hairsalon.jingames.net Open in urlscan Pro
185.80.49.249 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://hairsalon.jingames.net/
Effective URL:
https://hairsalon.jingames.net/
Submission: On January 20 via api (January 20th 2024, 5:14:33 am UTC) from US — Scanned from DE

Summary HTTP 176 Redirects Links 80 Behaviour Indicators

Summary

This website contacted 24 IPs in 5 countries across 13 domains to perform 176 HTTP transactions. The main IP is 185.80.49.249, located in Lovasbereny, Hungary and belongs to RACKFOREST-AS, HU. The main domain is hairsalon.jingames.net.
TLS certificate: Issued by R3 on December 20th 2023. Valid for: 3 months.

This is the only time hairsalon.jingames.net was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 19	185.80.49.249 185.80.49.249	62214 (RACKFORES...) (RACKFOREST-AS)
26	2a00:1450:400... 2a00:1450:4001:811::2002	15169 (GOOGLE) (GOOGLE)
25	146.75.120.193 146.75.120.193	54113 (FASTLY) (FASTLY)
1 2	199.232.192.193 199.232.192.193	54113 (FASTLY) (FASTLY)
3 21	2a00:1450:400... 2a00:1450:4001:831::2002	15169 (GOOGLE) (GOOGLE)
2	35.187.184.108 35.187.184.108	15169 (GOOGLE) (GOOGLE)
33	2a00:1450:400... 2a00:1450:4001:812::2001	15169 (GOOGLE) (GOOGLE)
7	2a00:1450:400... 2a00:1450:4001:82f::2002	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:80b::200a	15169 (GOOGLE) (GOOGLE)
2	35.190.0.66 35.190.0.66	15169 (GOOGLE) (GOOGLE)
1	35.244.170.237 35.244.170.237	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
7	184.30.17.133 184.30.17.133	16625 (AKAMAI-AS) (AKAMAI-AS)
4	2a00:1450:400... 2a00:1450:4001:82a::2003	15169 (GOOGLE) (GOOGLE)
4	142.250.184.198 142.250.184.198	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:831::2006	15169 (GOOGLE) (GOOGLE)
3 4	2a00:1450:400... 2a00:1450:4001:829::2004	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:828::2003	15169 (GOOGLE) (GOOGLE)
1	130.162.160.243 130.162.160.243	31898 (ORACLE-BM...) (ORACLE-BMC-31898)
6	216.58.206.34 216.58.206.34	15169 (GOOGLE) (GOOGLE)
5	2.18.161.148 2.18.161.148	16625 (AKAMAI-AS) (AKAMAI-AS)
2	142.250.186.67 142.250.186.67	15169 (GOOGLE) (GOOGLE)
2	216.58.212.163 216.58.212.163	15169 (GOOGLE) (GOOGLE)
2	172.217.16.195 172.217.16.195	15169 (GOOGLE) (GOOGLE)
176	24

19 185.80.49.249 (Lovasbereny, Hungary) 1 redirects

ASN62214 (RACKFOREST-AS, HU)
PTR: gw1.c-host.hu

hairsalon.jingames.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
main.jingames.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

26 2a00:1450:4001:811::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

25 146.75.120.193 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)

i.imgur.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 199.232.192.193 (United States) 1 redirects

ASN54113 (FASTLY, US)

imgur.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

21 2a00:1450:4001:831::2002 (Frankfurt am Main, Germany) 3 redirects

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.187.184.108 (Brussels, Belgium)

ASN15169 (GOOGLE, US)
PTR: 108.184.187.35.bc.googleusercontent.com

rtb.ads.travelaudience.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

33 2a00:1450:4001:812::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2a00:1450:4001:82f::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:80b::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.190.0.66 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 66.0.190.35.bc.googleusercontent.com

ads.travelaudience.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.244.170.237 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 237.170.244.35.bc.googleusercontent.com

static.travelaudience.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 184.30.17.133 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a184-30-17-133.deploy.static.akamaitechnologies.com

z.moatads.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
px.moatads.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:82a::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 142.250.184.198 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s11-in-f6.1e100.net

ad.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:831::2006 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

s0.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:829::2004 (Frankfurt am Main, Germany) 3 redirects

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:828::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 130.162.160.243 (Slough, United Kingdom)

ASN31898 (ORACLE-BMC-31898, US)

mb.moatads.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 216.58.206.34 (United States)

ASN15169 (GOOGLE, US)
PTR: lcfraa-aa-in-f2.1e100.net

www.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2.18.161.148 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a2-18-161-148.deploy.static.akamaitechnologies.com

travel198849194933.s.moatpixel.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.186.67 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s05-in-f3.1e100.net

p4-gob2hisaziwjy-yty4insc2c5hbnlr-if-v6exp3-v4.metric.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 216.58.212.163 (United States)

ASN15169 (GOOGLE, US)
PTR: ams15s22-in-f163.1e100.net

p4-dnz4iljm3jnxm-seagmf7zapycik54-if-v6exp3-v4.metric.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 172.217.16.195 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s65-in-f3.1e100.net

p4-gr7imatle26v2-atfeu735tl3tbcne-if-v6exp3-v4.metric.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
59	googlesyndication.com pagead2.googlesyndication.com — Cisco Umbrella Rank: 110 tpc.googlesyndication.com — Cisco Umbrella Rank: 157	762 KB
27	imgur.com 1 redirects i.imgur.com — Cisco Umbrella Rank: 7298 imgur.com — Cisco Umbrella Rank: 5283	2 MB
25	doubleclick.net 3 redirects googleads.g.doubleclick.net — Cisco Umbrella Rank: 38 ad.doubleclick.net — Cisco Umbrella Rank: 163	248 KB
19	jingames.net 1 redirects hairsalon.jingames.net main.jingames.net	2 MB
11	gstatic.com www.gstatic.com fonts.gstatic.com p4-gob2hisaziwjy-yty4insc2c5hbnlr-if-v6exp3-v4.metric.gstatic.com p4-dnz4iljm3jnxm-seagmf7zapycik54-if-v6exp3-v4.metric.gstatic.com p4-gr7imatle26v2-atfeu735tl3tbcne-if-v6exp3-v4.metric.gstatic.com	75 KB
8	moatads.com z.moatads.com — Cisco Umbrella Rank: 704 mb.moatads.com — Cisco Umbrella Rank: 809 px.moatads.com — Cisco Umbrella Rank: 660	115 KB
7	googletagservices.com www.googletagservices.com — Cisco Umbrella Rank: 230	455 KB
6	googleadservices.com www.googleadservices.com — Cisco Umbrella Rank: 145
5	moatpixel.com travel198849194933.s.moatpixel.com — Cisco Umbrella Rank: 62221	1 KB
5	travelaudience.com rtb.ads.travelaudience.com — Cisco Umbrella Rank: 132732 ads.travelaudience.com — Cisco Umbrella Rank: 5893 static.travelaudience.com — Cisco Umbrella Rank: 80332	167 KB
4	google.com 3 redirects www.google.com — Cisco Umbrella Rank: 2	911 B
3	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 28	4 KB
2	2mdn.net s0.2mdn.net — Cisco Umbrella Rank: 336	155 KB
176	13

	Domain	Requested by
33	tpc.googlesyndication.com	googleads.g.doubleclick.net tpc.googlesyndication.com hairsalon.jingames.net pagead2.googlesyndication.com
26	pagead2.googlesyndication.com	hairsalon.jingames.net pagead2.googlesyndication.com googleads.g.doubleclick.net tpc.googlesyndication.com www.googletagservices.com
25	i.imgur.com	hairsalon.jingames.net
21	googleads.g.doubleclick.net	3 redirects pagead2.googlesyndication.com googleads.g.doubleclick.net hairsalon.jingames.net
16	hairsalon.jingames.net	1 redirects hairsalon.jingames.net
7	www.googletagservices.com	googleads.g.doubleclick.net hairsalon.jingames.net
6	www.googleadservices.com	hairsalon.jingames.net
6	px.moatads.com	rtb.ads.travelaudience.com
5	travel198849194933.s.moatpixel.com	rtb.ads.travelaudience.com
4	www.google.com	3 redirects tpc.googlesyndication.com
4	ad.doubleclick.net	googleads.g.doubleclick.net hairsalon.jingames.net
4	www.gstatic.com	googleads.g.doubleclick.net
3	fonts.googleapis.com	googleads.g.doubleclick.net
3	main.jingames.net	hairsalon.jingames.net
2	p4-gr7imatle26v2-atfeu735tl3tbcne-if-v6exp3-v4.metric.gstatic.com	googleads.g.doubleclick.net p4-gr7imatle26v2-atfeu735tl3tbcne-if-v6exp3-v4.metric.gstatic.com
2	p4-dnz4iljm3jnxm-seagmf7zapycik54-if-v6exp3-v4.metric.gstatic.com	googleads.g.doubleclick.net p4-dnz4iljm3jnxm-seagmf7zapycik54-if-v6exp3-v4.metric.gstatic.com
2	p4-gob2hisaziwjy-yty4insc2c5hbnlr-if-v6exp3-v4.metric.gstatic.com	googleads.g.doubleclick.net p4-gob2hisaziwjy-yty4insc2c5hbnlr-if-v6exp3-v4.metric.gstatic.com
2	s0.2mdn.net	googleads.g.doubleclick.net
2	ads.travelaudience.com	rtb.ads.travelaudience.com
2	rtb.ads.travelaudience.com	googleads.g.doubleclick.net rtb.ads.travelaudience.com
2	imgur.com	1 redirects hairsalon.jingames.net
1	mb.moatads.com	z.moatads.com
1	fonts.gstatic.com	fonts.googleapis.com
1	z.moatads.com	rtb.ads.travelaudience.com
1	static.travelaudience.com	rtb.ads.travelaudience.com
176	25

This site contains links to these domains. Also see Links.

Domain
main.jingames.net
dbcserver1710.jingames.net
hdskin.jingames.net
serverlist.jingames.net
dl.jingames.net
www.youtube.com
www.facebook.com
i.imgur.com
imgur.com

Subject Issuer	Validity	Valid
hairsalon.jingames.net R3	`2023-12-20` - `2024-03-19`	3 months	crt.sh
main.jingames.net R3	`2023-12-20` - `2024-03-19`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2023-12-11` - `2024-03-04`	3 months	crt.sh
*.imgur.com Sectigo RSA Domain Validation Secure Server CA	`2023-03-13` - `2024-03-12`	a year	crt.sh
rtb.ads.travelaudience.com R3	`2023-12-29` - `2024-03-28`	3 months	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2023-12-11` - `2024-03-04`	3 months	crt.sh
upload.video.google.com GTS CA 1C3	`2023-12-11` - `2024-03-04`	3 months	crt.sh
ads.travelaudience.com R3	`2024-01-05` - `2024-04-04`	3 months	crt.sh
static.travelaudience.com R3	`2023-12-05` - `2024-03-04`	3 months	crt.sh
moatads.com DigiCert TLS RSA SHA256 2020 CA1	`2023-10-25` - `2024-10-24`	a year	crt.sh
*.gstatic.com GTS CA 1C3	`2023-12-11` - `2024-03-04`	3 months	crt.sh
*.doubleclick.net GTS CA 1C3	`2023-12-11` - `2024-03-04`	3 months	crt.sh
*.moatads.com DigiCert TLS RSA SHA256 2020 CA1	`2023-06-20` - `2024-07-20`	a year	crt.sh
www.googleadservices.com GTS CA 1C3	`2023-12-11` - `2024-03-04`	3 months	crt.sh
*.google.com GTS CA 1C3	`2023-12-11` - `2024-03-04`	3 months	crt.sh

This page contains 29 frames:

