ZroNN4-DD_7znhk6vXc53wBLlaYjy8vgI-K5Xfhh4RW9381Ltu7wIeTtdYYDtf5YYJCfBqCK9OB9wDP0rQiZsruhKC-4loTOCO564i6NR1oiHKDDbupGnK06RwmkhchktJG0YTDAWyAz3gLytG33l_T9sZsjagqjr7TfVrtrYm0on6SlwshuUMT7ObHwtq94EsQIkpCQqMpSkHcn0ts47u374yuMLjj_VAIM9tTvJ0uD1fr7ML2eFjJlcZcpmpoqQpib2oSnlCszzztp8KHJ49OABdOyJ7yas_gxhEl7siLzjkFNH7K1D93EXDXLE4_5Nr8QbFT-z9hCVmMQJu6wdW4PsFZSMXi5WePtCVF3NAVhQpcOekXYCEKZWs6OzL1GvNL20UBttURok3Q63pwO8Y07QOTlqzQlV4pOgN6H-ohZFZjDUusgMiiF9VBV9BvP6qy6FPFyQyphkQQVo_yab2YqSo7LAPx82H6sYPV3XVMYbEFUpYEKXvsudk7-76thklkU_9h124us-735uaRR2tEJpM0PL8N4Jz_nODQ7xbBB8522StPEj2sVf3QbrJi99osp4jtbEkzeySuo9zA0fDvD73gL0SQAa1WX4trXG9Zj6LWwzc8PgE-l9-z2RtZ0f9P7OTXxppBeHirWsf4suS-ZvndCoCzTTa9KZoiClKHY0w5ZkeENBvFvpaUJ1gbgxchXflf_GKjCWRIWOvfdK7xylle5LtDMmk9GzgboPFJK7n7uZgnTmRdy5KxR095GspJoirQx7MjGT0whtc4_gzQAHeKwgCy6AQ2gft-FaLsbA6oaeQF4pPahg5IoapWSG79nkCdxqyll21gNaDHUXeQROZ1y7wLVJKrKn3YIj54ZiEVobCUYHAoU0YKdVnCQU7dDOtf56AL55O_QxgvHY5B7gRSgCxRm5u8pgzGhFoep-TawIP2FO7_KLYsPX-A88fmH-zb6hMnMl8lvp83G95Hc20kiZhifjRHJ_gv-1aWgMNpl2a-Xx7FyIMseFciG4VYrRwptx2IoRdBBhSlbJYoNsV-mKquvgtJonyuvELzPMMhvZfKLvApaMPPwjuPtEk5FyHt2WcmjtPz7Yc7xZShti6D3AzUm2LS2YWnpCnw66ClPRUEFhYA8JcD083LDaivonKQN0-1iOyzCut25gNehDD9GjwmeueuKc7XAWlNW4NYmPg-KCGt-ZWU_wO7FR0Lsbr6yi7p8zdbEu1zxl6B6XRAmUp3vukcRWL61b87wKqMEHwI59z5aRi_6gmETosJr5v8-7ybRF79-hKarhypcqhW4ngwuaPc3ToTquOs9NEFBoFQ-1qX42N-eFHV6CJc0Y4vicYqJwjlMPri9gnqqhxnuRM-bPyGlqsOWg-AkT6zaoF75yRccmtbkTEO8hTSjriXh8_Q-Ii4h0IXR2uAzgFPy3mHAEwuyIS7adQIj4k720FKFr6qC33y7zEzIDWizmQdsHM5lC7eqEF80Vod4ZDk2hEkQfNkRvTRYe_lW7rlya8OdsvGMpol9SK92oRgywyHIvFH-YOHiynOMwBPJsMr5ISdVF_oaZ-gdwZrHJxa9Rzn7e5i-okhxgSqT1f6DFFtSZcZyFfTOVWwi3CjkuOaiIQ7QPLAn5OkZgYYYgobmZF15u-VZsZK-4_AKkcAU9hjxu6tmvmbkz6vaM4c67SKdZzjU5aSlefFbD7vAwK4McXU6723PXFKTPFYxm4YVGtMZDBtn2zgpOUYDCpkzgoU4MVJsRSJOAqFb40p5YgIIx2lc-QWq6MIJziTyfzKt46MoZF8XSLK7h81QrGE3RF7O3ftGqzdUgLE-9DDO_OqV2UDPPMcSeWABQ79cY25lR58wZXXQje5kpmKz-uh0TKiCscil8LHMdbny2MJMMEADgBDaHQpP99X6IZ-aGZv0JjMhrIs8Fq6S9jsFAHu6R-ppvPweGChUsKPA9WmPG245DNOGDYUWtr-AhK3fucwjdpavaH5KryDO4ExthsPO7hNOaQ2t51wFIxuhLohnGEOLzuBxUjh5QK2kbYD_lNXL8AkuXepwP-ptDIV7YFYi3mMP_pWykKiFBXrM9xZNgUBnJGsCurSdPnt3b5EYiSMzOQDPBVolw42si7q6NK7BM1b6ii1iQv5iggSn2bOS0plwAmAmi6vO_asdOI3tw7GpDan_trB1M0YsOz4lBYT1DicBgJbeXmAiCRU9Lv5ayU79yVusoyASwIGYsUI-YTWOH_maECsDGa_JUrfSSOhJ2MHNjrFLpAG4fzjG0MIPnlmeZ9SQ--lGs31duiGmUduW2GAMGM4ng4l2wjlfj3Nsm1Ar3k&cid=CAASBORoOaI&rfl=2%2Chttps%253A%252F%252Fnets4.com%252F%240
Frame ID: 8DC1B9F4DC73D8412643CC6D9D294165
Requests: 24 HTTP requests in this frame

Frame: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500
Frame ID: E53DA8C90B5D9FBBC548DA909EDD95F6
Requests: 7 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 2878C158367D1EDC015721AEFF464191
Requests: 3 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/sUHguJaOgo-7uJOhJ406zvaQRdrc_7oCnUaOp60Ji2o.js
Frame ID: DFE3037510353AC2A45C8E461B18DE3B
Requests: 1 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/12525119072562153200/index.html
Frame ID: 42C650AC652896FBAC43F6032948401A
Requests: 21 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Frame ID: 5DC403E7613E52C4BA90433AD063A736
Requests: 2 HTTP requests in this frame

Frame: https://p4-eljpjziejsqdm-ydy3okyeyx4d4we5-if-v6exp3-v4.metric.gstatic.com/v6exp3/iframe.html
Frame ID: 8F22137163347B3856287512094AA42E
Requests: 2 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: D079677D08A75F54E165E8DF5891FB96
Requests: 9 HTTP requests in this frame

Frame: https://static.adsafeprotected.com/sca.17.5.12.js
Frame ID: 0D225C8A4D537734E2CAF178E37DD769
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Frame ID: 209528E24817DE9ECAEB522A41D9A1E9
Requests: 2 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 04D5D1BE11D7AA336CC6BFA09623CC23
Requests: 9 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/sUHguJaOgo-7uJOhJ406zvaQRdrc_7oCnUaOp60Ji2o.js
Frame ID: 86E6102242B2B1508ABFDE6B323F3AF0
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/sUHguJaOgo-7uJOhJ406zvaQRdrc_7oCnUaOp60Ji2o.js
Frame ID: 179F4B58CF51DB0199EE0EB1297B3D0A
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Frame ID: 39CEA16FCFACEA963D530AFED1A44522
Requests: 2 HTTP requests in this frame

Frame: https://p4-bmwns2zohdtqu-i4nbaq3t4q2r3r3c-if-v6exp3-v4.metric.gstatic.com/v6exp3/iframe.html
Frame ID: 52DF81B2B9A7940596D0C293A6455560
Requests: 2 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 0808490AFE3413B7BA658E7217A1779B
Requests: 9 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/sUHguJaOgo-7uJOhJ406zvaQRdrc_7oCnUaOp60Ji2o.js
Frame ID: A84E38E6C81655B65E38A5790C52B3E7
Requests: 1 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LdBUMUZAAAAAK9sWAfAA-Kd5C0Y4AGlWbDlHXpD&co=aHR0cHM6Ly9uZXRzNC5jb206NDQz&hl=de&v=85AXn53af-oJBEtL2o2WpAjZ&size=normal&cb=iwo6wvt95wks
Frame ID: 702FFECDFAA1B4ED94C94A786FCF2D2F
Requests: 4 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 96B92A9ADDAE43D835D7D5AD29821734
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 76C26BCB578F704F40EDE71D8F611387
Requests: 2 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/bframe?hl=de&v=85AXn53af-oJBEtL2o2WpAjZ&k=6LdBUMUZAAAAAK9sWAfAA-Kd5C0Y4AGlWbDlHXpD
Frame ID: CB1A5565F92A152478315B50C9CBEC5A
Requests: 3 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

I Am Fish Game Tips - Android App

Detected technologies

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

GSAP (JavaScript frameworks) Expand

Overall confidence: 100%
Detected patterns

TweenMax(?:\.min)?\.js

AppNexus (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.(?:net|com)

Cloudflare Browser Insights (Analytics) Expand

Overall confidence: 100%
Detected patterns

static\.cloudflareinsights\.com/beacon(?:\.min)?\.js

DoubleClick Campaign Manager (DCM) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

2mdn\.net

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/
2mdn\.net

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Mautic (Marketing Automation) Expand

Overall confidence: 100%
Detected patterns

[^a-z]mtc.*\.js

OpenX (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.openx\.net

Popper (Miscellaneous) Expand

Overall confidence: 100%
Detected patterns

<script [^>]*src="[^"]*/popper\.js/([0-9.]+)
/popper\.js/([0-9.]+)

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

/([\d.]+)/jquery(?:\.min)?\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

reCAPTCHA (Captchas) Expand

Overall confidence: 100%
Detected patterns

/recaptcha/api\.js

Page Statistics

218
Requests

91 %
HTTPS

58 %
IPv6

27
Domains

39
Subdomains

35
IPs

5
Countries

4763 kB
Transfer

7937 kB
Size

28
Cookies

14 Outgoing links

These are links going to different origins than the main page.

URL: https://blog.nets4.com/
Title: Blog

Search URL Search Domain Scan URL

URL: https://link.nets4.com/digitalocean

Search URL Search Domain Scan URL

URL: https://link.nets4.com/google
Title: Signin to Nets4.com

Search URL Search Domain Scan URL

URL: https://play.google.com/store/apps/details?id=com.darkodeb.souprn
Title: Get it on Google Play

Search URL Search Domain Scan URL

URL: https://pages.flycricket.io/i-am-fish-game-tips/privacy.html

Search URL Search Domain Scan URL

URL: https://blog.nets4.com/p/privacy-policy.html
Title: Privacy

Search URL Search Domain Scan URL

URL: https://blog.nets4.com/p/about.html
Title: About Us

Search URL Search Domain Scan URL

URL: https://link.nets4.com/facebook

Search URL Search Domain Scan URL

URL: https://link.nets4.com/twitter

Search URL Search Domain Scan URL

URL: https://link.nets4.com/youtube

Search URL Search Domain Scan URL

URL: https://link.nets4.com/instagram

Search URL Search Domain Scan URL

URL: https://link.nets4.com/quora

Search URL Search Domain Scan URL

URL: https://link.nets4.com/pinterest

Search URL Search Domain Scan URL

URL: https://www.addtoany.com/
Title: AddToAny

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 76

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEK0ZLiafZ6uvRKXYOnBt7FE&google_cver=1 HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEK0ZLiafZ6uvRKXYOnBt7FE&google_cver=1&C=1

Request Chain 77

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=Yi08KkJI1WGsfy.BGbuf2QAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEF5FoktV1fRocJudlMfdGNQ&google_cver=1&google_hm=2

Request Chain 78

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESEIjQhGHREvinIVPI17xcRCU&google_cver=1

Request Chain 79

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MTcxMTUwNDAxNzE2NDA3NjIwNw%3D%3D

Request Chain 121

https://fw.adsafeprotected.com/rfw/st/899486/59154218/4.js?ias_dspID=3&ias_campId=15846430&ias_pubId=pub-8744459230456906&ias_chanId=1&ias_placementId=16539433847&bidurl=https://nets4.com/android-apps/com.darkodeb.souprn&ias_dealId=&adContainerId=brand_safety_KjwtYpnbCoSR3gOL3KjwCA&cbFunctionName=goog_wrapCb_KjwtYpnbCoSR3gOL3KjwCA&true_pb=https%3A%2F%2Fstatic.adsafeprotected.com%2Fpassback_728x90.js&adsafe_pb=https%3A%2F%2Fstatic.adsafeprotected.com%2F4a.js&adsafe_url=https%3A%2F%2Fnets4.com&adsafe_type=g&adsafe_url=https%3A%2F%2Fnets4.com%2F&adsafe_type=c&adsafe_url=https%3A%2F%2Fgoogleads.g.doubleclick.net%2F&adsafe_type=f&adsafe_url=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fpagead%2Fhtml%2Fr20220308%2Fr20110914%2Fzrt_lookup.html%3Ffsb%3D1&adsafe_type=d&adsafe_url=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fpagead%2Fhtml%2Fr20220308%2Fr20110914%2Fzrt_lookup.html%3Ffsb%3D1%23RS-1-%26adk%3D1812271801%26client%3Dca-pub-8744459230456906%26fa%3D1%26ifi%3D6%26uci%3Da!6%26btvi%3D4%26xpc%3DWMubTekm5E%26p%3Dhttps%253A%2F%2Fnets4.com&adsafe_type=b&adsafe_jsinfo=,id:42f30d28-1827-ddbf-72b9-cd0df794a09d,c:6Hi5uV,sl:outOfView,em:true,fr:false,thd:1,mn:jsserver-primary-756fbb76bf-nk6rh,rg:ie,pt:1-5-15,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:sp,cc:0.0.728.90,piv:0,obst:0,th:0,reas:r,br:c,abv:na,an:n,oam:0,scm:publ1,nbld:0,mtim:3,fm:sZUUIgN+11%7C12%7C13%7C14%7C151%7C152%7C153%7C16%7C1711%7C181*.899486-59154218%7C1811%7C1812%7C1813,idMap:181*,ex:e2,pl:CV8L.VEBo.0YtC,rmeas:1,rend:0,renddet:na,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:0,tt:rjss,et:17,oid:6481fde0-a265-11ec-859e-9eb6631235e8,v:19.8.299,sp:0,st:0,fwm:0,wr:1600.1200,sr:1600.1200,ov:0 HTTP 302
https://static.adsafeprotected.com/4.js

Request Chain 147

https://id.rlcdn.com/466606.gif?cparams=google_push%3DAYg5qPJRe5Q46OLfc2mBVIhEJoHA6Bj_tejdZMqiHzSmKrj4JngXPReCiAqbAcN7-rblI8QoGOxJrendFs1-ijlD1_mGaT9icJm7Rw&google_gid=CAESEOWKPTOfs6S8opFlfOaIa24&google_cver=1 HTTP 307
https://id.rlcdn.com/1000.gif?memo=CK69HBoNCKr4tJEGEgUI6AcQAEIASnJnb29nbGVfcHVzaD1BWWc1cVBKUmU1UTQ2T0xmYzJtQlZJaEVKb0hBNkJqX3RlamRaTXFpSHpTbUtyajRKbmdYUFJlQ2lBcWJBY043LXJibEk4UW9HT3hKcmVuZEZzMS1pamxEMV9tR2FUOWljSm03Unc HTTP 307
https://cm.g.doubleclick.net/pixel?google_nid=liveramp&google_hm=WGMzMDcwc1N4b1ZFMzFSRjB0eTZNZWFCNE5RRmZFaHFncWtTTHJ1NEhvUzhHX2tmQQ==&google_push

Request Chain 149

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESELUmZ2m447kVFi6ZYWiy37U&google_cver=1&google_push=AYg5qPKZvG2aQMk5WRzdxck0t0ahGoZGB5vLJ6aN1B65d-qDZwxF4_JkvVYrxmfco-lnswtRWTBsMBLSY_vQjhlOEV6Foi39T8w3aA HTTP 302
https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESELUmZ2m447kVFi6ZYWiy37U&google_cver=1&google_push=AYg5qPKZvG2aQMk5WRzdxck0t0ahGoZGB5vLJ6aN1B65d-qDZwxF4_JkvVYrxmfco-lnswtRWTBsMBLSY_vQjhlOEV6Foi39T8w3aA&rdf=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=qPPIS2dzT8y4C4M9_CX73A%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AYg5qPKZvG2aQMk5WRzdxck0t0ahGoZGB5vLJ6aN1B65d-qDZwxF4_JkvVYrxmfco-lnswtRWTBsMBLSY_vQjhlOEV6Foi39T8w3aA

Request Chain 150

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEFjcJUBgeue1gHkkm4ZpYt0&google_cver=1&google_push=AYg5qPICHAXDH39vslihr1N1NxPypDnB4Jqr_bKYpibVyHQGSI-lLJUjdPooETaaUr5E0hWgPmy-JuReG-L94RjU7_oIO12x4Fxqpg HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TDBPSk9JR1ItQi1CVTIx&google_push=AYg5qPICHAXDH39vslihr1N1NxPypDnB4Jqr_bKYpibVyHQGSI-lLJUjdPooETaaUr5E0hWgPmy-JuReG-L94RjU7_oIO12x4Fxqpg

Request Chain 151

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEDpIOGXmxHZVCwWJkDAVOo8&google_cver=1&google_push=AYg5qPJ2PoI34rnZKI_COs6TI-llen0KJBq0z1Y7m4gugmxx_5IndEgpud1SkRyPWxDrA_IgjtqUiNVUf-HOc85cgemI0Sgg__sgWg HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yi08KkJI1WGsfy-BGbuf2gAABLQAAAAB&google_push=AYg5qPJ2PoI34rnZKI_COs6TI-llen0KJBq0z1Y7m4gugmxx_5IndEgpud1SkRyPWxDrA_IgjtqUiNVUf-HOc85cgemI0Sgg__sgWg&google_gid=CAESEDpIOGXmxHZVCwWJkDAVOo8&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yi08KkJI1WGsfy-BGbuf2gAABLQAAAAB&google_push=AYg5qPJ2PoI34rnZKI_COs6TI-llen0KJBq0z1Y7m4gugmxx_5IndEgpud1SkRyPWxDrA_IgjtqUiNVUf-HOc85cgemI0Sgg__sgWg&google_gid=CAESEDpIOGXmxHZVCwWJkDAVOo8&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yi08KkJI1WGsfy-BGbuf2gAABLQAAAAB&google_push=AYg5qPJ2PoI34rnZKI_COs6TI-llen0KJBq0z1Y7m4gugmxx_5IndEgpud1SkRyPWxDrA_IgjtqUiNVUf-HOc85cgemI0Sgg__sgWg&google_gid=CAESEDpIOGXmxHZVCwWJkDAVOo8&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yi08KkJI1WGsfy-BGbuf2gAABLQAAAAB&google_push=AYg5qPJ2PoI34rnZKI_COs6TI-llen0KJBq0z1Y7m4gugmxx_5IndEgpud1SkRyPWxDrA_IgjtqUiNVUf-HOc85cgemI0Sgg__sgWg&google_gid=CAESEDpIOGXmxHZVCwWJkDAVOo8&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yi08KkJI1WGsfy-BGbuf2gAABLQAAAAB&google_push=AYg5qPJ2PoI34rnZKI_COs6TI-llen0KJBq0z1Y7m4gugmxx_5IndEgpud1SkRyPWxDrA_IgjtqUiNVUf-HOc85cgemI0Sgg__sgWg&google_gid=CAESEDpIOGXmxHZVCwWJkDAVOo8&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yi08KkJI1WGsfy-BGbuf2gAABLQAAAAB&google_push=AYg5qPJ2PoI34rnZKI_COs6TI-llen0KJBq0z1Y7m4gugmxx_5IndEgpud1SkRyPWxDrA_IgjtqUiNVUf-HOc85cgemI0Sgg__sgWg&google_gid=CAESEDpIOGXmxHZVCwWJkDAVOo8&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yi08KkJI1WGsfy-BGbuf2gAABLQAAAAB&google_push=AYg5qPJ2PoI34rnZKI_COs6TI-llen0KJBq0z1Y7m4gugmxx_5IndEgpud1SkRyPWxDrA_IgjtqUiNVUf-HOc85cgemI0Sgg__sgWg&google_gid=CAESEDpIOGXmxHZVCwWJkDAVOo8&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yi08KkJI1WGsfy-BGbuf2gAABLQAAAAB&google_push=AYg5qPJ2PoI34rnZKI_COs6TI-llen0KJBq0z1Y7m4gugmxx_5IndEgpud1SkRyPWxDrA_IgjtqUiNVUf-HOc85cgemI0Sgg__sgWg&google_gid=CAESEDpIOGXmxHZVCwWJkDAVOo8&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yi08KkJI1WGsfy-BGbuf2gAABLQAAAAB&google_push=AYg5qPJ2PoI34rnZKI_COs6TI-llen0KJBq0z1Y7m4gugmxx_5IndEgpud1SkRyPWxDrA_IgjtqUiNVUf-HOc85cgemI0Sgg__sgWg&google_gid=CAESEDpIOGXmxHZVCwWJkDAVOo8&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yi08KkJI1WGsfy-BGbuf2gAABLQAAAAB&google_push=AYg5qPJ2PoI34rnZKI_COs6TI-llen0KJBq0z1Y7m4gugmxx_5IndEgpud1SkRyPWxDrA_IgjtqUiNVUf-HOc85cgemI0Sgg__sgWg&google_gid=CAESEDpIOGXmxHZVCwWJkDAVOo8&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yi08KkJI1WGsfy-BGbuf2gAABLQAAAAB&google_push=AYg5qPJ2PoI34rnZKI_COs6TI-llen0KJBq0z1Y7m4gugmxx_5IndEgpud1SkRyPWxDrA_IgjtqUiNVUf-HOc85cgemI0Sgg__sgWg&google_gid=CAESEDpIOGXmxHZVCwWJkDAVOo8&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yi08KkJI1WGsfy-BGbuf2gAABLQAAAAB&google_push=AYg5qPJ2PoI34rnZKI_COs6TI-llen0KJBq0z1Y7m4gugmxx_5IndEgpud1SkRyPWxDrA_IgjtqUiNVUf-HOc85cgemI0Sgg__sgWg&google_gid=CAESEDpIOGXmxHZVCwWJkDAVOo8&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yi08KkJI1WGsfy-BGbuf2gAABLQAAAAB&google_push=AYg5qPJ2PoI34rnZKI_COs6TI-llen0KJBq0z1Y7m4gugmxx_5IndEgpud1SkRyPWxDrA_IgjtqUiNVUf-HOc85cgemI0Sgg__sgWg&google_gid=CAESEDpIOGXmxHZVCwWJkDAVOo8&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yi08KkJI1WGsfy-BGbuf2gAABLQAAAAB&google_push=AYg5qPJ2PoI34rnZKI_COs6TI-llen0KJBq0z1Y7m4gugmxx_5IndEgpud1SkRyPWxDrA_IgjtqUiNVUf-HOc85cgemI0Sgg__sgWg&google_gid=CAESEDpIOGXmxHZVCwWJkDAVOo8&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yi08KkJI1WGsfy-BGbuf2gAABLQAAAAB&google_push=AYg5qPJ2PoI34rnZKI_COs6TI-llen0KJBq0z1Y7m4gugmxx_5IndEgpud1SkRyPWxDrA_IgjtqUiNVUf-HOc85cgemI0Sgg__sgWg&google_gid=CAESEDpIOGXmxHZVCwWJkDAVOo8&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yi08KkJI1WGsfy-BGbuf2gAABLQAAAAB&google_push=AYg5qPJ2PoI34rnZKI_COs6TI-llen0KJBq0z1Y7m4gugmxx_5IndEgpud1SkRyPWxDrA_IgjtqUiNVUf-HOc85cgemI0Sgg__sgWg&google_gid=CAESEDpIOGXmxHZVCwWJkDAVOo8&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yi08KkJI1WGsfy-BGbuf2gAABLQAAAAB&google_push=AYg5qPJ2PoI34rnZKI_COs6TI-llen0KJBq0z1Y7m4gugmxx_5IndEgpud1SkRyPWxDrA_IgjtqUiNVUf-HOc85cgemI0Sgg__sgWg&google_gid=CAESEDpIOGXmxHZVCwWJkDAVOo8&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yi08KkJI1WGsfy-BGbuf2gAABLQAAAAB&google_push=AYg5qPJ2PoI34rnZKI_COs6TI-llen0KJBq0z1Y7m4gugmxx_5IndEgpud1SkRyPWxDrA_IgjtqUiNVUf-HOc85cgemI0Sgg__sgWg&google_gid=CAESEDpIOGXmxHZVCwWJkDAVOo8&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yi08KkJI1WGsfy-BGbuf2gAABLQAAAAB&google_push=AYg5qPJ2PoI34rnZKI_COs6TI-llen0KJBq0z1Y7m4gugmxx_5IndEgpud1SkRyPWxDrA_IgjtqUiNVUf-HOc85cgemI0Sgg__sgWg&google_gid=CAESEDpIOGXmxHZVCwWJkDAVOo8&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yi08KkJI1WGsfy-BGbuf2gAABLQAAAAB&google_push=AYg5qPJ2PoI34rnZKI_COs6TI-llen0KJBq0z1Y7m4gugmxx_5IndEgpud1SkRyPWxDrA_IgjtqUiNVUf-HOc85cgemI0Sgg__sgWg&google_gid=CAESEDpIOGXmxHZVCwWJkDAVOo8&google_cver=1

Request Chain 155

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Request Chain 158

https://cms.quantserve.com/dpixel?a=p-n5vvLvRdjg0ek&eid=0&qc_google_push=&google_gid=CAESEA9d7wJXnmGgsDPDrIAhitQ&google_cver=1&google_push=AYg5qPLvbYboFhYskBifrP39vk1aUEO17aGka1x43MWsuQGxoahBWVep9M_vjV2tJB3TTo_8hhyc7btWDoD_v2fStM-eJTKOGEeSUw HTTP 302
https://cm.g.doubleclick.net/pixel?&google_nid=B765081F39B1F7&google_push=AYg5qPLvbYboFhYskBifrP39vk1aUEO17aGka1x43MWsuQGxoahBWVep9M_vjV2tJB3TTo_8hhyc7btWDoD_v2fStM-eJTKOGEeSUw&google_hm=4Q-sDw5NQCebyRx1WaRKbg

Request Chain 159

https://pixel.everesttech.net/1/m?url=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Deverest%26google_hm%3D__EFGSURFER_USB64__%26google_push%3DAYg5qPJwi3ly7EOowqYgqUJVox-kgBzRcfJIeTB5R-DB6Mf26MHioVWZKkbNiuNPz6ROlc75vanojn88yBXRyAcJGUdorm7YktsjSw&google_gid=CAESECQ_u_LtkUoqdARZuwT73L4&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=everest&google_hm=WWkwOEtnQUFBZUdEeHdPMA&google_push=AYg5qPJwi3ly7EOowqYgqUJVox-kgBzRcfJIeTB5R-DB6Mf26MHioVWZKkbNiuNPz6ROlc75vanojn88yBXRyAcJGUdorm7YktsjSw

Request Chain 162

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESEE5TE7IVWzjOF_eIiwgdV2c&google_cver=1&google_push=AYg5qPLJ0BYB0liBJ5RXLF6rIwWiHdIdy7UoyhvOg2A25JZJADmwwRjUSx8Fbwk6xfM5SyyYDJtYFSKZ68w1cl8vXVSi-ZOTdVx9 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=qPPIS2dzT8y4C4M9_CX73A%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AYg5qPLJ0BYB0liBJ5RXLF6rIwWiHdIdy7UoyhvOg2A25JZJADmwwRjUSx8Fbwk6xfM5SyyYDJtYFSKZ68w1cl8vXVSi-ZOTdVx9

Request Chain 163

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESENPID788kTBb8ASgj_OEhRA&google_cver=1&google_push=AYg5qPKf0cYfteDbh5yKdGeHkkgXQ6L5-GPhuWIEyw0Nuf9jEVypysz1vGe1kZOtXJOEqtCIy0_rW8b2xkV_bJFsEXg834uq8ywDQg HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TDBPSk9JSE0tMVktSUcyRA==&google_push=AYg5qPKf0cYfteDbh5yKdGeHkkgXQ6L5-GPhuWIEyw0Nuf9jEVypysz1vGe1kZOtXJOEqtCIy0_rW8b2xkV_bJFsEXg834uq8ywDQg

Request Chain 164

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEANDIIK1JkdqhvmeOJQEJg0&google_cver=1&google_push=AYg5qPIDJ6fjWIBXfQXvv4ISEbl_vpkvaUEFWM5CzwNVSDjrr1z75jwPM3_ausV2-RLnTAXMPrqDmtD4Mb3_tjqBUc8FaXIhVGEaSA HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yi08KkJI1WGsfy-BGbuf2gAABLQAAAAB&google_gid=CAESEANDIIK1JkdqhvmeOJQEJg0&google_cver=1&google_push=AYg5qPIDJ6fjWIBXfQXvv4ISEbl_vpkvaUEFWM5CzwNVSDjrr1z75jwPM3_ausV2-RLnTAXMPrqDmtD4Mb3_tjqBUc8FaXIhVGEaSA HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yi08KkJI1WGsfy-BGbuf2gAABLQAAAAB&google_gid=CAESEANDIIK1JkdqhvmeOJQEJg0&google_cver=1&google_push=AYg5qPIDJ6fjWIBXfQXvv4ISEbl_vpkvaUEFWM5CzwNVSDjrr1z75jwPM3_ausV2-RLnTAXMPrqDmtD4Mb3_tjqBUc8FaXIhVGEaSA HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yi08KkJI1WGsfy-BGbuf2gAABLQAAAAB&google_gid=CAESEANDIIK1JkdqhvmeOJQEJg0&google_cver=1&google_push=AYg5qPIDJ6fjWIBXfQXvv4ISEbl_vpkvaUEFWM5CzwNVSDjrr1z75jwPM3_ausV2-RLnTAXMPrqDmtD4Mb3_tjqBUc8FaXIhVGEaSA HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yi08KkJI1WGsfy-BGbuf2gAABLQAAAAB&google_gid=CAESEANDIIK1JkdqhvmeOJQEJg0&google_cver=1&google_push=AYg5qPIDJ6fjWIBXfQXvv4ISEbl_vpkvaUEFWM5CzwNVSDjrr1z75jwPM3_ausV2-RLnTAXMPrqDmtD4Mb3_tjqBUc8FaXIhVGEaSA HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yi08KkJI1WGsfy-BGbuf2gAABLQAAAAB&google_gid=CAESEANDIIK1JkdqhvmeOJQEJg0&google_cver=1&google_push=AYg5qPIDJ6fjWIBXfQXvv4ISEbl_vpkvaUEFWM5CzwNVSDjrr1z75jwPM3_ausV2-RLnTAXMPrqDmtD4Mb3_tjqBUc8FaXIhVGEaSA HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yi08KkJI1WGsfy-BGbuf2gAABLQAAAAB&google_gid=CAESEANDIIK1JkdqhvmeOJQEJg0&google_cver=1&google_push=AYg5qPIDJ6fjWIBXfQXvv4ISEbl_vpkvaUEFWM5CzwNVSDjrr1z75jwPM3_ausV2-RLnTAXMPrqDmtD4Mb3_tjqBUc8FaXIhVGEaSA HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yi08KkJI1WGsfy-BGbuf2gAABLQAAAAB&google_gid=CAESEANDIIK1JkdqhvmeOJQEJg0&google_cver=1&google_push=AYg5qPIDJ6fjWIBXfQXvv4ISEbl_vpkvaUEFWM5CzwNVSDjrr1z75jwPM3_ausV2-RLnTAXMPrqDmtD4Mb3_tjqBUc8FaXIhVGEaSA HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yi08KkJI1WGsfy-BGbuf2gAABLQAAAAB&google_gid=CAESEANDIIK1JkdqhvmeOJQEJg0&google_cver=1&google_push=AYg5qPIDJ6fjWIBXfQXvv4ISEbl_vpkvaUEFWM5CzwNVSDjrr1z75jwPM3_ausV2-RLnTAXMPrqDmtD4Mb3_tjqBUc8FaXIhVGEaSA HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yi08KkJI1WGsfy-BGbuf2gAABLQAAAAB&google_gid=CAESEANDIIK1JkdqhvmeOJQEJg0&google_cver=1&google_push=AYg5qPIDJ6fjWIBXfQXvv4ISEbl_vpkvaUEFWM5CzwNVSDjrr1z75jwPM3_ausV2-RLnTAXMPrqDmtD4Mb3_tjqBUc8FaXIhVGEaSA HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yi08KkJI1WGsfy-BGbuf2gAABLQAAAAB&google_gid=CAESEANDIIK1JkdqhvmeOJQEJg0&google_cver=1&google_push=AYg5qPIDJ6fjWIBXfQXvv4ISEbl_vpkvaUEFWM5CzwNVSDjrr1z75jwPM3_ausV2-RLnTAXMPrqDmtD4Mb3_tjqBUc8FaXIhVGEaSA HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yi08KkJI1WGsfy-BGbuf2gAABLQAAAAB&google_gid=CAESEANDIIK1JkdqhvmeOJQEJg0&google_cver=1&google_push=AYg5qPIDJ6fjWIBXfQXvv4ISEbl_vpkvaUEFWM5CzwNVSDjrr1z75jwPM3_ausV2-RLnTAXMPrqDmtD4Mb3_tjqBUc8FaXIhVGEaSA HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yi08KkJI1WGsfy-BGbuf2gAABLQAAAAB&google_gid=CAESEANDIIK1JkdqhvmeOJQEJg0&google_cver=1&google_push=AYg5qPIDJ6fjWIBXfQXvv4ISEbl_vpkvaUEFWM5CzwNVSDjrr1z75jwPM3_ausV2-RLnTAXMPrqDmtD4Mb3_tjqBUc8FaXIhVGEaSA HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yi08KkJI1WGsfy-BGbuf2gAABLQAAAAB&google_gid=CAESEANDIIK1JkdqhvmeOJQEJg0&google_cver=1&google_push=AYg5qPIDJ6fjWIBXfQXvv4ISEbl_vpkvaUEFWM5CzwNVSDjrr1z75jwPM3_ausV2-RLnTAXMPrqDmtD4Mb3_tjqBUc8FaXIhVGEaSA HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yi08KkJI1WGsfy-BGbuf2gAABLQAAAAB&google_gid=CAESEANDIIK1JkdqhvmeOJQEJg0&google_cver=1&google_push=AYg5qPIDJ6fjWIBXfQXvv4ISEbl_vpkvaUEFWM5CzwNVSDjrr1z75jwPM3_ausV2-RLnTAXMPrqDmtD4Mb3_tjqBUc8FaXIhVGEaSA HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yi08KkJI1WGsfy-BGbuf2gAABLQAAAAB&google_gid=CAESEANDIIK1JkdqhvmeOJQEJg0&google_cver=1&google_push=AYg5qPIDJ6fjWIBXfQXvv4ISEbl_vpkvaUEFWM5CzwNVSDjrr1z75jwPM3_ausV2-RLnTAXMPrqDmtD4Mb3_tjqBUc8FaXIhVGEaSA HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yi08KkJI1WGsfy-BGbuf2gAABLQAAAAB&google_gid=CAESEANDIIK1JkdqhvmeOJQEJg0&google_cver=1&google_push=AYg5qPIDJ6fjWIBXfQXvv4ISEbl_vpkvaUEFWM5CzwNVSDjrr1z75jwPM3_ausV2-RLnTAXMPrqDmtD4Mb3_tjqBUc8FaXIhVGEaSA HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yi08KkJI1WGsfy-BGbuf2gAABLQAAAAB&google_gid=CAESEANDIIK1JkdqhvmeOJQEJg0&google_cver=1&google_push=AYg5qPIDJ6fjWIBXfQXvv4ISEbl_vpkvaUEFWM5CzwNVSDjrr1z75jwPM3_ausV2-RLnTAXMPrqDmtD4Mb3_tjqBUc8FaXIhVGEaSA HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yi08KkJI1WGsfy-BGbuf2gAABLQAAAAB&google_gid=CAESEANDIIK1JkdqhvmeOJQEJg0&google_cver=1&google_push=AYg5qPIDJ6fjWIBXfQXvv4ISEbl_vpkvaUEFWM5CzwNVSDjrr1z75jwPM3_ausV2-RLnTAXMPrqDmtD4Mb3_tjqBUc8FaXIhVGEaSA HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yi08KkJI1WGsfy-BGbuf2gAABLQAAAAB&google_gid=CAESEANDIIK1JkdqhvmeOJQEJg0&google_cver=1&google_push=AYg5qPIDJ6fjWIBXfQXvv4ISEbl_vpkvaUEFWM5CzwNVSDjrr1z75jwPM3_ausV2-RLnTAXMPrqDmtD4Mb3_tjqBUc8FaXIhVGEaSA HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yi08KkJI1WGsfy-BGbuf2gAABLQAAAAB&google_gid=CAESEANDIIK1JkdqhvmeOJQEJg0&google_cver=1&google_push=AYg5qPIDJ6fjWIBXfQXvv4ISEbl_vpkvaUEFWM5CzwNVSDjrr1z75jwPM3_ausV2-RLnTAXMPrqDmtD4Mb3_tjqBUc8FaXIhVGEaSA

Request Chain 173

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Request Chain 182

https://cms.quantserve.com/dpixel?a=p-n5vvLvRdjg0ek&eid=0&qc_google_push=&google_gid=CAESEKsKE9XG6HpYG7S0HrX_g0s&google_cver=1&google_push=AYg5qPLZ6kHfnVRD0elTXi5mMohpyY8FL_X13neElCLEMFyAq1K9bfQSmadEFhvykoYQAQAvVLtf3pcF6WAiY-Q527s9acK9k8Bo HTTP 302
https://cm.g.doubleclick.net/pixel?&google_nid=B765081F39B1F7&google_push=AYg5qPLZ6kHfnVRD0elTXi5mMohpyY8FL_X13neElCLEMFyAq1K9bfQSmadEFhvykoYQAQAvVLtf3pcF6WAiY-Q527s9acK9k8Bo&google_hm=4Q-sDw5NQCebyRx1WaRKbg

Request Chain 183

https://pixel.everesttech.net/1/m?url=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Deverest%26google_hm%3D__EFGSURFER_USB64__%26google_push%3DAYg5qPLbi39C7amD0tiw_9TJC5dRU8pr_HPLHL0qgsUwb7Xn-ae1Q6L-eFlzfSDWZ6GMacxcXlDxYxYCavvKBbqIapxB1qRU-LD6&google_gid=CAESEM7IITlkY0mk3x4TG42EmxI&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=everest&google_hm=WWkwOEtnQUFBUUJJTlYwNw&google_push=AYg5qPLbi39C7amD0tiw_9TJC5dRU8pr_HPLHL0qgsUwb7Xn-ae1Q6L-eFlzfSDWZ6GMacxcXlDxYxYCavvKBbqIapxB1qRU-LD6

Request Chain 186

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESEDE7l4PuFJN3CVrKJICP0SA&google_cver=1&google_push=AYg5qPI6BGdiqlydPLC_N22klKkKFSmH92MDOaOYvVPte-GrTg3VqGJTc_0pfRz2M4qhe3oXjWOr0L_AlmKvkH4RFzKJ-2MGFyXB HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=qPPIS2dzT8y4C4M9_CX73A%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AYg5qPI6BGdiqlydPLC_N22klKkKFSmH92MDOaOYvVPte-GrTg3VqGJTc_0pfRz2M4qhe3oXjWOr0L_AlmKvkH4RFzKJ-2MGFyXB

Request Chain 187

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEDosyDk4VvdkMgLDV1Jv3ck&google_cver=1&google_push=AYg5qPI17bl6qSXuJZo84dv95E8s4FtP8MYIkeUzqxOGHAimmox5OCT0HHSu1Nmp9ZR7vdeN6HcYj4iyB6XfqlDgDBoYzTKwIEI HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TDBPSk9JUEktMUUtN0JGRA==&google_push=AYg5qPI17bl6qSXuJZo84dv95E8s4FtP8MYIkeUzqxOGHAimmox5OCT0HHSu1Nmp9ZR7vdeN6HcYj4iyB6XfqlDgDBoYzTKwIEI