Primary Page: https://hairsalon.jingames.net/
Frame ID: 005551A369A6410C469636E98C7C2DF5
Requests: 54 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20240118/r20190131/zrt_lookup_fy2021.html
Frame ID: 7623D3E3433D78EDAE5353F8AD5DA025
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3861338687785014&output=html&h=90&slotname=9914328682&adk=2757561866&adf=178305755&pi=t.ma~as.9914328682&w=728&lmt=1705727668&format=728x90&url=https%3A%2F%2Fhairsalon.jingames.net%2F&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1705727668597&bpp=2&bdt=340&idt=233&shv=r20240118&mjsv=m202401170101&ptt=9&saldr=aa&abxe=1&correlator=2853118610858&frm=20&pv=2&ga_vid=1594399411.1705727669&ga_sid=1705727669&ga_hid=1161117567&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=262&ady=601&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=95320239%2C44759876%2C44759927%2C44808398%2C42531706%2C42532523%2C44809531%2C31080557%2C95321958%2C95321627%2C95322163&oid=2&pvsid=3770801778785737&tmod=1696652066&uas=0&nvt=1&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeE%7C&abl=CS&pfx=0&fu=0&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=1&uci=a!1&fsb=1&dtd=245
Frame ID: 1BEA53DD071C70E43B366FCA88C9329B
Requests: 7 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3861338687785014&output=html&h=90&slotname=3867795080&adk=2782272358&adf=1612621598&pi=t.ma~as.3867795080&w=728&lmt=1705727668&format=728x90&url=https%3A%2F%2Fhairsalon.jingames.net%2F&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1705727668599&bpp=1&bdt=343&idt=248&shv=r20240118&mjsv=m202401170101&ptt=9&saldr=aa&abxe=1&prev_fmts=728x90&correlator=2853118610858&frm=20&pv=1&ga_vid=1594399411.1705727669&ga_sid=1705727669&ga_hid=1161117567&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=267&ady=3811&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=95320239%2C44759876%2C44759927%2C44808398%2C42531706%2C42532523%2C44809531%2C31080557%2C95321958%2C95321627%2C95322163&oid=2&pvsid=3770801778785737&tmod=1696652066&uas=0&nvt=1&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&btvi=1&fsb=1&dtd=250
Frame ID: 10CC0B3E844B6334392B2953234C3FFF
Requests: 12 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3861338687785014&output=html&h=600&slotname=2391061885&adk=3543907923&adf=2961538820&pi=t.ma~as.2391061885&w=300&lmt=1705727668&format=300x600&url=https%3A%2F%2Fhairsalon.jingames.net%2F&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1705727668599&bpp=1&bdt=343&idt=252&shv=r20240118&mjsv=m202401170101&ptt=9&saldr=aa&abxe=1&prev_fmts=728x90%2C728x90&correlator=2853118610858&frm=20&pv=1&ga_vid=1594399411.1705727669&ga_sid=1705727669&ga_hid=1161117567&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1042&ady=813&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=95320239%2C44759876%2C44759927%2C44808398%2C42531706%2C42532523%2C44809531%2C31080557%2C95321958%2C95321627%2C95322163&oid=2&pvsid=3770801778785737&tmod=1696652066&uas=0&nvt=1&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeE%7C&abl=CS&pfx=0&fu=0&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=3&uci=a!3&fsb=1&dtd=254
Frame ID: D7ACC000591C015CDC1A7F522436D694
Requests: 13 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3861338687785014&output=html&adk=1812271804&adf=3025194257&lmt=1705727668&plat=9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C41%3A32%2C42%3A32&plas=236x1080_l%7C236x1080_r&format=0x0&url=https%3A%2F%2Fhairsalon.jingames.net%2F&pra=7&wgl=1&easpi=0&asro=0&aslmt=0.4&asamt=-1&asedf=0&asefa=1&aseiel=1~2~4~6&aslcwct=150&asacwct=25&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1705727668609&bpp=1&bdt=353&idt=250&shv=r20240118&mjsv=m202401170101&ptt=9&saldr=aa&abxe=1&prev_fmts=728x90%2C728x90%2C300x600&nras=1&correlator=2853118610858&frm=20&pv=1&ga_vid=1594399411.1705727669&ga_sid=1705727669&ga_hid=1161117567&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=95320239%2C44759876%2C44759927%2C44808398%2C42531706%2C42532523%2C44809531%2C31080557%2C95321958%2C95321627%2C95322163&oid=2&pvsid=3770801778785737&tmod=1696652066&uas=0&nvt=1&fsapi=1&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=4&uci=a!4&fsb=1&dtd=261
Frame ID: A5A03AE804F90781EAF2385D4C979C6B
Requests: 1 HTTP requests in this frame

Frame: https://rtb.ads.travelaudience.com/rtb?ads=1000249.2.0.70019635.0.0..0.DE.-1..7sOMk32o1KNqb38Y2MsA0w%3D%3D.60020881.OTk5JTJjMQ==...7sOMk32o1KNqb38Y2MsA0w%3D%3D.a3M9OmRwPTpycz06ZHB0PTpkcGQ9OnJ0ZD06b2lhPQ==.2.0&p=90000&x=728&y=90&click=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCG4nRtFarZYWbNd6V1PIPqZq_qA3KkbX7ctPipc7RCsCNtwEQASAAYJWCgICwB4IBF2NhLXB1Yi0zODYxMzM4Njg3Nzg1MDE0yAEJqQKdimvoZUiyPqgDAcgDAqoE1AFP0O43-9yflwMpCIL4jv9Mg5NiUPlT63WYSjkhKMUWFPyFrBn8ZZ62JrcGJGLqsdH91RZqtrq3vlTsTWbTt85t9SZlx5ff9gZPgSutI6J_Uwejv2Yd2RuePmYXtnBUpWAtP3NiX7uFsfPeg7jrxzZ_74dO-7VpuoZ9qc4zMW29cTJsj-53e5Na3HR5y25ueUiWxR5aYUADmBvp1E69u2vHDbZu7RhDkHWfg6CEGSGXb7ze6OwnWmLuEPAyiMtazhS0QKePyS7H3YS4lGoJP70mxm1r5oAGqO2U6432uoY8oAYhqAemvhuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIHQiA4YBwEAEyAusCOgKAQEi9_cE6WIeZpd6a64MD-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_2RC21Yu_ULcv9n3KSn-BwBr9bsWQ%26client%3Dca-pub-3861338687785014%26adurl%3D&googlewinningprice=ZatWtAANTYUIVQreAA_NKSZAtM4kad-HRib0vQ&wpc=EUR&site=hairsalon.jingames.net&slotvisibility=1&gcpm=1217123&gpos=1&bidder=bidder-rtb-production-746b898cf6-rftcx&dv=1&uuid=&suid=&brq=yz0YUshD2YULkA5vyxvrpP2KZq2Cd_kRADbwTg&ssp_id=0&l=en&ts=1705727668&uc=DE&at=1&ia=0&mai=&mat=1&ir=0&an=&rg=1&hm=aSf_Dej45RkSwbrQt6Cuj6ZMfE6PRkA8awicUziiVlY=
Frame ID: 4E3058D06499BADA17789C04B16C4233
Requests: 18 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Frame ID: 0CFE84863A5EB2DF3763147B4B6D7562
Requests: 2 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CLbFxQEQq9bcARi3v53cATAB&v=APEucNWrnbhGas_AyfxdJucYVPzEOcc2bVXx0_yhvkk17H_AjvwbCQU_0TTIMrjx9Ig0PvBMw16l0s8t6sX5WugIJxqrdvxaTQ
Frame ID: 5ED747EAA5DC96EA1B215242FE48A306
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/62bHydCX.html
Frame ID: 553283EFEC22B4EB7CC0A4FF1653C5A9
Requests: 3 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/WihAbdPmEAuwNNTtrWjgEsQMZ632wtWEawfwOklMupQ.js
Frame ID: 448846BDDF80A8D13AC220BFDB196EE8
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20240118/r20110914/zrt_lookup_fy2021.html?fsb=1
Frame ID: 7779BF606CD616E0B845FF74C273EF47
Requests: 6 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20240118/r20110914/zrt_lookup_fy2021.html?fsb=1
Frame ID: CB27651CE680C0C8521CE008B117EC6D
Requests: 10 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20240118/r20110914/zrt_lookup_fy2021.html?fsb=1
Frame ID: C30B9F4EFAC647AD741026799E9A48D1
Requests: 10 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20240118/r20110914/zrt_lookup_fy2021.html?fsb=1
Frame ID: 5A24CE735EF39EE72979800FBED68048
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Frame ID: 672035E477116F8C213F88078D958D16
Requests: 2 HTTP requests in this frame

Frame: https://p4-gob2hisaziwjy-yty4insc2c5hbnlr-if-v6exp3-v4.metric.gstatic.com/v6exp3/iframe.html
Frame ID: 5834DB49586F26CD65FB691D67A3AD60
Requests: 2 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Frame ID: AAC70237EC02A03165F7F4DE159B1B74
Requests: 2 HTTP requests in this frame

Frame: https://p4-dnz4iljm3jnxm-seagmf7zapycik54-if-v6exp3-v4.metric.gstatic.com/v6exp3/iframe.html
Frame ID: 468533B2165A9BBF2C22B87BFAA6A941
Requests: 2 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CLbFxQEQq9bcARjD-r7cATAB&v=APEucNWRs6Qf0hC4CQ5Uw1689aY9nYthKc1vJaBWjhfuIlHmNPskLdiD0DhHKVbNoOBpD4l5T_2AXavu9ZFQRDaW3JM3W_CyOw
Frame ID: 82B94B97CBF22C9F0040A15A8707F044
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/js/r20240118/r20110914/abg_lite_fy2021.js
Frame ID: 5DB745D03356F6658EEFD6A78B6278FE
Requests: 12 HTTP requests in this frame

Frame: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500
Frame ID: 6115F7609A422DBBFA7EA752B6C77688
Requests: 7 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/62bHydCX.html
Frame ID: 73EEB783BDFEB1645F7352E363694D3E
Requests: 3 HTTP requests in this frame

Frame: https://p4-gr7imatle26v2-atfeu735tl3tbcne-if-v6exp3-v4.metric.gstatic.com/v6exp3/iframe.html
Frame ID: B4847A755954045B85E44257C8B34BA2
Requests: 2 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/WihAbdPmEAuwNNTtrWjgEsQMZ632wtWEawfwOklMupQ.js
Frame ID: 4E2859528FEDACC42EBF15A4B208F0A2
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/WihAbdPmEAuwNNTtrWjgEsQMZ632wtWEawfwOklMupQ.js
Frame ID: AE9737D5CAC02B0FEF9564AD126A9785
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/WihAbdPmEAuwNNTtrWjgEsQMZ632wtWEawfwOklMupQ.js
Frame ID: 8DE956E11ADA90A78C36A177CF6449B2
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 7BA7F8389A253D32FA67A2DCEFDDE6DC
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 91A516E68B1A6E625E9F13C32CABA3CE
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

JinGames Hair Salon

Page URL History Show full URLs

http://hairsalon.jingames.net/ HTTP 301
https://hairsalon.jingames.net/ Page URL

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

<link rel=["']stylesheet["'] [^>]+/wp-(?:content|includes)/
/wp-(?:content|includes)/

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css

DoubleClick Campaign Manager (DCM) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

2mdn\.net

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/
2mdn\.net

Lightbox (JavaScript Libraries) Expand

Moat (Analytics) Expand

Overall confidence: 100%
Detected patterns

moatads\.com

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

176
Requests

96 %
HTTPS

39 %
IPv6

13
Domains

25
Subdomains

24
IPs

5
Countries

6809 kB
Transfer

9991 kB
Size

10
Cookies

80 Outgoing links

These are links going to different origins than the main page.