Request Chain 188

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEFHl26yEDH_CZz5ZmXVR9yY&google_cver=1&google_push=AYg5qPJ9DfnyJjpQ_0jnpaaSp66sw8hk_gcJda6cXcLvYiYo61l4iH4LqJLbND3sPuOwk-SjkUhfHVXzeRQaqarzFRDgcwClhI0F HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yi08KkJI1WGsfy-BGbuf2gAABLQAAAAB&google_push=AYg5qPJ9DfnyJjpQ_0jnpaaSp66sw8hk_gcJda6cXcLvYiYo61l4iH4LqJLbND3sPuOwk-SjkUhfHVXzeRQaqarzFRDgcwClhI0F&google_gid=CAESEFHl26yEDH_CZz5ZmXVR9yY&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yi08KkJI1WGsfy-BGbuf2gAABLQAAAAB&google_push=AYg5qPJ9DfnyJjpQ_0jnpaaSp66sw8hk_gcJda6cXcLvYiYo61l4iH4LqJLbND3sPuOwk-SjkUhfHVXzeRQaqarzFRDgcwClhI0F&google_gid=CAESEFHl26yEDH_CZz5ZmXVR9yY&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yi08KkJI1WGsfy-BGbuf2gAABLQAAAAB&google_push=AYg5qPJ9DfnyJjpQ_0jnpaaSp66sw8hk_gcJda6cXcLvYiYo61l4iH4LqJLbND3sPuOwk-SjkUhfHVXzeRQaqarzFRDgcwClhI0F&google_gid=CAESEFHl26yEDH_CZz5ZmXVR9yY&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yi08KkJI1WGsfy-BGbuf2gAABLQAAAAB&google_push=AYg5qPJ9DfnyJjpQ_0jnpaaSp66sw8hk_gcJda6cXcLvYiYo61l4iH4LqJLbND3sPuOwk-SjkUhfHVXzeRQaqarzFRDgcwClhI0F&google_gid=CAESEFHl26yEDH_CZz5ZmXVR9yY&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yi08KkJI1WGsfy-BGbuf2gAABLQAAAAB&google_push=AYg5qPJ9DfnyJjpQ_0jnpaaSp66sw8hk_gcJda6cXcLvYiYo61l4iH4LqJLbND3sPuOwk-SjkUhfHVXzeRQaqarzFRDgcwClhI0F&google_gid=CAESEFHl26yEDH_CZz5ZmXVR9yY&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yi08KkJI1WGsfy-BGbuf2gAABLQAAAAB&google_push=AYg5qPJ9DfnyJjpQ_0jnpaaSp66sw8hk_gcJda6cXcLvYiYo61l4iH4LqJLbND3sPuOwk-SjkUhfHVXzeRQaqarzFRDgcwClhI0F&google_gid=CAESEFHl26yEDH_CZz5ZmXVR9yY&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yi08KkJI1WGsfy-BGbuf2gAABLQAAAAB&google_push=AYg5qPJ9DfnyJjpQ_0jnpaaSp66sw8hk_gcJda6cXcLvYiYo61l4iH4LqJLbND3sPuOwk-SjkUhfHVXzeRQaqarzFRDgcwClhI0F&google_gid=CAESEFHl26yEDH_CZz5ZmXVR9yY&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yi08KkJI1WGsfy-BGbuf2gAABLQAAAAB&google_push=AYg5qPJ9DfnyJjpQ_0jnpaaSp66sw8hk_gcJda6cXcLvYiYo61l4iH4LqJLbND3sPuOwk-SjkUhfHVXzeRQaqarzFRDgcwClhI0F&google_gid=CAESEFHl26yEDH_CZz5ZmXVR9yY&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yi08KkJI1WGsfy-BGbuf2gAABLQAAAAB&google_push=AYg5qPJ9DfnyJjpQ_0jnpaaSp66sw8hk_gcJda6cXcLvYiYo61l4iH4LqJLbND3sPuOwk-SjkUhfHVXzeRQaqarzFRDgcwClhI0F&google_gid=CAESEFHl26yEDH_CZz5ZmXVR9yY&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yi08KkJI1WGsfy-BGbuf2gAABLQAAAAB&google_push=AYg5qPJ9DfnyJjpQ_0jnpaaSp66sw8hk_gcJda6cXcLvYiYo61l4iH4LqJLbND3sPuOwk-SjkUhfHVXzeRQaqarzFRDgcwClhI0F&google_gid=CAESEFHl26yEDH_CZz5ZmXVR9yY&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yi08KkJI1WGsfy-BGbuf2gAABLQAAAAB&google_push=AYg5qPJ9DfnyJjpQ_0jnpaaSp66sw8hk_gcJda6cXcLvYiYo61l4iH4LqJLbND3sPuOwk-SjkUhfHVXzeRQaqarzFRDgcwClhI0F&google_gid=CAESEFHl26yEDH_CZz5ZmXVR9yY&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yi08KkJI1WGsfy-BGbuf2gAABLQAAAAB&google_push=AYg5qPJ9DfnyJjpQ_0jnpaaSp66sw8hk_gcJda6cXcLvYiYo61l4iH4LqJLbND3sPuOwk-SjkUhfHVXzeRQaqarzFRDgcwClhI0F&google_gid=CAESEFHl26yEDH_CZz5ZmXVR9yY&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yi08KkJI1WGsfy-BGbuf2gAABLQAAAAB&google_push=AYg5qPJ9DfnyJjpQ_0jnpaaSp66sw8hk_gcJda6cXcLvYiYo61l4iH4LqJLbND3sPuOwk-SjkUhfHVXzeRQaqarzFRDgcwClhI0F&google_gid=CAESEFHl26yEDH_CZz5ZmXVR9yY&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yi08KkJI1WGsfy-BGbuf2gAABLQAAAAB&google_push=AYg5qPJ9DfnyJjpQ_0jnpaaSp66sw8hk_gcJda6cXcLvYiYo61l4iH4LqJLbND3sPuOwk-SjkUhfHVXzeRQaqarzFRDgcwClhI0F&google_gid=CAESEFHl26yEDH_CZz5ZmXVR9yY&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yi08KkJI1WGsfy-BGbuf2gAABLQAAAAB&google_push=AYg5qPJ9DfnyJjpQ_0jnpaaSp66sw8hk_gcJda6cXcLvYiYo61l4iH4LqJLbND3sPuOwk-SjkUhfHVXzeRQaqarzFRDgcwClhI0F&google_gid=CAESEFHl26yEDH_CZz5ZmXVR9yY&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yi08KkJI1WGsfy-BGbuf2gAABLQAAAAB&google_push=AYg5qPJ9DfnyJjpQ_0jnpaaSp66sw8hk_gcJda6cXcLvYiYo61l4iH4LqJLbND3sPuOwk-SjkUhfHVXzeRQaqarzFRDgcwClhI0F&google_gid=CAESEFHl26yEDH_CZz5ZmXVR9yY&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yi08KkJI1WGsfy-BGbuf2gAABLQAAAAB&google_push=AYg5qPJ9DfnyJjpQ_0jnpaaSp66sw8hk_gcJda6cXcLvYiYo61l4iH4LqJLbND3sPuOwk-SjkUhfHVXzeRQaqarzFRDgcwClhI0F&google_gid=CAESEFHl26yEDH_CZz5ZmXVR9yY&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yi08KkJI1WGsfy-BGbuf2gAABLQAAAAB&google_push=AYg5qPJ9DfnyJjpQ_0jnpaaSp66sw8hk_gcJda6cXcLvYiYo61l4iH4LqJLbND3sPuOwk-SjkUhfHVXzeRQaqarzFRDgcwClhI0F&google_gid=CAESEFHl26yEDH_CZz5ZmXVR9yY&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yi08KkJI1WGsfy-BGbuf2gAABLQAAAAB&google_push=AYg5qPJ9DfnyJjpQ_0jnpaaSp66sw8hk_gcJda6cXcLvYiYo61l4iH4LqJLbND3sPuOwk-SjkUhfHVXzeRQaqarzFRDgcwClhI0F&google_gid=CAESEFHl26yEDH_CZz5ZmXVR9yY&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yi08KkJI1WGsfy-BGbuf2gAABLQAAAAB&google_push=AYg5qPJ9DfnyJjpQ_0jnpaaSp66sw8hk_gcJda6cXcLvYiYo61l4iH4LqJLbND3sPuOwk-SjkUhfHVXzeRQaqarzFRDgcwClhI0F&google_gid=CAESEFHl26yEDH_CZz5ZmXVR9yY&google_cver=1

Request Chain 191

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Request Chain 194

https://c.clarity.ms/c.gif HTTP 302
https://c.bing.com/c.gif?CtsSyncId=4199131D3E8C4C5FB5D0DC4B6A80D166&RedC=c.clarity.ms&MXFR=0264BD75D93668E529B7AC13DD36669E HTTP 302
https://c.clarity.ms/c.gif?CtsSyncId=4199131D3E8C4C5FB5D0DC4B6A80D166&MUID=1C72EE0AA15A6D120FACFF6CA0886C2E

218 HTTP transactions
5 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request com.darkodeb.souprn Show response
nets4.com/android-apps/ 37 KB
9 KB 285ms
246ms Document
text/html 2a06:98c1:3121::7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://nets4.com/android-apps/com.darkodeb.souprn
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a06:98c1:3121::7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ce711b153accbab88e20c29bfb13713bfd2a79258f5e4a59d3f4eb64ae5872a4

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9

Response headers

date: Sun, 13 Mar 2022 00:34:48 GMT
content-type: text/html; charset=UTF-8
cf-ray: 6eb0af9eab9b83a3-MXP
cache-control: public, max-age=86400, proxy-revalidate
last-modified: Sat, 12 Mar 2022 19:49:51 GMT
vary: Accept-Encoding
cf-cache-status: HIT
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Oo2MBV48FJVsSjSaqpcP54Ncp57N3WKleq1q5LRUacB8wqpK2JZ9wn5aQiMwGFeHyhiHMw5ymWIb3%2FozgAJYCGJCWLvz%2BBQzvxdvU6GEpyZeC%2Bas7Ncyr%2BS7vNHxoEZwECoWvdP2V9I%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 awkqrI1qzYcE0gTfW6uXyLl_1bA.js Show response
nets4.com/cdn-cgi/apps/head/ 7 KB
3 KB 27ms
26ms Script
application/javascript 2a06:98c1:3121::7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://nets4.com/cdn-cgi/apps/head/awkqrI1qzYcE0gTfW6uXyLl_1bA.js
Requested by: Host: nets4.com
URL: https://nets4.com/android-apps/com.darkodeb.souprn
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a06:98c1:3121::7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f70751d4b3f5d5c9f208ea16e8cbcac3c6abf1bda80357da3fcd21dde4333449

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/android-apps/com.darkodeb.souprn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sun, 13 Mar 2022 00:34:49 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 7898221
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: Z92G2ZE1HMNW2AZG
x-amz-id-2: kRmlxs4Uk6Ans6W39/LiWarHKqNq5cjEv92nMKItZebgN+Nxd7ZAp/ZkZhClaetuHR0YmxVsIG8=
last-modified: Fri, 10 Dec 2021 11:06:12 GMT
server: cloudflare
etag: W/"e951628ea64bbeadb19c6d855ca98c7a"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rQImkvG8Basd6rbdeQYBQUZYQn%2BdOLHieLepuD2IV99rX6h5Kc2sc%2B3C21OA3k%2BKPmGqR7m3w%2FSGiQhBnjDj8cBQyJHTsnAF%2BJXb5H5Xt0ZhHAAiSL2ostTIk1PMhdeMxmd9qrJ4crs%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
cache-control: public, max-age=31536000
x-amz-version-id: 7KspX51u1Msx7FcOmJWweyW7FbGqzJNg
cf-ray: 6eb0afa05e4683a3-MXP

GET
H2 200 bootstrap.min.css
cdnjs.cloudflare.com/ajax/libs/bootstrap/4.5.3/css/ 157 KB
18 KB 48ms
19ms Stylesheet
text/css 2606:4700::6810:125e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/bootstrap/4.5.3/css/bootstrap.min.css

Requested by

Host: nets4.com
URL: https://nets4.com/android-apps/com.darkodeb.souprn

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:125e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f77c0d1739b618edc4a01ca3f6b2990b01a3009030af49ee8cf68e83052df194

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sun, 13 Mar 2022 00:34:49 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 1402978
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 17620
timing-allow-origin: *
last-modified: Tue, 20 Jul 2021 01:00:47 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "60f6203f-44d4"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ry0RRZdLm%2FfEfQZDrJmy0tue3OzW24pGF0jFOj9ylIrdJYFibEVwjYfgasdL1N71JCuFgyPj9DTMu9pn%2F0hkjGV8m%2Fy%2BwiKjRC38xzBpLePI8akqyws4PT6K0rMub%2BfwHFN%2B%2B6sBwIkTogDnCPYKSzP1"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=30672000
accept-ranges: bytes
cf-ray: 6eb0afa089642355-ZRH
expires: Fri, 03 Mar 2023 00:34:49 GMT

GET
H2 200 all.min.css
cdnjs.cloudflare.com/ajax/libs/font-awesome/5.15.4/css/ 58 KB
11 KB 46ms
17ms Stylesheet
text/css 2606:4700::6810:125e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.15.4/css/all.min.css

Requested by

Host: nets4.com
URL: https://nets4.com/android-apps/com.darkodeb.souprn

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:125e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

99464ceb71bc9bbdcc72275faefe44f98eb5cbb6b5d8ee665b87b35376f1a96e

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sun, 13 Mar 2022 00:34:49 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 284150
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 10462
timing-allow-origin: *
last-modified: Mon, 13 Sep 2021 19:10:03 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "613fa20b-28de"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tzk7KbAko1GzPyEDxK6%2FNZV9crA6vXl%2BI4RwDjGplcAAD6FrkeyxSDsE9bnahVhdnEXnYNq06a5cDNtYG9z6nKSistUZ29Rbl%2BkZS7iX3RRsySA8in%2FR7sekR8kcbRY8glZ5qQ59sF77CqTJqFBKd0Tm"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=30672000
accept-ranges: bytes
cf-ray: 6eb0afa089672355-ZRH
expires: Fri, 03 Mar 2023 00:34:49 GMT

GET
H2 200 style.css
nets4.com/assets/css/ 345 B
582 B 39ms
38ms Stylesheet
text/css 2a06:98c1:3121::7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://nets4.com/assets/css/style.css
Requested by: Host: nets4.com
URL: https://nets4.com/android-apps/com.darkodeb.souprn
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a06:98c1:3121::7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f0f382f3320ade05dd14f969ff7dd9d894c6a6571165ab6d7fcdade2f4836dfc

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/android-apps/com.darkodeb.souprn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sun, 13 Mar 2022 00:34:49 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 442
cf-polished: origSize=451
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Mon, 01 Nov 2021 12:55:19 GMT
server: cloudflare
etag: W/"617fe3b7-1c3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yQd9%2BFhniOZYAfXJr2YtaaeyfrUKw09yC%2FlzuLTABgWpTSFmA963jPhVLDAVbx%2F7D%2BLIgx56ZMz4z1I7bjS6KuyTmqVudh5iwqt%2FrfZEQrSQffWHVIhBTqLJ%2FllV7PpNfso%2FvIRlyKs%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cf-ray: 6eb0afa05e4783a3-MXP
cf-bgj: minify

GET
H3 200 invisible.js Show response
nets4.com/cdn-cgi/challenge-platform/h/g/scripts/ 43 KB
16 KB 32ms
32ms Script
text/javascript 2a06:98c1:3121::7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://nets4.com/cdn-cgi/challenge-platform/h/g/scripts/invisible.js?ts=1647129600
Requested by: Host: nets4.com
URL: https://nets4.com/android-apps/com.darkodeb.souprn
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a06:98c1:3121::7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f994775bc020dceed6f4e1c8e19e9081389d68971c4ee661ee28ac045a69559e

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/android-apps/com.darkodeb.souprn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sun, 13 Mar 2022 00:34:49 GMT
content-encoding: br
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=t5kVQgBkwxrGrbqjH0soNqHNS%2FUAOcAjqubzh2qOz6wmb9J8iEvQCHLCmx5ef%2BRE%2BJE13bXqnfrldLoJU2tupEoMKdRRRnjwagWhk439lfeMyvIt6z0zip9nVlKatgsAyVRBrFoIgwg%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/javascript
cache-control: max-age=604800, public
x-control-type-options: nosniff
cf-ray: 6eb0afa0b80e83a9-MXP
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 Th69y9F.png
img.nets4.com/img/i.imgur.com/ 1 KB
2 KB 41ms
40ms Image
image/webp 2a06:98c1:3121::7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://img.nets4.com/img/i.imgur.com/Th69y9F.png?w=120&h=20&f=auto

Requested by

Host: nets4.com
URL: https://nets4.com/android-apps/com.darkodeb.souprn

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a06:98c1:3121::7 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2fa3103806ec53fb0e95a0b28ca8b6ff105212961406e7074f9e67c1dca13dfc

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sun, 13 Mar 2022 00:34:49 GMT
via: 1.1 varnish
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 8071370
cf-ray: 6eb0afa0beb983a3-MXP
x-cache: HIT, HIT
x-cache-hits: 1
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 1490
x-served-by: cache-sea4480-SEA, cache-mxp6982-MXP
server: cloudflare
x-timer: S1639060319.223268,VS0,VE1
etag: "stly99L8QVWcb6m8RMUQ7cA4kw:db93d278b907309c379deddbb0d961d7"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=c3QErEavh%2FrQ603j3DVJNVtErnwVAHZM5PcaoogueZC4BplVi%2F7ESv9xWARYPpSm9pE66%2F%2BzLh1mm1zReaJGirulzJkpCg7KYsettMVHGf2iyewfPBBl8GMEMOUHi2p56HGStGHKEFqQx6Di"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
access-control-allow-origin: *
vary: Accept, Accept-Encoding
cache-control: public, max-age=31536000, immutable
accept-ranges: bytes
timing-allow-origin: *
link: <https://i.imgur.com/Th69y9F.png>; rel="canonical"
access-control-expose-headers: *

GET
H2 200 58T3Wrl.png
img.nets4.com/img/i.imgur.com/ 472 B
1 KB 46ms
45ms Image
image/webp 2a06:98c1:3121::7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://img.nets4.com/img/i.imgur.com/58T3Wrl.png?w=20h=20&f=auto

Requested by

Host: nets4.com
URL: https://nets4.com/android-apps/com.darkodeb.souprn

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a06:98c1:3121::7 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

912fa3094520c8407511db6ba89d2896806103a3d91119b6a187d6aaf91b84ee

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sun, 13 Mar 2022 00:34:49 GMT
via: 1.1 varnish
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 9118567
access-control-expose-headers: *
cf-ray: 6eb0afa0beba83a3-MXP
x-cache: HIT, HIT
x-cache-hits: 1
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 472
x-served-by: cache-sea4428-SEA, cache-mxp6930-MXP
st-img-id: 6a5af67d3cc36089-SEA
server: cloudflare
x-timer: S1638013122.261633,VS0,VE1
etag: "stlyiP4BjAye3OZ8qlZ7vzTBDQ:452ecb89109de4e1cab9c5348e6f85ec"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Y8PcPj17vJSfzgCzzBO29ZP4SLWobSE3qoi%2FMgDncoRXty3wN2gbCywajryuD5L3v7rpslrnOG68YRZ3uYnE7C9aPB0r5nG2ENgyol3BqWIBIhxJ%2B%2BFnBmcEnGdUgS2MNq8KS5HaiJMJV2ns"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
access-control-allow-origin: *
vary: Accept, Accept-Encoding
cache-control: public, max-age=31536000, immutable
accept-ranges: bytes
timing-allow-origin: *
link: <https://i.imgur.com/58T3Wrl.png>; rel="canonical"
cf-bgj: imgq:66,h2pri

GET
H3 200 rocket-loader.min.js Show response
nets4.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/ 12 KB
4 KB 20ms
20ms Script
application/javascript 2a06:98c1:3121::7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://nets4.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Requested by

Host: nets4.com
URL: https://nets4.com/android-apps/com.darkodeb.souprn

Protocol

Security

QUIC, , AES_128_GCM

Server

2a06:98c1:3121::7 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ccf00d1923b0131a10e0c6d26f95e5dee6ebf8621a27e83c5a2f68a2e0093142

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/android-apps/com.darkodeb.souprn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sun, 13 Mar 2022 00:34:49 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Fri, 11 Mar 2022 12:22:44 GMT
server: cloudflare
etag: W/"622b3f14-302c"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
x-frame-options: DENY
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2Be1R0OCJFqI6d5KZJP04tHWm5hw6nguF%2FpUaxl70i4ZZR4diutJ519B8rr39%2FrSdjFxTPOn84slXqlcE%2FCX5oJ73SSzQN3EgX6FBMreQiEbInpaco%2BrRl5SXHIw0flqOpvCT%2BkUkO4w%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=172800, public
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 6eb0afa0afeb83a9-MXP
vary: Accept-Encoding
expires: Tue, 15 Mar 2022 00:34:49 GMT

GET
H2 200 uLaMz-UiN6JbbmlxCDiBjudOdjxtylMFsw3jGfgG4BXi7iiSbgVniMwvi16-5NLkefU=w300
play-lh.googleusercontent.com/ 159 KB
159 KB 358ms
322ms Image
image/png 2a00:1450:4001:82a::2016
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://play-lh.googleusercontent.com/uLaMz-UiN6JbbmlxCDiBjudOdjxtylMFsw3jGfgG4BXi7iiSbgVniMwvi16-5NLkefU=w300

Requested by

Host: nets4.com
URL: https://nets4.com/android-apps/com.darkodeb.souprn

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2016 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

e7c2f16c89b1aedc5840c0311277aaae90b8eaf3d81061beeaa9a4440dad7121

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sun, 13 Mar 2022 00:34:49 GMT
x-content-type-options: nosniff
age: 0
content-disposition: inline;filename="unnamed.png"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 162669
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Sat, 12 Mar 2022 03:58:18 GMT

GET
H2 200 7OQmqZksDHQsXaJAeLGpa8vkC641YMrg7U8HCZjAhgvyIfbOILHYeYwEHMv0PEXxUA=w500
play-lh.googleusercontent.com/ 97 KB
97 KB 328ms
291ms Image
image/png 2a00:1450:4001:82a::2016
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://play-lh.googleusercontent.com/7OQmqZksDHQsXaJAeLGpa8vkC641YMrg7U8HCZjAhgvyIfbOILHYeYwEHMv0PEXxUA=w500

Requested by

Host: nets4.com
URL: https://nets4.com/android-apps/com.darkodeb.souprn

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2016 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

d7d5f868d94ff562bec04471a07198d5783da1f082ad51376f6a12479b73f0dd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sun, 13 Mar 2022 00:34:49 GMT
x-content-type-options: nosniff
age: 0
content-disposition: inline;filename="unnamed.png"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 99279
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Sat, 12 Mar 2022 03:58:18 GMT

GET
H3 200 email-decode.min.js Show response
nets4.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/ 1 KB
1 KB 19ms
19ms Script
application/javascript 2a06:98c1:3121::7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://nets4.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js

Requested by

Host: nets4.com
URL: https://nets4.com/android-apps/com.darkodeb.souprn

Protocol

Security

QUIC, , AES_128_GCM

Server

2a06:98c1:3121::7 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/android-apps/com.darkodeb.souprn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sun, 13 Mar 2022 00:34:49 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Fri, 11 Mar 2022 12:22:44 GMT
server: cloudflare
etag: W/"622b3f14-4d7"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
x-frame-options: DENY
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FXLliyDGDQFeskg6VV4Pon44GDF2qK5e1vE%2FJqP6OLJ1qw6oUHddxqPBIRZDpdCVXrHMtyok43T9HJRXW2CX%2B6l%2Fgb1kLUTNSSCIgjaoUHUDQ7z7Juk%2F8sx893TkbAv64q3UkqhTapU%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=172800, public
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 6eb0afa0aff783a9-MXP
vary: Accept-Encoding
expires: Tue, 15 Mar 2022 00:34:49 GMT

GET
H2 200 W25b9ht.png
img.nets4.com/img/i.imgur.com/ 2 KB
2 KB 34ms
34ms Image
image/gif 2a06:98c1:3121::7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://img.nets4.com/img/i.imgur.com/W25b9ht.png?w=40&h=40&f=auto

Requested by

Host: nets4.com
URL: https://nets4.com/android-apps/com.darkodeb.souprn

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a06:98c1:3121::7 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

17a97981604a1fe56f8804e77655010e70cbfbbac2c66e03a303e876dfd72640

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sun, 13 Mar 2022 00:34:49 GMT
via: 1.1 varnish
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 4197185
cf-ray: 6eb0afa0deee83a3-MXP
x-cache: HIT, HIT
x-cache-hits: 1
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 1574
x-served-by: cache-sea4470-SEA, cache-mxp6945-MXP
server: cloudflare
x-timer: S1642934504.494838,VS0,VE1
etag: W/"ee80457266cef4b485c3668cbdd5f67e7ed204e94a46f041afd17fa27c93c945"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FVoaxZQnxTxsVTr9ooEZolJqvI7%2BMBLSnaKEgOqnxQLsW4lbii4Lb2ECf8jvPYpC3SDWKcjm681%2FrvHB16cqMe5HvbzFVD%2FUhnM7mMDde9D%2BeUzEITi9MLIVLvJd6mempWbeVEBNz%2Bk%2B9C0l"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
access-control-allow-origin: *
vary: Accept, Accept-Encoding
cache-control: public, max-age=31536000, immutable
accept-ranges: bytes
timing-allow-origin: *
link: <https://img.nets4.com/image/W25b9ht.png>; rel="canonical"
access-control-expose-headers: *

GET
H3 200 jquery.min.js Show response
cdnjs.cloudflare.com/ajax/libs/jquery/3.6.0/ 87 KB
28 KB 41ms
26ms Script
application/javascript 2606:4700::6810:125e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/jquery/3.6.0/jquery.min.js

Requested by

Host: nets4.com
URL: https://nets4.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6810:125e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Referer: https://nets4.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

date: Sun, 13 Mar 2022 00:34:49 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 4681771
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 27938
timing-allow-origin: *
last-modified: Tue, 02 Mar 2021 18:58:36 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "603e8adc-15d9d"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QHlpmRPKdJmZg08hmgjnwDlE%2BMs4yFPzvt2V9EPYS6SLRzLHJYYrhxC1rq2H6%2BwvNJ2aB8KeJLLazcXwRQu3ui5lyW35raG4CAkGnNnhkK6ecbVMs0ar%2FhqrvZRE0dYV8oDCdl4V1tkPk0Ja%2F%2BNlEa7h"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=30672000
accept-ranges: bytes
cf-ray: 6eb0afa0ebbb0200-ZRH
expires: Fri, 03 Mar 2023 00:34:49 GMT

GET
H3 200 popper.min.js Show response
cdnjs.cloudflare.com/ajax/libs/popper.js/2.10.0/umd/ 18 KB
7 KB 17ms
17ms Script
application/javascript 2606:4700::6810:125e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/popper.js/2.10.0/umd/popper.min.js

Requested by

Host: nets4.com
URL: https://nets4.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6810:125e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

691d4bd7b9b31f9ab1b1837e7d956e0e3041ef63c1ee0edee8ca6208a4234efd

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Referer: https://nets4.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

date: Sun, 13 Mar 2022 00:34:49 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 14289516
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 6107
timing-allow-origin: *
last-modified: Thu, 02 Sep 2021 17:01:41 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "61310375-17db"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VFZj3a4SZ4uZvBd9z%2BvHf7SvTxzsOacoZe1Abj1vnCIq6tJzSnksh%2Fl39qU%2F%2BPyEnaM%2Fn5jkn%2B7FYR3iW8U5cI4sDLBIRwtyElfg6NMRW4Ap8ufjxvqi7SsRgXbDXHi5AsDlTuKRF9494fbZvCmf5iCA"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=30672000
accept-ranges: bytes
cf-ray: 6eb0afa14be50200-ZRH
expires: Fri, 03 Mar 2023 00:34:49 GMT

GET
H3 200 bootstrap.min.js Show response
cdnjs.cloudflare.com/ajax/libs/bootstrap/4.5.3/js/ 62 KB
13 KB 18ms
18ms Script
application/javascript 2606:4700::6810:125e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/bootstrap/4.5.3/js/bootstrap.min.js

Requested by

Host: nets4.com
URL: https://nets4.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6810:125e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d8968086f7509df34c3278563dab87399da4f9dcdfb419818e3a309eedc70b88

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Referer: https://nets4.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

date: Sun, 13 Mar 2022 00:34:49 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 1310607
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 13102
timing-allow-origin: *
last-modified: Tue, 20 Jul 2021 01:00:47 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "60f6203f-332e"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YWRqrnYB4saWZvPTmLHHjV5Ky6SJnruO3UuOaOuOR5Se%2FohhtWQ59iS2kfApPtY%2BKkXTlDzC3b63UcwApWrc2W38y2tSypf%2B4vEjA1sKETYuNl1XcnHKDNhz9EZXQ5zzCmanhfDilDdS9p12KKvztK2y"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=30672000
accept-ranges: bytes
cf-ray: 6eb0afa16bfc0200-ZRH
expires: Fri, 03 Mar 2023 00:34:49 GMT

GET
H3 200 adcode.js Show response
nets4.com/assets/js/ 392 B
743 B 41ms
40ms Script
application/javascript 2a06:98c1:3121::7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://nets4.com/assets/js/adcode.js
Requested by: Host: nets4.com
URL: https://nets4.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a06:98c1:3121::7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0a78a6e1f996e0b31d2983390f57d2e7fd3795770180d9ecf2f2897311d47680

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/android-apps/com.darkodeb.souprn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sun, 13 Mar 2022 00:34:49 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 6284
cf-polished: origSize=1407
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Sun, 05 Dec 2021 07:58:11 GMT
server: cloudflare
etag: W/"61ac7113-57f"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qQcuf3tRUx28N05X0uFs1FOntkV8cTJT%2F7BLmz9WHNVdhu7lApJIrGDZf5fGDkGgzfO%2B3%2B%2Bf5U%2FAOGNjcrm%2FINArNfaju2lQoYsT2YA2SrASeKyrLbPfHOE43tHGYNoA7Q8nneJInIQ%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cf-ray: 6eb0afa1997d83a9-MXP
cf-bgj: minify

GET
H2 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ 152 KB
53 KB 75ms
45ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Requested by

Host: nets4.com
URL: https://nets4.com/assets/js/adcode.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f2dce6e91fc5565abae610ad66dd203580668fd1e03209abab1bf73f86a42701

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sun, 13 Mar 2022 00:34:49 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 53791
x-xss-protection: 0
server: cafe
etag: 1649060026159449505
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Sun, 13 Mar 2022 00:34:49 GMT

GET
H3 200 sharebutton.js Show response
nets4.com/assets/js/ 80 KB
28 KB 33ms
33ms Script
application/javascript 2a06:98c1:3121::7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://nets4.com/assets/js/sharebutton.js
Requested by: Host: nets4.com
URL: https://nets4.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a06:98c1:3121::7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 21af66f64bb18b1159ee363a933d5630e27419c83915d4d5ef42d8154f3921da

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/android-apps/com.darkodeb.souprn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sun, 13 Mar 2022 00:34:49 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 441
cf-polished: origSize=120806
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Sat, 03 Jul 2021 07:08:27 GMT
server: cloudflare
etag: W/"60e00ceb-1d7e6"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rjxemDzj563RnwPnPUYRypPXePJjuOhj8Eh1ea%2BUIvaSlDYxhwCsaxLyIKISZahRebZ46ar9fo5zEf%2BnZ8a53mI8ukE6dbeIPmqvOpwPTlcOXsGpLD55djzVx0o3mMl9f1nrsYquykU%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cf-ray: 6eb0afa1d9d083a9-MXP
cf-bgj: minify

GET
H3 200 com.darkodeb.souprn
nets4.com/android-apps/ 15 B
0 26ms
26ms Fetch
application/json 2a06:98c1:3121::7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://nets4.com/android-apps/com.darkodeb.souprn
Requested by: Host: nets4.com
URL: https://nets4.com/android-apps/com.darkodeb.souprn
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a06:98c1:3121::7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Referer: https://nets4.com/android-apps/com.darkodeb.souprn
ts-request-embed-key: b61ed44f-9716-4833-934e-a29b06dbcc11:70e3454fb229e23103400e1c7fbad3314fadb630092dcd8d83effd2355c2888b
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 13 Mar 2022 00:34:49 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=afprywDuQfVg6IdXtWLxN6G%2FAF3fJcv0NXtStfa8FSAzcfwLdgjw0EWLxlBPdbyRR%2BcW1LFaGu58G%2FEPq4bJDOmeHxGuxLdFmq6gLscSa8Ra5j6rs%2Fxs7u2VI80q5Vz15SbLg9TaUlY%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/json; charset=UTF-8
cache-control: no-store
cf-ray: 6eb0afa1e9da83a9-MXP
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 15

GET
H2 200 api.js Show response
www.google.com/recaptcha/ 850 B
968 B 38ms
16ms Script
text/javascript 2a00:1450:4001:811::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api.js

Requested by

Host: nets4.com
URL: https://nets4.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

bafa1db2a6708b6401e11e0b2ac4c5bb6eddf4c25e5a83b7eb391fe42ab34a2f

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sun, 13 Mar 2022 00:34:49 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: GSE
x-frame-options: SAMEORIGIN
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=300
cross-origin-resource-policy: cross-origin
content-security-policy: frame-ancestors 'self'
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 555
x-xss-protection: 1; mode=block
expires: Sun, 13 Mar 2022 00:34:49 GMT

GET
H2 200 beacon.min.js Show response
static.cloudflareinsights.com/ 14 KB
5 KB 72ms
43ms Script
text/javascript 2606:4700::6810:5f41
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://static.cloudflareinsights.com/beacon.min.js
Requested by: Host: nets4.com
URL: https://nets4.com/cdn-cgi/apps/head/awkqrI1qzYcE0gTfW6uXyLl_1bA.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6810:5f41 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: fd0a1ac929c11b08e819fe4b0a18c5574012c44f09de8987c6be99a0f055a505

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sun, 13 Mar 2022 00:34:49 GMT
content-encoding: gzip
last-modified: Thu, 09 Dec 2021 19:55:17 GMT
server: cloudflare
etag: W/2021.12.0
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
cf-ray: 6eb0afa20c5e233d-ZRH

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 49 KB
20 KB 29ms
7ms Script
text/javascript 2a00:1450:4001:828::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: nets4.com
URL: https://nets4.com/android-apps/com.darkodeb.souprn

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 02 Nov 2021 17:39:06 GMT
server: Golfe2
age: 1797
date: Sun, 13 Mar 2022 00:04:52 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20006
expires: Sun, 13 Mar 2022 02:04:52 GMT

GET
H3 200 s.js Show response
nets4.com/cdn-cgi/zaraz/ 4 KB
2 KB 70ms
70ms Script
text/javascript 2a06:98c1:3121::7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://nets4.com/cdn-cgi/zaraz/s.js?z=JTdCJTIyZXhlY3V0ZWQlMjIlM0ElNUIlNUQlMkMlMjJ0cmFja3MlMjIlM0ElNUIlNUQlMkMlMjJ0JTIyJTNBJTIySSUyMEFtJTIwRmlzaCUyMEdhbWUlMjBUaXBzJTIwLSUyMEFuZHJvaWQlMjBBcHAlMjIlMkMlMjJ3JTIyJTNBMTYwMCUyQyUyMmglMjIlM0ExMjAwJTJDJTIyaiUyMiUzQTEyMDAlMkMlMjJlJTIyJTNBMTYwMCUyQyUyMmwlMjIlM0ElMjJodHRwcyUzQSUyRiUyRm5ldHM0LmNvbSUyRmFuZHJvaWQtYXBwcyUyRmNvbS5kYXJrb2RlYi5zb3Vwcm4lMjIlMkMlMjJyJTIyJTNBJTIyJTIyJTJDJTIyayUyMiUzQTI0JTJDJTIybiUyMiUzQSUyMlVURi04JTIyJTJDJTIybyUyMiUzQTAlN0Q=
Requested by: Host: nets4.com
URL: https://nets4.com/android-apps/com.darkodeb.souprn
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a06:98c1:3121::7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 22d7e00449ca81f34b0926fe4573ec056a674d959ad42d7fa0ad680e90f27992

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/android-apps/com.darkodeb.souprn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sun, 13 Mar 2022 00:34:49 GMT
content-encoding: br
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin, Accept-Encoding
access-control-allow-methods: GET, HEAD, POST, OPTIONS
content-type: text/javascript
access-control-allow-origin: https://nets4.com
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Hn%2B1%2B1opJgUTUk6lWBtGpagzpSIFVXyzpl3mccD8aD7tL3Mc0UycBzct2I7XX294QSgGHpBI2ph%2Bwj%2BHRAXwA2dfOUoW50DyUGF24C01hUNVEmWX4hSzvYBMhVT8G%2B5o3Jjj0VdyeHk%3D"}],"group":"cf-nel","max_age":604800}
access-control-max-age: 600
access-control-allow-credentials: true
cf-ray: 6eb0afa1e9e683a9-MXP
access-control-allow-headers: Content-Type, Set-Cookie, Cache-Control
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H3 200 fa-brands-400.woff2
cdnjs.cloudflare.com/ajax/libs/font-awesome/5.15.4/webfonts/ 75 KB
76 KB 58ms
43ms Font
application/octet-stream 2606:4700::6810:125e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.15.4/webfonts/fa-brands-400.woff2

Requested by

Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.15.4/css/all.min.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6810:125e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

23cc8f32949c8b6960b1a4ca216ccaff2db4b769f6565bef2ee1fa954e072029

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Referer: https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.15.4/css/all.min.css
Origin: https://nets4.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sun, 13 Mar 2022 00:34:49 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 4683907
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 76736
timing-allow-origin: *
last-modified: Mon, 13 Sep 2021 19:10:03 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "613fa20b-12bc0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ldMbh1AqD2%2FP15FO1KtwBF5Y9nNmFdM2%2FFEQtigEuz6ocLkhc7JGoPb8i2edw%2BBhO6ynD9F63nlNCm14L6lgR4SlRkffXW5lRRHMVcCE1mhue5rpkpAJrDJs9rBEuiok2SRPWzGL2bGblO1ez8YwkAnS"}],"group":"cf-nel","max_age":604800}
content-type: application/octet-stream; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=30672000
accept-ranges: bytes
cf-ray: 6eb0afa1f8a1cc46-ZRH
expires: Fri, 03 Mar 2023 00:34:49 GMT

GET
H3 200 fa-solid-900.woff2
cdnjs.cloudflare.com/ajax/libs/font-awesome/5.15.4/webfonts/ 76 KB
77 KB 34ms
20ms Font
application/octet-stream 2606:4700::6810:125e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.15.4/webfonts/fa-solid-900.woff2

Requested by

Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.15.4/css/all.min.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6810:125e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8f52ae059ebd18fcb45ca5d2f81ab410ade2b54e096aa1284fd4b2b97bf3ddc9

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Referer: https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.15.4/css/all.min.css
Origin: https://nets4.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sun, 13 Mar 2022 00:34:49 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 270105
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 78268
timing-allow-origin: *
last-modified: Mon, 13 Sep 2021 19:10:03 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "613fa20b-131bc"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PjyqpgW84Yw8rIFr7wE4%2F9fN6nuZQCzv1pCnn7uZSYX8R4iaGKstoaMzPIOd6RbxziUUFxgFNVIKP46mTZ9Ju%2Bv1qRBB1%2FRJjlmRfe4%2F9fsmAsth8hkn28v3qzl%2FZAklAP3Zb1Dfb3fXjRzhAgl93Lu%2B"}],"group":"cf-nel","max_age":604800}
content-type: application/octet-stream; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=30672000
accept-ranges: bytes
cf-ray: 6eb0afa1f8a2cc46-ZRH
expires: Fri, 03 Mar 2023 00:34:49 GMT

GET
H2 200 uLaMz-UiN6JbbmlxCDiBjudOdjxtylMFsw3jGfgG4BXi7iiSbgVniMwvi16-5NLkefU=w16
play-lh.googleusercontent.com/ 992 B
1 KB 384ms
384ms Image
image/png 2a00:1450:4001:82a::2016
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://play-lh.googleusercontent.com/uLaMz-UiN6JbbmlxCDiBjudOdjxtylMFsw3jGfgG4BXi7iiSbgVniMwvi16-5NLkefU=w16

Requested by

Host: nets4.com
URL: https://nets4.com/android-apps/com.darkodeb.souprn

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2016 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

ac68190b3b84449786a357ac0a58d9fceedf24f047d7debfb88cb373e8710aa6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sun, 13 Mar 2022 00:34:49 GMT
x-content-type-options: nosniff
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
content-disposition: inline;filename="unnamed.png"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 992
x-xss-protection: 0
expires: Mon, 14 Mar 2022 00:34:49 GMT

GET
H2 200 SLoY_zpxDVbPbkCmwASQHFIaj_SswchF9QIDGHCaPZ5B5DOOOUfRSJM-o44192ra9Q
play-lh.googleusercontent.com/ 250 KB
250 KB 231ms
229ms Image
image/png 2a00:1450:4001:82a::2016
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://play-lh.googleusercontent.com/SLoY_zpxDVbPbkCmwASQHFIaj_SswchF9QIDGHCaPZ5B5DOOOUfRSJM-o44192ra9Q

Requested by

Host: nets4.com
URL: https://nets4.com/android-apps/com.darkodeb.souprn

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2016 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

e2c0d651c48a4c9dbd65bfe6b2dfa8e1cdc50282069b4f6a39dfaecc994a9a35

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sun, 13 Mar 2022 00:34:49 GMT
x-content-type-options: nosniff
age: 0
content-disposition: inline;filename="unnamed.png"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 256183
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Sat, 12 Mar 2022 03:58:18 GMT

GET
H2 200 Yx5qCcsHiRBtZzRhbUm5ei1bis7N_vtC-Ann30OT78DPZG2Fa296VWCyIZAPwLl-iaI
play-lh.googleusercontent.com/ 219 KB
220 KB 258ms
254ms Image
image/png 2a00:1450:4001:82a::2016
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://play-lh.googleusercontent.com/Yx5qCcsHiRBtZzRhbUm5ei1bis7N_vtC-Ann30OT78DPZG2Fa296VWCyIZAPwLl-iaI

Requested by

Host: nets4.com
URL: https://nets4.com/android-apps/com.darkodeb.souprn

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2016 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

3e30375d0e8d2890dd541fb475202ed48413ea19d09139bb3aa002880ece8332

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sun, 13 Mar 2022 00:34:49 GMT
x-content-type-options: nosniff
age: 0
content-disposition: inline;filename="unnamed.png"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 224739
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Sat, 12 Mar 2022 03:58:18 GMT

GET
H2 200 Mihjz_CeVxEZ7zKt_tHFU3z1piIQyLaQ7eLjny5wWHYO-fF1r4Aw1xzJWxCrPwRuxWM
play-lh.googleusercontent.com/ 182 KB
182 KB 350ms
346ms Image
image/png 2a00:1450:4001:82a::2016
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://play-lh.googleusercontent.com/Mihjz_CeVxEZ7zKt_tHFU3z1piIQyLaQ7eLjny5wWHYO-fF1r4Aw1xzJWxCrPwRuxWM

Requested by

Host: nets4.com
URL: https://nets4.com/android-apps/com.darkodeb.souprn

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2016 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

e7df6c0ddb208d1c7e2081f938c3e99bba32695abd86d5028dd297ea3f084fd4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sun, 13 Mar 2022 00:34:49 GMT
x-content-type-options: nosniff
age: 0
content-disposition: inline;filename="unnamed.png"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 186260
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Sat, 12 Mar 2022 03:58:18 GMT

GET
H2 200 mRUBxExTA-wD8Ub0OFbn6A8wWpwWWn7fHpDsGojdDvYZ2exCj7o6Nw0uvBDOR0tjM4I
play-lh.googleusercontent.com/ 250 KB
250 KB 243ms
238ms Image
image/png 2a00:1450:4001:82a::2016
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://play-lh.googleusercontent.com/mRUBxExTA-wD8Ub0OFbn6A8wWpwWWn7fHpDsGojdDvYZ2exCj7o6Nw0uvBDOR0tjM4I

Requested by

Host: nets4.com
URL: https://nets4.com/android-apps/com.darkodeb.souprn

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2016 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

e2c0d651c48a4c9dbd65bfe6b2dfa8e1cdc50282069b4f6a39dfaecc994a9a35

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sun, 13 Mar 2022 00:34:49 GMT
x-content-type-options: nosniff
age: 0
content-disposition: inline;filename="unnamed.png"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 256183
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Sat, 12 Mar 2022 03:58:18 GMT

GET
H2 200 t9fuofCwv3VdC74t9waGYtoOTxy2tveuE-KTUU9Sr6qrxGgEDi-ELvKR7lWtYKpL-5qo
play-lh.googleusercontent.com/ 219 KB
220 KB 259ms
255ms Image
image/png 2a00:1450:4001:82a::2016
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://play-lh.googleusercontent.com/t9fuofCwv3VdC74t9waGYtoOTxy2tveuE-KTUU9Sr6qrxGgEDi-ELvKR7lWtYKpL-5qo

Requested by

Host: nets4.com
URL: https://nets4.com/android-apps/com.darkodeb.souprn

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2016 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

3e30375d0e8d2890dd541fb475202ed48413ea19d09139bb3aa002880ece8332

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sun, 13 Mar 2022 00:34:49 GMT
x-content-type-options: nosniff
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
content-disposition: inline;filename="unnamed.png"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 224739
x-xss-protection: 0
expires: Mon, 14 Mar 2022 00:34:49 GMT

GET
H2 200 MPacmXeTaajifQ89DELqI4S8jRKOoD3TWCpq_S53TVqzLMyDqg5MJLxxlScwjq9Gqao
play-lh.googleusercontent.com/ 182 KB
182 KB 363ms
359ms Image
image/png 2a00:1450:4001:82a::2016
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://play-lh.googleusercontent.com/MPacmXeTaajifQ89DELqI4S8jRKOoD3TWCpq_S53TVqzLMyDqg5MJLxxlScwjq9Gqao