URL: http://main.jingames.net/license/
Title: Terms of Use

Search URL Search Domain Scan URL

URL: http://dbcserver1710.jingames.net/
Title: JinGames DBC Server

Search URL Search Domain Scan URL

URL: https://main.jingames.net/hair-salon/
Title: Hair Salon

Search URL Search Domain Scan URL

URL: http://hdskin.jingames.net/
Title: HD Skin Upload Page

Search URL Search Domain Scan URL

URL: https://main.jingames.net/do-not-sell-my-personal-information/
Title: Do Not Sell My Personal Information

Search URL Search Domain Scan URL

URL: https://main.jingames.net/
Title: Home

Search URL Search Domain Scan URL

URL: https://main.jingames.net/forums/forum/jingames-forums/
Title: Forums

Search URL Search Domain Scan URL

URL: http://serverlist.jingames.net/
Title: Minecraft Server List

Search URL Search Domain Scan URL

URL: https://dl.jingames.net/
Title: Minecraft Downloads

Search URL Search Domain Scan URL

URL: https://main.jingames.net/minecraft-mods/jinryuus-mods-core-mod/
Title: JinRyuu’s Mod’s Core mod

Search URL Search Domain Scan URL

URL: https://main.jingames.net/minecraft-mods/jinryuus-mods-core-mod/mission-system/
Title: Mission System

Search URL Search Domain Scan URL

URL: https://main.jingames.net/minecraft-mods/dragon-block-c/
Title: Dragon Block C

Search URL Search Domain Scan URL

URL: https://main.jingames.net/how-to-play-dragon-block-c-guide/
Title: How to play Dragon Block C Guide

Search URL Search Domain Scan URL

URL: https://main.jingames.net/minecraft-mods/dragon-block-c/features-now/
Title: Features Now

Search URL Search Domain Scan URL

URL: https://main.jingames.net/minecraft-mods/dragon-block-c/recipes/
Title: Recipes

Search URL Search Domain Scan URL

URL: https://main.jingames.net/minecraft-mods/dragon-block-c/43-2/
Title: Screenshots

Search URL Search Domain Scan URL

URL: https://main.jingames.net/minecraft-mods/dragon-block-c/downloads-and-installation/
Title: Downloads and Installation

Search URL Search Domain Scan URL

URL: https://main.jingames.net/minecraft-mods/dragon-block-c/usage/
Title: Usage

Search URL Search Domain Scan URL

URL: https://main.jingames.net/minecraft-mods/naruto-c/
Title: Naruto C

Search URL Search Domain Scan URL

URL: https://main.jingames.net/minecraft-mods/naruto-c/recipes/
Title: Recipes

Search URL Search Domain Scan URL

URL: https://main.jingames.net/minecraft-mods/naruto-c/screenshots/
Title: Screenshots

Search URL Search Domain Scan URL

URL: https://main.jingames.net/minecraft-mods/naruto-c/downloads-and-installation/
Title: Downloads and Installation

Search URL Search Domain Scan URL

URL: https://main.jingames.net/minecraft-mods/naruto-c/usage/
Title: Usage

Search URL Search Domain Scan URL

URL: https://main.jingames.net/minecraft-mods/jinryuus-family-c/
Title: JinRyuu’s Family C [1.7.10, 1.20]

Search URL Search Domain Scan URL

URL: https://main.jingames.net/jinryuus-years-c/
Title: JinRyuu’s Years C [1.7.10, 1.20]

Search URL Search Domain Scan URL

URL: https://main.jingames.net/jinryuus-years-c/features-now/
Title: Features now

Search URL Search Domain Scan URL

URL: https://main.jingames.net/jinryuus-years-c/recipes/
Title: Recipes

Search URL Search Domain Scan URL

URL: https://main.jingames.net/jinryuus-years-c/usage/
Title: Usage

Search URL Search Domain Scan URL

URL: https://main.jingames.net/jinryuus-hair-c/
Title: JinRyuu’s Hair C [1.7.10-1.20]

Search URL Search Domain Scan URL

URL: https://main.jingames.net/jinryuus-hair-c/#feature
Title: Features

Search URL Search Domain Scan URL

URL: https://main.jingames.net/jinryuus-hair-c/#recipes
Title: Recipes

Search URL Search Domain Scan URL

URL: https://main.jingames.net/jinryuus-hair-c/#screen
Title: Screenshots

Search URL Search Domain Scan URL

URL: https://main.jingames.net/jinryuus-hair-c/#down
Title: Downloads and Installation

Search URL Search Domain Scan URL

URL: https://main.jingames.net/jinryuus-hair-c/#usage
Title: Usage

Search URL Search Domain Scan URL

URL: https://main.jingames.net/jinryuus-hair-c/#issues
Title: Known Issues

Search URL Search Domain Scan URL

URL: https://main.jingames.net/jinryuus-hd-skins-mod/
Title: JinRyuu’s HD Skins Mod

Search URL Search Domain Scan URL

URL: https://main.jingames.net/minecraft-mods/sword-art-online-c/
Title: Sword Art Online C

Search URL Search Domain Scan URL

URL: https://main.jingames.net/minecraft-mods/sword-art-online-c/#feature
Title: Features

Search URL Search Domain Scan URL

URL: https://main.jingames.net/minecraft-mods/sword-art-online-c/#screen
Title: Screenshots

Search URL Search Domain Scan URL

URL: https://main.jingames.net/minecraft-mods/sword-art-online-c/#down
Title: Download and Installation

Search URL Search Domain Scan URL

URL: https://main.jingames.net/minecraft-mods/sword-art-online-c/#usage
Title: Usage

Search URL Search Domain Scan URL

URL: https://main.jingames.net/texture-pack-addon/
Title: Texture Pack

Search URL Search Domain Scan URL

URL: https://main.jingames.net/bens-custom-hud-creator/
Title: Ben’s Custom HUD Creator

Search URL Search Domain Scan URL

URL: https://main.jingames.net/faq/
Title: FAQ

Search URL Search Domain Scan URL

URL: https://main.jingames.net/contact/
Title: Contact

Search URL Search Domain Scan URL

URL: https://main.jingames.net/more/
Title: MORE

Search URL Search Domain Scan URL

URL: https://main.jingames.net/about/
Title: About

Search URL Search Domain Scan URL

URL: https://main.jingames.net/dragon-ball-fan-book/
Title: Dragon Ball Fan Book

Search URL Search Domain Scan URL

URL: http://www.youtube.com/user/Ryoutenma

Search URL Search Domain Scan URL

URL: https://www.facebook.com/JinRyuusMinecraftMods/

Search URL Search Domain Scan URL

URL: http://www.facebook.com/groups/504955132870414/

Search URL Search Domain Scan URL

URL: http://i.imgur.com/gYgWKaD.png?1

Search URL Search Domain Scan URL

URL: http://i.imgur.com/v5DA1SP.png?1

Search URL Search Domain Scan URL

URL: http://i.imgur.com/Dh4n4Qc.png

Search URL Search Domain Scan URL

URL: http://i.imgur.com/btkpmDV.png

Search URL Search Domain Scan URL

URL: http://i.imgur.com/F7CnMIb.png

Search URL Search Domain Scan URL

URL: http://i.imgur.com/VZaWeJV.png

Search URL Search Domain Scan URL

URL: http://i.imgur.com/C0w4Rlw.png

Search URL Search Domain Scan URL

URL: http://i.imgur.com/DAFF1Dr.png

Search URL Search Domain Scan URL

URL: http://i.imgur.com/p8EDQ1b.png

Search URL Search Domain Scan URL

URL: http://i.imgur.com/zrjmZhG.png

Search URL Search Domain Scan URL

URL: http://i.imgur.com/Xg4YaHE.png

Search URL Search Domain Scan URL

URL: http://i.imgur.com/CJ2penH.png

Search URL Search Domain Scan URL

URL: https://i.imgur.com/5ddSaLa.pnghttps://i.imgur.com/hh3NDIP.png

Search URL Search Domain Scan URL

URL: http://i.imgur.com/Nl3oCEP.png

Search URL Search Domain Scan URL

URL: http://i.imgur.com/DHtHMWq.png

Search URL Search Domain Scan URL

URL: http://i.imgur.com/wYr2w7r.png

Search URL Search Domain Scan URL

URL: http://i.imgur.com/tv5ytF6.png

Search URL Search Domain Scan URL

URL: http://i.imgur.com/UhYUyNH.jpg

Search URL Search Domain Scan URL

URL: http://i.imgur.com/2uUfq06.png

Search URL Search Domain Scan URL

URL: http://i.imgur.com/gPnJgTg.png

Search URL Search Domain Scan URL

URL: http://i.imgur.com/nxadgkN.png

Search URL Search Domain Scan URL

URL: http://i.imgur.com/4GGx1z4.png

Search URL Search Domain Scan URL

URL: http://i.imgur.com/eJrM2Tu.png

Search URL Search Domain Scan URL

URL: http://i.imgur.com/qjqksvI.png

Search URL Search Domain Scan URL

URL: http://imgur.com/wYmmLJi][img]

Search URL Search Domain Scan URL

URL: http://i.imgur.com/wYmmLJi.png[/img][/url]

Search URL Search Domain Scan URL

URL: http://main.jingames.net/wp-login.php?redirect_to=hair-salon/
Title: Login

Search URL Search Domain Scan URL

URL: http://main.jingames.net/wp-login.php?action=register
Title: Register

Search URL Search Domain Scan URL

URL: http://main.jingames.net/contact/
Title: Tamás (JinRyuu) Nagy

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://hairsalon.jingames.net/ HTTP 301
https://hairsalon.jingames.net/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 35

https://imgur.com/wYmmLJi][img] HTTP 302
https://imgur.com/error/404

Request Chain 82

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Request Chain 92

https://googleads.g.doubleclick.net/pagead/adview?ai=CIKvwtFarZZrGNa-I1PIPx5KDuA376PmSZ4fEwo7ZD8G4jJjjCRABIMX6zh9glYKAgLAHoAG8nfbvA8gBAakCnYpr6GVIsj6oAwHIA8sEqgTeAU_QlLqaYmgChD0OfO_9lXVdrC0yFtATv6WJoG93rkAXq_QiA5lI9WIQRhUMBfzHfIWXD2EGSJwxp5r799LLRmcbARlypeUsjvmfvaUcbao4vrFN9vqfPAWfhkm4U6-wId0MejE0qfIB6k56cq8DxF3Pgim35gSzCTPDa-MVXQ9FA0qDd9RDcVm67aD23jRbawT4twUfl8yjG1BEc6EeijKfivu-bnDQA8m0xWVAMlh8va_k1gGttHsMz9pbM9jNOc0bNlcjjsLBNaB14yNExQuWEQkeBeqD26LG4gmA1cAEhM28h-sDiAWDq-P2OZIFBAgEGAGSBQQIBRgEgAes4okQqAfZtrECqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgH1ckbqAemvhvYBwHyBwQQspMD0ggfCIDhgHAQARgfMgLrAjoCgEBIvf3BOljm0aXemuuDA5oJH2h0dHBzOi8vd3d3LndvbGYtb25saW5lLXNob3AuZGWACgHICwHYEw3QFQGYFgGAFwGyFxwKGggAEhRwdWItMzg2MTMzODY4Nzc4NTAxNBgA&sigh=nD50S5lb4tU&uach_m=%5BUACH%5D&ase=2&nis=4&cid=CAQSTgAvHhf_OJLYzjrgxWmB4GI6FjCVAPHMLh8E6xTO1vmwRy-Zaj0n4MFsBBGpy3OBcz3q44OOsIvC8BAFPb3J75BDvmCt3LN1J039sIgT5BgB&cbvp=2&vis=1 HTTP 302
https://www.googleadservices.com/pagead/ar-adview/?nrh={%22debug_key%22:%2215042380023212236269%22,%22debug_reporting%22:true,%22destination%22:%22https://wolf-online-shop.de%22,%22event_report_window%22:%22259200%22,%22expiry%22:%222592000%22,%22filter_data%22:{%222%22:[%221040027324%22],%2222%22:[%22true%22],%224%22:[%2201-20%22],%226%22:[%22true%22]},%22priority%22:%22500%22,%22source_event_id%22:%223105691716694273441%22}&andc=true

Request Chain 147

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Request Chain 149

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Request Chain 160

https://googleads.g.doubleclick.net/pagead/adview?ai=Ccfu0tFarZb6_O6TPn88P-9KLyA_Oo_qUdc74suSREsCa1vyKDhABIMX6zh9glYKAgLAHoAGcr_uoAsgBAqgDAcgDyQSqBOQBT9CrLJH30HPWT6_28nf9X3fARdQ2ExDRlqKgDMRQhyEdBqvHQx3Ed0JXgP6hvQ-4l0M22nG8sq2r0jLfAIYJb4laZZ7yLzf2TISHOBCMQNZaAJvmaofvlBLiLb1jWQh1RXT-tn_VC6q4m5eDZpLNVBrOXN_YyG-rhbSJY5PEPtvFF-04wHCCab9yHeFM13dzYj7JunOlHX0acJOkB-mLaqx84qcpk5ZQGe-VHCHyzSol8fK6rcaxtdVSxiLuIu-eVbnFSLMp8aC51Vm2hw7sPPCbCu-eG5tYQMurlS2TP6WnD4WgwATrmo2bzQSIBY7EyPFNkgUECAQYAZIFBAgFGASgBgKAB8zQhNcBqAfZtrECqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgH1ckbqAemvhvYBwHyBwQQt-AY0ggfCIDhgHAQARgfMgLrAjoCgEBIvf3BOlix7qbemuuDA5oJ5gFodHRwczovL3d3dy5oZXJvLXdhcnMuY29tLz9kZWxheWVkc2lnbnVwPXRydWUmbnhfc291cmNlPWFkeF9hZHdvcmRzZGlzcGxheS5od193Yl91Y18tLmNjLWRlLmctbS5hLTI1NTQuYXUtYWxsLm9wdC1wdXJjaGFzZTIuY29tLW5ld2FjLmNyLXNlbGZpZWZpZ2h0MWQuY24tMzAwXzYwMC5scC1kZWxheWVkLmR0LWRpc3BsYXkuY2lkLTIwOTA3Njk2NjU0LmFnaWQtMTU4MTY1MzIzMTE1LmNzZC0xMTAxMjQuLYAKAcgLAdgTDdAVAZgWAYAXAbIXHAoaCAASFHB1Yi0zODYxMzM4Njg3Nzg1MDE0GAA&sigh=pH2MGHsuL_s&uach_m=%5BUACH%5D&ase=2&nis=4&cid=CAQSTgAvHhf_pg1ubd9O9KIq-K43MvWfZg1z1bdi3NJfe03GUI92EqMHtvvNvsnFiiThwmA5qtNmlVNRDejVghZKZLga-ffdeEkE5Q4tLSOYchgB&cbvp=2&vis=1 HTTP 302
https://www.googleadservices.com/pagead/ar-adview/?nrh={%22debug_key%22:%2211750429039907521324%22,%22debug_reporting%22:true,%22destination%22:%22https://hero-wars.com%22,%22event_report_window%22:%22259200%22,%22expiry%22:%222592000%22,%22filter_data%22:{%222%22:[%22622778268%22],%2222%22:[%22true%22],%224%22:[%2201-20%22],%226%22:[%22true%22]},%22priority%22:%22500%22,%22source_event_id%22:%224707081082431429249%22}&andc=true

Request Chain 161

https://googleads.g.doubleclick.net/pagead/adview?ai=Cv3T0tFarZb-_O6TPn88P-9KLyA_Oo_qUdc74suSREsCa1vyKDhABIMX6zh9glYKAgLAHoAGcr_uoAsgBAqgDAcgDyQSqBOQBT9Bu9bqWQ41AZKfaVesAHZ4VwNZ3QjAOmli_I_fPTJrC5-Mkvg2jSL2xxrK-KoWWDXD9SUZ9Efk3-OzI3vnZtkTprg_wRZp7_exglBHz_lm8IaSVPpEGFoH8stbQRlNUbFJy1J9FJQ5BlbUf9Qdns_rbgPWAGTObssziDnHuTNfXw6odK8xOApQG0ONpC5Mfn363Rzu23WzXH1gWvEwL2b_jRC09yeFu08pAobOOjRaouEBOV0xpHElKKJolNCmmFJe1_7mgENwU9EjjvweENEinS98JXEkWjH6IGmhkws8XgH92wATrmo2bzQSIBY7EyPFNkgUECAQYAZIFBAgFGASgBgKAB8zQhNcBqAfZtrECqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgH1ckbqAemvhvYBwHyBwQQ9YYc0ggfCIDhgHAQARgfMgLrAjoCgEBIvf3BOlix7qbemuuDA5oJ5gFodHRwczovL3d3dy5oZXJvLXdhcnMuY29tLz9kZWxheWVkc2lnbnVwPXRydWUmbnhfc291cmNlPWFkeF9hZHdvcmRzZGlzcGxheS5od193Yl91Y18tLmNjLWRlLmctbS5hLTI1NTQuYXUtYWxsLm9wdC1wdXJjaGFzZTIuY29tLW5ld2FjLmNyLXNlbGZpZWZpZ2h0MWQuY24tMzAwXzYwMC5scC1kZWxheWVkLmR0LWRpc3BsYXkuY2lkLTIwOTA3Njk2NjU0LmFnaWQtMTU4MTY1MzIzMTE1LmNzZC0xMTAxMjQuLYAKAcgLAdgTDdAVAZgWAYAXAbIXHAoaCAASFHB1Yi0zODYxMzM4Njg3Nzg1MDE0GAA&sigh=Gs-mkg-XWQA&uach_m=%5BUACH%5D&ase=2&nis=4&cid=CAQSTgAvHhf_pg1ubd9O9KIq-K43MvWfZg1z1bdi3NJfe03GUI92EqMHtvvNvsnFiiThwmA5qtNmlVNRDejVghZKZLga-ffdeEkE5Q4tLSOYchgB&cbvp=2&vis=1 HTTP 302
https://www.googleadservices.com/pagead/ar-adview/?nrh={%22debug_key%22:%222964040596397595146%22,%22debug_reporting%22:true,%22destination%22:%22https://hero-wars.com%22,%22event_report_window%22:%22259200%22,%22expiry%22:%222592000%22,%22filter_data%22:{%222%22:[%22622778268%22],%2222%22:[%22true%22],%224%22:[%2201-20%22],%226%22:[%22true%22]},%22priority%22:%22500%22,%22source_event_id%22:%225880609367997881073%22}&andc=true

176 HTTP transactions
8 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request / Show response
hairsalon.jingames.net/
Redirect Chain

http://hairsalon.jingames.net/
https://hairsalon.jingames.net/

85 KB
13 KB

12099ms
12021ms

Document
text/html

185.80.49.249
RACKFOREST-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hairsalon.jingames.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 185.80.49.249 Lovasbereny, Hungary, ASN62214 (RACKFOREST-AS, HU),
Reverse DNS: gw1.c-host.hu
Software: nginx / PHP/5.6.40-68+0~20230902.80+debian10~1.gbpa2012b
Resource Hash: 36f283a22a46932851eda6d756a6289a7d3a1f740f3dc2e21d14dedf820a2ea0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: no-store, no-cache, must-revalidate
content-encoding: gzip
content-length: 13232
content-type: text/html; charset=UTF-8
date: Sat, 20 Jan 2024 05:14:59 GMT
expires: Thu, 19 Nov 1981 08:52:00 GMT
front-end-https: on
pragma: public
server: nginx
vary: Accept-Encoding
x-powered-by: PHP/5.6.40-68+0~20230902.80+debian10~1.gbpa2012b

Redirect headers

Connection: keep-alive
Content-Length: 162
Content-Type: text/html
Date: Sat, 20 Jan 2024 05:14:47 GMT
Location: https://hairsalon.jingames.net/
Server: nginx

GET
H2 200 main.css
hairsalon.jingames.net/css/ 22 KB
6 KB 56ms
55ms Stylesheet
text/css 185.80.49.249
RACKFOREST-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hairsalon.jingames.net/css/main.css
Requested by: Host: hairsalon.jingames.net
URL: https://hairsalon.jingames.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 185.80.49.249 Lovasbereny, Hungary, ASN62214 (RACKFOREST-AS, HU),
Reverse DNS: gw1.c-host.hu
Software: nginx /
Resource Hash: 1644a837db5cf4f3b0224c2518dc0d29fdbc830ef844a0cbcd3c4f0fcea22c91

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hairsalon.jingames.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Sat, 20 Jan 2024 05:14:59 GMT
content-encoding: gzip
last-modified: Thu, 01 Dec 2016 18:23:22 GMT
server: nginx
etag: "58c8-5429cea9c5a80-gzip"
vary: Accept-Encoding
front-end-https: on
content-type: text/css
accept-ranges: bytes
content-length: 6328

GET
H2 200 jquery-1.11.0.min.js Show response
hairsalon.jingames.net/js/ 94 KB
33 KB 94ms
93ms Script
application/javascript 185.80.49.249
RACKFOREST-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hairsalon.jingames.net/js/jquery-1.11.0.min.js
Requested by: Host: hairsalon.jingames.net
URL: https://hairsalon.jingames.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 185.80.49.249 Lovasbereny, Hungary, ASN62214 (RACKFOREST-AS, HU),
Reverse DNS: gw1.c-host.hu
Software: nginx /
Resource Hash: b294e973896f8f874e90a8eb1a8908ac790980d034c4c4bdf0fc3d37b8abf682

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hairsalon.jingames.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Sat, 20 Jan 2024 05:14:59 GMT
content-encoding: gzip
last-modified: Thu, 01 Dec 2016 18:23:22 GMT
server: nginx
etag: "1787d-5429cea9c5a80-gzip"
vary: Accept-Encoding
front-end-https: on
content-type: application/javascript
accept-ranges: bytes
content-length: 33369

GET
H2 200 main.js Show response
hairsalon.jingames.net/js/ 1 KB
760 B 44ms
43ms Script
application/javascript 185.80.49.249
RACKFOREST-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hairsalon.jingames.net/js/main.js
Requested by: Host: hairsalon.jingames.net
URL: https://hairsalon.jingames.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 185.80.49.249 Lovasbereny, Hungary, ASN62214 (RACKFOREST-AS, HU),
Reverse DNS: gw1.c-host.hu
Software: nginx /
Resource Hash: 505022d86f149fc0ca5e56db8f7def31acbd780372ae4e72b05aeaa67e751094

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hairsalon.jingames.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Sat, 20 Jan 2024 05:14:59 GMT
content-encoding: gzip
last-modified: Thu, 01 Dec 2016 18:23:22 GMT
server: nginx
etag: "43f-5429cea9c5a80-gzip"
vary: Accept-Encoding
front-end-https: on
content-type: application/javascript
accept-ranges: bytes
content-length: 562

GET
H2 200 lmcbutton.js Show response
hairsalon.jingames.net/js/ 1 KB
834 B 54ms
53ms Script
application/javascript 185.80.49.249
RACKFOREST-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hairsalon.jingames.net/js/lmcbutton.js
Requested by: Host: hairsalon.jingames.net
URL: https://hairsalon.jingames.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 185.80.49.249 Lovasbereny, Hungary, ASN62214 (RACKFOREST-AS, HU),
Reverse DNS: gw1.c-host.hu
Software: nginx /
Resource Hash: ef5bbf104b13a29fd500a221f3a81babce750e791dd462fde66d9f90865ad8f0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hairsalon.jingames.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Sat, 20 Jan 2024 05:14:59 GMT
content-encoding: gzip
last-modified: Thu, 01 Dec 2016 18:23:22 GMT
server: nginx
etag: "5a8-5429cea9c5a80-gzip"
vary: Accept-Encoding
front-end-https: on
content-type: application/javascript
accept-ranges: bytes
content-length: 637

GET
H2 200 javascript-gebc-1.0.1.js Show response
hairsalon.jingames.net/js/ 2 KB
1005 B 54ms
54ms Script
application/javascript 185.80.49.249
RACKFOREST-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hairsalon.jingames.net/js/javascript-gebc-1.0.1.js
Requested by: Host: hairsalon.jingames.net
URL: https://hairsalon.jingames.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 185.80.49.249 Lovasbereny, Hungary, ASN62214 (RACKFOREST-AS, HU),
Reverse DNS: gw1.c-host.hu
Software: nginx /
Resource Hash: 6d9ed1d11bf10386253e7b950a51fcb1ea0cb8b4079e7147c7917132df636ac3

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hairsalon.jingames.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Sat, 20 Jan 2024 05:14:59 GMT
content-encoding: gzip
last-modified: Thu, 01 Dec 2016 18:23:22 GMT
server: nginx
etag: "968-5429cea9c5a80-gzip"
vary: Accept-Encoding
front-end-https: on
content-type: application/javascript
accept-ranges: bytes
content-length: 807

GET
H2 200 lightbox.css
hairsalon.jingames.net/css/ 4 KB
1 KB 46ms
45ms Stylesheet
text/css 185.80.49.249
RACKFOREST-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hairsalon.jingames.net/css/lightbox.css
Requested by: Host: hairsalon.jingames.net
URL: https://hairsalon.jingames.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 185.80.49.249 Lovasbereny, Hungary, ASN62214 (RACKFOREST-AS, HU),
Reverse DNS: gw1.c-host.hu
Software: nginx /
Resource Hash: b6516367a4082d9ff4d26b2e592acb604cbc4006c682bfdaa249ee1d3591c480

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hairsalon.jingames.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Sat, 20 Jan 2024 05:14:59 GMT
content-encoding: gzip
last-modified: Thu, 01 Dec 2016 18:23:22 GMT
server: nginx
etag: "f3a-5429cea9c5a80-gzip"
vary: Accept-Encoding
front-end-https: on
content-type: text/css
accept-ranges: bytes
content-length: 1007