Requested by

Host: nets4.com
URL: https://nets4.com/android-apps/com.darkodeb.souprn

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2016 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

e7df6c0ddb208d1c7e2081f938c3e99bba32695abd86d5028dd297ea3f084fd4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sun, 13 Mar 2022 00:34:49 GMT
x-content-type-options: nosniff
age: 0
content-disposition: inline;filename="unnamed.png"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 186260
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Sat, 12 Mar 2022 03:58:18 GMT

GET
H2 200 VtnA_0vooKChZz8nimc3FMJTwmyJEDzxGKCqeLxY11jUPa8j9oxFENw5uG7Gwa3tQxo2
play-lh.googleusercontent.com/ 250 KB
250 KB 243ms
239ms Image
image/png 2a00:1450:4001:82a::2016
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://play-lh.googleusercontent.com/VtnA_0vooKChZz8nimc3FMJTwmyJEDzxGKCqeLxY11jUPa8j9oxFENw5uG7Gwa3tQxo2

Requested by

Host: nets4.com
URL: https://nets4.com/android-apps/com.darkodeb.souprn

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2016 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

e2c0d651c48a4c9dbd65bfe6b2dfa8e1cdc50282069b4f6a39dfaecc994a9a35

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sun, 13 Mar 2022 00:34:49 GMT
x-content-type-options: nosniff
age: 0
content-disposition: inline;filename="unnamed.png"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 256183
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Sat, 12 Mar 2022 03:58:18 GMT

GET
H2 200 FQL45mZMvHdkJKk4trSU_CXkPA70UC032GjHE2_qDyxcSwyc4aba75RJyjxb4Z5xHg
play-lh.googleusercontent.com/ 219 KB
220 KB 253ms
249ms Image
image/png 2a00:1450:4001:82a::2016
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://play-lh.googleusercontent.com/FQL45mZMvHdkJKk4trSU_CXkPA70UC032GjHE2_qDyxcSwyc4aba75RJyjxb4Z5xHg

Requested by

Host: nets4.com
URL: https://nets4.com/android-apps/com.darkodeb.souprn

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2016 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

3e30375d0e8d2890dd541fb475202ed48413ea19d09139bb3aa002880ece8332

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sun, 13 Mar 2022 00:34:49 GMT
x-content-type-options: nosniff
age: 0
content-disposition: inline;filename="unnamed.png"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 224739
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Sat, 12 Mar 2022 03:58:18 GMT

GET
H2 200 jJ_hTFgqIlNC-VBbCSANpNI6dJcjebvlW1vaWHX_SF4JXjd6sqvzP_grTNcI52hfVhk
play-lh.googleusercontent.com/ 182 KB
182 KB 356ms
353ms Image
image/png 2a00:1450:4001:82a::2016
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://play-lh.googleusercontent.com/jJ_hTFgqIlNC-VBbCSANpNI6dJcjebvlW1vaWHX_SF4JXjd6sqvzP_grTNcI52hfVhk

Requested by

Host: nets4.com
URL: https://nets4.com/android-apps/com.darkodeb.souprn

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2016 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

e7df6c0ddb208d1c7e2081f938c3e99bba32695abd86d5028dd297ea3f084fd4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sun, 13 Mar 2022 00:34:49 GMT
x-content-type-options: nosniff
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
content-disposition: inline;filename="unnamed.png"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 186260
x-xss-protection: 0
expires: Mon, 14 Mar 2022 00:34:49 GMT

GET
H2 200 yvRPtKhNJesTz6m7-r1EZ1QHDzfr2hx0dxS10TlGzLwImUyHw746Eg9cwbUnKiTFLg_9=w16
play-lh.googleusercontent.com/ 814 B
877 B 15ms
12ms Image
image/png 2a00:1450:4001:82a::2016
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://play-lh.googleusercontent.com/yvRPtKhNJesTz6m7-r1EZ1QHDzfr2hx0dxS10TlGzLwImUyHw746Eg9cwbUnKiTFLg_9=w16

Requested by

Host: nets4.com
URL: https://nets4.com/android-apps/com.darkodeb.souprn

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2016 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

153d00d39b4af16e1dfb6ef30a482a5274d8478f3719c0beb4e6b20dd8f6e70c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sun, 13 Mar 2022 00:04:47 GMT
x-content-type-options: nosniff
age: 1802
content-disposition: inline;filename="unnamed.png"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 814
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Sun, 13 Mar 2022 03:28:55 GMT

GET
H2 200 aIdpRQbfiHM2fZ5d1ywKfS85XLHKn_BduJCY6YPEE2u0DRAJEbGgbluZbgDDlFR5aGI=w16
play-lh.googleusercontent.com/ 4 KB
4 KB 14ms
11ms Image
image/jpeg 2a00:1450:4001:82a::2016
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://play-lh.googleusercontent.com/aIdpRQbfiHM2fZ5d1ywKfS85XLHKn_BduJCY6YPEE2u0DRAJEbGgbluZbgDDlFR5aGI=w16

Requested by

Host: nets4.com
URL: https://nets4.com/android-apps/com.darkodeb.souprn

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2016 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

51ecd26b92c8cdf28b9e49416917ea85b85ac471e64a2a97b62081ece3e8ac12

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sun, 13 Mar 2022 00:04:47 GMT
x-content-type-options: nosniff
age: 1802
content-disposition: inline;filename="unnamed.jpg"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3704
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Sun, 13 Mar 2022 03:28:55 GMT

GET
H2 200 rW9h7HC1s_KQmHMQihhQE8-QLoCcbdTMkW2UTbIn2gzrl6nfRtSBUqBT7qMsi8621w=w16
play-lh.googleusercontent.com/ 654 B
717 B 14ms
12ms Image
image/png 2a00:1450:4001:82a::2016
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://play-lh.googleusercontent.com/rW9h7HC1s_KQmHMQihhQE8-QLoCcbdTMkW2UTbIn2gzrl6nfRtSBUqBT7qMsi8621w=w16

Requested by

Host: nets4.com
URL: https://nets4.com/android-apps/com.darkodeb.souprn

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2016 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

8634bb73f7abf77727ba3422879ac3c382330db044b7edf4bc993589984fed25

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sun, 13 Mar 2022 00:04:47 GMT
x-content-type-options: nosniff
age: 1802
content-disposition: inline;filename="unnamed.png"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 654
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Sun, 13 Mar 2022 03:28:55 GMT

GET
H2 200 aXVwHjGZWrGP5isAhQqCUXp_EeazWeQ_cr94rIDzLQ6owDeMjWuti44LO8UfJC3c5E0=w16
play-lh.googleusercontent.com/ 825 B
888 B 14ms
12ms Image
image/png 2a00:1450:4001:82a::2016
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://play-lh.googleusercontent.com/aXVwHjGZWrGP5isAhQqCUXp_EeazWeQ_cr94rIDzLQ6owDeMjWuti44LO8UfJC3c5E0=w16

Requested by

Host: nets4.com
URL: https://nets4.com/android-apps/com.darkodeb.souprn

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2016 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

52dc02379fad545d3153e0ae2ef5db0db4cdf242c81d4dc3e5617bcf29adbd22

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sun, 13 Mar 2022 00:04:47 GMT
x-content-type-options: nosniff
age: 1802
content-disposition: inline;filename="unnamed.png"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 825
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Sun, 13 Mar 2022 03:28:55 GMT

GET
H2 200 4JLBEf5xRB17BCVWI_lMx1Q0wb9MVZqMcxX3TV2UFpJYp9A1fKOTdA8zN-oeB0fgMp80=w16
play-lh.googleusercontent.com/ 768 B
831 B 13ms
11ms Image
image/png 2a00:1450:4001:82a::2016
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://play-lh.googleusercontent.com/4JLBEf5xRB17BCVWI_lMx1Q0wb9MVZqMcxX3TV2UFpJYp9A1fKOTdA8zN-oeB0fgMp80=w16

Requested by

Host: nets4.com
URL: https://nets4.com/android-apps/com.darkodeb.souprn

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2016 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

964a10f7ccf077c14f2d284968f9280c858d7c2f63a368d6ec4b542c86acd1b9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sun, 13 Mar 2022 00:04:47 GMT
x-content-type-options: nosniff
age: 1802
content-disposition: inline;filename="unnamed.png"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 768
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Sun, 13 Mar 2022 03:28:55 GMT

GET
H2 200 o3qksguXJhOjMT70sckzkcDwHbd6OCFV2hbAKpGWTdLjqhU3JmmF18TOdJ8u4BAkxw=w16
play-lh.googleusercontent.com/ 688 B
751 B 13ms
11ms Image
image/png 2a00:1450:4001:82a::2016
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://play-lh.googleusercontent.com/o3qksguXJhOjMT70sckzkcDwHbd6OCFV2hbAKpGWTdLjqhU3JmmF18TOdJ8u4BAkxw=w16

Requested by

Host: nets4.com
URL: https://nets4.com/android-apps/com.darkodeb.souprn

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2016 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

8a33118fd2643b9c74929a98ef8a371a0294f55772861bd2535dbe82706f3cf2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sun, 13 Mar 2022 00:04:47 GMT
x-content-type-options: nosniff
age: 1802
content-disposition: inline;filename="unnamed.png"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 688
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Sun, 13 Mar 2022 03:28:55 GMT

GET
H2 200 LkbZkE_ykExyBc2cXpSkP-BMvc7PL3NtoGeYzo7WdAcZZI1GoJTm4a9tzSnP5dB22kEs=w16
play-lh.googleusercontent.com/ 459 B
522 B 12ms
10ms Image
image/png 2a00:1450:4001:82a::2016
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://play-lh.googleusercontent.com/LkbZkE_ykExyBc2cXpSkP-BMvc7PL3NtoGeYzo7WdAcZZI1GoJTm4a9tzSnP5dB22kEs=w16

Requested by

Host: nets4.com
URL: https://nets4.com/android-apps/com.darkodeb.souprn

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2016 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

4e01b78a49120236ba43f197dd7cddfd52b038aac2e96cb119ec3d80b9f8e1b7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sun, 13 Mar 2022 00:04:47 GMT
x-content-type-options: nosniff
age: 1802
content-disposition: inline;filename="unnamed.png"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 459
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Sun, 13 Mar 2022 03:28:55 GMT

GET
H2 200 NRX1AknhHBenY-SlaCdW1C9vqs9kQVF7mUDmdcgmkOO5wJrwMgkP6C7pyPQjLkaBIGE=w16
play-lh.googleusercontent.com/ 667 B
1 KB 10ms
9ms Image
image/png 2a00:1450:4001:82a::2016
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://play-lh.googleusercontent.com/NRX1AknhHBenY-SlaCdW1C9vqs9kQVF7mUDmdcgmkOO5wJrwMgkP6C7pyPQjLkaBIGE=w16

Requested by

Host: nets4.com
URL: https://nets4.com/android-apps/com.darkodeb.souprn

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2016 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

1ffbc15c6fa9a7320f4637cb6d72866831896a649a8a7bcc7cb84f59abe1cf46

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sun, 13 Mar 2022 00:04:47 GMT
x-content-type-options: nosniff
age: 1802
content-disposition: inline;filename="unnamed.png"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 667
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Sun, 13 Mar 2022 03:28:55 GMT

GET
H2 200 EEBdQJW-lIpBdXNp5mBeIeS6UBRQfkefpkYnbTIbMY_FijtKgOd_mwuD-faxGAz0ha0=w16
play-lh.googleusercontent.com/ 702 B
764 B 11ms
10ms Image
image/png 2a00:1450:4001:82a::2016
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://play-lh.googleusercontent.com/EEBdQJW-lIpBdXNp5mBeIeS6UBRQfkefpkYnbTIbMY_FijtKgOd_mwuD-faxGAz0ha0=w16

Requested by

Host: nets4.com
URL: https://nets4.com/android-apps/com.darkodeb.souprn

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2016 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

2aeff6ec3388af6499e38871e81b02311bfb40c7216a75ecbf1eccd8231e02c8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sun, 13 Mar 2022 00:04:47 GMT
x-content-type-options: nosniff
age: 1802
content-disposition: inline;filename="unnamed.png"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 702
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Sun, 13 Mar 2022 03:28:55 GMT

GET
H2 200 YWzxRLt4rbLTLBdBMsxCMDlPNHWWGMqnvuz-vygHgIiYkzSl9eizuCfrbzwHbnCk5_Y=w16
play-lh.googleusercontent.com/ 983 B
1 KB 11ms
10ms Image
image/png 2a00:1450:4001:82a::2016
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://play-lh.googleusercontent.com/YWzxRLt4rbLTLBdBMsxCMDlPNHWWGMqnvuz-vygHgIiYkzSl9eizuCfrbzwHbnCk5_Y=w16

Requested by

Host: nets4.com
URL: https://nets4.com/android-apps/com.darkodeb.souprn

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2016 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

7e83606f63deb3690f6f776ae04cc436689e86d8225019c88b8406a0af47b222

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sun, 13 Mar 2022 00:04:47 GMT
x-content-type-options: nosniff
age: 1802
content-disposition: inline;filename="unnamed.png"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 983
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Sun, 13 Mar 2022 03:28:55 GMT

POST
H3 200 collect Show response
www.google-analytics.com/j/ 2 B
22 B 29ms
14ms XHR
text/plain 2a00:1450:4001:828::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j96&a=1522820835&t=pageview&_s=1&dl=https%3A%2F%2Fnets4.com%2Fandroid-apps%2Fcom.darkodeb.souprn&ul=en-us&de=UTF-8&dt=I%20Am%20Fish%20Game%20Tips%20-%20Android%20App&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IEBAAEABAAAAAC~&jid=764180576&gjid=1097433196&cid=1864642650.1647131689&tid=UA-123511935-10&_gid=1207595817.1647131689&_r=1&_slc=1&z=610357301

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

a048e640908046be06e00eab37742b5d5ff80964af58cfd22f7cb2de4dfe375f

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://nets4.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Sun, 13 Mar 2022 00:34:49 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://nets4.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 sm.22.html Show response
static.addtoany.com/menu/ Frame 8F6C 278 B
324 B 51ms
23ms Document
text/html 2606:4700:10::6816:46c5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.addtoany.com/menu/sm.22.html

Requested by

Host: nets4.com
URL: https://nets4.com/assets/js/sharebutton.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:46c5 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4fef239ebd936e96f316dee1aca599952e7adaaba26fab72b45328871855ac4b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/

Response headers

date: Sun, 13 Mar 2022 00:34:49 GMT
content-type: text/html; charset=utf-8
p3p: CP="ALL DSP COR CURa ADMa DEVa TAIa PSAa PSDa OUR IND UNI COM NAV INT"
last-modified: Tue, 28 Sep 2021 21:02:23 GMT
etag: W/"116-5cd1487afaaea"
cache-control: max-age=315360000, immutable
vary: Accept-Encoding
via: e2s
cf-cache-status: HIT
age: 2171547
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 6eb0afa2890001f4-ZRH
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
DATA 200
OK truncated
/ 34 B
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 1e85ec81b9800b4c443d39caca0d0926089a3ac201120db1ceb45b93789480b8

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Content-Type: image/gif

GET
H2 200 icons.29.svg.js Show response
static.addtoany.com/menu/svg/ 78 KB
33 KB 42ms
21ms Script
application/javascript 2606:4700:10::6816:46c5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.addtoany.com/menu/svg/icons.29.svg.js

Requested by

Host: nets4.com
URL: https://nets4.com/assets/js/sharebutton.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:46c5 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e30f848c353b8ab801c18d2109527cb32a27f145262dccb3cd4db9f309cc53bb

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sun, 13 Mar 2022 00:34:49 GMT
via: e2s
x-content-type-options: nosniff
cf-cache-status: HIT
age: 27998518
p3p: CP="ALL DSP COR CURa ADMa DEVa TAIa PSAa PSDa OUR IND UNI COM NAV INT"
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Mon, 31 Dec 2018 23:29:11 GMT
server: cloudflare
etag: W/"13937-57e59c7b88bd6"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
vary: Accept-Encoding
cache-control: max-age=315360000, immutable
cf-ray: 6eb0afa2890101f4-ZRH
cf-bgj: minify

GET
H2 200 550j6zn5gn Show response
www.clarity.ms/tag/ 730 B
1 KB 235ms
141ms Script
application/x-javascript 2620:1ec:27::cafe:1377
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.clarity.ms/tag/550j6zn5gn
Requested by: Host: nets4.com
URL: https://nets4.com/android-apps/com.darkodeb.souprn
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:27::cafe:1377 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: / ASP.NET
Resource Hash: 5ad4775e1fe1f79812db4a03e8a5385a2b542639587bbadfed3f6fe83752f8b5

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sun, 13 Mar 2022 00:34:48 GMT
x-powered-by: ASP.NET
x-azure-ref: 0KTwtYgAAAACt5mv3/C8GQ6YHrE6bBN2ySEVMMDFFREdFMDUxNwA2Y2ZiZWVlMC01MDI3LTQ4NGItODk2Ny00YTI5YWY3N2YxZTE=
x-cache: CONFIG_NOCACHE
content-type: application/x-javascript
expires: -1
cache-control: no-cache, no-store
request-context: appId=cid-v1:3f60b293-70d6-4805-b0bb-3484f0a73bf0

GET
H3 200 show_ads_impl_with_ama_fy2019.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202203030101/ 292 KB
105 KB 49ms
34ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202203030101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-8744459230456906&plah=nets4.com&bust=31065566

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

bd4a69431e6df7eb88d93b93ccde90125856df08b104de505e56260a5d448ebc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sun, 13 Mar 2022 00:34:49 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 107538
x-xss-protection: 0
server: cafe
etag: 17005975855770802595
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Sun, 13 Mar 2022 00:34:49 GMT

GET
H2 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20220308/r20190131/ Frame E115 10 KB
5 KB 29ms
7ms Document
text/html 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20220308/r20190131/zrt_lookup.html

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0ce5fc08d0f617e71e1d61bcd79fc7cc1855f4221945b0c09ac774685fe7f52c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 4502
x-xss-protection: 0
date: Sun, 13 Mar 2022 00:08:55 GMT
expires: Sun, 27 Mar 2022 00:08:55 GMT
cache-control: public, max-age=1209600
age: 1554
etag: 4044455266028820542
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 cookie.js Show response
partner.googleadservices.com/gampad/ 213 B
642 B 37ms
15ms Script
text/javascript 142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://partner.googleadservices.com/gampad/cookie.js?domain=nets4.com&callback=_gfp_s_&client=ca-pub-8744459230456906

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202203030101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-8744459230456906&plah=nets4.com&bust=31065566

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

cafe /

Resource Hash

1e4a9f198dff83634cc8aa536fce4f387b3a03901331b8941d0416097de26cf9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sun, 13 Mar 2022 00:34:49 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: text/javascript; charset=UTF-8
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 197
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
792 B 38ms
17ms Script
application/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=nets4.com

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

timing-allow-origin: *
date: Sun, 13 Mar 2022 00:34:49 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
549 B 45ms
17ms Script
application/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=nets4.com

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

timing-allow-origin: *
date: Sun, 13 Mar 2022 00:34:49 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 2DEE 187 KB
49 KB 493ms
478ms Document
text/html 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8744459230456906&output=html&adk=1812271804&adf=3025194257&lmt=1647114591&plat=3%3A32%2C4%3A32%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&format=0x0&url=https%3A%2F%2Fnets4.com%2Fandroid-apps%2Fcom.darkodeb.souprn&ea=0&flash=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&dt=1647131689354&bpp=2&bdt=364&idt=82&shv=r20220308&mjsv=m202203030101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=5166200400636&frm=20&pv=2&ga_vid=1864642650.1647131689&ga_sid=1647131689&ga_hid=1522820835&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759837%2C42531397%2C44750774%2C44758396%2C31065566%2C44756897%2C44758227&oid=2&pvsid=2517347526824419&pem=769&tmod=77995381&uas=0&nvt=1&eae=2&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=1&uci=a!1&fsb=1&dtd=98

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

37e02f8affd1b89429dc00ca8d986e5bcd97489a9e014d84f9837318d0f229ca

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Sun, 13 Mar 2022 00:34:49 GMT
server: cafe
content-length: 50385
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Sun, 13 Mar 2022 00:34:49 GMT
cache-control: private

GET
H2 200 clarity.js Show response
j.clarity.ms/s/0.6.32/ 53 KB
23 KB 336ms
107ms Script
application/javascript 20.85.30.134
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://j.clarity.ms/s/0.6.32/clarity.js
Requested by: Host: www.clarity.ms
URL: https://www.clarity.ms/tag/550j6zn5gn
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 20.85.30.134 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: 3701cadc5fc84e8ad639f83a87e20d82575e3cc28d479d73a0e66e5230e71c65

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sun, 13 Mar 2022 00:34:49 GMT
content-encoding: br
etag: "1d8314040aa9e90"
last-modified: Sun, 06 Mar 2022 09:55:04 GMT
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET
vary: Accept-Encoding
content-type: application/javascript;charset=utf-8
cache-control: public,max-age=86400
accept-ranges: bytes
request-context: appId=cid-v1:3f60b293-70d6-4805-b0bb-3484f0a73bf0

GET
H3 200 reactive_library_fy2019.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202203030101/ 151 KB
54 KB 49ms
49ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202203030101/reactive_library_fy2019.js?bust=31065566

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

473a0d9b69251336a8baadfc8fa4a282228b35a0eb990671c857b0a97bd08b1f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sun, 13 Mar 2022 00:34:49 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 55006
x-xss-protection: 0
server: cafe
etag: 13061883141754522956
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=1209600
timing-allow-origin: *
expires: Sun, 13 Mar 2022 00:34:49 GMT

GET
H3 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
122 B 33ms
15ms Script
application/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=nets4.com

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

timing-allow-origin: *
date: Sun, 13 Mar 2022 00:34:50 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
122 B 33ms
16ms Script
application/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=nets4.com

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

timing-allow-origin: *
date: Sun, 13 Mar 2022 00:34:50 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 8C6B 74 KB
30 KB 593ms
592ms Document
text/html 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8744459230456906&output=html&h=280&adk=2425089809&adf=3167432231&pi=t.aa~a.3621136341~i.2~rp.1&w=783&fwrn=4&fwrnh=100&lmt=1647114591&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=8995418946&psa=0&ad_type=text_image&format=783x280&url=https%3A%2F%2Fnets4.com%2Fandroid-apps%2Fcom.darkodeb.souprn&flash=0&fwr=0&pra=3&rh=196&rw=783&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&dt=1647131689990&bpp=2&bdt=1000&idt=-M&shv=r20220308&mjsv=m202203030101&ptt=9&saldr=aa&abxe=1&cookie=ID%3De76e1d7f951292ab-220e3ae45acd0021%3AT%3D1647131689%3ART%3D1647131689%3AS%3DALNI_MZf-097QFK_pDj_urpzHblre87SFA&prev_fmts=0x0&nras=2&correlator=5166200400636&frm=20&pv=1&ga_vid=1864642650.1647131689&ga_sid=1647131689&ga_hid=1522820835&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=266&ady=1416&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759837%2C42531397%2C44750774%2C44758396%2C31065566%2C44756897%2C44758227&oid=2&pvsid=2517347526824419&pem=769&tmod=77995381&uas=0&nvt=1&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=2&uci=a!2&btvi=1&fsb=1&xpc=3TjGIQkSfd&p=https%3A//nets4.com&dtd=20

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f6152f8ceab4bff266c32875028e39afd2a8583b6686fc31b0fc77c93f19de81

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Sun, 13 Mar 2022 00:34:50 GMT
server: cafe
content-length: 31085
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Sun, 13 Mar 2022 00:34:50 GMT
cache-control: private

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame A99B 74 KB
30 KB 267ms
266ms Document
text/html 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8744459230456906&output=html&h=280&adk=2425089809&adf=1831791976&pi=t.aa~a.3621136341~i.10~rp.1&w=783&fwrn=4&fwrnh=100&lmt=1647114591&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=8995418946&psa=0&ad_type=text_image&format=783x280&url=https%3A%2F%2Fnets4.com%2Fandroid-apps%2Fcom.darkodeb.souprn&flash=0&fwr=0&pra=3&rh=196&rw=783&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&dt=1647131689990&bpp=1&bdt=1000&idt=-M&shv=r20220308&mjsv=m202203030101&ptt=9&saldr=aa&abxe=1&cookie=ID%3De76e1d7f951292ab-220e3ae45acd0021%3AT%3D1647131689%3ART%3D1647131689%3AS%3DALNI_MZf-097QFK_pDj_urpzHblre87SFA&prev_fmts=0x0%2C783x280&nras=3&correlator=5166200400636&frm=20&pv=1&ga_vid=1864642650.1647131689&ga_sid=1647131689&ga_hid=1522820835&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=266&ady=1936&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759837%2C42531397%2C44750774%2C44758396%2C31065566%2C44756897%2C44758227&oid=2&pvsid=2517347526824419&pem=769&tmod=77995381&uas=0&nvt=1&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=3&uci=a!3&btvi=2&fsb=1&xpc=VKTyc5joIq&p=https%3A//nets4.com&dtd=30

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d6778f450facd5c010c3fea43e79d64b10869cb389873a9bd39e20ba3ada4927

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Sun, 13 Mar 2022 00:34:50 GMT
server: cafe
content-length: 30931
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Sun, 13 Mar 2022 00:34:50 GMT
cache-control: private

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame E8DF 74 KB
30 KB 329ms
329ms Document
text/html 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8744459230456906&output=html&h=240&adk=2847333973&adf=3755323566&pi=t.aa~a.1553042639~rp.4&w=285&fwrn=4&fwrnh=100&lmt=1647114591&rafmt=1&to=qs&pwprc=8995418946&psa=0&format=285x240&url=https%3A%2F%2Fnets4.com%2Fandroid-apps%2Fcom.darkodeb.souprn&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=4&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&dt=1647131689990&bpp=1&bdt=1000&idt=0&shv=r20220308&mjsv=m202203030101&ptt=9&saldr=aa&abxe=1&cookie=ID%3De76e1d7f951292ab-220e3ae45acd0021%3AT%3D1647131689%3ART%3D1647131689%3AS%3DALNI_MZf-097QFK_pDj_urpzHblre87SFA&prev_fmts=0x0%2C783x280%2C783x280&nras=4&correlator=5166200400636&frm=20&pv=1&ga_vid=1864642650.1647131689&ga_sid=1647131689&ga_hid=1522820835&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1085&ady=1306&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759837%2C42531397%2C44750774%2C44758396%2C31065566%2C44756897%2C44758227&oid=2&pvsid=2517347526824419&pem=769&tmod=77995381&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=4&uci=a!4&btvi=3&fsb=1&xpc=bXPmQ0hDrA&p=https%3A//nets4.com&dtd=33

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

4330ca59447fc17e2fd3556789e4fff245ad5150f38218eedac4c7ae1eeda492

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Sun, 13 Mar 2022 00:34:50 GMT
server: cafe
content-length: 30940
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Sun, 13 Mar 2022 00:34:50 GMT
cache-control: private

GET
H3 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20220308/r20110914/ Frame 3D31 10 KB
4 KB 7ms
7ms Document
text/html 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20220308/r20110914/zrt_lookup.html?fsb=1

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0ce5fc08d0f617e71e1d61bcd79fc7cc1855f4221945b0c09ac774685fe7f52c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 4502
x-xss-protection: 0
date: Sat, 12 Mar 2022 01:30:53 GMT
expires: Sat, 26 Mar 2022 01:30:53 GMT
cache-control: public, max-age=1209600
age: 83037
etag: 4044455266028820542
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20220308/r20110914/ Frame 1D4B 10 KB
4 KB 6ms
6ms Document
text/html 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20220308/r20110914/zrt_lookup.html?fsb=1

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0ce5fc08d0f617e71e1d61bcd79fc7cc1855f4221945b0c09ac774685fe7f52c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 4502
x-xss-protection: 0
date: Sat, 12 Mar 2022 01:30:53 GMT
expires: Sat, 26 Mar 2022 01:30:53 GMT
cache-control: public, max-age=1209600
age: 83037
etag: 4044455266028820542
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

POST
H2 204 collect Show response
j.clarity.ms/ 0
65 B 98ms
97ms XHR
text/plain 20.85.30.134
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://j.clarity.ms/collect
Requested by: Host: j.clarity.ms
URL: https://j.clarity.ms/s/0.6.32/clarity.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 20.85.30.134 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: application/x-clarity-gzip
Referer: https://nets4.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

access-control-allow-origin: https://nets4.com
date: Sun, 13 Mar 2022 00:34:49 GMT
access-control-allow-credentials: true
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET
request-context: appId=cid-v1:3f60b293-70d6-4805-b0bb-3484f0a73bf0

GET
H2 200 css2
fonts.googleapis.com/ Frame 3D31 4 KB
1 KB 38ms
16ms Stylesheet
text/css 2a00:1450:4001:82b::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Roboto:wght@400;700&display=swap

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220308/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

ab7475d461d9f613ef90faa375ec3387987dd7536af23c13cacd6be9c0c0e370

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Sat, 12 Mar 2022 22:56:58 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Sun, 13 Mar 2022 00:34:50 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Sun, 13 Mar 2022 00:34:50 GMT

GET
H2 200 feedback_grey600_24dp.png
www.gstatic.com/images/icons/material/system/2x/ Frame 3D31 205 B
743 B 30ms
7ms Image
image/png 2a00:1450:4001:82b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/images/icons/material/system/2x/feedback_grey600_24dp.png

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220308/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4d45982f2dc34f36c9045ee46a75a1943666bb7fd64e103cac8c7429e7012840

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sat, 12 Mar 2022 21:28:51 GMT
x-content-type-options: nosniff
age: 11159
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 205
x-xss-protection: 0
last-modified: Tue, 22 Oct 2019 18:15:00 GMT
server: sffe
vary: Origin
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
expires: Sun, 12 Mar 2023 21:28:51 GMT

GET
H2 200 settings_grey600_24dp.png
www.gstatic.com/images/icons/material/system/2x/ Frame 3D31 604 B
694 B 30ms
7ms Image
image/png 2a00:1450:4001:82b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/images/icons/material/system/2x/settings_grey600_24dp.png

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220308/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5c4a713ee4250851232be9f9f68d41586be39b299528cfc7266e0b0e7e582e1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sat, 12 Mar 2022 22:50:32 GMT
x-content-type-options: nosniff
age: 6258
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 604
x-xss-protection: 0
last-modified: Tue, 22 Oct 2019 18:15:00 GMT
server: sffe
vary: Origin
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
expires: Sun, 12 Mar 2023 22:50:32 GMT

GET
H2 200 interstitial_ad_frame_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220308/r20110914/elements/html/ Frame 3D31 19 KB
8 KB 58ms
8ms Script
text/javascript 2a00:1450:4001:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220308/r20110914/elements/html/interstitial_ad_frame_fy2019.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220308/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c9aa52271c062f05d8595fba2d3fcb36149ee713dbc867782e3a86bcc0497a2d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sat, 12 Mar 2022 23:47:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 2838
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8375
x-xss-protection: 0
server: cafe
etag: 14738557072536450365
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 26 Mar 2022 23:47:32 GMT

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 4C96 624 B
300 B 17ms
17ms Document
text/html 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CM6njwIQ8cnEggIYo4m_vQEwAQ&v=APEucNVI-qgjxEq6fKzqcjraKoVCjkaXdIkrIg8mh5KWkyvGw3dgdbemDbA48uDrlSWEXX2tjog69jqNOxJZK2d--ITsTJDRgRbmfm-wRldD3RxSYN0jBUTg3poN-o2ZVTOQZS2DtQfhPx77BoZFb86Enx-j8ollJKQZNFdvNpqXkGgCcBCNr20

Requested by

Host: nets4.com
URL: https://nets4.com/android-apps/com.darkodeb.souprn

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/html/r20220308/r20110914/zrt_lookup.html?fsb=1

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
date: Sun, 13 Mar 2022 00:34:50 GMT
server: cafe
cache-control: private
content-length: 276
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Sun, 13 Mar 2022 00:34:50 GMT

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 8DC1 88 KB
34 KB 48ms
48ms Script
text/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-AKRPTtymdlzSIQtotaq5Dj5_sKF8RwyPvcG6x6V27GyLCN-SzIkE6ezy-o2aN94FakROxH8agdYkfIgrN8vrWCt3aJgrkQOPMmXmCNhJfAqCwh9Kf9oQ2qx4QQ0nW8HCsinodY3-f4shMSwz6OiEx5KnQXng&dbm_d=AKAmf-AYMfiWXve_zmnbw9p99EVmjS9KjrSETGC5tABn0VbVKy4gV-kYWVLL5ULuK71Qv-Kog2oJzGdEaO_q8V7faIC_zC9lAUb-rWv1ilYmmysjiZE1huFsQu00JszcMmYaM-nRtR-2xIKCBggcdnI-70IekTC1G1R26BqdFupTYMnzw3QqAnIlJZGX5x_HDORKFd4Dm11pkWlo01owtx3OP-Zvnvsuait0rUJLa35R8IWkxYJzXupGObm_AS45rHrZjN4LUbI7qEGnU_JEJXz-kelhxEtBofuv12HePm0uZOa3yIs8mCj5Y_1YXIxbqaMb89uIdCsQlQo7XoU4J0PnHhcvpdYrJtABaHphOHTGDICrmIubjO6sC3KI-w0DVsv9Yem-MLOS8PkcJXLk-DSgvwso5CZA19FEYb-o5TkStPCNbkOQ7IybWwy1BuBh6oo4c1UHqCZX1yFbuwWARhFE2yJ6EWIIOpCXRI4t93hWfZyb4Zw5rzFMZSVYD1FdV1jHKIdPIfrJKe5IXS07eTlnvRGzS7JC600hSicHsSqjPMcwz_8s__QpVh0gGdVI6fweQw2seQrUUnwJD67McO0_q_JWosn-hxmhoRrjAb0l72ZroNN4-DD_7znhk6vXc53wBLlaYjy8vgI-K5Xfhh4RW9381Ltu7wIeTtdYYDtf5YYJCfBqCK9OB9wDP0rQiZsruhKC-4loTOCO564i6NR1oiHKDDbupGnK06RwmkhchktJG0YTDAWyAz3gLytG33l_T9sZsjagqjr7TfVrtrYm0on6SlwshuUMT7ObHwtq94EsQIkpCQqMpSkHcn0ts47u374yuMLjj_VAIM9tTvJ0uD1fr7ML2eFjJlcZcpmpoqQpib2oSnlCszzztp8KHJ49OABdOyJ7yas_gxhEl7siLzjkFNH7K1D93EXDXLE4_5Nr8QbFT-z9hCVmMQJu6wdW4PsFZSMXi5WePtCVF3NAVhQpcOekXYCEKZWs6OzL1GvNL20UBttURok3Q63pwO8Y07QOTlqzQlV4pOgN6H-ohZFZjDUusgMiiF9VBV9BvP6qy6FPFyQyphkQQVo_yab2YqSo7LAPx82H6sYPV3XVMYbEFUpYEKXvsudk7-76thklkU_9h124us-735uaRR2tEJpM0PL8N4Jz_nODQ7xbBB8522StPEj2sVf3QbrJi99osp4jtbEkzeySuo9zA0fDvD73gL0SQAa1WX4trXG9Zj6LWwzc8PgE-l9-z2RtZ0f9P7OTXxppBeHirWsf4suS-ZvndCoCzTTa9KZoiClKHY0w5ZkeENBvFvpaUJ1gbgxchXflf_GKjCWRIWOvfdK7xylle5LtDMmk9GzgboPFJK7n7uZgnTmRdy5KxR095GspJoirQx7MjGT0whtc4_gzQAHeKwgCy6AQ2gft-FaLsbA6oaeQF4pPahg5IoapWSG79nkCdxqyll21gNaDHUXeQROZ1y7wLVJKrKn3YIj54ZiEVobCUYHAoU0YKdVnCQU7dDOtf56AL55O_QxgvHY5B7gRSgCxRm5u8pgzGhFoep-TawIP2FO7_KLYsPX-A88fmH-zb6hMnMl8lvp83G95Hc20kiZhifjRHJ_gv-1aWgMNpl2a-Xx7FyIMseFciG4VYrRwptx2IoRdBBhSlbJYoNsV-mKquvgtJonyuvELzPMMhvZfKLvApaMPPwjuPtEk5FyHt2WcmjtPz7Yc7xZShti6D3AzUm2LS2YWnpCnw66ClPRUEFhYA8JcD083LDaivonKQN0-1iOyzCut25gNehDD9GjwmeueuKc7XAWlNW4NYmPg-KCGt-ZWU_wO7FR0Lsbr6yi7p8zdbEu1zxl6B6XRAmUp3vukcRWL61b87wKqMEHwI59z5aRi_6gmETosJr5v8-7ybRF79-hKarhypcqhW4ngwuaPc3ToTquOs9NEFBoFQ-1qX42N-eFHV6CJc0Y4vicYqJwjlMPri9gnqqhxnuRM-bPyGlqsOWg-AkT6zaoF75yRccmtbkTEO8hTSjriXh8_Q-Ii4h0IXR2uAzgFPy3mHAEwuyIS7adQIj4k720FKFr6qC33y7zEzIDWizmQdsHM5lC7eqEF80Vod4ZDk2hEkQfNkRvTRYe_lW7rlya8OdsvGMpol9SK92oRgywyHIvFH-YOHiynOMwBPJsMr5ISdVF_oaZ-gdwZrHJxa9Rzn7e5i-okhxgSqT1f6DFFtSZcZyFfTOVWwi3CjkuOaiIQ7QPLAn5OkZgYYYgobmZF15u-VZsZK-4_AKkcAU9hjxu6tmvmbkz6vaM4c67SKdZzjU5aSlefFbD7vAwK4McXU6723PXFKTPFYxm4YVGtMZDBtn2zgpOUYDCpkzgoU4MVJsRSJOAqFb40p5YgIIx2lc-QWq6MIJziTyfzKt46MoZF8XSLK7h81QrGE3RF7O3ftGqzdUgLE-9DDO_OqV2UDPPMcSeWABQ79cY25lR58wZXXQje5kpmKz-uh0TKiCscil8LHMdbny2MJMMEADgBDaHQpP99X6IZ-aGZv0JjMhrIs8Fq6S9jsFAHu6R-ppvPweGChUsKPA9WmPG245DNOGDYUWtr-AhK3fucwjdpavaH5KryDO4ExthsPO7hNOaQ2t51wFIxuhLohnGEOLzuBxUjh5QK2kbYD_lNXL8AkuXepwP-ptDIV7YFYi3mMP_pWykKiFBXrM9xZNgUBnJGsCurSdPnt3b5EYiSMzOQDPBVolw42si7q6NK7BM1b6ii1iQv5iggSn2bOS0plwAmAmi6vO_asdOI3tw7GpDan_trB1M0YsOz4lBYT1DicBgJbeXmAiCRU9Lv5ayU79yVusoyASwIGYsUI-YTWOH_maECsDGa_JUrfSSOhJ2MHNjrFLpAG4fzjG0MIPnlmeZ9SQ--lGs31duiGmUduW2GAMGM4ng4l2wjlfj3Nsm1Ar3k&cid=CAASBORoOaI&rfl=2%2Chttps%253A%252F%252Fnets4.com%252F%240

Requested by

Host: nets4.com
URL: https://nets4.com/android-apps/com.darkodeb.souprn

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d5bcc86a6bbaf5eca21e0f5a92ee34d0ece72573ac1c4e7d4a5e386cc905a277

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/html/r20220308/r20110914/zrt_lookup.html?fsb=1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 13 Mar 2022 00:34:50 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35117
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220308/r20110914/client/ Frame 8DC1 2 KB
2 KB 45ms
7ms Script
text/javascript 2a00:1450:4001:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220308/r20110914/client/window_focus_fy2019.js

Requested by

Host: nets4.com
URL: https://nets4.com/android-apps/com.darkodeb.souprn

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

68026f99511fbc5c2275b7068b5fac19797d638977ffb9db12c5c1523614c18f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sun, 13 Mar 2022 00:28:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 374
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1233
x-xss-protection: 0
server: cafe
etag: 16517525077337815633
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 27 Mar 2022 00:28:36 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 8DC1 117 KB
36 KB 76ms
53ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: nets4.com
URL: https://nets4.com/android-apps/com.darkodeb.souprn

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ec068031a38f2d97255ddf90e6d75a5538a3b0ea29510482d1909c5a1a10ad74

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sun, 13 Mar 2022 00:34:50 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 36343
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1646830771070120"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Sun, 13 Mar 2022 00:34:50 GMT

GET
H2 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220308/r20110914/client/ Frame 8DC1 15 KB
6 KB 46ms
8ms Script
text/javascript 2a00:1450:4001:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220308/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: nets4.com
URL: https://nets4.com/android-apps/com.darkodeb.souprn

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

fdecda5ee87b28e579c5b61ef0f86e7fff85c838ff0a06450feee13a5877ed0b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sat, 12 Mar 2022 23:45:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 2958
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6397
x-xss-protection: 0
server: cafe
etag: 14404976697706490601
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 26 Mar 2022 23:45:32 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 8DC1 42 B
63 B 27ms
27ms Image
image/gif 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-DBerISpSSy44mXRtd61LxYjGvFQfpjxov6iUXrbzCMGjNO3OcqubXfgrSnGCCM8g4qvnBnhxUTYyAX-XODuRe9hfh6eZowq4OrxSMwTLO4Nrc14O8

Requested by

Host: nets4.com
URL: https://nets4.com/android-apps/com.darkodeb.souprn

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 13 Mar 2022 00:34:50 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 4C96
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEK0ZLiafZ6uvRKXYOnBt7FE&google_cver=1
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEK0ZLiafZ6uvRKXYOnBt7FE&google_cver=1&C=1

43 B
1014 B

38ms
38ms

Image
image/gif

2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEK0ZLiafZ6uvRKXYOnBt7FE&google_cver=1&C=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CM6njwIQ8cnEggIYo4m_vQEwAQ&v=APEucNVI-qgjxEq6fKzqcjraKoVCjkaXdIkrIg8mh5KWkyvGw3dgdbemDbA48uDrlSWEXX2tjog69jqNOxJZK2d--ITsTJDRgRbmfm-wRldD3RxSYN0jBUTg3poN-o2ZVTOQZS2DtQfhPx77BoZFb86Enx-j8ollJKQZNFdvNpqXkGgCcBCNr20
Protocol: HTTP/1.1
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Pragma: no-cache
Date: Sun, 13 Mar 2022 00:34:50 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Sun, 13 Mar 2022 00:34:50 GMT

Redirect headers

Pragma: no-cache
Date: Sun, 13 Mar 2022 00:34:50 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEK0ZLiafZ6uvRKXYOnBt7FE&google_cver=1&C=1
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: text/html; charset=iso-8859-1
Content-Length: 308
Expires: Sun, 13 Mar 2022 00:34:50 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 4C96
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=Yi08KkJI1WGsfy.BGbuf2QAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEF5FoktV1fRocJudlMfdGNQ&google_cver=1&google_hm=2