GET
H2 200 cropped-header1.png
hairsalon.jingames.net/css/ 285 KB
285 KB 57ms
56ms Image
image/png 185.80.49.249
RACKFOREST-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://hairsalon.jingames.net/css/cropped-header1.png
Requested by: Host: hairsalon.jingames.net
URL: https://hairsalon.jingames.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 185.80.49.249 Lovasbereny, Hungary, ASN62214 (RACKFOREST-AS, HU),
Reverse DNS: gw1.c-host.hu
Software: nginx /
Resource Hash: 859fbca443befc30e88c800971f32a91d0928d9a708fb9cb01e28447320e2345

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hairsalon.jingames.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Sat, 20 Jan 2024 05:14:59 GMT
last-modified: Mon, 28 Nov 2016 18:27:48 GMT
server: nginx
etag: "47239-54260a0f11100"
front-end-https: on
content-type: image/png
accept-ranges: bytes
content-length: 291385

GET
H2 200 YouTube.png
main.jingames.net/wp-content/themes/mantra/images/socials/ 3 KB
3 KB 163ms
41ms Image
image/png 185.80.49.249
RACKFOREST-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://main.jingames.net/wp-content/themes/mantra/images/socials/YouTube.png
Requested by: Host: hairsalon.jingames.net
URL: https://hairsalon.jingames.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 185.80.49.249 Lovasbereny, Hungary, ASN62214 (RACKFOREST-AS, HU),
Reverse DNS: gw1.c-host.hu
Software: nginx /
Resource Hash: 4066df2bffec203ba6a727276b94b7997c435b47f17eb30d6938a1e1f1aa58bb

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hairsalon.jingames.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Sat, 20 Jan 2024 05:14:59 GMT
last-modified: Mon, 28 Nov 2016 19:04:27 GMT
server: nginx
etag: "c48-54261240324c0"
front-end-https: on
content-type: image/png
accept-ranges: bytes
content-length: 3144

GET
H2 200 Facebook.png
main.jingames.net/wp-content/themes/mantra/images/socials/ 2 KB
2 KB 47ms
44ms Image
image/png 185.80.49.249
RACKFOREST-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://main.jingames.net/wp-content/themes/mantra/images/socials/Facebook.png
Requested by: Host: hairsalon.jingames.net
URL: https://hairsalon.jingames.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 185.80.49.249 Lovasbereny, Hungary, ASN62214 (RACKFOREST-AS, HU),
Reverse DNS: gw1.c-host.hu
Software: nginx /
Resource Hash: 29cda2ed62ac6a68ee82b7a52fca3b306b467fe15093f3ca755842a186a86257

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hairsalon.jingames.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Sat, 20 Jan 2024 05:14:59 GMT
last-modified: Mon, 28 Nov 2016 19:04:27 GMT
server: nginx
etag: "87e-54261240324c0"
front-end-https: on
content-type: image/png
accept-ranges: bytes
content-length: 2174

GET
H2 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ 147 KB
51 KB 159ms
104ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Requested by

Host: hairsalon.jingames.net
URL: https://hairsalon.jingames.net/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7ff30bc5bea8de7cc3ce237450c5a79d23bc4dc7f2ab48c901b56e0941b99eca

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hairsalon.jingames.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Sat, 20 Jan 2024 05:14:28 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 51211
x-xss-protection: 0
server: cafe
etag: 8862146449930999026
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
link: <https://googleads.g.doubleclick.net>; rel="preconnect"; crossorigin
expires: Sat, 20 Jan 2024 05:14:28 GMT

GET
H2 200 gYgWKaD.png
i.imgur.com/ 19 KB
20 KB 98ms
28ms Image
image/png 146.75.120.193
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i.imgur.com/gYgWKaD.png?1

Requested by

Host: hairsalon.jingames.net
URL: https://hairsalon.jingames.net/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

146.75.120.193 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),

Reverse DNS

Software

cat factory 1.0 /

Resource Hash

3b4854276d704345a017d873d14e45dceab9ad1aa7cd09f3b5015ec16a249cc7

Security Headers

Name	Value
Strict-Transport-Security	max-age=300
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hairsalon.jingames.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Sat, 20 Jan 2024 05:14:28 GMT
strict-transport-security: max-age=300
x-content-type-options: nosniff
x-amz-cf-pop: MIA3-P5
age: 3845783
x-cache: Miss from cloudfront, HIT, HIT
content-length: 19646
x-served-by: cache-iad-kjyo7100109-IAD, cache-fra-etou8220032-FRA
last-modified: Thu, 16 Jun 2016 19:10:51 GMT
server: cat factory 1.0
x-timer: S1705727668.481245,VS0,VE1
etag: "46f725261d98437026c1924da8736da6"
access-control-allow-methods: GET, OPTIONS
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
x-amz-cf-id: qi-gWRo_RCJj72-coGGtOawYeg6xEIEuUa-ANuBQeqkeiFWZ10i-IA==
x-cache-hits: 765, 1

GET
H2 200 v5DA1SP.png
i.imgur.com/ 12 KB
12 KB 98ms
28ms Image
image/png 146.75.120.193
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i.imgur.com/v5DA1SP.png?1

Requested by

Host: hairsalon.jingames.net
URL: https://hairsalon.jingames.net/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

146.75.120.193 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),

Reverse DNS

Software

cat factory 1.0 /

Resource Hash

dd3426e528a9a8b6a8edc8a7f3836ef6b445f488dd807fb4daf1f3549d802ae9

Security Headers

Name	Value
Strict-Transport-Security	max-age=300
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hairsalon.jingames.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Sat, 20 Jan 2024 05:14:28 GMT
strict-transport-security: max-age=300
x-content-type-options: nosniff
x-amz-cf-pop: IAD89-P1
age: 1521147
x-cache: Miss from cloudfront, HIT, HIT
content-length: 12150
x-served-by: cache-iad-kjyo7100168-IAD, cache-fra-etou8220032-FRA
last-modified: Thu, 16 Jun 2016 19:13:13 GMT
server: cat factory 1.0
x-timer: S1705727668.481237,VS0,VE1
etag: "de8763470879fe251fad2334292c4a48"
access-control-allow-methods: GET, OPTIONS
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
x-amz-cf-id: Qrs8JTkARmY1GyzbRQryTziZ8ufYrieWfp3p3g3XEf54b_HyRPAIRA==
x-cache-hits: 135, 1

GET
H2 200 Dh4n4Qc.png
i.imgur.com/ 236 KB
236 KB 129ms
59ms Image
image/png 146.75.120.193
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i.imgur.com/Dh4n4Qc.png

Requested by

Host: hairsalon.jingames.net
URL: https://hairsalon.jingames.net/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

146.75.120.193 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),

Reverse DNS

Software

cat factory 1.0 /

Resource Hash

83b348246d8b17459fbb72c53547b83a27bb25a95b1398f7af301eb15b3dd8b1

Security Headers

Name	Value
Strict-Transport-Security	max-age=300
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hairsalon.jingames.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Sat, 20 Jan 2024 05:14:28 GMT
strict-transport-security: max-age=300
x-content-type-options: nosniff
x-amz-cf-pop: MIA3-P1
age: 6972103
x-cache: Miss from cloudfront, HIT, HIT
x-amz-storage-class: STANDARD_IA
content-length: 241364
x-served-by: cache-iad-kjyo7100101-IAD, cache-fra-etou8220032-FRA
last-modified: Fri, 30 Sep 2016 03:09:57 GMT
server: cat factory 1.0
x-timer: S1705727668.481252,VS0,VE1
etag: "657eadb02ac175931cf09238447ca396"
access-control-allow-methods: GET, OPTIONS
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
x-amz-cf-id: hnL_Pms1ZgVkdn6hqATct7vAInAlQC37pFqs4zak9WurQcOsjRH2Ww==
x-cache-hits: 314, 1

GET
H2 200 btkpmDV.png
i.imgur.com/ 316 KB
316 KB 157ms
87ms Image
image/png 146.75.120.193
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i.imgur.com/btkpmDV.png

Requested by

Host: hairsalon.jingames.net
URL: https://hairsalon.jingames.net/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

146.75.120.193 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),

Reverse DNS

Software

cat factory 1.0 /

Resource Hash

4fb39048b8810113fcf3acfe101ba586a97ae9481fc02804712e2f4cf96706f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=300
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hairsalon.jingames.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Sat, 20 Jan 2024 05:14:28 GMT
strict-transport-security: max-age=300
x-content-type-options: nosniff
x-amz-cf-pop: MIA3-C4
age: 3085615
x-cache: Miss from cloudfront, HIT, HIT
x-amz-storage-class: STANDARD_IA
content-length: 323362
x-served-by: cache-iad-kjyo7100175-IAD, cache-fra-etou8220032-FRA
last-modified: Thu, 23 Jun 2016 17:21:14 GMT
server: cat factory 1.0
x-timer: S1705727668.481718,VS0,VE2
etag: "d3b533f647c27debb5f6920dca8b2fe4"
access-control-allow-methods: GET, OPTIONS
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
x-amz-cf-id: HjM6iZ76ySgQAYiDsuXQIcQ2nb7Q3XsWfPlKwq2bzNlFCw2cRdNscg==
x-cache-hits: 336, 1

GET
H2 200 F7CnMIb.png
i.imgur.com/ 30 KB
30 KB 107ms
37ms Image
image/png 146.75.120.193
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i.imgur.com/F7CnMIb.png

Requested by

Host: hairsalon.jingames.net
URL: https://hairsalon.jingames.net/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

146.75.120.193 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),

Reverse DNS

Software

cat factory 1.0 /

Resource Hash

1efbd89776d2711d93abdcbe92ba4680258af85c690358896a3d1a31c0a03f4b

Security Headers

Name	Value
Strict-Transport-Security	max-age=300
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hairsalon.jingames.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Sat, 20 Jan 2024 05:14:28 GMT
strict-transport-security: max-age=300
x-content-type-options: nosniff
x-amz-cf-pop: PHL50-C1
age: 3186218
x-cache: Miss from cloudfront, HIT, HIT
content-length: 30905
x-served-by: cache-iad-kcgs7200147-IAD, cache-fra-etou8220032-FRA
last-modified: Sun, 30 Oct 2016 18:15:57 GMT
server: cat factory 1.0
x-timer: S1705727668.481431,VS0,VE1
etag: "e1da1e6875267e5b2a2e8a1b4dcae2a3"
access-control-allow-methods: GET, OPTIONS
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
x-amz-cf-id: w0w10XWkFmxClLEnQFOOkxqL2IsUuaV1MnPnxNXlXpVWcCTS69b6-g==
x-cache-hits: 104, 1

GET
H2 200 VZaWeJV.png
i.imgur.com/ 222 KB
223 KB 132ms
63ms Image
image/png 146.75.120.193
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i.imgur.com/VZaWeJV.png

Requested by

Host: hairsalon.jingames.net
URL: https://hairsalon.jingames.net/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

146.75.120.193 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),

Reverse DNS

Software

cat factory 1.0 /

Resource Hash

452acd09eda3c896c51d1e583b8a1486ebafd773e55a8985ca23cc918be2f6c0

Security Headers

Name	Value
Strict-Transport-Security	max-age=300
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hairsalon.jingames.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Sat, 20 Jan 2024 05:14:28 GMT
strict-transport-security: max-age=300
x-content-type-options: nosniff
x-amz-cf-pop: MIA3-P5
age: 918798
x-cache: Miss from cloudfront, HIT, HIT
x-amz-storage-class: STANDARD_IA
content-length: 227597
x-served-by: cache-iad-kjyo7100027-IAD, cache-fra-etou8220032-FRA
last-modified: Wed, 20 Jul 2016 00:48:50 GMT
server: cat factory 1.0
x-timer: S1705727668.481435,VS0,VE1
etag: "f7099ff33d01987d34330dec5514ce0c"
access-control-allow-methods: GET, OPTIONS
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
x-amz-cf-id: Rmp-oE8KksDQEa2zZyBkk9iX9QAIWFWnJvrX14v4P7pf0CjAgtNySg==
x-cache-hits: 16, 1

GET
H2 200 C0w4Rlw.png
i.imgur.com/ 20 KB
20 KB 73ms
71ms Image
image/png 146.75.120.193
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i.imgur.com/C0w4Rlw.png

Requested by

Host: hairsalon.jingames.net
URL: https://hairsalon.jingames.net/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

146.75.120.193 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),

Reverse DNS

Software

cat factory 1.0 /

Resource Hash

60dc0148688852de8c26cba837c86045099c4f40cb5f763da74d9a62b2b62eff

Security Headers

Name	Value
Strict-Transport-Security	max-age=300
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hairsalon.jingames.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Sat, 20 Jan 2024 05:14:28 GMT
strict-transport-security: max-age=300
x-content-type-options: nosniff
x-amz-cf-pop: IAD12-P2
age: 911642
x-cache: Miss from cloudfront, HIT, HIT
content-length: 20463
x-served-by: cache-iad-kcgs7200175-IAD, cache-fra-etou8220032-FRA
last-modified: Wed, 20 Apr 2016 20:58:02 GMT
server: cat factory 1.0
x-timer: S1705727669.520763,VS0,VE2
etag: "ae24e75ec0e7fff3328c60917efd0d13"
access-control-allow-methods: GET, OPTIONS
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
x-amz-cf-id: NV5r0T2H4GmMGPhjsBkpN2Ek3OIsxt-ErGmUSgGIOYat0EAj4t8CfQ==
x-cache-hits: 139, 1

GET
H2 200 DAFF1Dr.png
i.imgur.com/ 24 KB
24 KB 72ms
70ms Image
image/png 146.75.120.193
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i.imgur.com/DAFF1Dr.png

Requested by

Host: hairsalon.jingames.net
URL: https://hairsalon.jingames.net/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

146.75.120.193 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),

Reverse DNS

Software

cat factory 1.0 /

Resource Hash

93bb199d3abd68c438e4e11b1169223fbb7a123329a7d46a5a1a34617441acb3

Security Headers

Name	Value
Strict-Transport-Security	max-age=300
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hairsalon.jingames.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Sat, 20 Jan 2024 05:14:28 GMT
strict-transport-security: max-age=300
x-content-type-options: nosniff
x-amz-cf-pop: IAD89-P1
age: 3103438
x-cache: Miss from cloudfront, HIT, HIT
content-length: 24220
x-served-by: cache-iad-kiad7000128-IAD, cache-fra-etou8220032-FRA
last-modified: Sat, 10 Jun 2017 15:26:05 GMT
server: cat factory 1.0
x-timer: S1705727669.520776,VS0,VE2
etag: "1a3984a83cf866e7f11499ef0ca721d3"
access-control-allow-methods: GET, OPTIONS
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
x-amz-cf-id: QxG3-o9SOJt1p-2vkkfkjmUeUViUNJl0g535-pz2unNy9ILOZ6O8Qg==
x-cache-hits: 166, 1

GET
H2 200 p8EDQ1b.png
i.imgur.com/ 18 KB
18 KB 70ms
69ms Image
image/png 146.75.120.193
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i.imgur.com/p8EDQ1b.png

Requested by

Host: hairsalon.jingames.net
URL: https://hairsalon.jingames.net/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

146.75.120.193 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),

Reverse DNS

Software

cat factory 1.0 /

Resource Hash

6a87fdfa3fe7951f4d71c11f58f5ccee7bf291e8d8f227306cfda9e9d970ec61

Security Headers

Name	Value
Strict-Transport-Security	max-age=300
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hairsalon.jingames.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Sat, 20 Jan 2024 05:14:28 GMT
strict-transport-security: max-age=300
x-content-type-options: nosniff
x-amz-cf-pop: IAD89-P1
age: 916543
x-cache: Miss from cloudfront, HIT, HIT
content-length: 18206
x-served-by: cache-iad-kcgs7200021-IAD, cache-fra-etou8220032-FRA
last-modified: Tue, 13 Dec 2016 20:53:43 GMT
server: cat factory 1.0
x-timer: S1705727669.520746,VS0,VE1
etag: "715165daeb0f70e5f8ceeaf254ce9bcf"
access-control-allow-methods: GET, OPTIONS
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
x-amz-cf-id: 6kVwi_Q8q26AskGEhD60r2xppLlOd-QIkdtb-LW6O6tAxs6K_MjBTA==
x-cache-hits: 53, 1

GET
H2 200 zrjmZhG.png
i.imgur.com/ 59 KB
59 KB 71ms
70ms Image
image/png 146.75.120.193
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i.imgur.com/zrjmZhG.png

Requested by

Host: hairsalon.jingames.net
URL: https://hairsalon.jingames.net/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

146.75.120.193 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),

Reverse DNS

Software

cat factory 1.0 /

Resource Hash

6647fea76ad0ed167fd4fc0b54086de7e609c148f3a8a26be643601bd7ea31ac

Security Headers

Name	Value
Strict-Transport-Security	max-age=300
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hairsalon.jingames.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Sat, 20 Jan 2024 05:14:28 GMT
strict-transport-security: max-age=300
x-content-type-options: nosniff
x-amz-cf-pop: IAD55-P2
age: 1426471
x-cache: Miss from cloudfront, HIT, HIT
content-length: 60083
x-served-by: cache-iad-kiad7000092-IAD, cache-fra-etou8220032-FRA
last-modified: Fri, 12 May 2017 16:07:56 GMT
server: cat factory 1.0
x-timer: S1705727669.520729,VS0,VE1
etag: "54dec885f27371f520cafb1ea44f7981"
access-control-allow-methods: GET, OPTIONS
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
x-amz-cf-id: 2q-VZG6epFLTo3bDLZ9RVpgwXzWcN12BbVAuVtZwvz9my5LGb7DJyw==
x-cache-hits: 13, 1

GET
H2 200 Xg4YaHE.png
i.imgur.com/ 16 KB
16 KB 71ms
69ms Image
image/png 146.75.120.193
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i.imgur.com/Xg4YaHE.png

Requested by

Host: hairsalon.jingames.net
URL: https://hairsalon.jingames.net/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

146.75.120.193 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),

Reverse DNS

Software

cat factory 1.0 /

Resource Hash

aed37d23a522a77ad4e3568eafcc17e69f780286608f3b70c2e16b193cd26ccc

Security Headers

Name	Value
Strict-Transport-Security	max-age=300
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hairsalon.jingames.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Sat, 20 Jan 2024 05:14:28 GMT
strict-transport-security: max-age=300
x-content-type-options: nosniff
x-amz-cf-pop: IAD12-P2
age: 3851593
x-cache: Miss from cloudfront, HIT, HIT
content-length: 16536
x-served-by: cache-iad-kiad7000089-IAD, cache-fra-etou8220032-FRA
last-modified: Tue, 28 Feb 2017 15:28:33 GMT
server: cat factory 1.0
x-timer: S1705727669.520723,VS0,VE1
etag: "5f9687c0c090f7b002462294d2957871"
access-control-allow-methods: GET, OPTIONS
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
x-amz-cf-id: WIEnvi9RF65rjPzwlCLiH_Z3GEFhrc0VmPNDg7ref0zjskM1BUcvhg==
x-cache-hits: 38, 1

GET
H2 200 noImage.png
hairsalon.jingames.net/images/ 3 KB
3 KB 43ms
42ms Image
image/png 185.80.49.249
RACKFOREST-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://hairsalon.jingames.net/images/noImage.png
Requested by: Host: hairsalon.jingames.net
URL: https://hairsalon.jingames.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 185.80.49.249 Lovasbereny, Hungary, ASN62214 (RACKFOREST-AS, HU),
Reverse DNS: gw1.c-host.hu
Software: nginx /
Resource Hash: 951af233b9948bf5f4b5a6baea6256641df11a61aacaa0e179bbcd45dbd98d9a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hairsalon.jingames.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Sat, 20 Jan 2024 05:14:59 GMT
last-modified: Mon, 28 Nov 2016 18:27:45 GMT
server: nginx
etag: "b16-54260a0c34a40"
front-end-https: on
content-type: image/png
accept-ranges: bytes
content-length: 2838

GET
H2 200 CJ2penH.png
i.imgur.com/ 22 KB
22 KB 73ms
71ms Image
image/png 146.75.120.193
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i.imgur.com/CJ2penH.png

Requested by

Host: hairsalon.jingames.net
URL: https://hairsalon.jingames.net/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

146.75.120.193 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),

Reverse DNS

Software

cat factory 1.0 /

Resource Hash

83dbaa0bc2d7e537bb62d602123d3d667b37448d448b59045d504d93ee9553c1

Security Headers

Name	Value
Strict-Transport-Security	max-age=300
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hairsalon.jingames.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Sat, 20 Jan 2024 05:14:28 GMT
strict-transport-security: max-age=300
x-content-type-options: nosniff
x-amz-cf-pop: ORD56-P4
age: 3874871
x-cache: Miss from cloudfront, HIT, HIT
content-length: 22136
x-served-by: cache-iad-kjyo7100029-IAD, cache-fra-etou8220032-FRA
last-modified: Tue, 28 Feb 2017 15:14:59 GMT
server: cat factory 1.0
x-timer: S1705727669.521353,VS0,VE1
etag: "76482ab7386e74f59bc213856a6c16e6"
access-control-allow-methods: GET, OPTIONS
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
x-amz-cf-id: 62duCQUohcknSa9iCKkxe-ZAIttF5N0ygoHG1GFHv6FMu9Odx5_mLA==
x-cache-hits: 229, 1

GET
H2 200 hh3NDIP.png
i.imgur.com/5ddSaLa.pnghttps://i.imgur.com/ 24 KB
25 KB 73ms
72ms Image
image/png 146.75.120.193
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i.imgur.com/5ddSaLa.pnghttps://i.imgur.com/hh3NDIP.png

Requested by

Host: hairsalon.jingames.net
URL: https://hairsalon.jingames.net/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

146.75.120.193 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),

Reverse DNS

Software

cat factory 1.0 /

Resource Hash

0bcc9959e25dea025ee9a70a550c2a127fc3ff29d9b71c3ab81602f5ada5a9c4

Security Headers

Name	Value
Strict-Transport-Security	max-age=300
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hairsalon.jingames.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Sat, 20 Jan 2024 05:14:28 GMT
strict-transport-security: max-age=300
x-content-type-options: nosniff
x-amz-cf-pop: IAD12-P2
age: 985504
x-cache: Miss from cloudfront, HIT, HIT
content-length: 24748
x-served-by: cache-iad-kiad7000136-IAD, cache-fra-etou8220032-FRA
last-modified: Tue, 24 Oct 2017 20:29:57 GMT
server: cat factory 1.0
x-timer: S1705727669.521607,VS0,VE1
etag: "d8cceaa4f0e7d4974e6ec3bafed2049d"
access-control-allow-methods: GET, OPTIONS
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
x-amz-cf-id: 74zVB7NADk5RnPdXwYxQl-QQvfYQ3MSIig2ZB_HX2COGbda4TK3HTA==
x-cache-hits: 294, 1

GET
H2 200 Nl3oCEP.png
i.imgur.com/ 10 KB
11 KB 72ms
71ms Image
image/png 146.75.120.193
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i.imgur.com/Nl3oCEP.png

Requested by

Host: hairsalon.jingames.net
URL: https://hairsalon.jingames.net/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

146.75.120.193 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),

Reverse DNS

Software

cat factory 1.0 /

Resource Hash

2fda446210f480afd2c2dfb33be25b8943de1e00b741e07bfc1c22369ad2beb1

Security Headers

Name	Value
Strict-Transport-Security	max-age=300
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hairsalon.jingames.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Sat, 20 Jan 2024 05:14:28 GMT
strict-transport-security: max-age=300
x-content-type-options: nosniff
x-amz-cf-pop: IAD89-P1
age: 3161456
x-cache: Miss from cloudfront, HIT, HIT
content-length: 10558
x-served-by: cache-iad-kiad7000086-IAD, cache-fra-etou8220032-FRA
last-modified: Fri, 09 Dec 2016 01:22:02 GMT
server: cat factory 1.0
x-timer: S1705727669.521303,VS0,VE1
etag: "6a6e7b26833fd4a44450d24d107f6f8f"
access-control-allow-methods: GET, OPTIONS
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
x-amz-cf-id: gzE_Hubyuthy0sp4Vh0Bahhjf3MnVf4d_lfopqi5DYlEajJGX9TOMA==
x-cache-hits: 51, 1

GET
H2 200 DHtHMWq.png
i.imgur.com/ 10 KB
10 KB 71ms
70ms Image
image/png 146.75.120.193
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i.imgur.com/DHtHMWq.png