43 B
894 B

24ms
24ms

Image
image/gif

2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEF5FoktV1fRocJudlMfdGNQ&google_cver=1&google_hm=2
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CM6njwIQ8cnEggIYo4m_vQEwAQ&v=APEucNVI-qgjxEq6fKzqcjraKoVCjkaXdIkrIg8mh5KWkyvGw3dgdbemDbA48uDrlSWEXX2tjog69jqNOxJZK2d--ITsTJDRgRbmfm-wRldD3RxSYN0jBUTg3poN-o2ZVTOQZS2DtQfhPx77BoZFb86Enx-j8ollJKQZNFdvNpqXkGgCcBCNr20
Protocol: HTTP/1.1
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Pragma: no-cache
Date: Sun, 13 Mar 2022 00:34:50 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Sun, 13 Mar 2022 00:34:50 GMT

Redirect headers

pragma: no-cache
date: Sun, 13 Mar 2022 00:34:50 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEF5FoktV1fRocJudlMfdGNQ&google_cver=1&google_hm=2
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 329
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

setuid
ib.adnxs.com/ Frame 4C96
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEIjQhGHREvinIVPI17xcRCU&google_cver=1

43 B
1014 B

38ms
13ms

Image
image/gif

185.33.221.53
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=101&code=CAESEIjQhGHREvinIVPI17xcRCU&google_cver=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CM6njwIQ8cnEggIYo4m_vQEwAQ&v=APEucNVI-qgjxEq6fKzqcjraKoVCjkaXdIkrIg8mh5KWkyvGw3dgdbemDbA48uDrlSWEXX2tjog69jqNOxJZK2d--ITsTJDRgRbmfm-wRldD3RxSYN0jBUTg3poN-o2ZVTOQZS2DtQfhPx77BoZFb86Enx-j8ollJKQZNFdvNpqXkGgCcBCNr20

Protocol

HTTP/1.1

Server

185.33.221.53 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

718.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Pragma: no-cache
Date: Sun, 13 Mar 2022 00:34:50 GMT
X-Proxy-Origin: 193.27.14.42; 193.27.14.42; 718.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net; adnxs.com
AN-X-Request-Uuid: 637d244d-bf41-4c84-9bb9-43d7fd9a5160
Server: nginx/1.21.3
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Sun, 13 Mar 2022 00:34:50 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://ib.adnxs.com/setuid?entity=101&code=CAESEIjQhGHREvinIVPI17xcRCU&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 290
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 4C96
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MTcxMTUwNDAxNzE2NDA3NjIwNw%3D%3D

170 B
188 B

33ms
17ms

Image
image/png

142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MTcxMTUwNDAxNzE2NDA3NjIwNw%3D%3D

Requested by

Protocol

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 13 Mar 2022 00:34:50 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Sun, 13 Mar 2022 00:34:50 GMT
X-Proxy-Origin: 193.27.14.42; 193.27.14.42; 718.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net; adnxs.com
AN-X-Request-Uuid: d91fce76-6eb7-4421-9d01-89c1bf042182
Server: nginx/1.21.3
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MTcxMTUwNDAxNzE2NDA3NjIwNw%3D%3D
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3 200 css
fonts.googleapis.com/ Frame E53D 8 KB
892 B 32ms
17ms Stylesheet
text/css 2a00:1450:4001:82b::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220308/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

1e046a89bb90f44dadb24f5fdfbe412b5f6d320b790f7317fad956b193234726

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Sat, 12 Mar 2022 23:58:22 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Sun, 13 Mar 2022 00:34:50 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Sun, 13 Mar 2022 00:34:50 GMT

GET
H3 200 load_preloaded_resource_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220308/r20110914/client/ Frame E53D 2 KB
904 B 24ms
8ms Script
text/javascript 2a00:1450:4001:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220308/r20110914/client/load_preloaded_resource_fy2019.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220308/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7a487d46a028c374c609924015d8c7ef6dd28b613a3739aa97ed2080984775bb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sun, 13 Mar 2022 00:25:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 580
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 877
x-xss-protection: 0
server: cafe
etag: 13035868154101442325
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 27 Mar 2022 00:25:10 GMT

GET
H3 200 abg_lite_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220308/r20110914/ Frame E53D 19 KB
8 KB 23ms
9ms Script
text/javascript 2a00:1450:4001:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220308/r20110914/abg_lite_fy2019.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220308/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d7e3f3f9a87439492d58ee8a90cdc8741bd44e9f5ebc5a1be461ded2df7a155e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sun, 13 Mar 2022 00:23:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 700
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7865
x-xss-protection: 0
server: cafe
etag: 17470246482903461409
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 27 Mar 2022 00:23:10 GMT

GET
H3 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220308/r20110914/client/ Frame E53D 2 KB
1 KB 21ms
7ms Script
text/javascript 2a00:1450:4001:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220308/r20110914/client/window_focus_fy2019.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220308/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

68026f99511fbc5c2275b7068b5fac19797d638977ffb9db12c5c1523614c18f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sun, 13 Mar 2022 00:28:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 374
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1233
x-xss-protection: 0
server: cafe
etag: 16517525077337815633
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 27 Mar 2022 00:28:36 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame E53D 117 KB
36 KB 33ms
32ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220308/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ec068031a38f2d97255ddf90e6d75a5538a3b0ea29510482d1909c5a1a10ad74

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sun, 13 Mar 2022 00:34:50 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 36343
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1646830771070120"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Sun, 13 Mar 2022 00:34:50 GMT

GET
H3 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220308/r20110914/client/ Frame E53D 15 KB
6 KB 21ms
8ms Script
text/javascript 2a00:1450:4001:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220308/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220308/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

fdecda5ee87b28e579c5b61ef0f86e7fff85c838ff0a06450feee13a5877ed0b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sat, 12 Mar 2022 23:45:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 2958
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6397
x-xss-protection: 0
server: cafe
etag: 14404976697706490601
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 26 Mar 2022 23:45:32 GMT

GET
H3 200 35849274faa25b88196bf3c3ff2d72d2.js Show response
www.gstatic.com/mysidia/ Frame E53D 28 KB
12 KB 23ms
9ms Script
text/javascript 2a00:1450:4001:82b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/35849274faa25b88196bf3c3ff2d72d2.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220308/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3e4b4d396700e065d5d37bde974840cf2bf19565f8450785f0a869079b86bce9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 10 Mar 2022 08:32:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 230540
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11831
x-xss-protection: 0
last-modified: Mon, 07 Mar 2022 07:55:25 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Wed, 08 Jun 2022 08:32:30 GMT

GET
H2 200 skeleton.js Show response
fw.adsafeprotected.com/rjss/st/899486/59154218/ Frame 8DC1 232 KB
70 KB 121ms
32ms Script
application/javascript 52.50.243.239
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://fw.adsafeprotected.com/rjss/st/899486/59154218/skeleton.js?ias_dspID=3&ias_campId=15846430&ias_pubId=pub-8744459230456906&ias_chanId=1&ias_placementId=16539433847&bidurl=https://nets4.com/android-apps/com.darkodeb.souprn&ias_dealId=
Requested by: Host: nets4.com
URL: https://nets4.com/android-apps/com.darkodeb.souprn
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.50.243.239 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-50-243-239.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: b35a23f12ec5a2365072fc826915731f01a8b374ac283e20fa82f10cb7df3d03

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 13 Mar 2022 00:34:50 GMT
content-encoding: gzip
vary: accept-encoding
content-type: application/javascript;charset=utf-8
access-control-allow-origin: fw.adsafeprotected.com
cache-control: no-cache
access-control-allow-credentials: true
expires: Wed, 31 Dec 1969 23:59:59 GMT

GET
H2 200 express_html_inpage_rendering_lib_200_275.js Show response
s0.2mdn.net/879366/ Frame 8DC1 106 KB
38 KB 58ms
7ms Script
text/javascript 2a00:1450:4001:82b::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_275.js

Requested by

Host: nets4.com
URL: https://nets4.com/android-apps/com.darkodeb.souprn

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a23e44d9d02a2a9641a9bd3b47693656054c00b71890aed2fa7fc90151750f73

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Origin: https://googleads.g.doubleclick.net
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sat, 12 Mar 2022 12:47:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 42428
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37892
x-xss-protection: 0
last-modified: Mon, 27 Sep 2021 18:44:52 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 13 Mar 2022 12:47:42 GMT

GET
H3 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20220308/r20110914/elements/html/ Frame 8DC1 8 KB
3 KB 8ms
8ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20220308/r20110914/elements/html/omrhp.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-AKRPTtymdlzSIQtotaq5Dj5_sKF8RwyPvcG6x6V27GyLCN-SzIkE6ezy-o2aN94FakROxH8agdYkfIgrN8vrWCt3aJgrkQOPMmXmCNhJfAqCwh9Kf9oQ2qx4QQ0nW8HCsinodY3-f4shMSwz6OiEx5KnQXng&dbm_d=AKAmf-AYMfiWXve_zmnbw9p99EVmjS9KjrSETGC5tABn0VbVKy4gV-kYWVLL5ULuK71Qv-Kog2oJzGdEaO_q8V7faIC_zC9lAUb-rWv1ilYmmysjiZE1huFsQu00JszcMmYaM-nRtR-2xIKCBggcdnI-70IekTC1G1R26BqdFupTYMnzw3QqAnIlJZGX5x_HDORKFd4Dm11pkWlo01owtx3OP-Zvnvsuait0rUJLa35R8IWkxYJzXupGObm_AS45rHrZjN4LUbI7qEGnU_JEJXz-kelhxEtBofuv12HePm0uZOa3yIs8mCj5Y_1YXIxbqaMb89uIdCsQlQo7XoU4J0PnHhcvpdYrJtABaHphOHTGDICrmIubjO6sC3KI-w0DVsv9Yem-MLOS8PkcJXLk-DSgvwso5CZA19FEYb-o5TkStPCNbkOQ7IybWwy1BuBh6oo4c1UHqCZX1yFbuwWARhFE2yJ6EWIIOpCXRI4t93hWfZyb4Zw5rzFMZSVYD1FdV1jHKIdPIfrJKe5IXS07eTlnvRGzS7JC600hSicHsSqjPMcwz_8s__QpVh0gGdVI6fweQw2seQrUUnwJD67McO0_q_JWosn-hxmhoRrjAb0l72ZroNN4-DD_7znhk6vXc53wBLlaYjy8vgI-K5Xfhh4RW9381Ltu7wIeTtdYYDtf5YYJCfBqCK9OB9wDP0rQiZsruhKC-4loTOCO564i6NR1oiHKDDbupGnK06RwmkhchktJG0YTDAWyAz3gLytG33l_T9sZsjagqjr7TfVrtrYm0on6SlwshuUMT7ObHwtq94EsQIkpCQqMpSkHcn0ts47u374yuMLjj_VAIM9tTvJ0uD1fr7ML2eFjJlcZcpmpoqQpib2oSnlCszzztp8KHJ49OABdOyJ7yas_gxhEl7siLzjkFNH7K1D93EXDXLE4_5Nr8QbFT-z9hCVmMQJu6wdW4PsFZSMXi5WePtCVF3NAVhQpcOekXYCEKZWs6OzL1GvNL20UBttURok3Q63pwO8Y07QOTlqzQlV4pOgN6H-ohZFZjDUusgMiiF9VBV9BvP6qy6FPFyQyphkQQVo_yab2YqSo7LAPx82H6sYPV3XVMYbEFUpYEKXvsudk7-76thklkU_9h124us-735uaRR2tEJpM0PL8N4Jz_nODQ7xbBB8522StPEj2sVf3QbrJi99osp4jtbEkzeySuo9zA0fDvD73gL0SQAa1WX4trXG9Zj6LWwzc8PgE-l9-z2RtZ0f9P7OTXxppBeHirWsf4suS-ZvndCoCzTTa9KZoiClKHY0w5ZkeENBvFvpaUJ1gbgxchXflf_GKjCWRIWOvfdK7xylle5LtDMmk9GzgboPFJK7n7uZgnTmRdy5KxR095GspJoirQx7MjGT0whtc4_gzQAHeKwgCy6AQ2gft-FaLsbA6oaeQF4pPahg5IoapWSG79nkCdxqyll21gNaDHUXeQROZ1y7wLVJKrKn3YIj54ZiEVobCUYHAoU0YKdVnCQU7dDOtf56AL55O_QxgvHY5B7gRSgCxRm5u8pgzGhFoep-TawIP2FO7_KLYsPX-A88fmH-zb6hMnMl8lvp83G95Hc20kiZhifjRHJ_gv-1aWgMNpl2a-Xx7FyIMseFciG4VYrRwptx2IoRdBBhSlbJYoNsV-mKquvgtJonyuvELzPMMhvZfKLvApaMPPwjuPtEk5FyHt2WcmjtPz7Yc7xZShti6D3AzUm2LS2YWnpCnw66ClPRUEFhYA8JcD083LDaivonKQN0-1iOyzCut25gNehDD9GjwmeueuKc7XAWlNW4NYmPg-KCGt-ZWU_wO7FR0Lsbr6yi7p8zdbEu1zxl6B6XRAmUp3vukcRWL61b87wKqMEHwI59z5aRi_6gmETosJr5v8-7ybRF79-hKarhypcqhW4ngwuaPc3ToTquOs9NEFBoFQ-1qX42N-eFHV6CJc0Y4vicYqJwjlMPri9gnqqhxnuRM-bPyGlqsOWg-AkT6zaoF75yRccmtbkTEO8hTSjriXh8_Q-Ii4h0IXR2uAzgFPy3mHAEwuyIS7adQIj4k720FKFr6qC33y7zEzIDWizmQdsHM5lC7eqEF80Vod4ZDk2hEkQfNkRvTRYe_lW7rlya8OdsvGMpol9SK92oRgywyHIvFH-YOHiynOMwBPJsMr5ISdVF_oaZ-gdwZrHJxa9Rzn7e5i-okhxgSqT1f6DFFtSZcZyFfTOVWwi3CjkuOaiIQ7QPLAn5OkZgYYYgobmZF15u-VZsZK-4_AKkcAU9hjxu6tmvmbkz6vaM4c67SKdZzjU5aSlefFbD7vAwK4McXU6723PXFKTPFYxm4YVGtMZDBtn2zgpOUYDCpkzgoU4MVJsRSJOAqFb40p5YgIIx2lc-QWq6MIJziTyfzKt46MoZF8XSLK7h81QrGE3RF7O3ftGqzdUgLE-9DDO_OqV2UDPPMcSeWABQ79cY25lR58wZXXQje5kpmKz-uh0TKiCscil8LHMdbny2MJMMEADgBDaHQpP99X6IZ-aGZv0JjMhrIs8Fq6S9jsFAHu6R-ppvPweGChUsKPA9WmPG245DNOGDYUWtr-AhK3fucwjdpavaH5KryDO4ExthsPO7hNOaQ2t51wFIxuhLohnGEOLzuBxUjh5QK2kbYD_lNXL8AkuXepwP-ptDIV7YFYi3mMP_pWykKiFBXrM9xZNgUBnJGsCurSdPnt3b5EYiSMzOQDPBVolw42si7q6NK7BM1b6ii1iQv5iggSn2bOS0plwAmAmi6vO_asdOI3tw7GpDan_trB1M0YsOz4lBYT1DicBgJbeXmAiCRU9Lv5ayU79yVusoyASwIGYsUI-YTWOH_maECsDGa_JUrfSSOhJ2MHNjrFLpAG4fzjG0MIPnlmeZ9SQ--lGs31duiGmUduW2GAMGM4ng4l2wjlfj3Nsm1Ar3k&cid=CAASBORoOaI&rfl=2%2Chttps%253A%252F%252Fnets4.com%252F%240

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

28f18d39406a4b70dfa6cd479fe03f7ed918ca5c05cee26b87d9e1626cea1ed9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sun, 13 Mar 2022 00:17:15 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1055
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3159
x-xss-protection: 0
server: cafe
etag: 1394524276809619753
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 27 Mar 2022 00:17:15 GMT

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20220308/r20110914/ Frame 8DC1 25 KB
9 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20220308/r20110914/abg_lite.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

947e22d9ed05fbe3f5ed3c4ee35618a1910a85968f48a22c0277f9936f2eb769

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sun, 13 Mar 2022 00:18:16 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 994
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9657
x-xss-protection: 0
server: cafe
etag: 5177785407398320510
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 27 Mar 2022 00:18:16 GMT

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame 8DC1 41 KB
15 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220308/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Fri, 11 Mar 2022 19:45:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 103777
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 11 Mar 2023 19:45:13 GMT

GET
DATA 200
OK truncated
/ Frame 8DC1 214 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 50bf55a29418702858357c46bac6fe387a4ed7a58c4ef43b5b2f3bb7a0e3f9d0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Content-Type: image/png

POST
H2 204 collect Show response
j.clarity.ms/ 0
48 B 294ms
293ms XHR
text/plain 20.85.30.134
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://j.clarity.ms/collect
Requested by: Host: j.clarity.ms
URL: https://j.clarity.ms/s/0.6.32/clarity.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 20.85.30.134 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: application/x-clarity-gzip
Referer: https://nets4.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

access-control-allow-origin: https://nets4.com
date: Sun, 13 Mar 2022 00:34:50 GMT
access-control-allow-credentials: true
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET
request-context: appId=cid-v1:3f60b293-70d6-4805-b0bb-3484f0a73bf0

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 2878 22 KB
8 KB 8ms
7ms Document
text/html 2a00:1450:4001:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
timing-allow-origin: *
content-length: 8395
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 08 Mar 2022 17:11:58 GMT
expires: Wed, 08 Mar 2023 17:11:58 GMT
cache-control: public, max-age=31536000
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
content-type: text/html
age: 372172
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 sUHguJaOgo-7uJOhJ406zvaQRdrc_7oCnUaOp60Ji2o.js Show response
pagead2.googlesyndication.com/bg/ Frame DFE3 35 KB
14 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/sUHguJaOgo-7uJOhJ406zvaQRdrc_7oCnUaOp60Ji2o.js

Requested by

Host: nets4.com
URL: https://nets4.com/android-apps/com.darkodeb.souprn

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b141e0b8968e828fbbb893a1278d3acef69045dadcffba029d468ea7ad098b6a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sat, 12 Mar 2022 19:55:51 GMT
content-encoding: br
x-content-type-options: nosniff
age: 16739
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13820
x-xss-protection: 0
last-modified: Tue, 01 Mar 2022 17:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sun, 12 Mar 2023 19:55:51 GMT

GET
H3 200 7607313998283935995
tpc.googlesyndication.com/simgad/ Frame A99B 98 KB
98 KB 8ms
8ms Image
image/png 2a00:1450:4001:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/7607313998283935995?sqp=4sqPyQQ7QjkqNxABHQAAtEIgASgBMAk4A0DwkwlYAWBfcAKAAQGIAQGdAQAAgD-oAQGwAYCt4gS4AV_FAS2ynT4&rs=AOga4qm9uUizpd6g0fx1Y8Fg4GGUdqXmBA

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8744459230456906&output=html&h=280&adk=2425089809&adf=1831791976&pi=t.aa~a.3621136341~i.10~rp.1&w=783&fwrn=4&fwrnh=100&lmt=1647114591&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=8995418946&psa=0&ad_type=text_image&format=783x280&url=https%3A%2F%2Fnets4.com%2Fandroid-apps%2Fcom.darkodeb.souprn&flash=0&fwr=0&pra=3&rh=196&rw=783&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&dt=1647131689990&bpp=1&bdt=1000&idt=-M&shv=r20220308&mjsv=m202203030101&ptt=9&saldr=aa&abxe=1&cookie=ID%3De76e1d7f951292ab-220e3ae45acd0021%3AT%3D1647131689%3ART%3D1647131689%3AS%3DALNI_MZf-097QFK_pDj_urpzHblre87SFA&prev_fmts=0x0%2C783x280&nras=3&correlator=5166200400636&frm=20&pv=1&ga_vid=1864642650.1647131689&ga_sid=1647131689&ga_hid=1522820835&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=266&ady=1936&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759837%2C42531397%2C44750774%2C44758396%2C31065566%2C44756897%2C44758227&oid=2&pvsid=2517347526824419&pem=769&tmod=77995381&uas=0&nvt=1&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=3&uci=a!3&btvi=2&fsb=1&xpc=VKTyc5joIq&p=https%3A//nets4.com&dtd=30

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

28cc8bf1dbe125127ceee7a2ff05fd39c9dd63387e40fb551cf75228ecc348e9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Tue, 08 Mar 2022 02:41:58 GMT
x-content-type-options: nosniff
age: 424372
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100053
x-xss-protection: 0
last-modified: Mon, 24 Jan 2022 11:43:35 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Wed, 08 Mar 2023 02:41:58 GMT

GET
H3 200 abg_lite_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220308/r20110914/ Frame A99B 19 KB
8 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220308/r20110914/abg_lite_fy2019.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d7e3f3f9a87439492d58ee8a90cdc8741bd44e9f5ebc5a1be461ded2df7a155e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sun, 13 Mar 2022 00:23:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 700
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7865
x-xss-protection: 0
server: cafe
etag: 17470246482903461409
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 27 Mar 2022 00:23:10 GMT

GET
H3 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220308/r20110914/client/ Frame A99B 2 KB
1 KB 8ms
6ms Script
text/javascript 2a00:1450:4001:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220308/r20110914/client/window_focus_fy2019.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

68026f99511fbc5c2275b7068b5fac19797d638977ffb9db12c5c1523614c18f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sun, 13 Mar 2022 00:28:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 374
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1233
x-xss-protection: 0
server: cafe
etag: 16517525077337815633
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 27 Mar 2022 00:28:36 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame A99B 117 KB
36 KB 34ms
19ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ec068031a38f2d97255ddf90e6d75a5538a3b0ea29510482d1909c5a1a10ad74

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sun, 13 Mar 2022 00:34:50 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 36343
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1646830771070120"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Sun, 13 Mar 2022 00:34:50 GMT

GET
H3 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220308/r20110914/client/ Frame A99B 15 KB
6 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220308/r20110914/client/qs_click_protection_fy2019.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

fdecda5ee87b28e579c5b61ef0f86e7fff85c838ff0a06450feee13a5877ed0b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sat, 12 Mar 2022 23:45:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 2958
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6397
x-xss-protection: 0
server: cafe
etag: 14404976697706490601
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 26 Mar 2022 23:45:32 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame A99B 0
0 31ms
14ms Image
text/html 2a00:1450:4001:811::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaT_lbYFAJTooAfVxzN2cdfLPkHJqbTYgDImXPCb62g2Mm0LwyxmNBD4Rz9MQIexnngigHwBCe9Sw2xQLfBl4NK1dYY_Qg
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8744459230456906&output=html&h=280&adk=2425089809&adf=1831791976&pi=t.aa~a.3621136341~i.10~rp.1&w=783&fwrn=4&fwrnh=100&lmt=1647114591&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=8995418946&psa=0&ad_type=text_image&format=783x280&url=https%3A%2F%2Fnets4.com%2Fandroid-apps%2Fcom.darkodeb.souprn&flash=0&fwr=0&pra=3&rh=196&rw=783&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&dt=1647131689990&bpp=1&bdt=1000&idt=-M&shv=r20220308&mjsv=m202203030101&ptt=9&saldr=aa&abxe=1&cookie=ID%3De76e1d7f951292ab-220e3ae45acd0021%3AT%3D1647131689%3ART%3D1647131689%3AS%3DALNI_MZf-097QFK_pDj_urpzHblre87SFA&prev_fmts=0x0%2C783x280&nras=3&correlator=5166200400636&frm=20&pv=1&ga_vid=1864642650.1647131689&ga_sid=1647131689&ga_hid=1522820835&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=266&ady=1936&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759837%2C42531397%2C44750774%2C44758396%2C31065566%2C44756897%2C44758227&oid=2&pvsid=2517347526824419&pem=769&tmod=77995381&uas=0&nvt=1&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=3&uci=a!3&btvi=2&fsb=1&xpc=VKTyc5joIq&p=https%3A//nets4.com&dtd=30
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:811::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

GET
H3 200 one_click_handler_one_afma_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220308/r20110914/client/ Frame A99B 28 KB
12 KB 9ms
8ms Script
text/javascript 2a00:1450:4001:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220308/r20110914/client/one_click_handler_one_afma_fy2019.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ca7f23edc5a250dd23a0e499b3aa451f9dbc6bafc91faf8da2c7245bb05de1f7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sat, 12 Mar 2022 21:12:47 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 12123
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11802
x-xss-protection: 0
server: cafe
etag: 8307557220395963033
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 26 Mar 2022 21:12:47 GMT

GET
H3 200 index.html Show response
s0.2mdn.net/sadbundle/12525119072562153200/ Frame 42C6 4 KB
1 KB 22ms
7ms Document
text/html 2a00:1450:4001:82b::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/12525119072562153200/index.html

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_275.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2b85ec33710cdd1ce85d6f8ee3a0a4c843476a7944bb29413587e59b993964fa

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
timing-allow-origin: *
content-length: 1364
x-content-type-options: nosniff
x-dns-prefetch-control: off
content-encoding: gzip
server: sffe
x-xss-protection: 0
date: Tue, 08 Mar 2022 11:22:04 GMT
expires: Wed, 08 Mar 2023 11:22:04 GMT
cache-control: public, max-age=31536000
age: 393166
last-modified: Tue, 24 Aug 2021 16:58:17 GMT
content-type: text/html
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

POST
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame 8DC1 0
571 B 73ms
34ms Ping
image/gif 142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjstqmayYkzoaTz0Sl-9Sb6iE6U_xZbiTeo162Htyrr6qYlcl77GlAGuql2rEdmpYG5Jvo6e0t0Er3Uxjw_tkhwKCFt9bkcFjL-eQTf_KCsXVER19odBSrcGk9Dz8b-qLpAEx6vmnDVHhwTUzJd-qvAW5kYkTKgjBtwbEzfAxeqAvIi0Pq4gCBQfPfiaat0zFAInSLzMPejNFuxhwWfGXDRvrIuOtsuELuR7IKRWXTMtZE40mklmZ89fJbqoOD06kC1Wd1pXS6o2Y5018BKb2PIcxJyQP5jhWtkcMRbDaTXCRV_VgsC2yhzdnqyoUCo5Zl-GwZ37OKhVuoYi0roZ5KC-3XiDwjXNNz7B_ZllzIimouGhltNbOlTcj2Zfu1kL40KCb08pEGvvl0YhiSPYVO_yZ8VVhfnDZhLSgJXTsrU9Kl1j598lyCFhdhM2rmlT1JAmUNRZHSAACPDpIzFFYncMlq8Ui1Gdr5UcR2t8U3W6apzNck8u-wencGkgHdBpEp1b4PiVDAx-VU1iOGq8gZhCwaXXGHAJIqDpW7lQXQBt4WGTCJUwadqTia7vhaL5ClkrTcYdDi-XVXJqLsjDAgOfLp3E2sVuAEeHvjuMJvd-j1Dwl5Jd3JORH7lVLimQGTH4CVYjW87ajxx1gJ_GXq37jwKZHZDjvbix126UEhex10R-zVJvRoaKNwj6CCHx8lC5PVVzK6NHyIF3VQqqi0uaxX-e_LMBlu-VdBs22qyxu4OoL7XDvIW3esbv7JNT6tsq0_lQFuNHhjvMGM0rf9BXJlMY0cou8zYQiARpGE2_kkx8NZwjzYz3pm-H71EhrZDau4Gfpx-uDEewbc3lRWejA69aUw26sYEMJXwHsiF4GLbcywmrIm3jB4cVZ-a1OUyINLok8xjErk57-yh5ww7DO43qzWu0wzI6e77niWSeEirD3ZZIZ1AhkZimVuQIhqwQLrpcfA6WFAdKXoavCxeFNoqP3si-xsbvTre0E4nBbgCJZLNsEMnQ-Zr6o4OgW6UyFN17YiOuMeZRBDMtmuG8_q_Bl1j1d1U-yYcl2soIqurcbiksOn3n9xG-AFUIFxiGbTmrvlm3RvXUP3YV5DOKQ9Xh0531xxzBF0w9mM1e2bh6edEk6Gnv46f4&sai=AMfl-YQkh00rAr5kvkYXkSH10SVq-y33r6V9IRXOe6idMFposQMW719UKo-Wa3w2uod0aLmhs20BV3lx7pCHuyv6j8l-oUmYCUvE3oqLbKk1Onz38JcXwmhQon7MLK6dvu1IzyUx&sig=Cg0ArKJSzAbtZ-3RvL1FEAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=114&cbvp=1&cstd=111&cisv=r20220308.95683&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&adurl=

Requested by

Host: nets4.com
URL: https://nets4.com/android-apps/com.darkodeb.souprn

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
date: Sun, 13 Mar 2022 00:34:50 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame A99B 0
0 36ms
36ms Fetch
text/html 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=CffliKjwtYsi2Ao2a-gab0ryAD6yS7fhoopHWktsP2tkeEAEgvsC5NWCV4pCCoAegAZyv-6gCyAECqAMByAPJBKoE4wFP0L_4E7AUlhkczLrvh2A3AH-ZnEnxoWeqVHripamZOOor5f_I7uKa9XJYe1off-2I0XQNK40MtVu9wFjxAL69f5H50r8fvMO26B-zmlV-t8jEdGJo0tAReiPwkut65lviWzkGfrckuLYZmVfzI-qFugY-S0MxyZuWYUwd3qBVD5u2Cvxs4SEwuU8ijCLZ1EFwNeH7L36gFBAm1_3H4hCZt7oVq9VYXZVQBOD1aA38Y43ZC_uuZvQOFOJToOfPONoi9riooW9_d0qtWDG_OYLShxVE_eJA21zQ4BR7K3hrgvn4b8AEuvb6sPoDkgUECAQYAZIFBAgFGASgBgKAB8zQhNcBqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhvYBwHyBwQQzcoJ0ggJCIDhgBAQARgfgAoByAsB2BMN0BUBmBYBgBcBshccChoIABIUcHViLTg3NDQ0NTkyMzA0NTY5MDYYAA&sigh=75DpbyfFc94&uach_m=[UACH]

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8744459230456906&output=html&h=280&adk=2425089809&adf=1831791976&pi=t.aa~a.3621136341~i.10~rp.1&w=783&fwrn=4&fwrnh=100&lmt=1647114591&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=8995418946&psa=0&ad_type=text_image&format=783x280&url=https%3A%2F%2Fnets4.com%2Fandroid-apps%2Fcom.darkodeb.souprn&flash=0&fwr=0&pra=3&rh=196&rw=783&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&dt=1647131689990&bpp=1&bdt=1000&idt=-M&shv=r20220308&mjsv=m202203030101&ptt=9&saldr=aa&abxe=1&cookie=ID%3De76e1d7f951292ab-220e3ae45acd0021%3AT%3D1647131689%3ART%3D1647131689%3AS%3DALNI_MZf-097QFK_pDj_urpzHblre87SFA&prev_fmts=0x0%2C783x280&nras=3&correlator=5166200400636&frm=20&pv=1&ga_vid=1864642650.1647131689&ga_sid=1647131689&ga_hid=1522820835&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=266&ady=1936&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759837%2C42531397%2C44750774%2C44758396%2C31065566%2C44756897%2C44758227&oid=2&pvsid=2517347526824419&pem=769&tmod=77995381&uas=0&nvt=1&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=3&uci=a!3&btvi=2&fsb=1&xpc=VKTyc5joIq&p=https%3A//nets4.com&dtd=30
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
date: Sun, 13 Mar 2022 00:34:50 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
H3 200 722957426389965295
tpc.googlesyndication.com/simgad/ Frame E8DF 43 KB
43 KB 10ms
9ms Image
image/png 2a00:1450:4001:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/722957426389965295?sqp=4sqPyQQ7QjkqNxABHQAAtEIgASgBMAk4A0DwkwlYAWBfcAKAAQGIAQGdAQAAgD-oAQGwAYCt4gS4AV_FAS2ynT4&rs=AOga4qm2mSUZ5N72jN2DWvmVqbGPMwU53Q

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8744459230456906&output=html&h=240&adk=2847333973&adf=3755323566&pi=t.aa~a.1553042639~rp.4&w=285&fwrn=4&fwrnh=100&lmt=1647114591&rafmt=1&to=qs&pwprc=8995418946&psa=0&format=285x240&url=https%3A%2F%2Fnets4.com%2Fandroid-apps%2Fcom.darkodeb.souprn&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=4&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&dt=1647131689990&bpp=1&bdt=1000&idt=0&shv=r20220308&mjsv=m202203030101&ptt=9&saldr=aa&abxe=1&cookie=ID%3De76e1d7f951292ab-220e3ae45acd0021%3AT%3D1647131689%3ART%3D1647131689%3AS%3DALNI_MZf-097QFK_pDj_urpzHblre87SFA&prev_fmts=0x0%2C783x280%2C783x280&nras=4&correlator=5166200400636&frm=20&pv=1&ga_vid=1864642650.1647131689&ga_sid=1647131689&ga_hid=1522820835&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1085&ady=1306&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759837%2C42531397%2C44750774%2C44758396%2C31065566%2C44756897%2C44758227&oid=2&pvsid=2517347526824419&pem=769&tmod=77995381&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=4&uci=a!4&btvi=3&fsb=1&xpc=bXPmQ0hDrA&p=https%3A//nets4.com&dtd=33

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

bcd932ee1e27b27890a1a81d73bfef71812d66f0589048c4645b8edb6d8ca0af

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Tue, 08 Mar 2022 01:19:37 GMT
x-content-type-options: nosniff
age: 429313
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 44282
x-xss-protection: 0
last-modified: Mon, 24 Jan 2022 11:43:32 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Wed, 08 Mar 2023 01:19:37 GMT

GET
H3 200 abg_lite_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220308/r20110914/ Frame E8DF 19 KB
8 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220308/r20110914/abg_lite_fy2019.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d7e3f3f9a87439492d58ee8a90cdc8741bd44e9f5ebc5a1be461ded2df7a155e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sun, 13 Mar 2022 00:23:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 700
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7865
x-xss-protection: 0
server: cafe
etag: 17470246482903461409
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 27 Mar 2022 00:23:10 GMT

GET
H3 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220308/r20110914/client/ Frame E8DF 2 KB
1 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220308/r20110914/client/window_focus_fy2019.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

68026f99511fbc5c2275b7068b5fac19797d638977ffb9db12c5c1523614c18f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sun, 13 Mar 2022 00:28:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 374
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1233
x-xss-protection: 0
server: cafe
etag: 16517525077337815633
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 27 Mar 2022 00:28:36 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame E8DF 117 KB
36 KB 25ms
25ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ec068031a38f2d97255ddf90e6d75a5538a3b0ea29510482d1909c5a1a10ad74

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sun, 13 Mar 2022 00:34:50 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 36343
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1646830771070120"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Sun, 13 Mar 2022 00:34:50 GMT

GET
H3 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220308/r20110914/client/ Frame E8DF 15 KB
6 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220308/r20110914/client/qs_click_protection_fy2019.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

fdecda5ee87b28e579c5b61ef0f86e7fff85c838ff0a06450feee13a5877ed0b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sat, 12 Mar 2022 23:45:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 2958
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6397
x-xss-protection: 0
server: cafe
etag: 14404976697706490601
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 26 Mar 2022 23:45:32 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame E8DF 0
0 15ms
14ms Image
text/html 2a00:1450:4001:811::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaSShgkEtG5cFPLf49LyGzTKckeNRXDKbNheenIQZVWE6ZAneZfnI8IbqCs03-EHSx-ZwerY-9evCbM1DORIcvSjxoD_yg
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8744459230456906&output=html&h=240&adk=2847333973&adf=3755323566&pi=t.aa~a.1553042639~rp.4&w=285&fwrn=4&fwrnh=100&lmt=1647114591&rafmt=1&to=qs&pwprc=8995418946&psa=0&format=285x240&url=https%3A%2F%2Fnets4.com%2Fandroid-apps%2Fcom.darkodeb.souprn&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=4&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&dt=1647131689990&bpp=1&bdt=1000&idt=0&shv=r20220308&mjsv=m202203030101&ptt=9&saldr=aa&abxe=1&cookie=ID%3De76e1d7f951292ab-220e3ae45acd0021%3AT%3D1647131689%3ART%3D1647131689%3AS%3DALNI_MZf-097QFK_pDj_urpzHblre87SFA&prev_fmts=0x0%2C783x280%2C783x280&nras=4&correlator=5166200400636&frm=20&pv=1&ga_vid=1864642650.1647131689&ga_sid=1647131689&ga_hid=1522820835&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1085&ady=1306&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759837%2C42531397%2C44750774%2C44758396%2C31065566%2C44756897%2C44758227&oid=2&pvsid=2517347526824419&pem=769&tmod=77995381&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=4&uci=a!4&btvi=3&fsb=1&xpc=bXPmQ0hDrA&p=https%3A//nets4.com&dtd=33
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:811::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

GET
H3 200 one_click_handler_one_afma_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220308/r20110914/client/ Frame E8DF 28 KB
12 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220308/r20110914/client/one_click_handler_one_afma_fy2019.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ca7f23edc5a250dd23a0e499b3aa451f9dbc6bafc91faf8da2c7245bb05de1f7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sat, 12 Mar 2022 21:12:47 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 12123
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11802
x-xss-protection: 0
server: cafe
etag: 8307557220395963033
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 26 Mar 2022 21:12:47 GMT

GET
H3 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 5DC4 143 B
163 B 7ms
6ms Document
text/html 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8744459230456906&output=html&h=280&adk=2425089809&adf=1831791976&pi=t.aa~a.3621136341~i.10~rp.1&w=783&fwrn=4&fwrnh=100&lmt=1647114591&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=8995418946&psa=0&ad_type=text_image&format=783x280&url=https%3A%2F%2Fnets4.com%2Fandroid-apps%2Fcom.darkodeb.souprn&flash=0&fwr=0&pra=3&rh=196&rw=783&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&dt=1647131689990&bpp=1&bdt=1000&idt=-M&shv=r20220308&mjsv=m202203030101&ptt=9&saldr=aa&abxe=1&cookie=ID%3De76e1d7f951292ab-220e3ae45acd0021%3AT%3D1647131689%3ART%3D1647131689%3AS%3DALNI_MZf-097QFK_pDj_urpzHblre87SFA&prev_fmts=0x0%2C783x280&nras=3&correlator=5166200400636&frm=20&pv=1&ga_vid=1864642650.1647131689&ga_sid=1647131689&ga_hid=1522820835&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=266&ady=1936&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759837%2C42531397%2C44750774%2C44758396%2C31065566%2C44756897%2C44758227&oid=2&pvsid=2517347526824419&pem=769&tmod=77995381&uas=0&nvt=1&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=3&uci=a!3&btvi=2&fsb=1&xpc=VKTyc5joIq&p=https%3A//nets4.com&dtd=30

Response headers

x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 145
x-xss-protection: 0
date: Sun, 13 Mar 2022 00:03:19 GMT
cache-control: public, max-age=3600
content-type: text/html; charset=UTF-8
age: 1891
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 redir.html Show response
p4-eljpjziejsqdm-ydy3okyeyx4d4we5-if-v6exp3-v4.metric.gstatic.com/v6exp3/ Frame 8F22 247 B
961 B 51ms
14ms Document
text/html 142.250.185.67
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://p4-eljpjziejsqdm-ydy3okyeyx4d4we5-if-v6exp3-v4.metric.gstatic.com/v6exp3/redir.html

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.67 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f3.1e100.net

Software

sffe /

Resource Hash

d44b7a9baadbb49fd179feb626338b8c174726b1a946483942f599ead018b091

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-type: text/html
content-security-policy-report-only: script-src 'nonce-Oef911nVYTlXVR8QewqKqw' 'report-sample' 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' http: https:; object-src 'none'; report-uri https://csp.withgoogle.com/csp/static-on-bigtable; base-uri 'none'
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-length: 203
date: Sun, 13 Mar 2022 00:34:50 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
last-modified: Mon, 02 Dec 2019 20:15:00 GMT
x-content-type-options: nosniff
content-encoding: gzip
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame D079 1 KB
749 B 7ms
6ms Document
text/html 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/

Response headers

p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 724
x-xss-protection: 0
date: Sat, 12 Mar 2022 05:53:44 GMT
expires: Sun, 13 Mar 2022 05:53:44 GMT
cache-control: public, max-age=86400
age: 67266
etag: 48472445140208031
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame E8DF 0
0 40ms
39ms Fetch
text/html 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=CPQQGKjwtYv_LAtmc-gbt45S4B6yS7fhoso_WktsP2tkeEAEgvsC5NWCV4pCCoAegAZyv-6gCyAECqAMByAPJBKoE3QFP0EHq2oKi9728ew31bX81r-8CWGpr9A2448X1ZeKn55dDz1i4CKByE6hDX-dK4adaLzH7kZpenDC2_UeWeA106GekQwNPOLCJMPZi_HkY6lTW-VMvlfExj1HRS4LuSE1USRk2TGvljl9MwZiN8xdtMgKecHyC_mXv7QXOX8fEe8MRKo74JDQfmIqpTa8MRuL1LukFS6lz-4B-lE0RP05TnqnDahajFiMizhav_8f3dBlko2IH9DXaxrAbct_YrSS4VFKB8QhAv6K8iigo9nAuw5WPWl55jOgWowPGMcAEuvb6sPoDkgUECAQYAZIFBAgFGASgBgKAB8zQhNcBqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhvYBwHyBwQQ6boG0ggJCIDhgBAQARgfgAoByAsB2BMN0BUBmBYBgBcBshccChoIABIUcHViLTg3NDQ0NTkyMzA0NTY5MDYYAA&sigh=TyqrNZGmYhI&uach_m=[UACH]

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8744459230456906&output=html&h=240&adk=2847333973&adf=3755323566&pi=t.aa~a.1553042639~rp.4&w=285&fwrn=4&fwrnh=100&lmt=1647114591&rafmt=1&to=qs&pwprc=8995418946&psa=0&format=285x240&url=https%3A%2F%2Fnets4.com%2Fandroid-apps%2Fcom.darkodeb.souprn&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=4&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&dt=1647131689990&bpp=1&bdt=1000&idt=0&shv=r20220308&mjsv=m202203030101&ptt=9&saldr=aa&abxe=1&cookie=ID%3De76e1d7f951292ab-220e3ae45acd0021%3AT%3D1647131689%3ART%3D1647131689%3AS%3DALNI_MZf-097QFK_pDj_urpzHblre87SFA&prev_fmts=0x0%2C783x280%2C783x280&nras=4&correlator=5166200400636&frm=20&pv=1&ga_vid=1864642650.1647131689&ga_sid=1647131689&ga_hid=1522820835&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1085&ady=1306&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759837%2C42531397%2C44750774%2C44758396%2C31065566%2C44756897%2C44758227&oid=2&pvsid=2517347526824419&pem=769&tmod=77995381&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=4&uci=a!4&btvi=3&fsb=1&xpc=bXPmQ0hDrA&p=https%3A//nets4.com&dtd=33
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
date: Sun, 13 Mar 2022 00:34:50 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
H3 200 style.css
s0.2mdn.net/sadbundle/12525119072562153200/stylesheets/ Frame 42C6 3 KB
907 B 7ms
7ms Stylesheet
text/css 2a00:1450:4001:82b::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/12525119072562153200/stylesheets/style.css

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/12525119072562153200/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5687d13ae011d6ec24b25e19a6bc83a8536e0b98c97b7f4845d2eea5e2ae9536

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/12525119072562153200/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Tue, 08 Mar 2022 11:22:04 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 393166
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 878
x-xss-protection: 0
last-modified: Tue, 24 Aug 2021 16:58:17 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 08 Mar 2023 11:22:04 GMT

GET
H3 200 TweenMax.min.js Show response
cdnjs.cloudflare.com/ajax/libs/gsap/1.20.4/ Frame 42C6 113 KB
33 KB 16ms
16ms Script
application/javascript 2606:4700::6810:125e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/gsap/1.20.4/TweenMax.min.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/12525119072562153200/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6810:125e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4ba1b9960f6bcc2d49080931ddd405a8fda579f905c7094d567d2b5823ae7970

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sun, 13 Mar 2022 00:34:50 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 5116123
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 33534
timing-allow-origin: *
last-modified: Mon, 04 May 2020 16:10:25 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03e71-1c274"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=id%2Br2B7UfGMyyofrIenlaA1kza%2F38jC72cJCRg7S9H7%2FtaPzb6516CpbEPEGA%2FxxL4hLW%2BY8np%2F5t8Om5uoBlRdUB2pcpg2i7ucguVu6WJH%2BCmWIPeWHVFAwPXKzPy6OB3RcclLk4t9LlwvXGO8N1GWd"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=30672000
accept-ranges: bytes
cf-ray: 6eb0afa959650200-ZRH
expires: Fri, 03 Mar 2023 00:34:50 GMT

GET
H3 200 main.js Show response
s0.2mdn.net/sadbundle/12525119072562153200/javascripts/ Frame 42C6 3 KB
798 B 7ms
7ms Script
application/x-javascript 2a00:1450:4001:82b::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/12525119072562153200/javascripts/main.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/12525119072562153200/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5301a9242c3ba9f4b2eab1f3420dee893b50ee3e92ca055e06ddfddfe2ff1ecf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/12525119072562153200/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Tue, 08 Mar 2022 11:22:04 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 393166
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 769
x-xss-protection: 0
last-modified: Tue, 24 Aug 2021 16:58:17 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 08 Mar 2023 11:22:04 GMT

GET
H3 200 sUHguJaOgo-7uJOhJ406zvaQRdrc_7oCnUaOp60Ji2o.js Show response
pagead2.googlesyndication.com/bg/ Frame 2878 35 KB
14 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/sUHguJaOgo-7uJOhJ406zvaQRdrc_7oCnUaOp60Ji2o.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b141e0b8968e828fbbb893a1278d3acef69045dadcffba029d468ea7ad098b6a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sat, 12 Mar 2022 19:55:51 GMT
content-encoding: br
x-content-type-options: nosniff
age: 16739
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13820
x-xss-protection: 0
last-modified: Tue, 01 Mar 2022 17:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sun, 12 Mar 2023 19:55:51 GMT

GET
H2

200

4.js Show response
static.adsafeprotected.com/ Frame 8DC1
Redirect Chain

https://fw.adsafeprotected.com/rfw/st/899486/59154218/4.js?ias_dspID=3&ias_campId=15846430&ias_pubId=pub-8744459230456906&ias_chanId=1&ias_placementId=16539433847&bidurl=https://nets4.com/android-a...
https://static.adsafeprotected.com/4.js

1 KB
1 KB

18ms
9ms

Script
application/javascript

2600:9000:2156:c000:8:48e:53c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.adsafeprotected.com/4.js
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220308/r20110914/zrt_lookup.html?fsb=1
Protocol: H2
Server: 2600:9000:2156:c000:8:48e:53c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 460ff0b1da5bacd95df6905ad1c8df05bdda30aa4189e2fef38b53b6318e42ff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

x-amz-version-id: Un_.8Vp_TKwliNJVsYlZHVB1x_sghLWA
content-encoding: gzip
etag: W/"96e16e7453ae2e6952bc6d2a20ea29f7"
age: 365042
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: PENDING
last-modified: Tue, 01 Mar 2022 19:10:48 GMT
server: AmazonS3
date: Tue, 08 Mar 2022 19:10:49 GMT
vary: Accept-Encoding
content-type: application/javascript
via: 1.1 58bcd6f2e1bc29fb83f080f1743cfeca.cloudfront.net (CloudFront)
cache-control: max-age=604800
x-amz-cf-pop: FRA50-C1
x-amz-cf-id: p32DxHvJar7chEBZG_juSC6O0hrkBhO70e14851786RwK0wQwq0fkw==

Redirect headers

pragma: no-cache
date: Sun, 13 Mar 2022 00:34:50 GMT
x-server-name: app03.ie.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
location: https://static.adsafeprotected.com/4.js
cache-control: no-cache
content-length: 0
server: nginx

GET
H2 200 sca.17.5.12.js Show response
static.adsafeprotected.com/ Frame 0D22 80 KB
21 KB 56ms
8ms Script
application/javascript 2600:9000:2156:c000:8:48e:53c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.adsafeprotected.com/sca.17.5.12.js
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220308/r20110914/zrt_lookup.html?fsb=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2156:c000:8:48e:53c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 233bc983d773cb9a38ca251753bd43f9a2288279fab44598b49c433b32f6d285

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Tue, 15 Feb 2022 13:58:04 GMT
content-encoding: gzip
age: 2198207
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
last-modified: Thu, 19 Aug 2021 16:31:24 GMT
server: AmazonS3
etag: W/"9304f57298c3834ff107ea7ccb547996"
vary: Accept-Encoding
x-amz-version-id: 9YodSBhG3Q8HTUbQ_WDUpcPK09tSZ5ja
via: 1.1 58bcd6f2e1bc29fb83f080f1743cfeca.cloudfront.net (CloudFront)
cache-control: max-age=315360000
x-amz-cf-pop: FRA50-C1
content-type: application/javascript
x-amz-cf-id: oFgVRrc-Jyy2f2-wWIvjF_4OnCfjAYOtNUYWxcpzZ1obBnfkwTj5Yg==

GET
H3 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 2095 143 B
163 B 12ms
6ms Document
text/html 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8744459230456906&output=html&h=240&adk=2847333973&adf=3755323566&pi=t.aa~a.1553042639~rp.4&w=285&fwrn=4&fwrnh=100&lmt=1647114591&rafmt=1&to=qs&pwprc=8995418946&psa=0&format=285x240&url=https%3A%2F%2Fnets4.com%2Fandroid-apps%2Fcom.darkodeb.souprn&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=4&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&dt=1647131689990&bpp=1&bdt=1000&idt=0&shv=r20220308&mjsv=m202203030101&ptt=9&saldr=aa&abxe=1&cookie=ID%3De76e1d7f951292ab-220e3ae45acd0021%3AT%3D1647131689%3ART%3D1647131689%3AS%3DALNI_MZf-097QFK_pDj_urpzHblre87SFA&prev_fmts=0x0%2C783x280%2C783x280&nras=4&correlator=5166200400636&frm=20&pv=1&ga_vid=1864642650.1647131689&ga_sid=1647131689&ga_hid=1522820835&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1085&ady=1306&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759837%2C42531397%2C44750774%2C44758396%2C31065566%2C44756897%2C44758227&oid=2&pvsid=2517347526824419&pem=769&tmod=77995381&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=4&uci=a!4&btvi=3&fsb=1&xpc=bXPmQ0hDrA&p=https%3A//nets4.com&dtd=33

Response headers

x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 145
x-xss-protection: 0
date: Sun, 13 Mar 2022 00:03:19 GMT
cache-control: public, max-age=3600
content-type: text/html; charset=UTF-8
age: 1891
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 04D5 1 KB
749 B 12ms
7ms Document
text/html 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/

Response headers

p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 724
x-xss-protection: 0
date: Sat, 12 Mar 2022 05:53:44 GMT
expires: Sun, 13 Mar 2022 05:53:44 GMT
cache-control: public, max-age=86400
age: 67266
etag: 48472445140208031
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H/1.1 200
OK dt
dt.adsafeprotected.com/ Frame 8DC1 43 B
301 B 285ms
89ms Image
image/gif 104.244.36.20
ADSAFE-1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=899486&asId=42f30d28-1827-ddbf-72b9-cd0df794a09d&tv=%7Bc:6Hi5vG,pingTime:-3,time:63,type:v,clog:%5B%7Bpiv:0,vs:o,r:r,w:728,h:90,t:16%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:0,slTimes:%7Bi:0,o:63,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:16,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:sp,cc:0.0.728.90,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B58~0%5D,as:%5B58~728.90%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:0,fm:sZUUIgN+11%7C12%7C13%7C14%7C151%7C152%7C153%7C16%7C1711%7C181*.899486-59154218%7C1811%7C1812%7C1813,idMap:181*,rmeas:1,rend:0,renddet:na%7D&br=c
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220308/r20110914/zrt_lookup.html?fsb=1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.244.36.20 , United States, ASN7415 (ADSAFE-1, US),
Reverse DNS: nyidt.adsafeprotected.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Pragma: no-cache
Date: Sun, 13 Mar 2022 00:34:50 GMT
X-Server-Name: dt33.303net.pvt
P3P: CP="COM NAV INT STA NID OUR IND NOI"
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Server: nginx

GET
H/1.1 200
OK dt
dt.adsafeprotected.com/ Frame 8DC1 43 B
301 B 283ms
88ms Image
image/gif 104.244.36.20
ADSAFE-1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=899486&asId=42f30d28-1827-ddbf-72b9-cd0df794a09d&tv=%7Bc:6Hi5vH,pingTime:-6,time:64,type:i,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:0,slTimes:%7Bi:0,o:64,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:16,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:sp,cc:0.0.728.90,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B59~0%5D,as:%5B59~728.90%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:0,fm:sZUUIgN+11%7C12%7C13%7C14%7C151%7C152%7C153%7C16%7C1711%7C181*.899486-59154218%7C1811%7C1812%7C1813,idMap:181*,rmeas:1,rend:0,renddet:na%7D&tpiLookup=ao:nets4.com*%2Cgoogleads.g.doubleclick.net*&br=c
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220308/r20110914/zrt_lookup.html?fsb=1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.244.36.20 , United States, ASN7415 (ADSAFE-1, US),
Reverse DNS: nyidt.adsafeprotected.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Pragma: no-cache
Date: Sun, 13 Mar 2022 00:34:50 GMT
X-Server-Name: dt53.303net.pvt
P3P: CP="COM NAV INT STA NID OUR IND NOI"
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Server: nginx

GET
DATA 200
OK truncated
/ Frame A99B 214 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 6ef7f0a2baf34821a1ec14cfeb3ffc78954d7f515902798a9a4f77d69d8d2595

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Content-Type: image/png

GET
H/1.1 200
OK dt
dt.adsafeprotected.com/ Frame 8DC1 43 B
301 B 264ms
88ms Image
image/gif 104.244.36.20
ADSAFE-1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=899486&asId=42f30d28-1827-ddbf-72b9-cd0df794a09d&tv=%7Bc:6Hi5wh,pingTime:-2,time:100,type:a,im:%7Bsf:0,pom:1,prf:%7BbeA:311,beZ:312,mfA:313,cmA:314,inA:314,inZ:317,prA:317,prZ:322,si:327,poA:328,poZ:345,cmZ:345,mfZ:345,loA:374,loZ:376,ltA:410,ltZ:410%7D%7D,sca:%7Bdfp:%7Bdf:4,sz:728.90,dom:div%7D%7D,env:%7Bgca:false,cca:false,gca2:false%7D,clog:%5B%7Bpiv:0,vs:o,r:r,w:728,h:90,t:16%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:0,slTimes:%7Bi:0,o:100,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:16,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:sp,cc:0.0.728.90,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B95~0%5D,as:%5B95~728.90%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:0,fm:sZUUIgN+11%7C12%7C13%7C14%7C151%7C152%7C153%7C16%7C1711%7C181*.899486-59154218%7C1811%7C1812%7C1813,idMap:181*,pd:0YtC.internal-nacl-plugin,rmeas:1,rend:0,renddet:na,sinceFw:82,readyFired:true%7D&br=c
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220308/r20110914/zrt_lookup.html?fsb=1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.244.36.20 , United States, ASN7415 (ADSAFE-1, US),
Reverse DNS: nyidt.adsafeprotected.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Pragma: no-cache
Date: Sun, 13 Mar 2022 00:34:50 GMT
X-Server-Name: dt39.303net.pvt
P3P: CP="COM NAV INT STA NID OUR IND NOI"
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Server: nginx

GET
H3 200 bg.jpg
s0.2mdn.net/sadbundle/12525119072562153200/images/ Frame 42C6 52 KB
52 KB 9ms
8ms Image
image/jpeg 2a00:1450:4001:82b::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/12525119072562153200/images/bg.jpg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/12525119072562153200/stylesheets/style.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c0ed8156bd72ff47dd2f5a750b59703fc5c16726a874460fc4758d0e229bebb1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/12525119072562153200/stylesheets/style.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Tue, 08 Mar 2022 11:22:05 GMT
x-content-type-options: nosniff
age: 393165
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 53176
x-xss-protection: 0
last-modified: Tue, 24 Aug 2021 16:58:17 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 08 Mar 2023 11:22:05 GMT

GET
H3 200 push1.png
s0.2mdn.net/sadbundle/12525119072562153200/images/ Frame 42C6 3 KB
3 KB 8ms
7ms Image
image/png 2a00:1450:4001:82b::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/12525119072562153200/images/push1.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/12525119072562153200/stylesheets/style.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cd4974e223e25900fd683d48f3df16fdb2c8c4fd49a7bed8ba2e72848e69fcc1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/12525119072562153200/stylesheets/style.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Fri, 11 Mar 2022 09:53:19 GMT
x-content-type-options: nosniff
age: 139291
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3306
x-xss-protection: 0
last-modified: Tue, 24 Aug 2021 16:58:17 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 11 Mar 2023 09:53:19 GMT

GET
H3 200 bg2.jpg
s0.2mdn.net/sadbundle/12525119072562153200/images/ Frame 42C6 82 KB
82 KB 15ms
14ms Image
image/jpeg 2a00:1450:4001:82b::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/12525119072562153200/images/bg2.jpg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/12525119072562153200/stylesheets/style.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

471fc46a1d0fa59ca1c0c3914219d513f2845d9828a04b8001f93a91385a230f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/12525119072562153200/stylesheets/style.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Fri, 11 Mar 2022 09:50:05 GMT
x-content-type-options: nosniff
age: 139485
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 84030
x-xss-protection: 0
last-modified: Tue, 24 Aug 2021 16:58:17 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 11 Mar 2023 09:50:05 GMT

GET
H3 200 push2.png
s0.2mdn.net/sadbundle/12525119072562153200/images/ Frame 42C6 3 KB
3 KB 16ms
15ms Image
image/png 2a00:1450:4001:82b::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/12525119072562153200/images/push2.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/12525119072562153200/stylesheets/style.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

afee3505a491b430e00735247494dff84f92f83f1c6e7c0f6c8776b43eb6230c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/12525119072562153200/stylesheets/style.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Tue, 08 Mar 2022 06:30:36 GMT
x-content-type-options: nosniff
age: 410654
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3498
x-xss-protection: 0
last-modified: Tue, 24 Aug 2021 16:58:17 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 08 Mar 2023 06:30:36 GMT

GET
H3 200 bg3.jpg
s0.2mdn.net/sadbundle/12525119072562153200/images/ Frame 42C6 57 KB
57 KB 17ms
16ms Image
image/jpeg 2a00:1450:4001:82b::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/12525119072562153200/images/bg3.jpg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/12525119072562153200/stylesheets/style.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8a129808a4f3ca4580203c6313bdb15a70d61a5d2a001d37a7a4fae634c5b3c2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/12525119072562153200/stylesheets/style.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Tue, 08 Mar 2022 04:50:55 GMT
x-content-type-options: nosniff
age: 416635
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 58836
x-xss-protection: 0
last-modified: Tue, 24 Aug 2021 16:58:17 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 08 Mar 2023 04:50:55 GMT

GET
H3 200 push3.png
s0.2mdn.net/sadbundle/12525119072562153200/images/ Frame 42C6 3 KB
3 KB 24ms
23ms Image
image/png 2a00:1450:4001:82b::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/12525119072562153200/images/push3.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/12525119072562153200/stylesheets/style.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d150d1ce70d627534d77907bea86037b993aad1c2d1d37c922da66f8eeaa6dd7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/12525119072562153200/stylesheets/style.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Tue, 08 Mar 2022 11:22:05 GMT
x-content-type-options: nosniff
age: 393165
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2789
x-xss-protection: 0
last-modified: Tue, 24 Aug 2021 16:58:17 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 08 Mar 2023 11:22:05 GMT

GET
H3 200 bg4.jpg
s0.2mdn.net/sadbundle/12525119072562153200/images/ Frame 42C6 43 KB
43 KB 20ms
19ms Image
image/jpeg 2a00:1450:4001:82b::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/12525119072562153200/images/bg4.jpg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/12525119072562153200/stylesheets/style.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ec2565c9bb5f9f8affcd28457199785b6b25f63080e76c83c773355639d5d10e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/12525119072562153200/stylesheets/style.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Tue, 08 Mar 2022 11:22:05 GMT
x-content-type-options: nosniff
age: 393165
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 44357
x-xss-protection: 0
last-modified: Tue, 24 Aug 2021 16:58:17 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 08 Mar 2023 11:22:05 GMT

GET
H3 200 push4.png
s0.2mdn.net/sadbundle/12525119072562153200/images/ Frame 42C6 140 B
167 B 24ms
23ms Image
image/png 2a00:1450:4001:82b::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/12525119072562153200/images/push4.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/12525119072562153200/stylesheets/style.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3b47b0822eca0f063d9761994afcb069eb121b3b33f472ae5c47ff3f506491c6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/12525119072562153200/stylesheets/style.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Tue, 08 Mar 2022 11:22:05 GMT
x-content-type-options: nosniff
age: 393165
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 140
x-xss-protection: 0
last-modified: Tue, 24 Aug 2021 16:58:17 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 08 Mar 2023 11:22:05 GMT

GET
H3 200 push5.png
s0.2mdn.net/sadbundle/12525119072562153200/images/ Frame 42C6 2 KB
2 KB 23ms
22ms Image
image/png 2a00:1450:4001:82b::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/12525119072562153200/images/push5.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/12525119072562153200/stylesheets/style.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2d9cfc9ec75b6539f1f8750f5f453b2f3ddb1ed246c412a2ff1375026af56abf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/12525119072562153200/stylesheets/style.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Tue, 08 Mar 2022 05:05:30 GMT
x-content-type-options: nosniff
age: 415760
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2076
x-xss-protection: 0
last-modified: Tue, 24 Aug 2021 16:58:17 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 08 Mar 2023 05:05:30 GMT

GET
H3 200 bg5.jpg
s0.2mdn.net/sadbundle/12525119072562153200/images/ Frame 42C6 111 KB
111 KB 24ms
23ms Image
image/jpeg 2a00:1450:4001:82b::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/12525119072562153200/images/bg5.jpg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/12525119072562153200/stylesheets/style.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8c420b2c5ddf0efb5a8b4797bf624cb2b254decfdc6a9a299393a2be32b5138c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/12525119072562153200/stylesheets/style.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Tue, 08 Mar 2022 06:10:44 GMT
x-content-type-options: nosniff
age: 411846
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 113267
x-xss-protection: 0
last-modified: Tue, 24 Aug 2021 16:58:17 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 08 Mar 2023 06:10:44 GMT

GET
H3 200 push7.png
s0.2mdn.net/sadbundle/12525119072562153200/images/ Frame 42C6 2 KB
2 KB 23ms
22ms Image
image/png 2a00:1450:4001:82b::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/12525119072562153200/images/push7.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/12525119072562153200/stylesheets/style.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b73240328d07276e22f452268e0dc578e10634b741b53b3e8677b073a8eed9c6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/12525119072562153200/stylesheets/style.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Tue, 08 Mar 2022 11:22:05 GMT
x-content-type-options: nosniff
age: 393165
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2165
x-xss-protection: 0
last-modified: Tue, 24 Aug 2021 16:58:17 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 08 Mar 2023 11:22:05 GMT

GET
H3 200 push6.png
s0.2mdn.net/sadbundle/12525119072562153200/images/ Frame 42C6 2 KB
2 KB 21ms
20ms Image
image/png 2a00:1450:4001:82b::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/12525119072562153200/images/push6.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/12525119072562153200/stylesheets/style.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4b64c5c578ae4f9f4bc0e130c1fe96eb1566136470a4a5fe8a662d6fe9d6056f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/12525119072562153200/stylesheets/style.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Tue, 08 Mar 2022 05:05:30 GMT
x-content-type-options: nosniff
age: 415760
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2412
x-xss-protection: 0
last-modified: Tue, 24 Aug 2021 16:58:17 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 08 Mar 2023 05:05:30 GMT

GET
H3 200 push_end.png
s0.2mdn.net/sadbundle/12525119072562153200/images/ Frame 42C6 3 KB
3 KB 22ms
21ms Image
image/png 2a00:1450:4001:82b::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/12525119072562153200/images/push_end.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/12525119072562153200/stylesheets/style.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ed0a3fadffddc7a6c6d7503c8c3f8ef916ce0ffe8bf789a6791d41168e355ee6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/12525119072562153200/stylesheets/style.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Tue, 08 Mar 2022 11:22:05 GMT
x-content-type-options: nosniff
age: 393165
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2889
x-xss-protection: 0
last-modified: Tue, 24 Aug 2021 16:58:17 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 08 Mar 2023 11:22:05 GMT

GET
H3 200 mask.png
s0.2mdn.net/sadbundle/12525119072562153200/images/ Frame 42C6 4 KB
4 KB 21ms
20ms Image
image/png 2a00:1450:4001:82b::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/12525119072562153200/images/mask.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/12525119072562153200/stylesheets/style.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2a0ebad63f72a76eef81489ff5a91460a375240977a35f6f6bb93f1bf1bb5f7d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/12525119072562153200/stylesheets/style.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Tue, 08 Mar 2022 11:22:05 GMT
x-content-type-options: nosniff
age: 393165
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3774
x-xss-protection: 0
last-modified: Tue, 24 Aug 2021 16:58:17 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 08 Mar 2023 11:22:05 GMT

GET
H3 200 cta.png
s0.2mdn.net/sadbundle/12525119072562153200/images/ Frame 42C6 1 KB
1 KB 12ms
11ms Image
image/png 2a00:1450:4001:82b::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/12525119072562153200/images/cta.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/12525119072562153200/stylesheets/style.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

eee64c4f5422541049cac6e47c85fb8fdfb5c1717c41d5ba6d5fcab740f7d3b6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/12525119072562153200/stylesheets/style.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Tue, 08 Mar 2022 11:22:05 GMT
x-content-type-options: nosniff
age: 393165
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1504
x-xss-protection: 0
last-modified: Tue, 24 Aug 2021 16:58:17 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 08 Mar 2023 11:22:05 GMT

GET
H3 200 cta_hover.png
s0.2mdn.net/sadbundle/12525119072562153200/images/ Frame 42C6 99 B
126 B 11ms
10ms Image
image/png 2a00:1450:4001:82b::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/12525119072562153200/images/cta_hover.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/12525119072562153200/stylesheets/style.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ae829f91c5894fabf92675d9ccf31d618cd5e4d9a518274c532a727d71e8b3ef

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/12525119072562153200/stylesheets/style.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Tue, 08 Mar 2022 11:22:05 GMT
x-content-type-options: nosniff
age: 393165
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 99
x-xss-protection: 0
last-modified: Tue, 24 Aug 2021 16:58:17 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 08 Mar 2023 11:22:05 GMT

GET
H3 200 logo.png
s0.2mdn.net/sadbundle/12525119072562153200/images/ Frame 42C6 8 KB
8 KB 12ms
11ms Image
image/png 2a00:1450:4001:82b::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/12525119072562153200/images/logo.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/12525119072562153200/stylesheets/style.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f8226c4a493e7940c8fb7760cd0b68656bd25557379cbb42bb8f395a51b478a6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/12525119072562153200/stylesheets/style.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Tue, 08 Mar 2022 11:22:05 GMT
x-content-type-options: nosniff
age: 393165
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8527
x-xss-protection: 0
last-modified: Tue, 24 Aug 2021 16:58:17 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 08 Mar 2023 11:22:05 GMT

GET
H2 200 dpixel
cms.quantserve.com/ Frame D079 35 B
463 B 42ms
8ms Image
image/gif 2620:116:800d:21:5a23:9c4e:e774:96c1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cms.quantserve.com/dpixel?a=p-n5vvLvRdjg0ek&eid=0&qc_google_push=&google_gid=CAESED7xGV_kCWwG2cJB_Mt_SeE&google_cver=1&google_push=AYg5qPKsfip8pqx48Fgxs-oG6VlVy7KISvEgSjLWtMTQgUCTJukv2gAFXfdoa7zIV3oL3BnuUvvdwmPt5cfUbt0BM-m-uKSS-LiHig

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:116:800d:21:5a23:9c4e:e774:96c1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 13 Mar 2022 00:34:50 GMT
strict-transport-security: max-age=86400
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
cache-control: private, no-cache, no-store, proxy-revalidate
content-type: image/gif
content-length: 35
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame D079
Redirect Chain

https://id.rlcdn.com/466606.gif?cparams=google_push%3DAYg5qPJRe5Q46OLfc2mBVIhEJoHA6Bj_tejdZMqiHzSmKrj4JngXPReCiAqbAcN7-rblI8QoGOxJrendFs1-ijlD1_mGaT9icJm7Rw&google_gid=CAESEOWKPTOfs6S8opFlfOaIa24&g...
https://id.rlcdn.com/1000.gif?memo=CK69HBoNCKr4tJEGEgUI6AcQAEIASnJnb29nbGVfcHVzaD1BWWc1cVBKUmU1UTQ2T0xmYzJtQlZJaEVKb0hBNkJqX3RlamRaTXFpSHpTbUtyajRKbmdYUFJlQ2lBcWJBY043LXJibEk4UW9HT3hKcmVuZEZzMS1pam...
https://cm.g.doubleclick.net/pixel?google_nid=liveramp&google_hm=WGMzMDcwc1N4b1ZFMzFSRjB0eTZNZWFCNE5RRmZFaHFncWtTTHJ1NEhvUzhHX2tmQQ==&google_push

170 B
188 B

19ms
19ms

Image
image/png

142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=liveramp&google_hm=WGMzMDcwc1N4b1ZFMzFSRjB0eTZNZWFCNE5RRmZFaHFncWtTTHJ1NEhvUzhHX2tmQQ==&google_push

Requested by

Protocol

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 13 Mar 2022 00:34:50 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Sun, 13 Mar 2022 00:34:50 GMT
via: 1.1 google
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location: https://cm.g.doubleclick.net/pixel?google_nid=liveramp&google_hm=WGMzMDcwc1N4b1ZFMzFSRjB0eTZNZWFCNE5RRmZFaHFncWtTTHJ1NEhvUzhHX2tmQQ==&google_push
cache-control: no-cache, no-store
timing-allow-origin: *
alt-svc: clear
content-length: 0

GET
H2 200 dds
rtb.openx.net/sync/ Frame D079 43 B
350 B 50ms
16ms Image
image/gif 35.227.252.103
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb.openx.net/sync/dds?google_gid=CAESEDeT24AZxGj2BzHVzkCRgJw&google_cver=1&google_push=AYg5qPJCYe_tC9tG_4gcl1MccX7wVdHHxmopAFKPuiElB5kz-3hj5Qz9c5IxCFYgeV0J7-hlvP0OIm7bg2Qfw3YmK73Al4HaBi1e-A
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8744459230456906&output=html&h=280&adk=2425089809&adf=1831791976&pi=t.aa~a.3621136341~i.10~rp.1&w=783&fwrn=4&fwrnh=100&lmt=1647114591&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=8995418946&psa=0&ad_type=text_image&format=783x280&url=https%3A%2F%2Fnets4.com%2Fandroid-apps%2Fcom.darkodeb.souprn&flash=0&fwr=0&pra=3&rh=196&rw=783&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&dt=1647131689990&bpp=1&bdt=1000&idt=-M&shv=r20220308&mjsv=m202203030101&ptt=9&saldr=aa&abxe=1&cookie=ID%3De76e1d7f951292ab-220e3ae45acd0021%3AT%3D1647131689%3ART%3D1647131689%3AS%3DALNI_MZf-097QFK_pDj_urpzHblre87SFA&prev_fmts=0x0%2C783x280&nras=3&correlator=5166200400636&frm=20&pv=1&ga_vid=1864642650.1647131689&ga_sid=1647131689&ga_hid=1522820835&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=266&ady=1936&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759837%2C42531397%2C44750774%2C44758396%2C31065566%2C44756897%2C44758227&oid=2&pvsid=2517347526824419&pem=769&tmod=77995381&uas=0&nvt=1&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=3&uci=a!3&btvi=2&fsb=1&xpc=VKTyc5joIq&p=https%3A//nets4.com&dtd=30
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.227.252.103 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 103.252.227.35.bc.googleusercontent.com
Software: Cowboy /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 13 Mar 2022 00:34:50 GMT
via: 1.1 google
server: Cowboy
vary: Origin
p3p: CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin: null
access-control-expose-headers
cache-control: private, max-age=0, no-cache, must-revalidate
access-control-allow-credentials: true
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
x-request-id: td184ajcvq5303ks0n8b61c9shmf2pht

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame D079
Redirect Chain

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%...
https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%...
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=qPPIS2dzT8y4C4M9_CX73A%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mp...

170 B
188 B

18ms
17ms

Image
image/png

142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=qPPIS2dzT8y4C4M9_CX73A%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AYg5qPKZvG2aQMk5WRzdxck0t0ahGoZGB5vLJ6aN1B65d-qDZwxF4_JkvVYrxmfco-lnswtRWTBsMBLSY_vQjhlOEV6Foi39T8w3aA

Requested by

Host: nets4.com
URL: https://nets4.com/android-apps/com.darkodeb.souprn

Protocol

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 13 Mar 2022 00:34:50 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=qPPIS2dzT8y4C4M9_CX73A%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AYg5qPKZvG2aQMk5WRzdxck0t0ahGoZGB5vLJ6aN1B65d-qDZwxF4_JkvVYrxmfco-lnswtRWTBsMBLSY_vQjhlOEV6Foi39T8w3aA
date: Sun, 13 Mar 2022 00:34:50 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 0
content-type: text/html; charset=UTF-8

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame D079
Redirect Chain

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEFjcJUBgeue1gHkkm4ZpYt0&google_cver=1&google_push=AYg5qPICHAXDH39vslihr1N1NxPypDnB4Jqr_bKYpibVyHQGSI-lLJUjdPooETaaUr5E0hWgPmy...
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TDBPSk9JR1ItQi1CVTIx&google_push=AYg5qPICHAXDH39vslihr1N1NxPypDnB4Jqr_bKYpibVyHQGSI-lLJUjdPooETaaUr5E0hWgPmy-JuReG-L94RjU7_oIO12x4Fxqpg

170 B
188 B

17ms
17ms

Image
image/png

142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TDBPSk9JR1ItQi1CVTIx&google_push=AYg5qPICHAXDH39vslihr1N1NxPypDnB4Jqr_bKYpibVyHQGSI-lLJUjdPooETaaUr5E0hWgPmy-JuReG-L94RjU7_oIO12x4Fxqpg

Requested by

Protocol

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 13 Mar 2022 00:34:50 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Location: https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TDBPSk9JR1ItQi1CVTIx&google_push=AYg5qPICHAXDH39vslihr1N1NxPypDnB4Jqr_bKYpibVyHQGSI-lLJUjdPooETaaUr5E0hWgPmy-JuReG-L94RjU7_oIO12x4Fxqpg
Cache-Control: no-cache,no-store,must-revalidate
Content-Type: text/html
content-length: 0
X-RPHost: 611afce88997db6fdd35eb213e662871
Expires: 0

GET

pixel
cm.g.doubleclick.net/ Frame D079
Redirect Chain

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEDpIOGXmxHZVCwWJkDAVOo8&google_cver=1&googl...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yi08KkJI1WGsfy-BGbuf2gAABLQAAAAB&google_push=AYg5qPJ2PoI34rnZKI_COs6TI-llen0KJBq0z1Y7m4gugmxx_5IndEgpud1SkRyPWxDrA_IgjtqUiNVUf-HOc85cge...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yi08KkJI1WGsfy-BGbuf2gAABLQAAAAB&google_push=AYg5qPJ2PoI34rnZKI_COs6TI-llen0KJBq0z1Y7m4gugmxx_5IndEgpud1SkRyPWxDrA_IgjtqUiNVUf-HOc85cge...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yi08KkJI1WGsfy-BGbuf2gAABLQAAAAB&google_push=AYg5qPJ2PoI34rnZKI_COs6TI-llen0KJBq0z1Y7m4gugmxx_5IndEgpud1SkRyPWxDrA_IgjtqUiNVUf-HOc85cge...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yi08KkJI1WGsfy-BGbuf2gAABLQAAAAB&google_push=AYg5qPJ2PoI34rnZKI_COs6TI-llen0KJBq0z1Y7m4gugmxx_5IndEgpud1SkRyPWxDrA_IgjtqUiNVUf-HOc85cge...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yi08KkJI1WGsfy-BGbuf2gAABLQAAAAB&google_push=AYg5qPJ2PoI34rnZKI_COs6TI-llen0KJBq0z1Y7m4gugmxx_5IndEgpud1SkRyPWxDrA_IgjtqUiNVUf-HOc85cge...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yi08KkJI1WGsfy-BGbuf2gAABLQAAAAB&google_push=AYg5qPJ2PoI34rnZKI_COs6TI-llen0KJBq0z1Y7m4gugmxx_5IndEgpud1SkRyPWxDrA_IgjtqUiNVUf-HOc85cge...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yi08KkJI1WGsfy-BGbuf2gAABLQAAAAB&google_push=AYg5qPJ2PoI34rnZKI_COs6TI-llen0KJBq0z1Y7m4gugmxx_5IndEgpud1SkRyPWxDrA_IgjtqUiNVUf-HOc85cge...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yi08KkJI1WGsfy-BGbuf2gAABLQAAAAB&google_push=AYg5qPJ2PoI34rnZKI_COs6TI-llen0KJBq0z1Y7m4gugmxx_5IndEgpud1SkRyPWxDrA_IgjtqUiNVUf-HOc85cge...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yi08KkJI1WGsfy-BGbuf2gAABLQAAAAB&google_push=AYg5qPJ2PoI34rnZKI_COs6TI-llen0KJBq0z1Y7m4gugmxx_5IndEgpud1SkRyPWxDrA_IgjtqUiNVUf-HOc85cge...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yi08KkJI1WGsfy-BGbuf2gAABLQAAAAB&google_push=AYg5qPJ2PoI34rnZKI_COs6TI-llen0KJBq0z1Y7m4gugmxx_5IndEgpud1SkRyPWxDrA_IgjtqUiNVUf-HOc85cge...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yi08KkJI1WGsfy-BGbuf2gAABLQAAAAB&google_push=AYg5qPJ2PoI34rnZKI_COs6TI-llen0KJBq0z1Y7m4gugmxx_5IndEgpud1SkRyPWxDrA_IgjtqUiNVUf-HOc85cge...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yi08KkJI1WGsfy-BGbuf2gAABLQAAAAB&google_push=AYg5qPJ2PoI34rnZKI_COs6TI-llen0KJBq0z1Y7m4gugmxx_5IndEgpud1SkRyPWxDrA_IgjtqUiNVUf-HOc85cge...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yi08KkJI1WGsfy-BGbuf2gAABLQAAAAB&google_push=AYg5qPJ2PoI34rnZKI_COs6TI-llen0KJBq0z1Y7m4gugmxx_5IndEgpud1SkRyPWxDrA_IgjtqUiNVUf-HOc85cge...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yi08KkJI1WGsfy-BGbuf2gAABLQAAAAB&google_push=AYg5qPJ2PoI34rnZKI_COs6TI-llen0KJBq0z1Y7m4gugmxx_5IndEgpud1SkRyPWxDrA_IgjtqUiNVUf-HOc85cge...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yi08KkJI1WGsfy-BGbuf2gAABLQAAAAB&google_push=AYg5qPJ2PoI34rnZKI_COs6TI-llen0KJBq0z1Y7m4gugmxx_5IndEgpud1SkRyPWxDrA_IgjtqUiNVUf-HOc85cge...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yi08KkJI1WGsfy-BGbuf2gAABLQAAAAB&google_push=AYg5qPJ2PoI34rnZKI_COs6TI-llen0KJBq0z1Y7m4gugmxx_5IndEgpud1SkRyPWxDrA_IgjtqUiNVUf-HOc85cge...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yi08KkJI1WGsfy-BGbuf2gAABLQAAAAB&google_push=AYg5qPJ2PoI34rnZKI_COs6TI-llen0KJBq0z1Y7m4gugmxx_5IndEgpud1SkRyPWxDrA_IgjtqUiNVUf-HOc85cge...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yi08KkJI1WGsfy-BGbuf2gAABLQAAAAB&google_push=AYg5qPJ2PoI34rnZKI_COs6TI-llen0KJBq0z1Y7m4gugmxx_5IndEgpud1SkRyPWxDrA_IgjtqUiNVUf-HOc85cge...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yi08KkJI1WGsfy-BGbuf2gAABLQAAAAB&google_push=AYg5qPJ2PoI34rnZKI_COs6TI-llen0KJBq0z1Y7m4gugmxx_5IndEgpud1SkRyPWxDrA_IgjtqUiNVUf-HOc85cge...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yi08KkJI1WGsfy-BGbuf2gAABLQAAAAB&google_push=AYg5qPJ2PoI34rnZKI_COs6TI-llen0KJBq0z1Y7m4gugmxx_5IndEgpud1SkRyPWxDrA_IgjtqUiNVUf-HOc85cge...

0
0

GET
H2 200 trk
ag.innovid.com/ Frame D079 43 B
296 B 181ms
21ms Image
image/gif 2a05:d01c:1d8:8102:d28c:83ad:1b58:a2c4
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ag.innovid.com/trk?tid=11711&google_gid=CAESEJYMS28kRynKQ_sTVVRmne4&google_cver=1&google_push=AYg5qPL8pT6BmYy-0larh_WyYkQLyH2sb98kxyw-QSu_9q3qRHODY6gkghHmaJ-vc3B72ydGW42MkKSZfrtJDTn-9YPqKMybG3gzDA
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8744459230456906&output=html&h=280&adk=2425089809&adf=1831791976&pi=t.aa~a.3621136341~i.10~rp.1&w=783&fwrn=4&fwrnh=100&lmt=1647114591&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=8995418946&psa=0&ad_type=text_image&format=783x280&url=https%3A%2F%2Fnets4.com%2Fandroid-apps%2Fcom.darkodeb.souprn&flash=0&fwr=0&pra=3&rh=196&rw=783&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&dt=1647131689990&bpp=1&bdt=1000&idt=-M&shv=r20220308&mjsv=m202203030101&ptt=9&saldr=aa&abxe=1&cookie=ID%3De76e1d7f951292ab-220e3ae45acd0021%3AT%3D1647131689%3ART%3D1647131689%3AS%3DALNI_MZf-097QFK_pDj_urpzHblre87SFA&prev_fmts=0x0%2C783x280&nras=3&correlator=5166200400636&frm=20&pv=1&ga_vid=1864642650.1647131689&ga_sid=1647131689&ga_hid=1522820835&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=266&ady=1936&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759837%2C42531397%2C44750774%2C44758396%2C31065566%2C44756897%2C44758227&oid=2&pvsid=2517347526824419&pem=769&tmod=77995381&uas=0&nvt=1&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=3&uci=a!3&btvi=2&fsb=1&xpc=VKTyc5joIq&p=https%3A//nets4.com&dtd=30
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a05:d01c:1d8:8102:d28c:83ad:1b58:a2c4 London, United Kingdom, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 13 Mar 2022 00:34:50 GMT
cache-control: no-cache
content-type: image/gif
content-length: 43
request-time: 1
expires: -1

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame D079 0
12 B 19ms
18ms Image
text/html 142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13IyXaUNPZ_xGzC73wCpJQTpt0h3g5AhSlqWXWQHfO3zf8of0xEF7DOJsPql3xsPIENlpHba

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sun, 13 Mar 2022 00:34:50 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3 200 iframe.html Show response
p4-eljpjziejsqdm-ydy3okyeyx4d4we5-if-v6exp3-v4.metric.gstatic.com/v6exp3/ Frame 8F22 4 KB
2 KB 30ms
15ms Document
text/html 142.250.185.67
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://p4-eljpjziejsqdm-ydy3okyeyx4d4we5-if-v6exp3-v4.metric.gstatic.com/v6exp3/iframe.html

Requested by

Host: p4-eljpjziejsqdm-ydy3okyeyx4d4we5-if-v6exp3-v4.metric.gstatic.com
URL: https://p4-eljpjziejsqdm-ydy3okyeyx4d4we5-if-v6exp3-v4.metric.gstatic.com/v6exp3/redir.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.67 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f3.1e100.net

Software

sffe /

Resource Hash

a3114bceaa84e82561365cb4f455995557179c84e4233fae0298c59c9c4fa87a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://p4-eljpjziejsqdm-ydy3okyeyx4d4we5-if-v6exp3-v4.metric.gstatic.com/v6exp3/redir.html

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-type: text/html
content-security-policy-report-only: script-src 'nonce-ZKYmCtqEvMnrBb28_IcXHA' 'report-sample' 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' http: https:; object-src 'none'; report-uri https://csp.withgoogle.com/csp/static-on-bigtable; base-uri 'none'
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-length: 1863
date: Sun, 13 Mar 2022 00:34:50 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
last-modified: Thu, 29 Apr 2021 21:38:00 GMT
x-content-type-options: nosniff
content-encoding: gzip
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 5DC4
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

0
16 B

31ms
31ms

Document
text/html

2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Sun, 13 Mar 2022 00:34:50 GMT
server: cafe
content-length: 0
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Sun, 13 Mar 2022 00:34:50 GMT
cache-control: private

Redirect headers

location: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
cache-control: private
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Sun, 13 Mar 2022 00:34:50 GMT
server: cafe
content-length: 0
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
DATA 200
OK truncated
/ Frame E8DF 214 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 08a42251b67b3a3c4e4ca77f032b4ccd15d0a9e6bef333a60d8c671f48c1b0e7

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Content-Type: image/png

POST
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame 8DC1 0
23 B 45ms
31ms Ping
image/gif 142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjstqmayYkzoaTz0Sl-9Sb6iE6U_xZbiTeo162Htyrr6qYlcl77GlAGuql2rEdmpYG5Jvo6e0t0Er3Uxjw_tkhwKCFt9bkcFjL-eQTf_KCsXVER19odBSrcGk9Dz8b-qLpAEx6vmnDVHhwTUzJd-qvAW5kYkTKgjBtwbEzfAxeqAvIi0Pq4gCBQfPfiaat0zFAInSLzMPejNFuxhwWfGXDRvrIuOtsuELuR7IKRWXTMtZE40mklmZ89fJbqoOD06kC1Wd1pXS6o2Y5018BKb2PIcxJyQP5jhWtkcMRbDaTXCRV_VgsC2yhzdnqyoUCo5Zl-GwZ37OKhVuoYi0roZ5KC-3XiDwjXNNz7B_ZllzIimouGhltNbOlTcj2Zfu1kL40KCb08pEGvvl0YhiSPYVO_yZ8VVhfnDZhLSgJXTsrU9Kl1j598lyCFhdhM2rmlT1JAmUNRZHSAACPDpIzFFYncMlq8Ui1Gdr5UcR2t8U3W6apzNck8u-wencGkgHdBpEp1b4PiVDAx-VU1iOGq8gZhCwaXXGHAJIqDpW7lQXQBt4WGTCJUwadqTia7vhaL5ClkrTcYdDi-XVXJqLsjDAgOfLp3E2sVuAEeHvjuMJvd-j1Dwl5Jd3JORH7lVLimQGTH4CVYjW87ajxx1gJ_GXq37jwKZHZDjvbix126UEhex10R-zVJvRoaKNwj6CCHx8lC5PVVzK6NHyIF3VQqqi0uaxX-e_LMBlu-VdBs22qyxu4OoL7XDvIW3esbv7JNT6tsq0_lQFuNHhjvMGM0rf9BXJlMY0cou8zYQiARpGE2_kkx8NZwjzYz3pm-H71EhrZDau4Gfpx-uDEewbc3lRWejA69aUw26sYEMJXwHsiF4GLbcywmrIm3jB4cVZ-a1OUyINLok8xjErk57-yh5ww7DO43qzWu0wzI6e77niWSeEirD3ZZIZ1AhkZimVuQIhqwQLrpcfA6WFAdKXoavCxeFNoqP3si-xsbvTre0E4nBbgCJZLNsEMnQ-Zr6o4OgW6UyFN17YiOuMeZRBDMtmuG8_q_Bl1j1d1U-yYcl2soIqurcbiksOn3n9xG-AFUIFxiGbTmrvlm3RvXUP3YV5DOKQ9Xh0531xxzBF0w9mM1e2bh6edEk6Gnv46f4&sai=AMfl-YQkh00rAr5kvkYXkSH10SVq-y33r6V9IRXOe6idMFposQMW719UKo-Wa3w2uod0aLmhs20BV3lx7pCHuyv6j8l-oUmYCUvE3oqLbKk1Onz38JcXwmhQon7MLK6dvu1IzyUx&sig=Cg0ArKJSzAbtZ-3RvL1FEAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=397&vt=11&dtpt=283&dett=3&cstd=111&cisv=r20220308.95683&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&adurl=

Requested by

Host: nets4.com
URL: https://nets4.com/android-apps/com.darkodeb.souprn

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

timing-allow-origin: *
date: Sun, 13 Mar 2022 00:34:50 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 04D5
Redirect Chain

https://cms.quantserve.com/dpixel?a=p-n5vvLvRdjg0ek&eid=0&qc_google_push=&google_gid=CAESEA9d7wJXnmGgsDPDrIAhitQ&google_cver=1&google_push=AYg5qPLvbYboFhYskBifrP39vk1aUEO17aGka1x43MWsuQGxoahBWVep9M...
https://cm.g.doubleclick.net/pixel?&google_nid=B765081F39B1F7&google_push=AYg5qPLvbYboFhYskBifrP39vk1aUEO17aGka1x43MWsuQGxoahBWVep9M_vjV2tJB3TTo_8hhyc7btWDoD_v2fStM-eJTKOGEeSUw&google_hm=4Q-sDw5NQC...