Requested by

Host: hairsalon.jingames.net
URL: https://hairsalon.jingames.net/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

146.75.120.193 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),

Reverse DNS

Software

cat factory 1.0 /

Resource Hash

88d3342019cb40e7abd7e305bf58270653db34eaca0cd8f631dfbfdbd5772302

Security Headers

Name	Value
Strict-Transport-Security	max-age=300
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hairsalon.jingames.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Sat, 20 Jan 2024 05:14:28 GMT
strict-transport-security: max-age=300
x-content-type-options: nosniff
x-amz-cf-pop: PHL50-C1
age: 936370
x-cache: Miss from cloudfront, HIT, HIT
content-length: 10369
x-served-by: cache-iad-kcgs7200083-IAD, cache-fra-etou8220032-FRA
last-modified: Fri, 09 Dec 2016 01:19:38 GMT
server: cat factory 1.0
x-timer: S1705727669.521293,VS0,VE1
etag: "910d8291a48467861c0ce93c11ec3277"
access-control-allow-methods: GET, OPTIONS
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
x-amz-cf-id: 0hSEalSaVs7jBQXVkmacR3RfDnceN0Dj_6zQeRwpv6ZIypCiZuB8ww==
x-cache-hits: 104, 1

GET
H2 200 wYr2w7r.png
i.imgur.com/ 11 KB
12 KB 74ms
72ms Image
image/png 146.75.120.193
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i.imgur.com/wYr2w7r.png

Requested by

Host: hairsalon.jingames.net
URL: https://hairsalon.jingames.net/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

146.75.120.193 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),

Reverse DNS

Software

cat factory 1.0 /

Resource Hash

5c9bca654e3b4508bbfb85cf1b871ad4ecb67554664c4203a927e1df12bb8296

Security Headers

Name	Value
Strict-Transport-Security	max-age=300
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hairsalon.jingames.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Sat, 20 Jan 2024 05:14:28 GMT
strict-transport-security: max-age=300
x-content-type-options: nosniff
x-amz-cf-pop: IAD12-P2
age: 766739
x-cache: Miss from cloudfront, HIT, HIT
content-length: 11652
x-served-by: cache-iad-kiad7000055-IAD, cache-fra-etou8220032-FRA
last-modified: Fri, 09 Dec 2016 01:17:32 GMT
server: cat factory 1.0
x-timer: S1705727669.521286,VS0,VE3
etag: "7c0fadf88a05e2190cb4ca36e5281c51"
access-control-allow-methods: GET, OPTIONS
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
x-amz-cf-id: -qe2o5aEZO2TWgZVDZSh0DUnGX8-kDx9voOAzmmOQdnqBlL8Uc_dlw==
x-cache-hits: 120, 1

GET
H2 200 tv5ytF6.png
i.imgur.com/ 10 KB
10 KB 72ms
70ms Image
image/png 146.75.120.193
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i.imgur.com/tv5ytF6.png

Requested by

Host: hairsalon.jingames.net
URL: https://hairsalon.jingames.net/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

146.75.120.193 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),

Reverse DNS

Software

cat factory 1.0 /

Resource Hash

89fdc3682ba7b435d92947f318c9a8a1c4544ee02922f6012fe2e450799f59f1

Security Headers

Name	Value
Strict-Transport-Security	max-age=300
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hairsalon.jingames.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Sat, 20 Jan 2024 05:14:28 GMT
strict-transport-security: max-age=300
x-content-type-options: nosniff
x-amz-cf-pop: IAD12-P2
age: 11104236
x-cache: Miss from cloudfront, HIT, HIT
content-length: 9923
x-served-by: cache-iad-kiad7000111-IAD, cache-fra-etou8220032-FRA
last-modified: Fri, 09 Dec 2016 01:12:40 GMT
server: cat factory 1.0
x-timer: S1705727669.521269,VS0,VE1
etag: "6c05d68e4068b5bdd8db4798f71b2a11"
access-control-allow-methods: GET, OPTIONS
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
x-amz-cf-id: h-olzL5eI3mC692KVN2NaIJc2AHxeE4cnTdXblGjvOy-5mH5QGa46w==
x-cache-hits: 400, 1

GET
H2 200 UhYUyNH.jpg
i.imgur.com/ 271 KB
271 KB 73ms
72ms Image
image/jpeg 146.75.120.193
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i.imgur.com/UhYUyNH.jpg

Requested by

Host: hairsalon.jingames.net
URL: https://hairsalon.jingames.net/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

146.75.120.193 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),

Reverse DNS

Software

cat factory 1.0 /

Resource Hash

d1a9fd0bd6b1014d1ad42f71f7e1d0cb7823df0fc0337e21ad05567523309852

Security Headers

Name	Value
Strict-Transport-Security	max-age=300
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hairsalon.jingames.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Sat, 20 Jan 2024 05:14:28 GMT
strict-transport-security: max-age=300
x-content-type-options: nosniff
x-amz-cf-pop: IAD55-P2
age: 1455311
x-cache: Miss from cloudfront, HIT, HIT
x-amz-storage-class: STANDARD_IA
content-length: 277377
x-served-by: cache-iad-kjyo7100100-IAD, cache-fra-etou8220032-FRA
last-modified: Thu, 05 May 2016 13:25:30 GMT
server: cat factory 1.0
x-timer: S1705727669.521259,VS0,VE2
etag: "c63c9edfa09f157fb9ab8adbf98da04d"
access-control-allow-methods: GET, OPTIONS
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
x-amz-cf-id: BIy7Jxzh_Je24zQUbFIecs9J0O0GW6K-S1dKQylJ8hmWW4i23btBcw==
x-cache-hits: 199, 1

GET
H2 200 2uUfq06.png
i.imgur.com/ 7 KB
7 KB 72ms
71ms Image
image/png 146.75.120.193
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i.imgur.com/2uUfq06.png

Requested by

Host: hairsalon.jingames.net
URL: https://hairsalon.jingames.net/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

146.75.120.193 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),

Reverse DNS

Software

cat factory 1.0 /

Resource Hash

0ae8d2ebd4d24ebebb1d850ddbc48c3394b7fb79ac01ab6dc227e6489aeaa862

Security Headers

Name	Value
Strict-Transport-Security	max-age=300
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hairsalon.jingames.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Sat, 20 Jan 2024 05:14:28 GMT
strict-transport-security: max-age=300
x-content-type-options: nosniff
x-amz-cf-pop: IAD89-P1
age: 1354798
x-cache: Miss from cloudfront, HIT, HIT
content-length: 7191
x-served-by: cache-iad-kjyo7100086-IAD, cache-fra-etou8220032-FRA
last-modified: Fri, 09 Dec 2016 01:24:45 GMT
server: cat factory 1.0
x-timer: S1705727669.521250,VS0,VE1
etag: "9579e9b9b7335b30380384a36aa8c9df"
access-control-allow-methods: GET, OPTIONS
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
x-amz-cf-id: w235HJU6k_2y2TkIOZ4vppFAzvacLI2EKCdvQsCGnQHoFFSBNqh7lQ==
x-cache-hits: 236, 1

GET
H2 200 gPnJgTg.png
i.imgur.com/ 7 KB
7 KB 71ms
69ms Image
image/png 146.75.120.193
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i.imgur.com/gPnJgTg.png

Requested by

Host: hairsalon.jingames.net
URL: https://hairsalon.jingames.net/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

146.75.120.193 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),

Reverse DNS

Software

cat factory 1.0 /

Resource Hash

4e1d7d234c7a5927859f10908ad09106aef746b68e34370ca4fc695e64f89957

Security Headers

Name	Value
Strict-Transport-Security	max-age=300
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hairsalon.jingames.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Sat, 20 Jan 2024 05:14:28 GMT
strict-transport-security: max-age=300
x-content-type-options: nosniff
x-amz-cf-pop: IAD89-P1
age: 4362245
x-cache: Miss from cloudfront, HIT, HIT
content-length: 6739
x-served-by: cache-iad-kjyo7100096-IAD, cache-fra-etou8220032-FRA
last-modified: Fri, 09 Dec 2016 01:26:24 GMT
server: cat factory 1.0
x-timer: S1705727669.521249,VS0,VE1
etag: "2f050516e9b7142133ebf4b4edca9aa8"
access-control-allow-methods: GET, OPTIONS
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
x-amz-cf-id: lQW2FCRnBAQ-rLrJ9mQG01Yk_pPPOqHKi6eWtVZJnxFLlP7ZC3XoWQ==
x-cache-hits: 115, 1

GET
H2 200 nxadgkN.png
i.imgur.com/ 8 KB
8 KB 71ms
69ms Image
image/png 146.75.120.193
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i.imgur.com/nxadgkN.png

Requested by

Host: hairsalon.jingames.net
URL: https://hairsalon.jingames.net/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

146.75.120.193 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),

Reverse DNS

Software

cat factory 1.0 /

Resource Hash

ba1a686b053caeabf630e5eb0f5585b0559c2c1014a37624b51045763fd5c78c

Security Headers

Name	Value
Strict-Transport-Security	max-age=300
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hairsalon.jingames.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Sat, 20 Jan 2024 05:14:28 GMT
strict-transport-security: max-age=300
x-content-type-options: nosniff
x-amz-cf-pop: IAD12-P2
age: 5655290
x-cache: Miss from cloudfront, HIT, HIT
content-length: 8447
x-served-by: cache-iad-kjyo7100150-IAD, cache-fra-etou8220032-FRA
last-modified: Fri, 09 Dec 2016 01:29:13 GMT
server: cat factory 1.0
x-timer: S1705727669.521248,VS0,VE1
etag: "c5a084db8a09f11b96548be43a0865da"
access-control-allow-methods: GET, OPTIONS
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
x-amz-cf-id: X4nm4gLkw8-gHC9lWceisv8935X4ioZk-qLmRfEg7YqTAlJQmq030A==
x-cache-hits: 208, 1

GET
H2 200 4GGx1z4.png
i.imgur.com/ 5 KB
6 KB 74ms
72ms Image
image/png 146.75.120.193
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i.imgur.com/4GGx1z4.png

Requested by

Host: hairsalon.jingames.net
URL: https://hairsalon.jingames.net/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

146.75.120.193 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),

Reverse DNS

Software

cat factory 1.0 /

Resource Hash

988688356dc54a7ac123416df30c77f104bf518103d18df67129da00b9de121c

Security Headers

Name	Value
Strict-Transport-Security	max-age=300
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hairsalon.jingames.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Sat, 20 Jan 2024 05:14:28 GMT
strict-transport-security: max-age=300
x-content-type-options: nosniff
x-amz-cf-pop: JFK50-P6
age: 4302490
x-cache: Miss from cloudfront, HIT, HIT
content-length: 5596
x-served-by: cache-iad-kjyo7100144-IAD, cache-fra-etou8220032-FRA
last-modified: Fri, 09 Dec 2016 01:30:28 GMT
server: cat factory 1.0
x-timer: S1705727669.534722,VS0,VE1
etag: "fec282770af80b5d92e184a36da363f8"
access-control-allow-methods: GET, OPTIONS
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
x-amz-cf-id: pcBV_QYxXbDmAjsMvCM6mFAIh3NQcQ94ZS8opI0FUPTh74_FknOzTQ==
x-cache-hits: 16, 1

GET
H2 200 eJrM2Tu.png
i.imgur.com/ 845 KB
846 KB 74ms
73ms Image
image/png 146.75.120.193
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i.imgur.com/eJrM2Tu.png

Requested by

Host: hairsalon.jingames.net
URL: https://hairsalon.jingames.net/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

146.75.120.193 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),

Reverse DNS

Software

cat factory 1.0 /

Resource Hash

9404536a8f4d78d41cdbb47bc7bdc5402e81653b6afe022f621aed516a4b7c26

Security Headers

Name	Value
Strict-Transport-Security	max-age=300
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hairsalon.jingames.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Sat, 20 Jan 2024 05:14:28 GMT
strict-transport-security: max-age=300
x-content-type-options: nosniff
x-amz-cf-pop: IAD55-P2
age: 1425704
x-cache: Miss from cloudfront, HIT, HIT
x-amz-storage-class: STANDARD_IA
content-length: 865788
x-served-by: cache-iad-kjyo7100092-IAD, cache-fra-etou8220032-FRA
last-modified: Wed, 25 Nov 2015 20:48:06 GMT
server: cat factory 1.0
x-timer: S1705727669.534711,VS0,VE2
etag: "7c3f6f594b0c0b2b641cd187b9e00ea2"
access-control-allow-methods: GET, OPTIONS
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
x-amz-cf-id: x-IlMHj3DdmlAxQI__NIV6i3cnd3hI4vomr4dFJJfxadS5vBedfrhQ==
x-cache-hits: 38, 1