170 B
188 B

19ms
18ms

Image
image/png

142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?&google_nid=B765081F39B1F7&google_push=AYg5qPLvbYboFhYskBifrP39vk1aUEO17aGka1x43MWsuQGxoahBWVep9M_vjV2tJB3TTo_8hhyc7btWDoD_v2fStM-eJTKOGEeSUw&google_hm=4Q-sDw5NQCebyRx1WaRKbg

Requested by

Host: nets4.com
URL: https://nets4.com/android-apps/com.darkodeb.souprn

Protocol

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 13 Mar 2022 00:34:50 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?&google_nid=B765081F39B1F7&google_push=AYg5qPLvbYboFhYskBifrP39vk1aUEO17aGka1x43MWsuQGxoahBWVep9M_vjV2tJB3TTo_8hhyc7btWDoD_v2fStM-eJTKOGEeSUw&google_hm=4Q-sDw5NQCebyRx1WaRKbg
pragma: no-cache
date: Sun, 13 Mar 2022 00:34:50 GMT
cache-control: private, no-cache, no-store, proxy-revalidate
content-length: 0
strict-transport-security: max-age=86400
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 04D5
Redirect Chain

https://pixel.everesttech.net/1/m?url=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Deverest%26google_hm%3D__EFGSURFER_USB64__%26google_push%3DAYg5qPJwi3ly7EOowqYgqUJVox-kgBzRcfJIeTB5R-D...
https://cm.g.doubleclick.net/pixel?google_nid=everest&google_hm=WWkwOEtnQUFBZUdEeHdPMA&google_push=AYg5qPJwi3ly7EOowqYgqUJVox-kgBzRcfJIeTB5R-DB6Mf26MHioVWZKkbNiuNPz6ROlc75vanojn88yBXRyAcJGUdorm7Ykt...

170 B
188 B

18ms
18ms

Image
image/png

142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=everest&google_hm=WWkwOEtnQUFBZUdEeHdPMA&google_push=AYg5qPJwi3ly7EOowqYgqUJVox-kgBzRcfJIeTB5R-DB6Mf26MHioVWZKkbNiuNPz6ROlc75vanojn88yBXRyAcJGUdorm7YktsjSw

Requested by

Host: nets4.com
URL: https://nets4.com/android-apps/com.darkodeb.souprn

Protocol

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 13 Mar 2022 00:34:50 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: https://cm.g.doubleclick.net/pixel?google_nid=everest&google_hm=WWkwOEtnQUFBZUdEeHdPMA&google_push=AYg5qPJwi3ly7EOowqYgqUJVox-kgBzRcfJIeTB5R-DB6Mf26MHioVWZKkbNiuNPz6ROlc75vanojn88yBXRyAcJGUdorm7YktsjSw
Date: Sun, 13 Mar 2022 00:34:50 GMT
Server: Apache
Connection: keep-alive
Content-Length: 393
Content-Type: text/html; charset=iso-8859-1

GET
H2 200 466606.gif
id.rlcdn.com/ Frame 04D5 42 B
298 B 17ms
15ms Image
image/gif 35.244.174.68
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://id.rlcdn.com/466606.gif?cparams=google_push%3DAYg5qPKdR9uQ4b8t56m_ONOrIc5oGbnEEgOaEZnE2CDV-7ReI0pAzK8If229oXvoa8IPBHpIVJ-pXmKPybxbocZdrPvF-hAu9A2yAA&google_gid=CAESEPf01srIzsbnKZB4DN02Kus&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8744459230456906&output=html&h=240&adk=2847333973&adf=3755323566&pi=t.aa~a.1553042639~rp.4&w=285&fwrn=4&fwrnh=100&lmt=1647114591&rafmt=1&to=qs&pwprc=8995418946&psa=0&format=285x240&url=https%3A%2F%2Fnets4.com%2Fandroid-apps%2Fcom.darkodeb.souprn&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=4&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&dt=1647131689990&bpp=1&bdt=1000&idt=0&shv=r20220308&mjsv=m202203030101&ptt=9&saldr=aa&abxe=1&cookie=ID%3De76e1d7f951292ab-220e3ae45acd0021%3AT%3D1647131689%3ART%3D1647131689%3AS%3DALNI_MZf-097QFK_pDj_urpzHblre87SFA&prev_fmts=0x0%2C783x280%2C783x280&nras=4&correlator=5166200400636&frm=20&pv=1&ga_vid=1864642650.1647131689&ga_sid=1647131689&ga_hid=1522820835&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1085&ady=1306&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759837%2C42531397%2C44750774%2C44758396%2C31065566%2C44756897%2C44758227&oid=2&pvsid=2517347526824419&pem=769&tmod=77995381&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=4&uci=a!4&btvi=3&fsb=1&xpc=bXPmQ0hDrA&p=https%3A//nets4.com&dtd=33
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.174.68 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 68.174.244.35.bc.googleusercontent.com
Software: /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

timing-allow-origin: *
date: Sun, 13 Mar 2022 00:34:50 GMT
via: 1.1 google
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
cache-control: no-cache, no-store
content-type: image/gif
alt-svc: clear
content-length: 42

GET
H3 200 dds
rtb.openx.net/sync/ Frame 04D5 43 B
64 B 25ms
16ms Image
image/gif 35.227.252.103
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb.openx.net/sync/dds?google_gid=CAESEIXiMHokoKrRikWvg57hSsM&google_cver=1&google_push=AYg5qPL0VbRSRtfDmL69Eakb8b4xI3meOSsYP4-kEmcOx4SlZiMrNQBE05pKCJSfNxFuCmjEgyF2eo13CLk9UmvF0Z-QkUpUrUEOHQ
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8744459230456906&output=html&h=240&adk=2847333973&adf=3755323566&pi=t.aa~a.1553042639~rp.4&w=285&fwrn=4&fwrnh=100&lmt=1647114591&rafmt=1&to=qs&pwprc=8995418946&psa=0&format=285x240&url=https%3A%2F%2Fnets4.com%2Fandroid-apps%2Fcom.darkodeb.souprn&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=4&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&dt=1647131689990&bpp=1&bdt=1000&idt=0&shv=r20220308&mjsv=m202203030101&ptt=9&saldr=aa&abxe=1&cookie=ID%3De76e1d7f951292ab-220e3ae45acd0021%3AT%3D1647131689%3ART%3D1647131689%3AS%3DALNI_MZf-097QFK_pDj_urpzHblre87SFA&prev_fmts=0x0%2C783x280%2C783x280&nras=4&correlator=5166200400636&frm=20&pv=1&ga_vid=1864642650.1647131689&ga_sid=1647131689&ga_hid=1522820835&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1085&ady=1306&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759837%2C42531397%2C44750774%2C44758396%2C31065566%2C44756897%2C44758227&oid=2&pvsid=2517347526824419&pem=769&tmod=77995381&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=4&uci=a!4&btvi=3&fsb=1&xpc=bXPmQ0hDrA&p=https%3A//nets4.com&dtd=33
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 35.227.252.103 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 103.252.227.35.bc.googleusercontent.com
Software: Cowboy /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 13 Mar 2022 00:34:50 GMT
via: 1.1 google
server: Cowboy
vary: Origin
p3p: CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin: null
access-control-expose-headers
cache-control: private, max-age=0, no-cache, must-revalidate
access-control-allow-credentials: true
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
x-request-id: mdh6fnbvqe6lrcoduugkj24cne2497dk

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 04D5
Redirect Chain

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%...
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=qPPIS2dzT8y4C4M9_CX73A%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mp...

170 B
188 B

19ms
18ms

Image
image/png

142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=qPPIS2dzT8y4C4M9_CX73A%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AYg5qPLJ0BYB0liBJ5RXLF6rIwWiHdIdy7UoyhvOg2A25JZJADmwwRjUSx8Fbwk6xfM5SyyYDJtYFSKZ68w1cl8vXVSi-ZOTdVx9

Requested by

Host: nets4.com
URL: https://nets4.com/android-apps/com.darkodeb.souprn

Protocol

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 13 Mar 2022 00:34:50 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=qPPIS2dzT8y4C4M9_CX73A%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AYg5qPLJ0BYB0liBJ5RXLF6rIwWiHdIdy7UoyhvOg2A25JZJADmwwRjUSx8Fbwk6xfM5SyyYDJtYFSKZ68w1cl8vXVSi-ZOTdVx9
date: Sun, 13 Mar 2022 00:34:49 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 0
content-type: text/html; charset=UTF-8

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 04D5
Redirect Chain

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESENPID788kTBb8ASgj_OEhRA&google_cver=1&google_push=AYg5qPKf0cYfteDbh5yKdGeHkkgXQ6L5-GPhuWIEyw0Nuf9jEVypysz1vGe1kZOtXJOEqtCIy0_...
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TDBPSk9JSE0tMVktSUcyRA==&google_push=AYg5qPKf0cYfteDbh5yKdGeHkkgXQ6L5-GPhuWIEyw0Nuf9jEVypysz1vGe1kZOtXJOEqtCIy0_rW8b2xkV_bJFsEXg834uq8ywDQg

170 B
188 B

20ms
19ms

Image
image/png

142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TDBPSk9JSE0tMVktSUcyRA==&google_push=AYg5qPKf0cYfteDbh5yKdGeHkkgXQ6L5-GPhuWIEyw0Nuf9jEVypysz1vGe1kZOtXJOEqtCIy0_rW8b2xkV_bJFsEXg834uq8ywDQg

Requested by

Host: nets4.com
URL: https://nets4.com/android-apps/com.darkodeb.souprn

Protocol

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 13 Mar 2022 00:34:50 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Location: https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TDBPSk9JSE0tMVktSUcyRA==&google_push=AYg5qPKf0cYfteDbh5yKdGeHkkgXQ6L5-GPhuWIEyw0Nuf9jEVypysz1vGe1kZOtXJOEqtCIy0_rW8b2xkV_bJFsEXg834uq8ywDQg
Cache-Control: no-cache,no-store,must-revalidate
Content-Type: text/html
content-length: 0
X-RPHost: 611afce88997db6fdd35eb213e662871
Expires: 0

GET

pixel
cm.g.doubleclick.net/ Frame 04D5
Redirect Chain

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEANDIIK1JkdqhvmeOJQEJg0&google_cver=1&googl...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yi08KkJI1WGsfy-BGbuf2gAABLQAAAAB&google_gid=CAESEANDIIK1JkdqhvmeOJQEJg0&google_cver=1&google_push=AYg5qPIDJ6fjWIBXfQXvv4ISEbl_vpkvaUEFW...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yi08KkJI1WGsfy-BGbuf2gAABLQAAAAB&google_gid=CAESEANDIIK1JkdqhvmeOJQEJg0&google_cver=1&google_push=AYg5qPIDJ6fjWIBXfQXvv4ISEbl_vpkvaUEFW...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yi08KkJI1WGsfy-BGbuf2gAABLQAAAAB&google_gid=CAESEANDIIK1JkdqhvmeOJQEJg0&google_cver=1&google_push=AYg5qPIDJ6fjWIBXfQXvv4ISEbl_vpkvaUEFW...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yi08KkJI1WGsfy-BGbuf2gAABLQAAAAB&google_gid=CAESEANDIIK1JkdqhvmeOJQEJg0&google_cver=1&google_push=AYg5qPIDJ6fjWIBXfQXvv4ISEbl_vpkvaUEFW...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yi08KkJI1WGsfy-BGbuf2gAABLQAAAAB&google_gid=CAESEANDIIK1JkdqhvmeOJQEJg0&google_cver=1&google_push=AYg5qPIDJ6fjWIBXfQXvv4ISEbl_vpkvaUEFW...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yi08KkJI1WGsfy-BGbuf2gAABLQAAAAB&google_gid=CAESEANDIIK1JkdqhvmeOJQEJg0&google_cver=1&google_push=AYg5qPIDJ6fjWIBXfQXvv4ISEbl_vpkvaUEFW...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yi08KkJI1WGsfy-BGbuf2gAABLQAAAAB&google_gid=CAESEANDIIK1JkdqhvmeOJQEJg0&google_cver=1&google_push=AYg5qPIDJ6fjWIBXfQXvv4ISEbl_vpkvaUEFW...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yi08KkJI1WGsfy-BGbuf2gAABLQAAAAB&google_gid=CAESEANDIIK1JkdqhvmeOJQEJg0&google_cver=1&google_push=AYg5qPIDJ6fjWIBXfQXvv4ISEbl_vpkvaUEFW...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yi08KkJI1WGsfy-BGbuf2gAABLQAAAAB&google_gid=CAESEANDIIK1JkdqhvmeOJQEJg0&google_cver=1&google_push=AYg5qPIDJ6fjWIBXfQXvv4ISEbl_vpkvaUEFW...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yi08KkJI1WGsfy-BGbuf2gAABLQAAAAB&google_gid=CAESEANDIIK1JkdqhvmeOJQEJg0&google_cver=1&google_push=AYg5qPIDJ6fjWIBXfQXvv4ISEbl_vpkvaUEFW...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yi08KkJI1WGsfy-BGbuf2gAABLQAAAAB&google_gid=CAESEANDIIK1JkdqhvmeOJQEJg0&google_cver=1&google_push=AYg5qPIDJ6fjWIBXfQXvv4ISEbl_vpkvaUEFW...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yi08KkJI1WGsfy-BGbuf2gAABLQAAAAB&google_gid=CAESEANDIIK1JkdqhvmeOJQEJg0&google_cver=1&google_push=AYg5qPIDJ6fjWIBXfQXvv4ISEbl_vpkvaUEFW...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yi08KkJI1WGsfy-BGbuf2gAABLQAAAAB&google_gid=CAESEANDIIK1JkdqhvmeOJQEJg0&google_cver=1&google_push=AYg5qPIDJ6fjWIBXfQXvv4ISEbl_vpkvaUEFW...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yi08KkJI1WGsfy-BGbuf2gAABLQAAAAB&google_gid=CAESEANDIIK1JkdqhvmeOJQEJg0&google_cver=1&google_push=AYg5qPIDJ6fjWIBXfQXvv4ISEbl_vpkvaUEFW...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yi08KkJI1WGsfy-BGbuf2gAABLQAAAAB&google_gid=CAESEANDIIK1JkdqhvmeOJQEJg0&google_cver=1&google_push=AYg5qPIDJ6fjWIBXfQXvv4ISEbl_vpkvaUEFW...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yi08KkJI1WGsfy-BGbuf2gAABLQAAAAB&google_gid=CAESEANDIIK1JkdqhvmeOJQEJg0&google_cver=1&google_push=AYg5qPIDJ6fjWIBXfQXvv4ISEbl_vpkvaUEFW...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yi08KkJI1WGsfy-BGbuf2gAABLQAAAAB&google_gid=CAESEANDIIK1JkdqhvmeOJQEJg0&google_cver=1&google_push=AYg5qPIDJ6fjWIBXfQXvv4ISEbl_vpkvaUEFW...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yi08KkJI1WGsfy-BGbuf2gAABLQAAAAB&google_gid=CAESEANDIIK1JkdqhvmeOJQEJg0&google_cver=1&google_push=AYg5qPIDJ6fjWIBXfQXvv4ISEbl_vpkvaUEFW...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yi08KkJI1WGsfy-BGbuf2gAABLQAAAAB&google_gid=CAESEANDIIK1JkdqhvmeOJQEJg0&google_cver=1&google_push=AYg5qPIDJ6fjWIBXfQXvv4ISEbl_vpkvaUEFW...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yi08KkJI1WGsfy-BGbuf2gAABLQAAAAB&google_gid=CAESEANDIIK1JkdqhvmeOJQEJg0&google_cver=1&google_push=AYg5qPIDJ6fjWIBXfQXvv4ISEbl_vpkvaUEFW...

0
0

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame 04D5 0
12 B 15ms
14ms Image
text/html 142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13La-yYPiQRBnziR6PhamJaw3vbnYhO3kPKVVsqI1kXUF7lezmw0znWbBHmgj9SYx4TmQkZk

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sun, 13 Mar 2022 00:34:50 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3 200 7607313998283935995
tpc.googlesyndication.com/simgad/ Frame 8C6B 98 KB
98 KB 7ms
7ms Image
image/png 2a00:1450:4001:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/7607313998283935995?sqp=4sqPyQQ7QjkqNxABHQAAtEIgASgBMAk4A0DwkwlYAWBfcAKAAQGIAQGdAQAAgD-oAQGwAYCt4gS4AV_FAS2ynT4&rs=AOga4qm9uUizpd6g0fx1Y8Fg4GGUdqXmBA

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8744459230456906&output=html&h=280&adk=2425089809&adf=3167432231&pi=t.aa~a.3621136341~i.2~rp.1&w=783&fwrn=4&fwrnh=100&lmt=1647114591&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=8995418946&psa=0&ad_type=text_image&format=783x280&url=https%3A%2F%2Fnets4.com%2Fandroid-apps%2Fcom.darkodeb.souprn&flash=0&fwr=0&pra=3&rh=196&rw=783&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&dt=1647131689990&bpp=2&bdt=1000&idt=-M&shv=r20220308&mjsv=m202203030101&ptt=9&saldr=aa&abxe=1&cookie=ID%3De76e1d7f951292ab-220e3ae45acd0021%3AT%3D1647131689%3ART%3D1647131689%3AS%3DALNI_MZf-097QFK_pDj_urpzHblre87SFA&prev_fmts=0x0&nras=2&correlator=5166200400636&frm=20&pv=1&ga_vid=1864642650.1647131689&ga_sid=1647131689&ga_hid=1522820835&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=266&ady=1416&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759837%2C42531397%2C44750774%2C44758396%2C31065566%2C44756897%2C44758227&oid=2&pvsid=2517347526824419&pem=769&tmod=77995381&uas=0&nvt=1&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=2&uci=a!2&btvi=1&fsb=1&xpc=3TjGIQkSfd&p=https%3A//nets4.com&dtd=20

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

28cc8bf1dbe125127ceee7a2ff05fd39c9dd63387e40fb551cf75228ecc348e9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Tue, 08 Mar 2022 02:41:58 GMT
x-content-type-options: nosniff
age: 424372
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100053
x-xss-protection: 0
last-modified: Mon, 24 Jan 2022 11:43:35 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Wed, 08 Mar 2023 02:41:58 GMT

GET
H3 200 abg_lite_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220308/r20110914/ Frame 8C6B 19 KB
8 KB 8ms
8ms Script
text/javascript 2a00:1450:4001:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220308/r20110914/abg_lite_fy2019.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8744459230456906&output=html&h=280&adk=2425089809&adf=3167432231&pi=t.aa~a.3621136341~i.2~rp.1&w=783&fwrn=4&fwrnh=100&lmt=1647114591&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=8995418946&psa=0&ad_type=text_image&format=783x280&url=https%3A%2F%2Fnets4.com%2Fandroid-apps%2Fcom.darkodeb.souprn&flash=0&fwr=0&pra=3&rh=196&rw=783&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&dt=1647131689990&bpp=2&bdt=1000&idt=-M&shv=r20220308&mjsv=m202203030101&ptt=9&saldr=aa&abxe=1&cookie=ID%3De76e1d7f951292ab-220e3ae45acd0021%3AT%3D1647131689%3ART%3D1647131689%3AS%3DALNI_MZf-097QFK_pDj_urpzHblre87SFA&prev_fmts=0x0&nras=2&correlator=5166200400636&frm=20&pv=1&ga_vid=1864642650.1647131689&ga_sid=1647131689&ga_hid=1522820835&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=266&ady=1416&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759837%2C42531397%2C44750774%2C44758396%2C31065566%2C44756897%2C44758227&oid=2&pvsid=2517347526824419&pem=769&tmod=77995381&uas=0&nvt=1&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=2&uci=a!2&btvi=1&fsb=1&xpc=3TjGIQkSfd&p=https%3A//nets4.com&dtd=20

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d7e3f3f9a87439492d58ee8a90cdc8741bd44e9f5ebc5a1be461ded2df7a155e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sun, 13 Mar 2022 00:23:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 700
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7865
x-xss-protection: 0
server: cafe
etag: 17470246482903461409
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 27 Mar 2022 00:23:10 GMT

GET
H3 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220308/r20110914/client/ Frame 8C6B 2 KB
1 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220308/r20110914/client/window_focus_fy2019.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8744459230456906&output=html&h=280&adk=2425089809&adf=3167432231&pi=t.aa~a.3621136341~i.2~rp.1&w=783&fwrn=4&fwrnh=100&lmt=1647114591&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=8995418946&psa=0&ad_type=text_image&format=783x280&url=https%3A%2F%2Fnets4.com%2Fandroid-apps%2Fcom.darkodeb.souprn&flash=0&fwr=0&pra=3&rh=196&rw=783&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&dt=1647131689990&bpp=2&bdt=1000&idt=-M&shv=r20220308&mjsv=m202203030101&ptt=9&saldr=aa&abxe=1&cookie=ID%3De76e1d7f951292ab-220e3ae45acd0021%3AT%3D1647131689%3ART%3D1647131689%3AS%3DALNI_MZf-097QFK_pDj_urpzHblre87SFA&prev_fmts=0x0&nras=2&correlator=5166200400636&frm=20&pv=1&ga_vid=1864642650.1647131689&ga_sid=1647131689&ga_hid=1522820835&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=266&ady=1416&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759837%2C42531397%2C44750774%2C44758396%2C31065566%2C44756897%2C44758227&oid=2&pvsid=2517347526824419&pem=769&tmod=77995381&uas=0&nvt=1&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=2&uci=a!2&btvi=1&fsb=1&xpc=3TjGIQkSfd&p=https%3A//nets4.com&dtd=20

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

68026f99511fbc5c2275b7068b5fac19797d638977ffb9db12c5c1523614c18f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sun, 13 Mar 2022 00:28:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 374
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1233
x-xss-protection: 0
server: cafe
etag: 16517525077337815633
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 27 Mar 2022 00:28:36 GMT

GET
H3 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220308/r20110914/client/ Frame 8C6B 15 KB
6 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220308/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8744459230456906&output=html&h=280&adk=2425089809&adf=3167432231&pi=t.aa~a.3621136341~i.2~rp.1&w=783&fwrn=4&fwrnh=100&lmt=1647114591&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=8995418946&psa=0&ad_type=text_image&format=783x280&url=https%3A%2F%2Fnets4.com%2Fandroid-apps%2Fcom.darkodeb.souprn&flash=0&fwr=0&pra=3&rh=196&rw=783&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&dt=1647131689990&bpp=2&bdt=1000&idt=-M&shv=r20220308&mjsv=m202203030101&ptt=9&saldr=aa&abxe=1&cookie=ID%3De76e1d7f951292ab-220e3ae45acd0021%3AT%3D1647131689%3ART%3D1647131689%3AS%3DALNI_MZf-097QFK_pDj_urpzHblre87SFA&prev_fmts=0x0&nras=2&correlator=5166200400636&frm=20&pv=1&ga_vid=1864642650.1647131689&ga_sid=1647131689&ga_hid=1522820835&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=266&ady=1416&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759837%2C42531397%2C44750774%2C44758396%2C31065566%2C44756897%2C44758227&oid=2&pvsid=2517347526824419&pem=769&tmod=77995381&uas=0&nvt=1&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=2&uci=a!2&btvi=1&fsb=1&xpc=3TjGIQkSfd&p=https%3A//nets4.com&dtd=20

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

fdecda5ee87b28e579c5b61ef0f86e7fff85c838ff0a06450feee13a5877ed0b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sat, 12 Mar 2022 23:45:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 2958
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6397
x-xss-protection: 0
server: cafe
etag: 14404976697706490601
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 26 Mar 2022 23:45:32 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame 8C6B 0
0 14ms
14ms Image
text/html 2a00:1450:4001:811::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaQsGqi-1f6y7Jezkg5gn5DJ4YwAYyM3WlxTR4eVPEVzt66Sr3AqorHCG44J9aBc-IsW_z7Xt9Gm-XLBsSorQ5rHvqERkw
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8744459230456906&output=html&h=280&adk=2425089809&adf=3167432231&pi=t.aa~a.3621136341~i.2~rp.1&w=783&fwrn=4&fwrnh=100&lmt=1647114591&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=8995418946&psa=0&ad_type=text_image&format=783x280&url=https%3A%2F%2Fnets4.com%2Fandroid-apps%2Fcom.darkodeb.souprn&flash=0&fwr=0&pra=3&rh=196&rw=783&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&dt=1647131689990&bpp=2&bdt=1000&idt=-M&shv=r20220308&mjsv=m202203030101&ptt=9&saldr=aa&abxe=1&cookie=ID%3De76e1d7f951292ab-220e3ae45acd0021%3AT%3D1647131689%3ART%3D1647131689%3AS%3DALNI_MZf-097QFK_pDj_urpzHblre87SFA&prev_fmts=0x0&nras=2&correlator=5166200400636&frm=20&pv=1&ga_vid=1864642650.1647131689&ga_sid=1647131689&ga_hid=1522820835&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=266&ady=1416&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759837%2C42531397%2C44750774%2C44758396%2C31065566%2C44756897%2C44758227&oid=2&pvsid=2517347526824419&pem=769&tmod=77995381&uas=0&nvt=1&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=2&uci=a!2&btvi=1&fsb=1&xpc=3TjGIQkSfd&p=https%3A//nets4.com&dtd=20
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:811::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 8C6B 117 KB
36 KB 17ms
16ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8744459230456906&output=html&h=280&adk=2425089809&adf=3167432231&pi=t.aa~a.3621136341~i.2~rp.1&w=783&fwrn=4&fwrnh=100&lmt=1647114591&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=8995418946&psa=0&ad_type=text_image&format=783x280&url=https%3A%2F%2Fnets4.com%2Fandroid-apps%2Fcom.darkodeb.souprn&flash=0&fwr=0&pra=3&rh=196&rw=783&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&dt=1647131689990&bpp=2&bdt=1000&idt=-M&shv=r20220308&mjsv=m202203030101&ptt=9&saldr=aa&abxe=1&cookie=ID%3De76e1d7f951292ab-220e3ae45acd0021%3AT%3D1647131689%3ART%3D1647131689%3AS%3DALNI_MZf-097QFK_pDj_urpzHblre87SFA&prev_fmts=0x0&nras=2&correlator=5166200400636&frm=20&pv=1&ga_vid=1864642650.1647131689&ga_sid=1647131689&ga_hid=1522820835&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=266&ady=1416&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759837%2C42531397%2C44750774%2C44758396%2C31065566%2C44756897%2C44758227&oid=2&pvsid=2517347526824419&pem=769&tmod=77995381&uas=0&nvt=1&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=2&uci=a!2&btvi=1&fsb=1&xpc=3TjGIQkSfd&p=https%3A//nets4.com&dtd=20

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ec068031a38f2d97255ddf90e6d75a5538a3b0ea29510482d1909c5a1a10ad74

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sun, 13 Mar 2022 00:34:50 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 36343
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1646830771070120"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Sun, 13 Mar 2022 00:34:50 GMT

GET
H3 200 one_click_handler_one_afma_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220308/r20110914/client/ Frame 8C6B 28 KB
12 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220308/r20110914/client/one_click_handler_one_afma_fy2019.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8744459230456906&output=html&h=280&adk=2425089809&adf=3167432231&pi=t.aa~a.3621136341~i.2~rp.1&w=783&fwrn=4&fwrnh=100&lmt=1647114591&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=8995418946&psa=0&ad_type=text_image&format=783x280&url=https%3A%2F%2Fnets4.com%2Fandroid-apps%2Fcom.darkodeb.souprn&flash=0&fwr=0&pra=3&rh=196&rw=783&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&dt=1647131689990&bpp=2&bdt=1000&idt=-M&shv=r20220308&mjsv=m202203030101&ptt=9&saldr=aa&abxe=1&cookie=ID%3De76e1d7f951292ab-220e3ae45acd0021%3AT%3D1647131689%3ART%3D1647131689%3AS%3DALNI_MZf-097QFK_pDj_urpzHblre87SFA&prev_fmts=0x0&nras=2&correlator=5166200400636&frm=20&pv=1&ga_vid=1864642650.1647131689&ga_sid=1647131689&ga_hid=1522820835&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=266&ady=1416&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759837%2C42531397%2C44750774%2C44758396%2C31065566%2C44756897%2C44758227&oid=2&pvsid=2517347526824419&pem=769&tmod=77995381&uas=0&nvt=1&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=2&uci=a!2&btvi=1&fsb=1&xpc=3TjGIQkSfd&p=https%3A//nets4.com&dtd=20

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ca7f23edc5a250dd23a0e499b3aa451f9dbc6bafc91faf8da2c7245bb05de1f7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sat, 12 Mar 2022 21:12:47 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 12123
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11802
x-xss-protection: 0
server: cafe
etag: 8307557220395963033
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 26 Mar 2022 21:12:47 GMT

GET
H3

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 2095
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

0
16 B

32ms
32ms

Document
text/html

2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Sun, 13 Mar 2022 00:34:50 GMT
server: cafe
content-length: 0
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Sun, 13 Mar 2022 00:34:50 GMT
cache-control: private

Redirect headers

location: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
cache-control: private
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Sun, 13 Mar 2022 00:34:50 GMT
server: cafe
content-length: 0
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 sUHguJaOgo-7uJOhJ406zvaQRdrc_7oCnUaOp60Ji2o.js Show response
pagead2.googlesyndication.com/bg/ Frame 86E6 35 KB
14 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/sUHguJaOgo-7uJOhJ406zvaQRdrc_7oCnUaOp60Ji2o.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b141e0b8968e828fbbb893a1278d3acef69045dadcffba029d468ea7ad098b6a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sat, 12 Mar 2022 19:55:51 GMT
content-encoding: br
x-content-type-options: nosniff
age: 16739
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13820
x-xss-protection: 0
last-modified: Tue, 01 Mar 2022 17:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sun, 12 Mar 2023 19:55:51 GMT

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame 8C6B 0
0 39ms
39ms Fetch
text/html 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=ChMfCKjwtYtqUApGOgQeRyZPABayS7fhoopHWktsP2tkeEAEgvsC5NWCV4pCCoAegAZyv-6gCyAECqAMByAPJBKoE3QFP0G14C1NF3pqf5QsEfOCaptcpwWonhZaxEJQP10AGzJCmLsToTQpV-H55j6WOrvcU8QKe9I51dJJ9EhJhFfz5KMMkrKf2iBBcevB1J3lq1RSOlb_P4TV8-P-aPSOTxBgi53xQQEgDUu1Eqj_10lNgHDoKD2jDXBja5v8g-_u8f90cA8huY3L0X5wakgrdh2HcT0T0NoHZx1U5upgezimvijZW58B4DPGuFW9JX5Smv9QU3Oy7GZje3sDr4ddnzSfZVcHqpqR5C0Llsv0AhcjpskwLkY-1iQL154dBycAEuvb6sPoDkgUECAQYAZIFBAgFGASgBgKAB8zQhNcBqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhvYBwHyBwQQ3u8p0ggJCIDhgBAQARgfgAoByAsB2BMN0BUBmBYBgBcBshccChoIABIUcHViLTg3NDQ0NTkyMzA0NTY5MDYYAA&sigh=dqdp5pCy5AI&uach_m=[UACH]

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8744459230456906&output=html&h=280&adk=2425089809&adf=3167432231&pi=t.aa~a.3621136341~i.2~rp.1&w=783&fwrn=4&fwrnh=100&lmt=1647114591&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=8995418946&psa=0&ad_type=text_image&format=783x280&url=https%3A%2F%2Fnets4.com%2Fandroid-apps%2Fcom.darkodeb.souprn&flash=0&fwr=0&pra=3&rh=196&rw=783&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&dt=1647131689990&bpp=2&bdt=1000&idt=-M&shv=r20220308&mjsv=m202203030101&ptt=9&saldr=aa&abxe=1&cookie=ID%3De76e1d7f951292ab-220e3ae45acd0021%3AT%3D1647131689%3ART%3D1647131689%3AS%3DALNI_MZf-097QFK_pDj_urpzHblre87SFA&prev_fmts=0x0&nras=2&correlator=5166200400636&frm=20&pv=1&ga_vid=1864642650.1647131689&ga_sid=1647131689&ga_hid=1522820835&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=266&ady=1416&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759837%2C42531397%2C44750774%2C44758396%2C31065566%2C44756897%2C44758227&oid=2&pvsid=2517347526824419&pem=769&tmod=77995381&uas=0&nvt=1&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=2&uci=a!2&btvi=1&fsb=1&xpc=3TjGIQkSfd&p=https%3A//nets4.com&dtd=20

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8744459230456906&output=html&h=280&adk=2425089809&adf=3167432231&pi=t.aa~a.3621136341~i.2~rp.1&w=783&fwrn=4&fwrnh=100&lmt=1647114591&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=8995418946&psa=0&ad_type=text_image&format=783x280&url=https%3A%2F%2Fnets4.com%2Fandroid-apps%2Fcom.darkodeb.souprn&flash=0&fwr=0&pra=3&rh=196&rw=783&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&dt=1647131689990&bpp=2&bdt=1000&idt=-M&shv=r20220308&mjsv=m202203030101&ptt=9&saldr=aa&abxe=1&cookie=ID%3De76e1d7f951292ab-220e3ae45acd0021%3AT%3D1647131689%3ART%3D1647131689%3AS%3DALNI_MZf-097QFK_pDj_urpzHblre87SFA&prev_fmts=0x0&nras=2&correlator=5166200400636&frm=20&pv=1&ga_vid=1864642650.1647131689&ga_sid=1647131689&ga_hid=1522820835&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=266&ady=1416&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759837%2C42531397%2C44750774%2C44758396%2C31065566%2C44756897%2C44758227&oid=2&pvsid=2517347526824419&pem=769&tmod=77995381&uas=0&nvt=1&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=2&uci=a!2&btvi=1&fsb=1&xpc=3TjGIQkSfd&p=https%3A//nets4.com&dtd=20
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
date: Sun, 13 Mar 2022 00:34:50 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
H3 200 sUHguJaOgo-7uJOhJ406zvaQRdrc_7oCnUaOp60Ji2o.js Show response
pagead2.googlesyndication.com/bg/ Frame 179F 35 KB
14 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/sUHguJaOgo-7uJOhJ406zvaQRdrc_7oCnUaOp60Ji2o.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b141e0b8968e828fbbb893a1278d3acef69045dadcffba029d468ea7ad098b6a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sat, 12 Mar 2022 19:55:51 GMT
content-encoding: br
x-content-type-options: nosniff
age: 16739
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13820
x-xss-protection: 0
last-modified: Tue, 01 Mar 2022 17:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sun, 12 Mar 2023 19:55:51 GMT

GET
H3 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 39CE 143 B
163 B 10ms
8ms Document
text/html 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8744459230456906&output=html&h=280&adk=2425089809&adf=3167432231&pi=t.aa~a.3621136341~i.2~rp.1&w=783&fwrn=4&fwrnh=100&lmt=1647114591&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=8995418946&psa=0&ad_type=text_image&format=783x280&url=https%3A%2F%2Fnets4.com%2Fandroid-apps%2Fcom.darkodeb.souprn&flash=0&fwr=0&pra=3&rh=196&rw=783&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&dt=1647131689990&bpp=2&bdt=1000&idt=-M&shv=r20220308&mjsv=m202203030101&ptt=9&saldr=aa&abxe=1&cookie=ID%3De76e1d7f951292ab-220e3ae45acd0021%3AT%3D1647131689%3ART%3D1647131689%3AS%3DALNI_MZf-097QFK_pDj_urpzHblre87SFA&prev_fmts=0x0&nras=2&correlator=5166200400636&frm=20&pv=1&ga_vid=1864642650.1647131689&ga_sid=1647131689&ga_hid=1522820835&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=266&ady=1416&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759837%2C42531397%2C44750774%2C44758396%2C31065566%2C44756897%2C44758227&oid=2&pvsid=2517347526824419&pem=769&tmod=77995381&uas=0&nvt=1&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=2&uci=a!2&btvi=1&fsb=1&xpc=3TjGIQkSfd&p=https%3A//nets4.com&dtd=20

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8744459230456906&output=html&h=280&adk=2425089809&adf=3167432231&pi=t.aa~a.3621136341~i.2~rp.1&w=783&fwrn=4&fwrnh=100&lmt=1647114591&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=8995418946&psa=0&ad_type=text_image&format=783x280&url=https%3A%2F%2Fnets4.com%2Fandroid-apps%2Fcom.darkodeb.souprn&flash=0&fwr=0&pra=3&rh=196&rw=783&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&dt=1647131689990&bpp=2&bdt=1000&idt=-M&shv=r20220308&mjsv=m202203030101&ptt=9&saldr=aa&abxe=1&cookie=ID%3De76e1d7f951292ab-220e3ae45acd0021%3AT%3D1647131689%3ART%3D1647131689%3AS%3DALNI_MZf-097QFK_pDj_urpzHblre87SFA&prev_fmts=0x0&nras=2&correlator=5166200400636&frm=20&pv=1&ga_vid=1864642650.1647131689&ga_sid=1647131689&ga_hid=1522820835&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=266&ady=1416&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759837%2C42531397%2C44750774%2C44758396%2C31065566%2C44756897%2C44758227&oid=2&pvsid=2517347526824419&pem=769&tmod=77995381&uas=0&nvt=1&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=2&uci=a!2&btvi=1&fsb=1&xpc=3TjGIQkSfd&p=https%3A//nets4.com&dtd=20

Response headers

x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 145
x-xss-protection: 0
date: Sun, 13 Mar 2022 00:03:19 GMT
cache-control: public, max-age=3600
content-type: text/html; charset=UTF-8
age: 1891
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 redir.html Show response
p4-bmwns2zohdtqu-i4nbaq3t4q2r3r3c-if-v6exp3-v4.metric.gstatic.com/v6exp3/ Frame 52DF 247 B
960 B 57ms
15ms Document
text/html 142.250.186.35
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://p4-bmwns2zohdtqu-i4nbaq3t4q2r3r3c-if-v6exp3-v4.metric.gstatic.com/v6exp3/redir.html

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8744459230456906&output=html&h=280&adk=2425089809&adf=3167432231&pi=t.aa~a.3621136341~i.2~rp.1&w=783&fwrn=4&fwrnh=100&lmt=1647114591&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=8995418946&psa=0&ad_type=text_image&format=783x280&url=https%3A%2F%2Fnets4.com%2Fandroid-apps%2Fcom.darkodeb.souprn&flash=0&fwr=0&pra=3&rh=196&rw=783&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&dt=1647131689990&bpp=2&bdt=1000&idt=-M&shv=r20220308&mjsv=m202203030101&ptt=9&saldr=aa&abxe=1&cookie=ID%3De76e1d7f951292ab-220e3ae45acd0021%3AT%3D1647131689%3ART%3D1647131689%3AS%3DALNI_MZf-097QFK_pDj_urpzHblre87SFA&prev_fmts=0x0&nras=2&correlator=5166200400636&frm=20&pv=1&ga_vid=1864642650.1647131689&ga_sid=1647131689&ga_hid=1522820835&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=266&ady=1416&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759837%2C42531397%2C44750774%2C44758396%2C31065566%2C44756897%2C44758227&oid=2&pvsid=2517347526824419&pem=769&tmod=77995381&uas=0&nvt=1&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=2&uci=a!2&btvi=1&fsb=1&xpc=3TjGIQkSfd&p=https%3A//nets4.com&dtd=20

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.35 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f3.1e100.net

Software

sffe /

Resource Hash

06c5d20fdddbce6e00f48c238a4edae2cf8d5c8f9ab8b885981b69e8f246856a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-type: text/html
content-security-policy-report-only: script-src 'nonce-x9fx1tvcAisbyj9F-juHrQ' 'report-sample' 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' http: https:; object-src 'none'; report-uri https://csp.withgoogle.com/csp/static-on-bigtable; base-uri 'none'
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-length: 203
date: Sun, 13 Mar 2022 00:34:50 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
last-modified: Mon, 02 Dec 2019 20:15:00 GMT
x-content-type-options: nosniff
content-encoding: gzip
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 0808 1 KB
749 B 8ms
7ms Document
text/html 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8744459230456906&output=html&h=280&adk=2425089809&adf=3167432231&pi=t.aa~a.3621136341~i.2~rp.1&w=783&fwrn=4&fwrnh=100&lmt=1647114591&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=8995418946&psa=0&ad_type=text_image&format=783x280&url=https%3A%2F%2Fnets4.com%2Fandroid-apps%2Fcom.darkodeb.souprn&flash=0&fwr=0&pra=3&rh=196&rw=783&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&dt=1647131689990&bpp=2&bdt=1000&idt=-M&shv=r20220308&mjsv=m202203030101&ptt=9&saldr=aa&abxe=1&cookie=ID%3De76e1d7f951292ab-220e3ae45acd0021%3AT%3D1647131689%3ART%3D1647131689%3AS%3DALNI_MZf-097QFK_pDj_urpzHblre87SFA&prev_fmts=0x0&nras=2&correlator=5166200400636&frm=20&pv=1&ga_vid=1864642650.1647131689&ga_sid=1647131689&ga_hid=1522820835&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=266&ady=1416&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759837%2C42531397%2C44750774%2C44758396%2C31065566%2C44756897%2C44758227&oid=2&pvsid=2517347526824419&pem=769&tmod=77995381&uas=0&nvt=1&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=2&uci=a!2&btvi=1&fsb=1&xpc=3TjGIQkSfd&p=https%3A//nets4.com&dtd=20

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/

Response headers

p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 724
x-xss-protection: 0
date: Sat, 12 Mar 2022 05:53:44 GMT
expires: Sun, 13 Mar 2022 05:53:44 GMT
cache-control: public, max-age=86400
age: 67266
etag: 48472445140208031
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
DATA 200
OK truncated
/ Frame 8C6B 211 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: fb4a1ff85c7162ff45b5e009639cf4f905b22d38ff790e9dc01d420d250d4b8e

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 iframe.html Show response
p4-bmwns2zohdtqu-i4nbaq3t4q2r3r3c-if-v6exp3-v4.metric.gstatic.com/v6exp3/ Frame 52DF 4 KB
2 KB 30ms
15ms Document
text/html 142.250.186.35
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://p4-bmwns2zohdtqu-i4nbaq3t4q2r3r3c-if-v6exp3-v4.metric.gstatic.com/v6exp3/iframe.html

Requested by

Host: p4-bmwns2zohdtqu-i4nbaq3t4q2r3r3c-if-v6exp3-v4.metric.gstatic.com
URL: https://p4-bmwns2zohdtqu-i4nbaq3t4q2r3r3c-if-v6exp3-v4.metric.gstatic.com/v6exp3/redir.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.35 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f3.1e100.net

Software

sffe /

Resource Hash

38c55d072d01835d6e6f01ec241d89d48a8c5156213139019842d441536fa062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://p4-bmwns2zohdtqu-i4nbaq3t4q2r3r3c-if-v6exp3-v4.metric.gstatic.com/v6exp3/redir.html

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-type: text/html
content-security-policy-report-only: script-src 'nonce-tFz5KNun7712ygto2f5V8Q' 'report-sample' 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' http: https:; object-src 'none'; report-uri https://csp.withgoogle.com/csp/static-on-bigtable; base-uri 'none'
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-length: 1861
date: Sun, 13 Mar 2022 00:34:50 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
last-modified: Thu, 29 Apr 2021 21:38:00 GMT
x-content-type-options: nosniff
content-encoding: gzip
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 0808
Redirect Chain

https://cms.quantserve.com/dpixel?a=p-n5vvLvRdjg0ek&eid=0&qc_google_push=&google_gid=CAESEKsKE9XG6HpYG7S0HrX_g0s&google_cver=1&google_push=AYg5qPLZ6kHfnVRD0elTXi5mMohpyY8FL_X13neElCLEMFyAq1K9bfQSma...
https://cm.g.doubleclick.net/pixel?&google_nid=B765081F39B1F7&google_push=AYg5qPLZ6kHfnVRD0elTXi5mMohpyY8FL_X13neElCLEMFyAq1K9bfQSmadEFhvykoYQAQAvVLtf3pcF6WAiY-Q527s9acK9k8Bo&google_hm=4Q-sDw5NQCeb...

170 B
188 B

17ms
17ms

Image
image/png

142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?&google_nid=B765081F39B1F7&google_push=AYg5qPLZ6kHfnVRD0elTXi5mMohpyY8FL_X13neElCLEMFyAq1K9bfQSmadEFhvykoYQAQAvVLtf3pcF6WAiY-Q527s9acK9k8Bo&google_hm=4Q-sDw5NQCebyRx1WaRKbg

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8744459230456906&output=html&h=280&adk=2425089809&adf=3167432231&pi=t.aa~a.3621136341~i.2~rp.1&w=783&fwrn=4&fwrnh=100&lmt=1647114591&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=8995418946&psa=0&ad_type=text_image&format=783x280&url=https%3A%2F%2Fnets4.com%2Fandroid-apps%2Fcom.darkodeb.souprn&flash=0&fwr=0&pra=3&rh=196&rw=783&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&dt=1647131689990&bpp=2&bdt=1000&idt=-M&shv=r20220308&mjsv=m202203030101&ptt=9&saldr=aa&abxe=1&cookie=ID%3De76e1d7f951292ab-220e3ae45acd0021%3AT%3D1647131689%3ART%3D1647131689%3AS%3DALNI_MZf-097QFK_pDj_urpzHblre87SFA&prev_fmts=0x0&nras=2&correlator=5166200400636&frm=20&pv=1&ga_vid=1864642650.1647131689&ga_sid=1647131689&ga_hid=1522820835&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=266&ady=1416&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759837%2C42531397%2C44750774%2C44758396%2C31065566%2C44756897%2C44758227&oid=2&pvsid=2517347526824419&pem=769&tmod=77995381&uas=0&nvt=1&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=2&uci=a!2&btvi=1&fsb=1&xpc=3TjGIQkSfd&p=https%3A//nets4.com&dtd=20

Protocol

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 13 Mar 2022 00:34:50 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?&google_nid=B765081F39B1F7&google_push=AYg5qPLZ6kHfnVRD0elTXi5mMohpyY8FL_X13neElCLEMFyAq1K9bfQSmadEFhvykoYQAQAvVLtf3pcF6WAiY-Q527s9acK9k8Bo&google_hm=4Q-sDw5NQCebyRx1WaRKbg
pragma: no-cache
date: Sun, 13 Mar 2022 00:34:50 GMT
cache-control: private, no-cache, no-store, proxy-revalidate
content-length: 0
strict-transport-security: max-age=86400
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 0808
Redirect Chain

https://pixel.everesttech.net/1/m?url=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Deverest%26google_hm%3D__EFGSURFER_USB64__%26google_push%3DAYg5qPLbi39C7amD0tiw_9TJC5dRU8pr_HPLHL0qgsU...
https://cm.g.doubleclick.net/pixel?google_nid=everest&google_hm=WWkwOEtnQUFBUUJJTlYwNw&google_push=AYg5qPLbi39C7amD0tiw_9TJC5dRU8pr_HPLHL0qgsUwb7Xn-ae1Q6L-eFlzfSDWZ6GMacxcXlDxYxYCavvKBbqIapxB1qRU-LD6

170 B
188 B

18ms
17ms

Image
image/png

142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=everest&google_hm=WWkwOEtnQUFBUUJJTlYwNw&google_push=AYg5qPLbi39C7amD0tiw_9TJC5dRU8pr_HPLHL0qgsUwb7Xn-ae1Q6L-eFlzfSDWZ6GMacxcXlDxYxYCavvKBbqIapxB1qRU-LD6

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8744459230456906&output=html&h=280&adk=2425089809&adf=3167432231&pi=t.aa~a.3621136341~i.2~rp.1&w=783&fwrn=4&fwrnh=100&lmt=1647114591&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=8995418946&psa=0&ad_type=text_image&format=783x280&url=https%3A%2F%2Fnets4.com%2Fandroid-apps%2Fcom.darkodeb.souprn&flash=0&fwr=0&pra=3&rh=196&rw=783&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&dt=1647131689990&bpp=2&bdt=1000&idt=-M&shv=r20220308&mjsv=m202203030101&ptt=9&saldr=aa&abxe=1&cookie=ID%3De76e1d7f951292ab-220e3ae45acd0021%3AT%3D1647131689%3ART%3D1647131689%3AS%3DALNI_MZf-097QFK_pDj_urpzHblre87SFA&prev_fmts=0x0&nras=2&correlator=5166200400636&frm=20&pv=1&ga_vid=1864642650.1647131689&ga_sid=1647131689&ga_hid=1522820835&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=266&ady=1416&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759837%2C42531397%2C44750774%2C44758396%2C31065566%2C44756897%2C44758227&oid=2&pvsid=2517347526824419&pem=769&tmod=77995381&uas=0&nvt=1&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=2&uci=a!2&btvi=1&fsb=1&xpc=3TjGIQkSfd&p=https%3A//nets4.com&dtd=20

Protocol

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 13 Mar 2022 00:34:50 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: https://cm.g.doubleclick.net/pixel?google_nid=everest&google_hm=WWkwOEtnQUFBUUJJTlYwNw&google_push=AYg5qPLbi39C7amD0tiw_9TJC5dRU8pr_HPLHL0qgsUwb7Xn-ae1Q6L-eFlzfSDWZ6GMacxcXlDxYxYCavvKBbqIapxB1qRU-LD6
Date: Sun, 13 Mar 2022 00:34:50 GMT
Server: Apache
Connection: keep-alive
Content-Length: 391
Content-Type: text/html; charset=iso-8859-1

GET
H2 200 466606.gif
id.rlcdn.com/ Frame 0808 42 B
287 B 17ms
15ms Image
image/gif 35.244.174.68
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://id.rlcdn.com/466606.gif?cparams=google_push%3DAYg5qPKZyPnSM4Xszp2QZVRjpUtYKy0WHxsoOfxoUmjo3yMhgX9AgZ0yKvEPCaHrdHe0u_u3eH2bFdAwkap5p5sVkjvag6Tiy73L&google_gid=CAESENq55pcXDZ8SnVzFEEwIhJA&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8744459230456906&output=html&h=280&adk=2425089809&adf=3167432231&pi=t.aa~a.3621136341~i.2~rp.1&w=783&fwrn=4&fwrnh=100&lmt=1647114591&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=8995418946&psa=0&ad_type=text_image&format=783x280&url=https%3A%2F%2Fnets4.com%2Fandroid-apps%2Fcom.darkodeb.souprn&flash=0&fwr=0&pra=3&rh=196&rw=783&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&dt=1647131689990&bpp=2&bdt=1000&idt=-M&shv=r20220308&mjsv=m202203030101&ptt=9&saldr=aa&abxe=1&cookie=ID%3De76e1d7f951292ab-220e3ae45acd0021%3AT%3D1647131689%3ART%3D1647131689%3AS%3DALNI_MZf-097QFK_pDj_urpzHblre87SFA&prev_fmts=0x0&nras=2&correlator=5166200400636&frm=20&pv=1&ga_vid=1864642650.1647131689&ga_sid=1647131689&ga_hid=1522820835&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=266&ady=1416&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759837%2C42531397%2C44750774%2C44758396%2C31065566%2C44756897%2C44758227&oid=2&pvsid=2517347526824419&pem=769&tmod=77995381&uas=0&nvt=1&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=2&uci=a!2&btvi=1&fsb=1&xpc=3TjGIQkSfd&p=https%3A//nets4.com&dtd=20
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.174.68 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 68.174.244.35.bc.googleusercontent.com
Software: /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

timing-allow-origin: *
date: Sun, 13 Mar 2022 00:34:50 GMT
via: 1.1 google
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
cache-control: no-cache, no-store
content-type: image/gif
alt-svc: clear
content-length: 42

GET
H3 200 dds
rtb.openx.net/sync/ Frame 0808 43 B
64 B 18ms
16ms Image
image/gif 35.227.252.103
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb.openx.net/sync/dds?google_gid=CAESEN4gsCUr4OimTyyMNh4D9Kw&google_cver=1&google_push=AYg5qPJEKogmOJ1BSlpUd8-4E6XBabYbJty1ii_kWwSxOJ0SrksOi28pX6MOWxdojmyyDs2F8kEwhIqBWCH1yxUpmGgiNZOgZDRq
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8744459230456906&output=html&h=280&adk=2425089809&adf=3167432231&pi=t.aa~a.3621136341~i.2~rp.1&w=783&fwrn=4&fwrnh=100&lmt=1647114591&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=8995418946&psa=0&ad_type=text_image&format=783x280&url=https%3A%2F%2Fnets4.com%2Fandroid-apps%2Fcom.darkodeb.souprn&flash=0&fwr=0&pra=3&rh=196&rw=783&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&dt=1647131689990&bpp=2&bdt=1000&idt=-M&shv=r20220308&mjsv=m202203030101&ptt=9&saldr=aa&abxe=1&cookie=ID%3De76e1d7f951292ab-220e3ae45acd0021%3AT%3D1647131689%3ART%3D1647131689%3AS%3DALNI_MZf-097QFK_pDj_urpzHblre87SFA&prev_fmts=0x0&nras=2&correlator=5166200400636&frm=20&pv=1&ga_vid=1864642650.1647131689&ga_sid=1647131689&ga_hid=1522820835&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=266&ady=1416&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759837%2C42531397%2C44750774%2C44758396%2C31065566%2C44756897%2C44758227&oid=2&pvsid=2517347526824419&pem=769&tmod=77995381&uas=0&nvt=1&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=2&uci=a!2&btvi=1&fsb=1&xpc=3TjGIQkSfd&p=https%3A//nets4.com&dtd=20
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 35.227.252.103 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 103.252.227.35.bc.googleusercontent.com
Software: Cowboy /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 13 Mar 2022 00:34:50 GMT
via: 1.1 google
server: Cowboy
vary: Origin
p3p: CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin: null
access-control-expose-headers
cache-control: private, max-age=0, no-cache, must-revalidate
access-control-allow-credentials: true
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
x-request-id: 5so346lbpmq7i9gpack3psm3ovlv17pg

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 0808
Redirect Chain

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%...
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=qPPIS2dzT8y4C4M9_CX73A%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mp...

170 B
188 B

17ms
17ms

Image
image/png

142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=qPPIS2dzT8y4C4M9_CX73A%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AYg5qPI6BGdiqlydPLC_N22klKkKFSmH92MDOaOYvVPte-GrTg3VqGJTc_0pfRz2M4qhe3oXjWOr0L_AlmKvkH4RFzKJ-2MGFyXB

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8744459230456906&output=html&h=280&adk=2425089809&adf=3167432231&pi=t.aa~a.3621136341~i.2~rp.1&w=783&fwrn=4&fwrnh=100&lmt=1647114591&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=8995418946&psa=0&ad_type=text_image&format=783x280&url=https%3A%2F%2Fnets4.com%2Fandroid-apps%2Fcom.darkodeb.souprn&flash=0&fwr=0&pra=3&rh=196&rw=783&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&dt=1647131689990&bpp=2&bdt=1000&idt=-M&shv=r20220308&mjsv=m202203030101&ptt=9&saldr=aa&abxe=1&cookie=ID%3De76e1d7f951292ab-220e3ae45acd0021%3AT%3D1647131689%3ART%3D1647131689%3AS%3DALNI_MZf-097QFK_pDj_urpzHblre87SFA&prev_fmts=0x0&nras=2&correlator=5166200400636&frm=20&pv=1&ga_vid=1864642650.1647131689&ga_sid=1647131689&ga_hid=1522820835&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=266&ady=1416&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759837%2C42531397%2C44750774%2C44758396%2C31065566%2C44756897%2C44758227&oid=2&pvsid=2517347526824419&pem=769&tmod=77995381&uas=0&nvt=1&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=2&uci=a!2&btvi=1&fsb=1&xpc=3TjGIQkSfd&p=https%3A//nets4.com&dtd=20

Protocol

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 13 Mar 2022 00:34:50 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=qPPIS2dzT8y4C4M9_CX73A%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AYg5qPI6BGdiqlydPLC_N22klKkKFSmH92MDOaOYvVPte-GrTg3VqGJTc_0pfRz2M4qhe3oXjWOr0L_AlmKvkH4RFzKJ-2MGFyXB
date: Sun, 13 Mar 2022 00:34:49 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 0
content-type: text/html; charset=UTF-8

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 0808
Redirect Chain

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEDosyDk4VvdkMgLDV1Jv3ck&google_cver=1&google_push=AYg5qPI17bl6qSXuJZo84dv95E8s4FtP8MYIkeUzqxOGHAimmox5OCT0HHSu1Nmp9ZR7vdeN6Hc...
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TDBPSk9JUEktMUUtN0JGRA==&google_push=AYg5qPI17bl6qSXuJZo84dv95E8s4FtP8MYIkeUzqxOGHAimmox5OCT0HHSu1Nmp9ZR7vdeN6HcYj4iyB6XfqlDgDBoYzTKwIEI

170 B
188 B

17ms
16ms

Image
image/png

142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TDBPSk9JUEktMUUtN0JGRA==&google_push=AYg5qPI17bl6qSXuJZo84dv95E8s4FtP8MYIkeUzqxOGHAimmox5OCT0HHSu1Nmp9ZR7vdeN6HcYj4iyB6XfqlDgDBoYzTKwIEI

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8744459230456906&output=html&h=280&adk=2425089809&adf=3167432231&pi=t.aa~a.3621136341~i.2~rp.1&w=783&fwrn=4&fwrnh=100&lmt=1647114591&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=8995418946&psa=0&ad_type=text_image&format=783x280&url=https%3A%2F%2Fnets4.com%2Fandroid-apps%2Fcom.darkodeb.souprn&flash=0&fwr=0&pra=3&rh=196&rw=783&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&dt=1647131689990&bpp=2&bdt=1000&idt=-M&shv=r20220308&mjsv=m202203030101&ptt=9&saldr=aa&abxe=1&cookie=ID%3De76e1d7f951292ab-220e3ae45acd0021%3AT%3D1647131689%3ART%3D1647131689%3AS%3DALNI_MZf-097QFK_pDj_urpzHblre87SFA&prev_fmts=0x0&nras=2&correlator=5166200400636&frm=20&pv=1&ga_vid=1864642650.1647131689&ga_sid=1647131689&ga_hid=1522820835&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=266&ady=1416&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759837%2C42531397%2C44750774%2C44758396%2C31065566%2C44756897%2C44758227&oid=2&pvsid=2517347526824419&pem=769&tmod=77995381&uas=0&nvt=1&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=2&uci=a!2&btvi=1&fsb=1&xpc=3TjGIQkSfd&p=https%3A//nets4.com&dtd=20

Protocol

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 13 Mar 2022 00:34:50 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Location: https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TDBPSk9JUEktMUUtN0JGRA==&google_push=AYg5qPI17bl6qSXuJZo84dv95E8s4FtP8MYIkeUzqxOGHAimmox5OCT0HHSu1Nmp9ZR7vdeN6HcYj4iyB6XfqlDgDBoYzTKwIEI
Cache-Control: no-cache,no-store,must-revalidate
Content-Type: text/html
content-length: 0
X-RPHost: 611afce88997db6fdd35eb213e662871
Expires: 0

GET

pixel
cm.g.doubleclick.net/ Frame 0808
Redirect Chain

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEFHl26yEDH_CZz5ZmXVR9yY&google_cver=1&googl...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yi08KkJI1WGsfy-BGbuf2gAABLQAAAAB&google_push=AYg5qPJ9DfnyJjpQ_0jnpaaSp66sw8hk_gcJda6cXcLvYiYo61l4iH4LqJLbND3sPuOwk-SjkUhfHVXzeRQaqarzFR...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yi08KkJI1WGsfy-BGbuf2gAABLQAAAAB&google_push=AYg5qPJ9DfnyJjpQ_0jnpaaSp66sw8hk_gcJda6cXcLvYiYo61l4iH4LqJLbND3sPuOwk-SjkUhfHVXzeRQaqarzFR...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yi08KkJI1WGsfy-BGbuf2gAABLQAAAAB&google_push=AYg5qPJ9DfnyJjpQ_0jnpaaSp66sw8hk_gcJda6cXcLvYiYo61l4iH4LqJLbND3sPuOwk-SjkUhfHVXzeRQaqarzFR...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yi08KkJI1WGsfy-BGbuf2gAABLQAAAAB&google_push=AYg5qPJ9DfnyJjpQ_0jnpaaSp66sw8hk_gcJda6cXcLvYiYo61l4iH4LqJLbND3sPuOwk-SjkUhfHVXzeRQaqarzFR...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yi08KkJI1WGsfy-BGbuf2gAABLQAAAAB&google_push=AYg5qPJ9DfnyJjpQ_0jnpaaSp66sw8hk_gcJda6cXcLvYiYo61l4iH4LqJLbND3sPuOwk-SjkUhfHVXzeRQaqarzFR...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yi08KkJI1WGsfy-BGbuf2gAABLQAAAAB&google_push=AYg5qPJ9DfnyJjpQ_0jnpaaSp66sw8hk_gcJda6cXcLvYiYo61l4iH4LqJLbND3sPuOwk-SjkUhfHVXzeRQaqarzFR...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yi08KkJI1WGsfy-BGbuf2gAABLQAAAAB&google_push=AYg5qPJ9DfnyJjpQ_0jnpaaSp66sw8hk_gcJda6cXcLvYiYo61l4iH4LqJLbND3sPuOwk-SjkUhfHVXzeRQaqarzFR...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yi08KkJI1WGsfy-BGbuf2gAABLQAAAAB&google_push=AYg5qPJ9DfnyJjpQ_0jnpaaSp66sw8hk_gcJda6cXcLvYiYo61l4iH4LqJLbND3sPuOwk-SjkUhfHVXzeRQaqarzFR...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yi08KkJI1WGsfy-BGbuf2gAABLQAAAAB&google_push=AYg5qPJ9DfnyJjpQ_0jnpaaSp66sw8hk_gcJda6cXcLvYiYo61l4iH4LqJLbND3sPuOwk-SjkUhfHVXzeRQaqarzFR...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yi08KkJI1WGsfy-BGbuf2gAABLQAAAAB&google_push=AYg5qPJ9DfnyJjpQ_0jnpaaSp66sw8hk_gcJda6cXcLvYiYo61l4iH4LqJLbND3sPuOwk-SjkUhfHVXzeRQaqarzFR...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yi08KkJI1WGsfy-BGbuf2gAABLQAAAAB&google_push=AYg5qPJ9DfnyJjpQ_0jnpaaSp66sw8hk_gcJda6cXcLvYiYo61l4iH4LqJLbND3sPuOwk-SjkUhfHVXzeRQaqarzFR...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yi08KkJI1WGsfy-BGbuf2gAABLQAAAAB&google_push=AYg5qPJ9DfnyJjpQ_0jnpaaSp66sw8hk_gcJda6cXcLvYiYo61l4iH4LqJLbND3sPuOwk-SjkUhfHVXzeRQaqarzFR...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yi08KkJI1WGsfy-BGbuf2gAABLQAAAAB&google_push=AYg5qPJ9DfnyJjpQ_0jnpaaSp66sw8hk_gcJda6cXcLvYiYo61l4iH4LqJLbND3sPuOwk-SjkUhfHVXzeRQaqarzFR...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yi08KkJI1WGsfy-BGbuf2gAABLQAAAAB&google_push=AYg5qPJ9DfnyJjpQ_0jnpaaSp66sw8hk_gcJda6cXcLvYiYo61l4iH4LqJLbND3sPuOwk-SjkUhfHVXzeRQaqarzFR...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yi08KkJI1WGsfy-BGbuf2gAABLQAAAAB&google_push=AYg5qPJ9DfnyJjpQ_0jnpaaSp66sw8hk_gcJda6cXcLvYiYo61l4iH4LqJLbND3sPuOwk-SjkUhfHVXzeRQaqarzFR...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yi08KkJI1WGsfy-BGbuf2gAABLQAAAAB&google_push=AYg5qPJ9DfnyJjpQ_0jnpaaSp66sw8hk_gcJda6cXcLvYiYo61l4iH4LqJLbND3sPuOwk-SjkUhfHVXzeRQaqarzFR...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yi08KkJI1WGsfy-BGbuf2gAABLQAAAAB&google_push=AYg5qPJ9DfnyJjpQ_0jnpaaSp66sw8hk_gcJda6cXcLvYiYo61l4iH4LqJLbND3sPuOwk-SjkUhfHVXzeRQaqarzFR...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yi08KkJI1WGsfy-BGbuf2gAABLQAAAAB&google_push=AYg5qPJ9DfnyJjpQ_0jnpaaSp66sw8hk_gcJda6cXcLvYiYo61l4iH4LqJLbND3sPuOwk-SjkUhfHVXzeRQaqarzFR...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yi08KkJI1WGsfy-BGbuf2gAABLQAAAAB&google_push=AYg5qPJ9DfnyJjpQ_0jnpaaSp66sw8hk_gcJda6cXcLvYiYo61l4iH4LqJLbND3sPuOwk-SjkUhfHVXzeRQaqarzFR...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yi08KkJI1WGsfy-BGbuf2gAABLQAAAAB&google_push=AYg5qPJ9DfnyJjpQ_0jnpaaSp66sw8hk_gcJda6cXcLvYiYo61l4iH4LqJLbND3sPuOwk-SjkUhfHVXzeRQaqarzFR...

0
0

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame 0808 0
12 B 15ms
15ms Image
text/html 142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13Jyk7MpIwZ59yQ1cHDP-BDZtAt8eU-gnXM3E_opTS0pJup40DyvKxsI9r0t6ySsY2KOwGFj

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8744459230456906&output=html&h=280&adk=2425089809&adf=3167432231&pi=t.aa~a.3621136341~i.2~rp.1&w=783&fwrn=4&fwrnh=100&lmt=1647114591&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=8995418946&psa=0&ad_type=text_image&format=783x280&url=https%3A%2F%2Fnets4.com%2Fandroid-apps%2Fcom.darkodeb.souprn&flash=0&fwr=0&pra=3&rh=196&rw=783&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&dt=1647131689990&bpp=2&bdt=1000&idt=-M&shv=r20220308&mjsv=m202203030101&ptt=9&saldr=aa&abxe=1&cookie=ID%3De76e1d7f951292ab-220e3ae45acd0021%3AT%3D1647131689%3ART%3D1647131689%3AS%3DALNI_MZf-097QFK_pDj_urpzHblre87SFA&prev_fmts=0x0&nras=2&correlator=5166200400636&frm=20&pv=1&ga_vid=1864642650.1647131689&ga_sid=1647131689&ga_hid=1522820835&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=266&ady=1416&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759837%2C42531397%2C44750774%2C44758396%2C31065566%2C44756897%2C44758227&oid=2&pvsid=2517347526824419&pem=769&tmod=77995381&uas=0&nvt=1&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=2&uci=a!2&btvi=1&fsb=1&xpc=3TjGIQkSfd&p=https%3A//nets4.com&dtd=20

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sun, 13 Mar 2022 00:34:50 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H/1.1 200
OK dt
dt.adsafeprotected.com/ Frame 8DC1 43 B
301 B 87ms
87ms Image
image/gif 104.244.36.20
ADSAFE-1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=899486&asId=42f30d28-1827-ddbf-72b9-cd0df794a09d&tv=%7Bc:6Hi5Cr,pingTime:-10,time:482,type:s,mvn:ZnNjPTEyLHNkPTMsbm89OCxhc3A9MQ--,sd:MTcuNS4xMnYxMjAwfHwxNjAwfHwxfHwxfHwyNHx8MTIwMHx8MHx8MHx8MXx8bGFuZHNjYXBlLXByaW1hcnl8fDI0fHw0LzN8fDQvM3x8MHx8MTYwMA--,no:MTcuNS4xMnZNb3ppbGxhfHxOZXRzY2FwZXx8bnx8bnx8MHx8bnx8TGludXggeDg2XzY0fHxHZWNrb3x8MjAwMzAxMDd8fDB8fE1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDEwLjA7IFdpbjY0OyB4NjQpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIENocm9tZS85OS4wLjQ4NDQuNTEgU2FmYXJpLzUzNy4zNnx8MXx8MXx8R29vZ2xlIEluYy58fG4-,ch:n,fsc:17.5.12v220002022000220000022002220000022220200000222200022220002022022022222202002220222022222022222000220200000022220222220222222222222202222222222222222222222222222222222222200000022022020020000002022202022022022222222000000000020222202022022222000000020000000000000000000020220202220000022200222202220022200200222022202220022202220020222202000220000222202222202222000002002002222222202220022202200022002220222202,asp:1647131690947%7C%7Cc3fa1e19baa07028324d471264e0642a%7C%7C6b9a00393fb1607b0ada13520f814ab5%7C%7C5fbf56f16a66fff7a2a20aed80cc2146%7C%7Cc36c2f6893efa4b056a6f7e009132244%7C%7Cab9590ceddd481aac2f35b8aba2cf371%7C%7Cada313907ee248a66c866c3061871c22%7C%7C13907b1eac98d5b57f0cde952b2d5c2c%7C%7C1629390669,im:%7Bpci:%7Btdr:152%7D%7D%7D
Requested by: Host: nets4.com
URL: https://nets4.com/android-apps/com.darkodeb.souprn
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.244.36.20 , United States, ASN7415 (ADSAFE-1, US),
Reverse DNS: nyidt.adsafeprotected.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Pragma: no-cache
Date: Sun, 13 Mar 2022 00:34:50 GMT
X-Server-Name: dt39.303net.pvt
P3P: CP="COM NAV INT STA NID OUR IND NOI"
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Server: nginx

GET
H3

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 39CE
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

0
16 B

23ms
22ms

Document
text/html

2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8744459230456906&output=html&h=280&adk=2425089809&adf=3167432231&pi=t.aa~a.3621136341~i.2~rp.1&w=783&fwrn=4&fwrnh=100&lmt=1647114591&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=8995418946&psa=0&ad_type=text_image&format=783x280&url=https%3A%2F%2Fnets4.com%2Fandroid-apps%2Fcom.darkodeb.souprn&flash=0&fwr=0&pra=3&rh=196&rw=783&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&dt=1647131689990&bpp=2&bdt=1000&idt=-M&shv=r20220308&mjsv=m202203030101&ptt=9&saldr=aa&abxe=1&cookie=ID%3De76e1d7f951292ab-220e3ae45acd0021%3AT%3D1647131689%3ART%3D1647131689%3AS%3DALNI_MZf-097QFK_pDj_urpzHblre87SFA&prev_fmts=0x0&nras=2&correlator=5166200400636&frm=20&pv=1&ga_vid=1864642650.1647131689&ga_sid=1647131689&ga_hid=1522820835&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=266&ady=1416&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759837%2C42531397%2C44750774%2C44758396%2C31065566%2C44756897%2C44758227&oid=2&pvsid=2517347526824419&pem=769&tmod=77995381&uas=0&nvt=1&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=2&uci=a!2&btvi=1&fsb=1&xpc=3TjGIQkSfd&p=https%3A//nets4.com&dtd=20

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Sun, 13 Mar 2022 00:34:50 GMT
server: cafe
content-length: 0
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Sun, 13 Mar 2022 00:34:50 GMT
cache-control: private

Redirect headers

location: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
cache-control: private
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Sun, 13 Mar 2022 00:34:50 GMT
server: cafe
content-length: 0
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 2878 0
20 B 30ms
29ms Image
image/gif 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BTzdGKjwtYpnbCoSR3gOL3KjwCAAAAAA4AeAEAg&bg=!wcKlwobNAAb7UztL-1M7ACkAdvg8WpsZF5FNy2pBgMxkcu7Xz7OWcsWUvvK_qQVTO79vyXeZwrY1lAIAAAFGUgAAAAJoAQeZAxDdxU9J1Nzw2QnVvT5FjeAw3NVHNWmMfuWJ6AAQBGdodeY_YvMjGFSXhW6r9zwrY072SVZtp91qHXt3ABS0CulEli5tWgBsVF4xYstW8PR9UUvcQYovSRwBFHCTgyU3VCyfSksBvd3QtskGsXwEHCByjnukLECf_kMqiNEKnWzZCKR_8XGka7qGUsG8HKxIcvvq-qmJwOuR4X4wcP6CG4tVW52uhQ63Esd1dDjSAxSgesJ0Q0TmfM0TNLp5XSyEG8-V6SCyKJezadPR5989PGvIw5MVBWhyAyofiAte__LU7m2yXdzAi_U6Q2KsRUsHOKVnG0zolIihRAIjV3H9-RmsS-Sa4GWN5hnZ7zKk9S_0ZOHJk3tPRvAeoJC2PAc7BP8FS1m2Hc8m_12rPmOZa33I5bs315bYiRHmqN6R71ZnL_THnaJiU8L9Ua6xX_4OqjozHuGk2I6MqaoTmuR_1PzRhZkbxijEGLJm8Seg1PZvbTci508aSZHUProOPIF5DsdQ4ZUVWfuGAwJHgPdYZD8mVwNVuh9nUurAc3lDeoJnO87wy2wHsrwAa5lZyvJTm5kQs6To-DqP-JBzi_gOZCm_8Nv5bbHBDmaOc1tPc__C5XqwOaNc7wtQ2OjS5XDEwk1EFqebR7dcYAOSVxy-pLnOByr-lXAQWJVgr9crRGEGNPkNnBD5wYN5Zfpp8VD46JRdx2lp_0D_St3gTfm8I2KIXkhj2MgGrehK0yROj6ugQjMQ2SUq-5YPbsxCcZwCPt5C4T5bXI9AzHj-2sdc6tbY_5uwb6iTYIef1ye3mIvYNjs2LlE-F2oVcHhrOVaUDh4pSgwvaWfa7Xi9TlP-uSf_li-8Mo1wbDsogPgfQ17uIcgn3OY5LKRF7UucEUS_t0ormBw3aNfAKQUVwSayXITkXKJQzTvlL3Te3Gmct4RezuUyVg7FYX4cwk4GxGZbBDm2mHayZD2toaLvD66m2IjnVYsJEY7yC1fx3oHLLGDH5I9ZHfN7NZusHMdmrh4vgj3BdYZDA98Z8kUEWiDzSB5J

Requested by

Host: nets4.com
URL: https://nets4.com/android-apps/com.darkodeb.souprn

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 13 Mar 2022 00:34:50 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 14 KB
10 KB 37ms
22ms XHR
application/json 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20220308&st=env

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

957a7ec6098a62f0d1f2d4201932b74f103966095a230bd332f967f36c2baf08

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

timing-allow-origin: *
date: Sun, 13 Mar 2022 00:34:51 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10693
x-xss-protection: 0

GET
H2

200

c.gif
c.clarity.ms/
Redirect Chain

https://c.clarity.ms/c.gif
https://c.bing.com/c.gif?CtsSyncId=4199131D3E8C4C5FB5D0DC4B6A80D166&RedC=c.clarity.ms&MXFR=0264BD75D93668E529B7AC13DD36669E
https://c.clarity.ms/c.gif?CtsSyncId=4199131D3E8C4C5FB5D0DC4B6A80D166&MUID=1C72EE0AA15A6D120FACFF6CA0886C2E

42 B
369 B

28ms
28ms

Image
image/gif

52.142.114.2
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://c.clarity.ms/c.gif?CtsSyncId=4199131D3E8C4C5FB5D0DC4B6A80D166&MUID=1C72EE0AA15A6D120FACFF6CA0886C2E
Protocol: H2
Server: 52.142.114.2 Dublin, Ireland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: 99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 13 Mar 2022 00:34:50 GMT
last-modified: Mon, 28 Feb 2022 22:29:30 GMT
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET
etag: "7c5ed6a6f22cd81:0"
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
cache-control: private, no-cache, proxy-revalidate, no-store
accept-ranges: bytes
content-type: image/gif
content-length: 42

Redirect headers

pragma: no-cache
date: Sun, 13 Mar 2022 00:34:50 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 3C727677990D4A2C8E7170CDC67CBC8A Ref B: FRAEDGE1208 Ref C: 2022-03-13T00:34:51Z
x-powered-by: ASP.NET
x-cache: CONFIG_NOCACHE
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
location: https://c.clarity.ms/c.gif?CtsSyncId=4199131D3E8C4C5FB5D0DC4B6A80D166&MUID=1C72EE0AA15A6D120FACFF6CA0886C2E
cache-control: private, no-cache, proxy-revalidate, no-store
content-length: 0

GET
H3 200 recaptcha__de.js Show response
www.gstatic.com/recaptcha/releases/85AXn53af-oJBEtL2o2WpAjZ/ 360 KB
142 KB 23ms
8ms Script
text/javascript 2a00:1450:4001:82b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/85AXn53af-oJBEtL2o2WpAjZ/recaptcha__de.js

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/api.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

15f9c75454fbc8c7a512938af4ebbe852cd2fe82b8bd32ec98222a231b8a7e12

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://nets4.com/
Origin: https://nets4.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sat, 12 Mar 2022 20:28:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 14788
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 145081
x-xss-protection: 0
last-modified: Mon, 07 Mar 2022 05:02:21 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
vary: Accept-Encoding
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sun, 12 Mar 2023 20:28:23 GMT

GET
H3 200 pica.js
nets4.com/cdn-cgi/challenge-platform/h/g/scripts/ 24 KB
8 KB 28ms
27ms Other
text/javascript 2a06:98c1:3121::7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://nets4.com/cdn-cgi/challenge-platform/h/g/scripts/pica.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a06:98c1:3121::7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 63854b5f77efc1654a234bc712284669300710500bea0a1353e820e108ccaf39

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/android-apps/com.darkodeb.souprn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sun, 13 Mar 2022 00:34:51 GMT
content-encoding: br
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Ejatvx9Bc7YL%2B1n2%2FUqyhmfobL725A3RIRNAxlujxm8l1KUA02BBKU3%2B8LsZUFD99h2Z%2BvPG%2F4jr04w8So5Srf2wMc5KpRBDvxLMnwLYVNc6giEX9ro4Wd%2FwNq2lignLq6iKhhIZDZw%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/javascript
cache-control: max-age=604800, public
x-control-type-options: nosniff
cf-ray: 6eb0afaceb9d83a9-MXP
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H3 200 sUHguJaOgo-7uJOhJ406zvaQRdrc_7oCnUaOp60Ji2o.js Show response
pagead2.googlesyndication.com/bg/ Frame A84E 35 KB
14 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/sUHguJaOgo-7uJOhJ406zvaQRdrc_7oCnUaOp60Ji2o.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8744459230456906&output=html&h=280&adk=2425089809&adf=3167432231&pi=t.aa~a.3621136341~i.2~rp.1&w=783&fwrn=4&fwrnh=100&lmt=1647114591&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=8995418946&psa=0&ad_type=text_image&format=783x280&url=https%3A%2F%2Fnets4.com%2Fandroid-apps%2Fcom.darkodeb.souprn&flash=0&fwr=0&pra=3&rh=196&rw=783&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&dt=1647131689990&bpp=2&bdt=1000&idt=-M&shv=r20220308&mjsv=m202203030101&ptt=9&saldr=aa&abxe=1&cookie=ID%3De76e1d7f951292ab-220e3ae45acd0021%3AT%3D1647131689%3ART%3D1647131689%3AS%3DALNI_MZf-097QFK_pDj_urpzHblre87SFA&prev_fmts=0x0&nras=2&correlator=5166200400636&frm=20&pv=1&ga_vid=1864642650.1647131689&ga_sid=1647131689&ga_hid=1522820835&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=266&ady=1416&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759837%2C42531397%2C44750774%2C44758396%2C31065566%2C44756897%2C44758227&oid=2&pvsid=2517347526824419&pem=769&tmod=77995381&uas=0&nvt=1&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=2&uci=a!2&btvi=1&fsb=1&xpc=3TjGIQkSfd&p=https%3A//nets4.com&dtd=20

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b141e0b8968e828fbbb893a1278d3acef69045dadcffba029d468ea7ad098b6a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sat, 12 Mar 2022 19:55:51 GMT
content-encoding: br
x-content-type-options: nosniff
age: 16740
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13820
x-xss-protection: 0
last-modified: Tue, 01 Mar 2022 17:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sun, 12 Mar 2023 19:55:51 GMT

OPTIONS
H2 200 rum
cloudflareinsights.com/cdn-cgi/ Frame 0
0 51ms
14ms Preflight
text/plain 2606:4700::6810:5e41
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cloudflareinsights.com/cdn-cgi/rum

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:5e41 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Origin: https://nets4.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

date: Sun, 13 Mar 2022 00:34:51 GMT
content-type: text/plain
access-control-allow-origin: https://nets4.com
access-control-allow-methods: POST,OPTIONS
access-control-allow-headers: Content-Type
access-control-max-age: 86400
vary: Origin
access-control-allow-credentials: true
server: cloudflare
cf-ray: 6eb0afad2f590215-ZRH
x-frame-options: DENY
x-content-type-options: nosniff
content-encoding: gzip

POST
H2 200 rum Show response
cloudflareinsights.com/cdn-cgi/ 0
77 B 25ms
25ms XHR
text/plain 2606:4700::6810:5e41
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cloudflareinsights.com/cdn-cgi/rum

Requested by

Host: static.cloudflareinsights.com
URL: https://static.cloudflareinsights.com/beacon.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:5e41 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://nets4.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
content-type: application/json

Response headers

date: Sun, 13 Mar 2022 00:34:51 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cloudflare
x-frame-options: DENY
access-control-allow-methods: POST,OPTIONS
content-type: text/plain
access-control-allow-origin: https://nets4.com
access-control-max-age: 86400
access-control-allow-credentials: true
cf-ray: 6eb0afad3f6a0215-ZRH
vary: Origin

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
6 KB 46ms
46ms Script
text/javascript 2a00:1450:4001:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sun, 13 Mar 2022 00:34:51 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Sun, 13 Mar 2022 00:34:51 GMT

GET
H3 200 anchor Show response
www.google.com/recaptcha/api2/ Frame 702F 43 KB
22 KB 35ms
34ms Document
text/html 2a00:1450:4001:811::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LdBUMUZAAAAAK9sWAfAA-Kd5C0Y4AGlWbDlHXpD&co=aHR0cHM6Ly9uZXRzNC5jb206NDQz&hl=de&v=85AXn53af-oJBEtL2o2WpAjZ&size=normal&cb=iwo6wvt95wks

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/85AXn53af-oJBEtL2o2WpAjZ/recaptcha__de.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

65a33d19b9c54f20aa5da8a517791d49eb69619739d6a28708c178c31272f15f

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-B0Sbt5rchq3ASfF2VaWwBA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/

Response headers

cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Sun, 13 Mar 2022 00:34:51 GMT
content-security-policy: script-src 'report-sample' 'nonce-B0Sbt5rchq3ASfF2VaWwBA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 22572
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 96B9 13 KB
5 KB 7ms
7ms Document
text/html 2a00:1450:4001:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-length: 5046
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 12 Mar 2022 21:17:21 GMT
expires: Sun, 12 Mar 2023 21:17:21 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
content-type: text/html
age: 11850
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 76C2 783 B
535 B 22ms
22ms Document
text/html 2a00:1450:4001:811::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

82d625d711899d31d8bfa85be5180032991d6511c22c20d7fbd3c2d24d827fa4

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-jAmlya5mVx7dMklG5b21Rg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/

Response headers

cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
expires: Sun, 13 Mar 2022 00:34:51 GMT
date: Sun, 13 Mar 2022 00:34:51 GMT
cache-control: private, max-age=300
content-type: text/html; charset=utf-8
content-security-policy: script-src 'report-sample' 'nonce-jAmlya5mVx7dMklG5b21Rg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 513
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 sUHguJaOgo-7uJOhJ406zvaQRdrc_7oCnUaOp60Ji2o.js Show response
pagead2.googlesyndication.com/bg/ Frame 96B9 35 KB
14 KB 8ms
6ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/sUHguJaOgo-7uJOhJ406zvaQRdrc_7oCnUaOp60Ji2o.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b141e0b8968e828fbbb893a1278d3acef69045dadcffba029d468ea7ad098b6a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sat, 12 Mar 2022 19:55:51 GMT
content-encoding: br
x-content-type-options: nosniff
age: 16740
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13820
x-xss-protection: 0
last-modified: Tue, 01 Mar 2022 17:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sun, 12 Mar 2023 19:55:51 GMT

GET
H3 200 styles__ltr.css
www.gstatic.com/recaptcha/releases/85AXn53af-oJBEtL2o2WpAjZ/ Frame 702F 51 KB
24 KB 11ms
11ms Stylesheet
text/css 2a00:1450:4001:82b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/85AXn53af-oJBEtL2o2WpAjZ/styles__ltr.css

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LdBUMUZAAAAAK9sWAfAA-Kd5C0Y4AGlWbDlHXpD&co=aHR0cHM6Ly9uZXRzNC5jb206NDQz&hl=de&v=85AXn53af-oJBEtL2o2WpAjZ&size=normal&cb=iwo6wvt95wks

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f6d032132eed5aa1a417456f07864c51fe631858b190224cf7d1a50116d15f48

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Fri, 11 Mar 2022 15:26:16 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 119315
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 24237
x-xss-protection: 0
last-modified: Mon, 07 Mar 2022 05:02:21 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
vary: Accept-Encoding
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/css
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sat, 11 Mar 2023 15:26:16 GMT

GET
H3 200 recaptcha__de.js Show response
www.gstatic.com/recaptcha/releases/85AXn53af-oJBEtL2o2WpAjZ/ Frame 702F 360 KB
142 KB 12ms
11ms Script
text/javascript 2a00:1450:4001:82b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/85AXn53af-oJBEtL2o2WpAjZ/recaptcha__de.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

15f9c75454fbc8c7a512938af4ebbe852cd2fe82b8bd32ec98222a231b8a7e12

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sat, 12 Mar 2022 20:28:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 14788
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 145081
x-xss-protection: 0
last-modified: Mon, 07 Mar 2022 05:02:21 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
vary: Accept-Encoding
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sun, 12 Mar 2023 20:28:23 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 76C2 0
0 59ms
59ms Image
text/html 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gda_r20220308&jk=2517347526824419&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

POST
H3 200 6eb0af9eab9b83a3 Show response
nets4.com/cdn-cgi/challenge-platform/h/g/cv/result/ 2 B
680 B 40ms
39ms XHR
text/plain 2a06:98c1:3121::7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://nets4.com/cdn-cgi/challenge-platform/h/g/cv/result/6eb0af9eab9b83a3
Requested by: Host: nets4.com
URL: https://nets4.com/cdn-cgi/challenge-platform/h/g/scripts/invisible.js?ts=1647129600
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a06:98c1:3121::7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df

Request headers

Referer: https://nets4.com/android-apps/com.darkodeb.souprn
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: application/json

Response headers

date: Sun, 13 Mar 2022 00:34:51 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 6eb0afafcff283a9-MXP
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=EqBdtEl0s3meEDV6xTRA6CaKaH3k46jDOcUUV3dmjLYSWBkqjcWEskAIYS4xNXfAbj1dmU5jbJIepg2Rw%2BjE1FA9bwRsgE0EgWzfMkakROXmjVgSl%2FC7xHsHBkDefzbFkcc1LkveTJs%3D"}],"group":"cf-nel","max_age":604800}

GET
H3 200 webworker.js
www.google.com/recaptcha/api2/ Frame 702F 102 B
134 B 17ms
16ms Other
text/javascript 2a00:1450:4001:811::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/webworker.js?hl=de&v=85AXn53af-oJBEtL2o2WpAjZ

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

f98ff8ab059bdef9ea7fe9165a4e74fce15166abdbb8dd25307b7b7d9ac26ddd

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LdBUMUZAAAAAK9sWAfAA-Kd5C0Y4AGlWbDlHXpD&co=aHR0cHM6Ly9uZXRzNC5jb206NDQz&hl=de&v=85AXn53af-oJBEtL2o2WpAjZ&size=normal&cb=iwo6wvt95wks
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sun, 13 Mar 2022 00:34:51 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: GSE
cross-origin-embedder-policy: require-corp
x-frame-options: SAMEORIGIN
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=300
content-security-policy: frame-ancestors 'self'
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 112
x-xss-protection: 1; mode=block
expires: Sun, 13 Mar 2022 00:34:51 GMT

GET
H3 200 bframe Show response
www.google.com/recaptcha/api2/ Frame CB1A 7 KB
1 KB 18ms
18ms Document
text/html 2a00:1450:4001:811::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/bframe?hl=de&v=85AXn53af-oJBEtL2o2WpAjZ&k=6LdBUMUZAAAAAK9sWAfAA-Kd5C0Y4AGlWbDlHXpD

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/85AXn53af-oJBEtL2o2WpAjZ/recaptcha__de.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

c9fd6fe0c4438e5024f4fe0f74a7444791b588cd6268b5544d01378478495a50

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-PSuTfYVYt/ll6NKk8QUizg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/

Response headers

cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Sun, 13 Mar 2022 00:34:51 GMT
content-security-policy: script-src 'report-sample' 'nonce-PSuTfYVYt/ll6NKk8QUizg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 1111
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame 96B9 0
9 B 6ms
6ms Image
text/plain 2a00:1450:4001:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?dMgcFQ
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sun, 13 Mar 2022 00:34:51 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 8DC1 42 B
64 B 29ms
28ms Fetch
image/gif 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjssm1hYsRyHazcv12gyUX5HVHVGIUZEfFmar5eY7uk-PTbzSByqCWgXAGnLG_IilfrRvDA5AGbWvNGj12NlSvPH9TIFU0XySmxJdMZU9fBI16cN5KSm0jw&sai=AMfl-YSrGUxpL1AqHyUdXazZVo4NxG9lgsCYs7Ovvo_MSjHFa0tQg05YZ3rHlEtJs_hV9C6uYvgN1TuMI_Rs&sig=Cg0ArKJSzE-qk8I-N2TaEAE&cid=CAASBORoOaI&id=lidar2&mcvt=1010&p=0,0,90,728&mtos=496,958,1010,1010,1010&tos=496,462,52,0,0&v=20220309&bin=7&avms=nio&bs=0,0&mc=1&if=1&app=0&itpl=20&adk=1812271801&rs=2&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0%3D&vs=4&r=v&rst=1647131690155&rpt=384&met=mue&wmsd=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 13 Mar 2022 00:34:51 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 styles__ltr.css
www.gstatic.com/recaptcha/releases/85AXn53af-oJBEtL2o2WpAjZ/ Frame CB1A 51 KB
24 KB 7ms
7ms Stylesheet
text/css 2a00:1450:4001:82b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/85AXn53af-oJBEtL2o2WpAjZ/styles__ltr.css

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/api2/bframe?hl=de&v=85AXn53af-oJBEtL2o2WpAjZ&k=6LdBUMUZAAAAAK9sWAfAA-Kd5C0Y4AGlWbDlHXpD

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f6d032132eed5aa1a417456f07864c51fe631858b190224cf7d1a50116d15f48

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Fri, 11 Mar 2022 15:26:16 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 119315
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 24237
x-xss-protection: 0
last-modified: Mon, 07 Mar 2022 05:02:21 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
vary: Accept-Encoding
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/css
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sat, 11 Mar 2023 15:26:16 GMT

GET
H3 200 recaptcha__de.js Show response
www.gstatic.com/recaptcha/releases/85AXn53af-oJBEtL2o2WpAjZ/ Frame CB1A 360 KB
142 KB 8ms
8ms Script
text/javascript 2a00:1450:4001:82b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/85AXn53af-oJBEtL2o2WpAjZ/recaptcha__de.js

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/api2/bframe?hl=de&v=85AXn53af-oJBEtL2o2WpAjZ&k=6LdBUMUZAAAAAK9sWAfAA-Kd5C0Y4AGlWbDlHXpD

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

15f9c75454fbc8c7a512938af4ebbe852cd2fe82b8bd32ec98222a231b8a7e12

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sat, 12 Mar 2022 20:28:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 14788
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 145081
x-xss-protection: 0
last-modified: Mon, 07 Mar 2022 05:02:21 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
vary: Accept-Encoding
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sun, 12 Mar 2023 20:28:23 GMT

GET
H/1.1 200
OK dt
dt.adsafeprotected.com/ Frame 8DC1 43 B
301 B 88ms
88ms Image
image/gif 104.244.36.20
ADSAFE-1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=899486&asId=42f30d28-1827-ddbf-72b9-cd0df794a09d&tv=%7Bc:6Hi5NH,pingTime:1,time:1180,type:p,clog:%5B%7Bpiv:0,vs:o,r:r,w:728,h:90,t:16%7D,%7Bpiv:77,vs:i,r:,t:168%7D,%7Bpiv:82,t:348%7D,%7Bpiv:100,t:683%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:0,slTimes:%7Bi:1012,o:168,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:16,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:sp,cc:0.0.728.90,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B163~0%5D,as:%5B163~728.90%5D%7D%7D,%7Bsl:i,t:168,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:sp,cc:0.0.728.90,piv:100,obst:0,th:0,reas:,bkn:%7Bpiv:%5B515~75,497~100%5D,as:%5B1012~728.90%5D%7D%7D%5D,slEventCount:2,em:true,fr:false,e:,tt:rjss,dtt:144,fm:sZUUIgN+11%7C12%7C13%7C14%7C151%7C152%7C153%7C16%7C1711%7C181*.899486-59154218%7C1811%7C1812%7C1813,idMap:181*,rmeas:1,rend:1,renddet:XIFRAME.qs.lf%7D&br=c
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.244.36.20 , United States, ASN7415 (ADSAFE-1, US),
Reverse DNS: nyidt.adsafeprotected.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Pragma: no-cache
Date: Sun, 13 Mar 2022 00:34:51 GMT
X-Server-Name: dt39.303net.pvt
P3P: CP="COM NAV INT STA NID OUR IND NOI"
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Server: nginx

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
20 B 30ms
29ms Image
image/gif 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=225&t=2&li=gda_r20220308&jk=2517347526824419&bg=!zs2lzYnNAAb7UztL-1M7ACkAdvg8WkYZHd-iQR8TXyZJuNvxwDXAAEWxR3vowvistWkYuJJ26Ja4jQIAAAGDUgAAAANoAQeZAuZ5hzESehwptFNBmSYZrpHhdn2tlG-YSU3CLQvZldhHugwOEF52TafXrBKc8lgUO4fgpsCow_J9s1Qp21xMrDmJlwWfqEd5v86ufuBbLuXpJiBTuGIsKvsn-RlnpWQPZ5_DnGeyUrzYvOAI4JU1DPosgulrhk_zdzWHq_tqJfg1d6TIuOqQvXXWRzlm87M6iY7Kl2OXTRkYCONQRJRBSBBSPBYiJ7VseC6MrL6NT1F-e5cFdDmRIJ9toXfjYHCFWmm-2sri2BgOv0KPUlLXQGrSagcYdrU7gtmbdFCSHzbOn8l7TsIbjThsIOa3eD_3nvQifRCPpV7MXEAVtRt5RrXAQsMiMp-YgUWizwn70pphSQST2SJSajdcaIDxqqR4IvFswTyjuFoqZbiI5fBKjUoGgiDrle9YR5k4KoSYy389Y6kA9cTzigFOE98aRk8v4hXIc74MuGBRw4M_P2kPpEw4oktw7jjsdTyQn5Qcu9FijTSms6-CUFcjoOqr1b12oApEd0ThQfwCP1jmoT_wUT_sDY0MiSgDn0gn8Az1T_fa0ntQvDoF9HDVGU1ZpQh3KtOdHE2VGuA778cB2DPvHYl8-3ThnvgVwLTSNg68i7r2wbUUXLAchocuXVGidzmRyqNcJvlQJ_g5pwPLZTmWoZmEp2PqBcJHTDe2MUo1IhdMOQyU6Q5FNwb626PisYH_5AeROmf-UmxzCpv-su7-I1OR_oVqWshP-cFqczuGi-fr4d5qFEF0qSZqGIrshFB2rXobkhCwXWHvb2xTTz76H0XrLOiTU4oEx9yrjbiq9LM8QoFuO75mELddzkyk9m5-6KQFW_abLAuC4-6SV12Ydrz6yrhfDTUSj9MnahOl5ZujSYxDeiO2TddGLBb2t9OV7yiaG0iUHTFw2cVck40f_AxebgirQ_CNHd3Cdx10WhyqIq95ausVv3zxv6NWKpbXuaCvLYO5zaQQHlXHPSdeb71ZMTVgsMt8

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 13 Mar 2022 00:34:52 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK dt
dt.adsafeprotected.com/ Frame 8DC1 43 B
301 B 89ms
88ms Image
image/gif 104.244.36.20
ADSAFE-1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=899486&asId=42f30d28-1827-ddbf-72b9-cd0df794a09d&tv=%7Bc:6Hi5Xc,pingTime:1,time:1769,type:pf,clog:%5B%7Bpiv:0,vs:o,r:r,w:728,h:90,t:16%7D,%7Bpiv:77,vs:i,r:,t:168%7D,%7Bpiv:82,t:348%7D,%7Bpiv:100,t:683%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:0,slTimes:%7Bi:1601,o:168,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:16,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:sp,cc:0.0.728.90,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B163~0%5D,as:%5B163~728.90%5D%7D%7D,%7Bsl:i,t:168,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:sp,cc:0.0.728.90,piv:100,obst:0,th:0,reas:,bkn:%7Bpiv:%5B515~75,1086~100%5D,as:%5B1601~728.90%5D%7D%7D%5D,slEventCount:2,em:true,fr:false,e:,tt:rjss,dtt:90,fm:sZUUIgN+11%7C12%7C13%7C14%7C151%7C152%7C153%7C16%7C1711%7C181*.899486-59154218%7C1811%7C1812%7C1813,idMap:181*,rmeas:1,rend:1,renddet:XIFRAME.qs.lf%7D&br=c
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.244.36.20 , United States, ASN7415 (ADSAFE-1, US),
Reverse DNS: nyidt.adsafeprotected.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Pragma: no-cache
Date: Sun, 13 Mar 2022 00:34:52 GMT
X-Server-Name: dt39.303net.pvt
P3P: CP="COM NAV INT STA NID OUR IND NOI"
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Server: nginx

GET
H/1.1 200
OK dt
dt.adsafeprotected.com/ Frame 8DC1 43 B
301 B 87ms
87ms Image
image/gif 104.244.36.20
ADSAFE-1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=899486&asId=42f30d28-1827-ddbf-72b9-cd0df794a09d&tv=%7Bc:6Hi5Xc,pingTime:1,time:1769,type:c,clog:%5B%7Bpiv:0,vs:o,r:r,w:728,h:90,t:16%7D,%7Bpiv:77,vs:i,r:,t:168%7D,%7Bpiv:82,t:348%7D,%7Bpiv:100,t:683%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:0,slTimes:%7Bi:1601,o:168,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:16,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:sp,cc:0.0.728.90,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B163~0%5D,as:%5B163~728.90%5D%7D%7D,%7Bsl:i,t:168,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:sp,cc:0.0.728.90,piv:100,obst:0,th:0,reas:,bkn:%7Bpiv:%5B515~75,1086~100%5D,as:%5B1601~728.90%5D%7D%7D%5D,slEventCount:2,em:true,fr:false,e:,tt:rjss,dtt:90,fm:sZUUIgN+11%7C12%7C13%7C14%7C151%7C152%7C153%7C16%7C1711%7C181*.899486-59154218%7C1811%7C1812%7C1813,idMap:181*,rmeas:1,rend:1,renddet:XIFRAME.qs.lf,metricId:publ1,cmr:t%7D&br=c
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.244.36.20 , United States, ASN7415 (ADSAFE-1, US),
Reverse DNS: nyidt.adsafeprotected.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Pragma: no-cache
Date: Sun, 13 Mar 2022 00:34:52 GMT
X-Server-Name: dt33.303net.pvt
P3P: CP="COM NAV INT STA NID OUR IND NOI"
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Server: nginx

POST
H2 204 collect Show response
j.clarity.ms/ 0
48 B 98ms
97ms XHR
text/plain 20.85.30.134
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://j.clarity.ms/collect
Requested by: Host: j.clarity.ms
URL: https://j.clarity.ms/s/0.6.32/clarity.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 20.85.30.134 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: application/x-clarity-gzip
Referer: https://nets4.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

access-control-allow-origin: https://nets4.com
date: Sun, 13 Mar 2022 00:34:52 GMT
access-control-allow-credentials: true
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET
request-context: appId=cid-v1:3f60b293-70d6-4805-b0bb-3484f0a73bf0

GET
H/1.1 200
OK dt
dt.adsafeprotected.com/ Frame 8DC1 43 B
301 B 88ms
87ms Image
image/gif 104.244.36.20
ADSAFE-1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=899486&asId=42f30d28-1827-ddbf-72b9-cd0df794a09d&tv=%7Bc:6Hi6Q2,pingTime:5,time:5169,type:p,clog:%5B%7Bpiv:0,vs:o,r:r,w:728,h:90,t:16%7D,%7Bpiv:77,vs:i,r:,t:168%7D,%7Bpiv:82,t:348%7D,%7Bpiv:100,t:683%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:0,slTimes:%7Bi:5001,o:168,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:16,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:sp,cc:0.0.728.90,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B163~0%5D,as:%5B163~728.90%5D%7D%7D,%7Bsl:i,t:168,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:sp,cc:0.0.728.90,piv:100,obst:0,th:0,reas:,bkn:%7Bpiv:%5B515~75,4486~100%5D,as:%5B5001~728.90%5D%7D%7D%5D,slEventCount:2,em:true,fr:false,e:,tt:rjss,dtt:90,fm:sZUUIgN+11%7C12%7C13%7C14%7C151%7C152%7C153%7C16%7C1711%7C181*.899486-59154218%7C1811%7C1812%7C1813,idMap:181*,rmeas:1,rend:1,renddet:XIFRAME.qs.lf%7D&br=c
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.244.36.20 , United States, ASN7415 (ADSAFE-1, US),
Reverse DNS: nyidt.adsafeprotected.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Pragma: no-cache
Date: Sun, 13 Mar 2022 00:34:55 GMT
X-Server-Name: dt39.303net.pvt
P3P: CP="COM NAV INT STA NID OUR IND NOI"
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Server: nginx

GET
H/1.1 200
OK dt
dt.adsafeprotected.com/ Frame 8DC1 43 B
301 B 88ms
88ms Image
image/gif 104.244.36.20
ADSAFE-1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=899486&asId=42f30d28-1827-ddbf-72b9-cd0df794a09d&tv=%7Bc:6Hi6ZI,pingTime:5,time:5769,type:pf,clog:%5B%7Bpiv:0,vs:o,r:r,w:728,h:90,t:16%7D,%7Bpiv:77,vs:i,r:,t:168%7D,%7Bpiv:82,t:348%7D,%7Bpiv:100,t:683%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:0,slTimes:%7Bi:5601,o:168,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:16,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:sp,cc:0.0.728.90,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B163~0%5D,as:%5B163~728.90%5D%7D%7D,%7Bsl:i,t:168,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:sp,cc:0.0.728.90,piv:100,obst:0,th:0,reas:,bkn:%7Bpiv:%5B515~75,5086~100%5D,as:%5B5601~728.90%5D%7D%7D%5D,slEventCount:2,em:true,fr:false,e:,tt:rjss,dtt:90,fm:sZUUIgN+11%7C12%7C13%7C14%7C151%7C152%7C153%7C16%7C1711%7C181*.899486-59154218%7C1811%7C1812%7C1813,idMap:181*,rmeas:1,rend:1,renddet:XIFRAME.qs.lf%7D&br=c
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.244.36.20 , United States, ASN7415 (ADSAFE-1, US),
Reverse DNS: nyidt.adsafeprotected.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Pragma: no-cache
Date: Sun, 13 Mar 2022 00:34:56 GMT
X-Server-Name: dt39.303net.pvt
P3P: CP="COM NAV INT STA NID OUR IND NOI"
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Server: nginx

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: cm.g.doubleclick.net
URL: https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yi08KkJI1WGsfy-BGbuf2gAABLQAAAAB&google_push=AYg5qPJ2PoI34rnZKI_COs6TI-llen0KJBq0z1Y7m4gugmxx_5IndEgpud1SkRyPWxDrA_IgjtqUiNVUf-HOc85cgemI0Sgg__sgWg&google_gid=CAESEDpIOGXmxHZVCwWJkDAVOo8&google_cver=1

Domain: cm.g.doubleclick.net
URL: https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yi08KkJI1WGsfy-BGbuf2gAABLQAAAAB&google_gid=CAESEANDIIK1JkdqhvmeOJQEJg0&google_cver=1&google_push=AYg5qPIDJ6fjWIBXfQXvv4ISEbl_vpkvaUEFWM5CzwNVSDjrr1z75jwPM3_ausV2-RLnTAXMPrqDmtD4Mb3_tjqBUc8FaXIhVGEaSA

Domain: cm.g.doubleclick.net
URL: https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yi08KkJI1WGsfy-BGbuf2gAABLQAAAAB&google_push=AYg5qPJ9DfnyJjpQ_0jnpaaSp66sw8hk_gcJda6cXcLvYiYo61l4iH4LqJLbND3sPuOwk-SjkUhfHVXzeRQaqarzFRDgcwClhI0F&google_gid=CAESEFHl26yEDH_CZz5ZmXVR9yY&google_cver=1

Verdicts & Comments Add Verdict or Comment

85 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

28 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.nets4.com/	1970-01-20 19:03:23	Name: _ga Value: GA1.2.1864642650.1647131689
.nets4.com/	1970-01-20 01:33:38	Name: _gid Value: GA1.2.1207595817.1647131689
.nets4.com/	1970-01-20 01:32:11	Name: _gat Value: 1
.nets4.com/	1970-01-20 10:53:47	Name: __gads Value: ID=e76e1d7f951292ab-220e3ae45acd0021:T=1647131689:RT=1647131689:S=ALNI_MZf-097QFK_pDj_urpzHblre87SFA
www.clarity.ms/	1970-01-20 10:17:47	Name: CLID Value: d13b582e11cf4bcaadc6c239c5884450.20220313.20230313
.nets4.com/	1970-01-20 10:17:47	Name: _clck Value: 1imevli\|1\|ezq\|0
.adnxs.com/	1970-01-20 03:41:47	Name: uuid2 Value: 1711504017164076207
.nets4.com/	1970-01-20 01:33:38	Name: _clsk Value: ldn0yx\|1647131690246\|1\|1\|j.clarity.ms/collect
.casalemedia.com/	1970-01-20 03:41:47	Name: CMPS Value: 3236
.adnxs.com/	1970-01-20 03:41:47	Name: anj Value: dTM7k!M41.D>6NRF']wIg2E?bdtpN5!]tbPl1M>e)ZlrFUfJ+tGXxoT@fc_t<!'PmEyI]?NBb+i:@7O5[8/HXB>0]M3If)y3KL9D3I?+kf?6vA
.casalemedia.com/	1970-01-20 01:33:38	Name: CMST Value: Yi08KmItPCoA
.casalemedia.com/	1970-01-20 10:17:47	Name: CMID Value: Yi08KkJI1WGsfy.BGbuf2gAA
.casalemedia.com/	1970-01-20 03:41:47	Name: CMPRO Value: 1204
.casalemedia.com/	1970-01-20 10:17:47	Name: CMRUM3 Value: 2d622d3c2a2760CAESEF5FoktV1fRocJudlMfdGNQ
.doubleclick.net/	1970-01-20 10:53:47	Name: IDE Value: AHWqTUmVDPz1wHtK51kV5JQ2TrRcSAhrBqAFN2M7Ydk_HN82P8nB6xjwaBl2L_vPEmE
.quantserve.com/	1970-01-20 03:41:47	Name: d Value: EG4BCQHTJYEA
.quantserve.com/	1970-01-20 11:02:26	Name: mc Value: 622d3c2a-9603f-ea3ce-463b8
.rlcdn.com/	1970-01-20 10:17:47	Name: rlas3 Value: YmNFZY0G+R6KYQW2uD93kaw88k4BbMtXYjJa2GhzI8c=
.pubmatic.com/	1970-01-20 01:33:38	Name: KTPCACOOKIE Value: YES
.rlcdn.com/	1970-01-20 02:58:35	Name: pxrc Value: CAA=
.pubmatic.com/	1970-01-20 03:41:47	Name: KADUSERCOOKIE Value: A8F3C84B-6773-4FCC-B80B-833DFC25FBDC
.doubleclick.net/	1970-01-20 01:32:15	Name: DSID Value: NO_DATA
.innovid.com/	1970-01-20 03:41:47	Name: uuid Value: d544f7e7-7600-4dea-9939-add0e94392e1-20220312 19:34:50
.c.bing.com/	1970-01-20 10:53:47	Name: SRM_B Value: 1C72EE0AA15A6D120FACFF6CA0886C2E
.c.clarity.ms/	1969-12-31 23:59:59	Name: SM Value: C
.clarity.ms/	1970-01-20 10:53:47	Name: MUID Value: 1C72EE0AA15A6D120FACFF6CA0886C2E
.c.clarity.ms/	1970-01-20 01:32:12	Name: ANONCHK Value: 0
.nets4.com/	1970-01-20 01:32:13	Name: __cf_bm Value: 7m2xeMoG6Wze9mFFr7t4mInrzeS8bJkoeE73CIEYkH8-1647131691-0-AXUlhrb/0sqkNx1oUYX92pcwns1myJVqkZLy/eSBAF+7ZSWAdVAY7tmAiD4VoCTF8HhuatQfDEph7uPBwCbicZJg32lsrof6OVgKTcipPsEekaOoovMzQElQEH8NwIPkSw==

9 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
javascript	warning	URL: https://nets4.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://cdnjs.cloudflare.com/ajax/libs/jquery/3.6.0/jquery.min.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript	warning	URL: https://nets4.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://cdnjs.cloudflare.com/ajax/libs/jquery/3.6.0/jquery.min.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript	warning	URL: https://nets4.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://cdnjs.cloudflare.com/ajax/libs/popper.js/2.10.0/umd/popper.min.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript	warning	URL: https://nets4.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://cdnjs.cloudflare.com/ajax/libs/popper.js/2.10.0/umd/popper.min.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript	warning	URL: https://nets4.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://cdnjs.cloudflare.com/ajax/libs/bootstrap/4.5.3/js/bootstrap.min.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript	warning	URL: https://nets4.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://cdnjs.cloudflare.com/ajax/libs/bootstrap/4.5.3/js/bootstrap.min.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
network	error	URL: https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yi08KkJI1WGsfy-BGbuf2gAABLQAAAAB&google_push=AYg5qPJ2PoI34rnZKI_COs6TI-llen0KJBq0z1Y7m4gugmxx_5IndEgpud1SkRyPWxDrA_IgjtqUiNVUf-HOc85cgemI0Sgg__sgWg&google_gid=CAESEDpIOGXmxHZVCwWJkDAVOo8&google_cver=1 Message: Failed to load resource: net::ERR_TOO_MANY_REDIRECTS
network	error	URL: https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yi08KkJI1WGsfy-BGbuf2gAABLQAAAAB&google_gid=CAESEANDIIK1JkdqhvmeOJQEJg0&google_cver=1&google_push=AYg5qPIDJ6fjWIBXfQXvv4ISEbl_vpkvaUEFWM5CzwNVSDjrr1z75jwPM3_ausV2-RLnTAXMPrqDmtD4Mb3_tjqBUc8FaXIhVGEaSA Message: Failed to load resource: net::ERR_TOO_MANY_REDIRECTS
network	error	URL: https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yi08KkJI1WGsfy-BGbuf2gAABLQAAAAB&google_push=AYg5qPJ9DfnyJjpQ_0jnpaaSp66sw8hk_gcJda6cXcLvYiYo61l4iH4LqJLbND3sPuOwk-SjkUhfHVXzeRQaqarzFRDgcwClhI0F&google_gid=CAESEFHl26yEDH_CZz5ZmXVR9yY&google_cver=1 Message: Failed to load resource: net::ERR_TOO_MANY_REDIRECTS

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

adservice.google.com
adservice.google.de
ag.innovid.com
c.bing.com
c.clarity.ms
cdnjs.cloudflare.com
cloudflareinsights.com
cm.g.doubleclick.net
cms.quantserve.com
dsum-sec.casalemedia.com
dt.adsafeprotected.com
fonts.googleapis.com
fw.adsafeprotected.com
googleads.g.doubleclick.net
googleads4.g.doubleclick.net
ib.adnxs.com
id.rlcdn.com
image6.pubmatic.com
img.nets4.com
j.clarity.ms
nets4.com
p4-bmwns2zohdtqu-i4nbaq3t4q2r3r3c-if-v6exp3-v4.metric.gstatic.com
p4-eljpjziejsqdm-ydy3okyeyx4d4we5-if-v6exp3-v4.metric.gstatic.com
pagead2.googlesyndication.com
partner.googleadservices.com
pixel.everesttech.net
pixel.rubiconproject.com
play-lh.googleusercontent.com
rtb.openx.net
s0.2mdn.net
static.addtoany.com
static.adsafeprotected.com
static.cloudflareinsights.com
tpc.googlesyndication.com
www.clarity.ms
www.google-analytics.com
www.google.com
www.googletagservices.com
www.gstatic.com
cm.g.doubleclick.net
104.244.36.20
142.250.185.66
142.250.185.67
142.250.186.34
142.250.186.35
142.250.186.98
185.33.221.53
185.64.190.78
2.18.234.21
20.85.30.134
2600:9000:2156:c000:8:48e:53c0:93a1
2606:4700:10::6816:46c5
2606:4700::6810:125e
2606:4700::6810:5e41
2606:4700::6810:5f41
2620:116:800d:21:5a23:9c4e:e774:96c1
2620:1ec:27::cafe:1377
2620:1ec:c11::200
2a00:1450:4001:809::2001
2a00:1450:4001:811::2004
2a00:1450:4001:813::2002
2a00:1450:4001:827::2002
2a00:1450:4001:828::2002
2a00:1450:4001:828::200e
2a00:1450:4001:82a::2016
2a00:1450:4001:82b::2002
2a00:1450:4001:82b::2003
2a00:1450:4001:82b::2006
2a00:1450:4001:82b::200a
2a00:1450:4001:82f::2002
2a05:d01c:1d8:8102:d28c:83ad:1b58:a2c4
2a06:98c1:3121::7
34.246.234.200
35.227.252.103
35.244.174.68
52.142.114.2
52.50.243.239
69.173.144.139
06c5d20fdddbce6e00f48c238a4edae2cf8d5c8f9ab8b885981b69e8f246856a
08a42251b67b3a3c4e4ca77f032b4ccd15d0a9e6bef333a60d8c671f48c1b0e7
0a78a6e1f996e0b31d2983390f57d2e7fd3795770180d9ecf2f2897311d47680
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0ce5fc08d0f617e71e1d61bcd79fc7cc1855f4221945b0c09ac774685fe7f52c
127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b
153d00d39b4af16e1dfb6ef30a482a5274d8478f3719c0beb4e6b20dd8f6e70c
15f9c75454fbc8c7a512938af4ebbe852cd2fe82b8bd32ec98222a231b8a7e12
17a97981604a1fe56f8804e77655010e70cbfbbac2c66e03a303e876dfd72640
18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421
1e046a89bb90f44dadb24f5fdfbe412b5f6d320b790f7317fad956b193234726
1e4a9f198dff83634cc8aa536fce4f387b3a03901331b8941d0416097de26cf9
1e85ec81b9800b4c443d39caca0d0926089a3ac201120db1ceb45b93789480b8
1ffbc15c6fa9a7320f4637cb6d72866831896a649a8a7bcc7cb84f59abe1cf46
21af66f64bb18b1159ee363a933d5630e27419c83915d4d5ef42d8154f3921da
22d7e00449ca81f34b0926fe4573ec056a674d959ad42d7fa0ad680e90f27992
233bc983d773cb9a38ca251753bd43f9a2288279fab44598b49c433b32f6d285
23cc8f32949c8b6960b1a4ca216ccaff2db4b769f6565bef2ee1fa954e072029
2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8
2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df
28cc8bf1dbe125127ceee7a2ff05fd39c9dd63387e40fb551cf75228ecc348e9
28f18d39406a4b70dfa6cd479fe03f7ed918ca5c05cee26b87d9e1626cea1ed9
2a0ebad63f72a76eef81489ff5a91460a375240977a35f6f6bb93f1bf1bb5f7d
2aeff6ec3388af6499e38871e81b02311bfb40c7216a75ecbf1eccd8231e02c8
2b85ec33710cdd1ce85d6f8ee3a0a4c843476a7944bb29413587e59b993964fa
2d9cfc9ec75b6539f1f8750f5f453b2f3ddb1ed246c412a2ff1375026af56abf
2fa3103806ec53fb0e95a0b28ca8b6ff105212961406e7074f9e67c1dca13dfc
3701cadc5fc84e8ad639f83a87e20d82575e3cc28d479d73a0e66e5230e71c65
37e02f8affd1b89429dc00ca8d986e5bcd97489a9e014d84f9837318d0f229ca
38c55d072d01835d6e6f01ec241d89d48a8c5156213139019842d441536fa062
3b47b0822eca0f063d9761994afcb069eb121b3b33f472ae5c47ff3f506491c6
3e30375d0e8d2890dd541fb475202ed48413ea19d09139bb3aa002880ece8332
3e4b4d396700e065d5d37bde974840cf2bf19565f8450785f0a869079b86bce9
4330ca59447fc17e2fd3556789e4fff245ad5150f38218eedac4c7ae1eeda492
460ff0b1da5bacd95df6905ad1c8df05bdda30aa4189e2fef38b53b6318e42ff
471fc46a1d0fa59ca1c0c3914219d513f2845d9828a04b8001f93a91385a230f
473a0d9b69251336a8baadfc8fa4a282228b35a0eb990671c857b0a97bd08b1f
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4b64c5c578ae4f9f4bc0e130c1fe96eb1566136470a4a5fe8a662d6fe9d6056f
4ba1b9960f6bcc2d49080931ddd405a8fda579f905c7094d567d2b5823ae7970
4d45982f2dc34f36c9045ee46a75a1943666bb7fd64e103cac8c7429e7012840
4e01b78a49120236ba43f197dd7cddfd52b038aac2e96cb119ec3d80b9f8e1b7
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
4fef239ebd936e96f316dee1aca599952e7adaaba26fab72b45328871855ac4b
5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f
50bf55a29418702858357c46bac6fe387a4ed7a58c4ef43b5b2f3bb7a0e3f9d0
51ecd26b92c8cdf28b9e49416917ea85b85ac471e64a2a97b62081ece3e8ac12
52dc02379fad545d3153e0ae2ef5db0db4cdf242c81d4dc3e5617bcf29adbd22
5301a9242c3ba9f4b2eab1f3420dee893b50ee3e92ca055e06ddfddfe2ff1ecf
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
5687d13ae011d6ec24b25e19a6bc83a8536e0b98c97b7f4845d2eea5e2ae9536
5ad4775e1fe1f79812db4a03e8a5385a2b542639587bbadfed3f6fe83752f8b5
5c4a713ee4250851232be9f9f68d41586be39b299528cfc7266e0b0e7e582e1b
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
63854b5f77efc1654a234bc712284669300710500bea0a1353e820e108ccaf39
65a33d19b9c54f20aa5da8a517791d49eb69619739d6a28708c178c31272f15f
68026f99511fbc5c2275b7068b5fac19797d638977ffb9db12c5c1523614c18f
691d4bd7b9b31f9ab1b1837e7d956e0e3041ef63c1ee0edee8ca6208a4234efd
6ef7f0a2baf34821a1ec14cfeb3ffc78954d7f515902798a9a4f77d69d8d2595
7a487d46a028c374c609924015d8c7ef6dd28b613a3739aa97ed2080984775bb
7e83606f63deb3690f6f776ae04cc436689e86d8225019c88b8406a0af47b222
82d625d711899d31d8bfa85be5180032991d6511c22c20d7fbd3c2d24d827fa4
8634bb73f7abf77727ba3422879ac3c382330db044b7edf4bc993589984fed25
8a129808a4f3ca4580203c6313bdb15a70d61a5d2a001d37a7a4fae634c5b3c2
8a33118fd2643b9c74929a98ef8a371a0294f55772861bd2535dbe82706f3cf2
8c420b2c5ddf0efb5a8b4797bf624cb2b254decfdc6a9a299393a2be32b5138c
8f52ae059ebd18fcb45ca5d2f81ab410ade2b54e096aa1284fd4b2b97bf3ddc9
912fa3094520c8407511db6ba89d2896806103a3d91119b6a187d6aaf91b84ee
947e22d9ed05fbe3f5ed3c4ee35618a1910a85968f48a22c0277f9936f2eb769
957a7ec6098a62f0d1f2d4201932b74f103966095a230bd332f967f36c2baf08
964a10f7ccf077c14f2d284968f9280c858d7c2f63a368d6ec4b542c86acd1b9
99464ceb71bc9bbdcc72275faefe44f98eb5cbb6b5d8ee665b87b35376f1a96e
99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12
9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062
9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120
a048e640908046be06e00eab37742b5d5ff80964af58cfd22f7cb2de4dfe375f
a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
a23e44d9d02a2a9641a9bd3b47693656054c00b71890aed2fa7fc90151750f73
a3114bceaa84e82561365cb4f455995557179c84e4233fae0298c59c9c4fa87a
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
ab7475d461d9f613ef90faa375ec3387987dd7536af23c13cacd6be9c0c0e370
ac68190b3b84449786a357ac0a58d9fceedf24f047d7debfb88cb373e8710aa6
ae829f91c5894fabf92675d9ccf31d618cd5e4d9a518274c532a727d71e8b3ef
afee3505a491b430e00735247494dff84f92f83f1c6e7c0f6c8776b43eb6230c
b141e0b8968e828fbbb893a1278d3acef69045dadcffba029d468ea7ad098b6a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b35a23f12ec5a2365072fc826915731f01a8b374ac283e20fa82f10cb7df3d03
b73240328d07276e22f452268e0dc578e10634b741b53b3e8677b073a8eed9c6
bafa1db2a6708b6401e11e0b2ac4c5bb6eddf4c25e5a83b7eb391fe42ab34a2f
bcd932ee1e27b27890a1a81d73bfef71812d66f0589048c4645b8edb6d8ca0af
bd4a69431e6df7eb88d93b93ccde90125856df08b104de505e56260a5d448ebc
c0ed8156bd72ff47dd2f5a750b59703fc5c16726a874460fc4758d0e229bebb1
c9aa52271c062f05d8595fba2d3fcb36149ee713dbc867782e3a86bcc0497a2d
c9fd6fe0c4438e5024f4fe0f74a7444791b588cd6268b5544d01378478495a50
ca7f23edc5a250dd23a0e499b3aa451f9dbc6bafc91faf8da2c7245bb05de1f7
ccf00d1923b0131a10e0c6d26f95e5dee6ebf8621a27e83c5a2f68a2e0093142
cd4974e223e25900fd683d48f3df16fdb2c8c4fd49a7bed8ba2e72848e69fcc1
ce711b153accbab88e20c29bfb13713bfd2a79258f5e4a59d3f4eb64ae5872a4
d150d1ce70d627534d77907bea86037b993aad1c2d1d37c922da66f8eeaa6dd7
d44b7a9baadbb49fd179feb626338b8c174726b1a946483942f599ead018b091
d5bcc86a6bbaf5eca21e0f5a92ee34d0ece72573ac1c4e7d4a5e386cc905a277
d6778f450facd5c010c3fea43e79d64b10869cb389873a9bd39e20ba3ada4927
d7d5f868d94ff562bec04471a07198d5783da1f082ad51376f6a12479b73f0dd
d7e3f3f9a87439492d58ee8a90cdc8741bd44e9f5ebc5a1be461ded2df7a155e
d8968086f7509df34c3278563dab87399da4f9dcdfb419818e3a309eedc70b88
e2c0d651c48a4c9dbd65bfe6b2dfa8e1cdc50282069b4f6a39dfaecc994a9a35
e30f848c353b8ab801c18d2109527cb32a27f145262dccb3cd4db9f309cc53bb
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e7c2f16c89b1aedc5840c0311277aaae90b8eaf3d81061beeaa9a4440dad7121
e7df6c0ddb208d1c7e2081f938c3e99bba32695abd86d5028dd297ea3f084fd4
ec068031a38f2d97255ddf90e6d75a5538a3b0ea29510482d1909c5a1a10ad74
ec2565c9bb5f9f8affcd28457199785b6b25f63080e76c83c773355639d5d10e
ed0a3fadffddc7a6c6d7503c8c3f8ef916ce0ffe8bf789a6791d41168e355ee6
eee64c4f5422541049cac6e47c85fb8fdfb5c1717c41d5ba6d5fcab740f7d3b6
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f0f382f3320ade05dd14f969ff7dd9d894c6a6571165ab6d7fcdade2f4836dfc
f2dce6e91fc5565abae610ad66dd203580668fd1e03209abab1bf73f86a42701
f6152f8ceab4bff266c32875028e39afd2a8583b6686fc31b0fc77c93f19de81
f6d032132eed5aa1a417456f07864c51fe631858b190224cf7d1a50116d15f48
f70751d4b3f5d5c9f208ea16e8cbcac3c6abf1bda80357da3fcd21dde4333449
f77c0d1739b618edc4a01ca3f6b2990b01a3009030af49ee8cf68e83052df194
f8226c4a493e7940c8fb7760cd0b68656bd25557379cbb42bb8f395a51b478a6
f98ff8ab059bdef9ea7fe9165a4e74fce15166abdbb8dd25307b7b7d9ac26ddd
f994775bc020dceed6f4e1c8e19e9081389d68971c4ee661ee28ac045a69559e
fb4a1ff85c7162ff45b5e009639cf4f905b22d38ff790e9dc01d420d250d4b8e
fd0a1ac929c11b08e819fe4b0a18c5574012c44f09de8987c6be99a0f055a505
fdecda5ee87b28e579c5b61ef0f86e7fff85c838ff0a06450feee13a5877ed0b
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e

nets4.com Open in urlscan Pro 2a06:98c1:3121::7 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

218 Requests

91 %HTTPS

58 %IPv6

27 Domains

39 Subdomains

35 IPs

5 Countries

4763 kBTransfer

7937 kBSize

28 Cookies

14 Outgoing links

Redirected requests

218 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 5 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

nets4.com Open in urlscan Pro
2a06:98c1:3121::7 Public Scan

Screenshot
Live screenshot

Full Image

218
Requests

91 %
HTTPS

58 %
IPv6

27
Domains

39
Subdomains

35
IPs

5
Countries

4763 kB
Transfer

7937 kB
Size

28
Cookies

218 HTTP transactions
5 data transactions