GET
H2 200 qjqksvI.png
i.imgur.com/ 124 KB
124 KB 74ms
73ms Image
image/png 146.75.120.193
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i.imgur.com/qjqksvI.png

Requested by

Host: hairsalon.jingames.net
URL: https://hairsalon.jingames.net/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

146.75.120.193 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),

Reverse DNS

Software

cat factory 1.0 /

Resource Hash

3bb28b38c9b760b981cc53e24f1d45c3b34a8d8e00c7872741d8cebdab943566

Security Headers

Name	Value
Strict-Transport-Security	max-age=300
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hairsalon.jingames.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Sat, 20 Jan 2024 05:14:28 GMT
strict-transport-security: max-age=300
x-content-type-options: nosniff
x-amz-cf-pop: PHL50-C1
age: 6293065
x-cache: Miss from cloudfront, HIT, HIT
content-length: 126826
x-served-by: cache-iad-kcgs7200119-IAD, cache-fra-etou8220032-FRA
last-modified: Wed, 19 Aug 2015 07:40:14 GMT
server: cat factory 1.0
x-timer: S1705727669.534705,VS0,VE2
etag: "d7840e15abcb2faaee4893e3fb7143bd"
access-control-allow-methods: GET, OPTIONS
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
x-amz-cf-id: N-ukfsY8p2hxhCbYzwMSf0weBKvnCn5EZiHn-gvBHJUW_nlpcIGDvA==
x-cache-hits: 22, 1

GET
H2

200

404
imgur.com/error/
Redirect Chain

https://imgur.com/wYmmLJi][img]
https://imgur.com/error/404

0
0

44ms
44ms

Image
text/html

199.232.192.193
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://imgur.com/error/404
Requested by: Host: hairsalon.jingames.net
URL: https://hairsalon.jingames.net/
Protocol: H2
Server: 199.232.192.193 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hairsalon.jingames.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

Redirect headers

content-security-policy: upgrade-insecure-requests
date: Sat, 20 Jan 2024 05:14:28 GMT
strict-transport-security: max-age=300
age: 0
x-cache: HIT, MISS
content-length: 0
x-served-by: cache-iad-kjyo7100048-IAD, cache-cph2320032-CPH
server: cat factory 1.0
x-timer: S1705727669.512192,VS0,VE86
x-frame-options: DENY
content-type: text/html; charset=utf-8
location: https://imgur.com/error/404
access-control-allow-origin: https://imgur.com
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
access-control-allow-credentials: false
accept-ranges: bytes
x-cache-hits: 1, 0

GET
H2 200 url]
i.imgur.com/wYmmLJi.png[/img][/ 10 KB
10 KB 74ms
72ms Image
image/png 146.75.120.193
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i.imgur.com/wYmmLJi.png[/img][/url]

Requested by

Host: hairsalon.jingames.net
URL: https://hairsalon.jingames.net/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

146.75.120.193 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),

Reverse DNS

Software

cat factory 1.0 /

Resource Hash

d3a17df2fd4d04f89533a05d640b202a026f37f06654904f9b746024c948c813

Security Headers

Name	Value
Strict-Transport-Security	max-age=300
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hairsalon.jingames.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Sat, 20 Jan 2024 05:14:28 GMT
strict-transport-security: max-age=300
x-content-type-options: nosniff
x-amz-cf-pop: IAD89-P1
age: 3930137
x-cache: Miss from cloudfront, HIT, HIT
content-length: 10499
x-served-by: cache-iad-kjyo7100101-IAD, cache-fra-etou8220032-FRA
last-modified: Tue, 10 Jul 2018 18:34:13 GMT
server: cat factory 1.0
x-timer: S1705727669.534683,VS0,VE1
etag: "f8a8ff3b690eddb347795244e3e1a81f"
access-control-allow-methods: GET, OPTIONS
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
x-amz-cf-id: fj7i4BWmmN244Rub_STGRZLXvYUg1rOyjq6G4bor1M3OhIUwWHqvzA==
x-cache-hits: 31, 1

GET
H2 200 lightbox-plus-jquery.min.js Show response
hairsalon.jingames.net/js/ 91 KB
32 KB 67ms
64ms Script
application/javascript 185.80.49.249
RACKFOREST-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hairsalon.jingames.net/js/lightbox-plus-jquery.min.js
Requested by: Host: hairsalon.jingames.net
URL: https://hairsalon.jingames.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 185.80.49.249 Lovasbereny, Hungary, ASN62214 (RACKFOREST-AS, HU),
Reverse DNS: gw1.c-host.hu
Software: nginx /
Resource Hash: 05bb3e7b6befc00816b63a3c50555832495513e28a0f9c5e605fbb79e0d8d495

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hairsalon.jingames.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Sat, 20 Jan 2024 05:14:59 GMT
content-encoding: gzip
last-modified: Thu, 01 Dec 2016 18:23:22 GMT
server: nginx
etag: "16b95-5429cea9c5a80-gzip"
vary: Accept-Encoding
front-end-https: on
content-type: application/javascript
accept-ranges: bytes
content-length: 32308

GET login-box-script.js
main.jingames.net/wp-content/plugins/login-box/ 0
0

GET scripts.js
main.jingames.net/wp-content/plugins/login-box/wpclassic/ 0
0

GET style.css
main.jingames.net/wp-content/plugins/login-box/wpclassic/ 0
0

GET
H2 200 bg.png
hairsalon.jingames.net/css/ 2 MB
2 MB 46ms
46ms Image
image/png 185.80.49.249
RACKFOREST-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://hairsalon.jingames.net/css/bg.png
Requested by: Host: hairsalon.jingames.net
URL: https://hairsalon.jingames.net/css/main.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 185.80.49.249 Lovasbereny, Hungary, ASN62214 (RACKFOREST-AS, HU),
Reverse DNS: gw1.c-host.hu
Software: nginx /
Resource Hash: fe0c7255c105a9be331b462dc5a759e1d38850e51884100331506b1308d62977

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hairsalon.jingames.net/css/main.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Sat, 20 Jan 2024 05:14:59 GMT
last-modified: Sun, 09 Jan 2022 19:10:14 GMT
server: nginx
etag: "1c27e0-5d52af84b3377"
front-end-https: on
content-type: image/png
accept-ranges: bytes
content-length: 1845216

GET
H2 200 cropped-header1.png
main.jingames.net/wp-content/uploads/2015/01/ 285 KB
285 KB 59ms
59ms Image
image/png 185.80.49.249
RACKFOREST-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://main.jingames.net/wp-content/uploads/2015/01/cropped-header1.png
Requested by: Host: hairsalon.jingames.net
URL: https://hairsalon.jingames.net/css/main.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 185.80.49.249 Lovasbereny, Hungary, ASN62214 (RACKFOREST-AS, HU),
Reverse DNS: gw1.c-host.hu
Software: nginx /
Resource Hash: 859fbca443befc30e88c800971f32a91d0928d9a708fb9cb01e28447320e2345

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hairsalon.jingames.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Sat, 20 Jan 2024 05:14:59 GMT
last-modified: Mon, 28 Nov 2016 18:53:24 GMT
server: nginx
etag: "47239-54260fc7e9100"
front-end-https: on
content-type: image/png
accept-ranges: bytes
content-length: 291385

GET
H2 200 prev.png
hairsalon.jingames.net/images/ 1 KB
1 KB 70ms
69ms Image
image/png 185.80.49.249
RACKFOREST-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://hairsalon.jingames.net/images/prev.png
Requested by: Host: hairsalon.jingames.net
URL: https://hairsalon.jingames.net/css/lightbox.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 185.80.49.249 Lovasbereny, Hungary, ASN62214 (RACKFOREST-AS, HU),
Reverse DNS: gw1.c-host.hu
Software: nginx /
Resource Hash: 7fd9273f20fdb1229c224341271a119020a5eee74ccf6b4605730917c864caf2

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hairsalon.jingames.net/css/lightbox.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Sat, 20 Jan 2024 05:14:59 GMT
last-modified: Mon, 28 Nov 2016 18:27:45 GMT
server: nginx
etag: "550-54260a0c34a40"
front-end-https: on
content-type: image/png
accept-ranges: bytes
content-length: 1360

GET
H2 200 next.png
hairsalon.jingames.net/images/ 1 KB
1 KB 67ms
66ms Image
image/png 185.80.49.249
RACKFOREST-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://hairsalon.jingames.net/images/next.png
Requested by: Host: hairsalon.jingames.net
URL: https://hairsalon.jingames.net/css/lightbox.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 185.80.49.249 Lovasbereny, Hungary, ASN62214 (RACKFOREST-AS, HU),
Reverse DNS: gw1.c-host.hu
Software: nginx /
Resource Hash: 15b869b02c6fbaa8c6c26445a2dd2d9bad80fd27b1409f8179e5dd89dc89d90a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hairsalon.jingames.net/css/lightbox.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Sat, 20 Jan 2024 05:14:59 GMT
last-modified: Mon, 28 Nov 2016 18:27:45 GMT
server: nginx
etag: "546-54260a0c34a40"
front-end-https: on
content-type: image/png
accept-ranges: bytes
content-length: 1350

GET
H2 200 loading.gif
hairsalon.jingames.net/images/ 8 KB
8 KB 69ms
68ms Image
image/gif 185.80.49.249
RACKFOREST-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://hairsalon.jingames.net/images/loading.gif
Requested by: Host: hairsalon.jingames.net
URL: https://hairsalon.jingames.net/css/lightbox.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 185.80.49.249 Lovasbereny, Hungary, ASN62214 (RACKFOREST-AS, HU),
Reverse DNS: gw1.c-host.hu
Software: nginx /
Resource Hash: 225aa88b6ab02c06222ec9468d62e15fa188e39cdb9431d1f55401ad380753ed

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hairsalon.jingames.net/css/lightbox.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Sat, 20 Jan 2024 05:14:59 GMT
last-modified: Mon, 28 Nov 2016 18:27:45 GMT
server: nginx
etag: "211c-54260a0c34a40"
front-end-https: on
content-type: image/gif
accept-ranges: bytes
content-length: 8476

GET
H2 200 close.png
hairsalon.jingames.net/images/ 280 B
430 B 68ms
67ms Image
image/png 185.80.49.249
RACKFOREST-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://hairsalon.jingames.net/images/close.png
Requested by: Host: hairsalon.jingames.net
URL: https://hairsalon.jingames.net/css/lightbox.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 185.80.49.249 Lovasbereny, Hungary, ASN62214 (RACKFOREST-AS, HU),
Reverse DNS: gw1.c-host.hu
Software: nginx /
Resource Hash: 5d62e6c90005bfb71f6abb440f9e4753681cb23bbd5e60477ab6f442d2f0e69c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hairsalon.jingames.net/css/lightbox.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Sat, 20 Jan 2024 05:14:59 GMT
last-modified: Mon, 28 Nov 2016 18:27:45 GMT
server: nginx
etag: "118-54260a0c34a40"
front-end-https: on
content-type: image/png
accept-ranges: bytes
content-length: 280

GET
DATA 200
OK truncated
/ 43 B
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

Content-Type: image/gif

GET
H2 200 show_ads_impl_with_ama_fy2021.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202401170101/ 402 KB
136 KB 77ms
76ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202401170101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-3861338687785014&plah=hairsalon.jingames.net&bust=31080557

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c8f55f961e59665b9d86dafd1bc8e996c0d9f4e20d4aef7f2308c1f8e804d47c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hairsalon.jingames.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Sat, 20 Jan 2024 05:14:28 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 139604
x-xss-protection: 0
server: cafe
etag: 6863137853720963038
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Sat, 20 Jan 2024 05:14:28 GMT

GET
H2 200 zrt_lookup_fy2021.html Show response
googleads.g.doubleclick.net/pagead/html/r20240118/r20190131/ Frame 7623 9 KB
4 KB 75ms
22ms Document
text/html 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20240118/r20190131/zrt_lookup_fy2021.html

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e93b8c0ae5b5910b7107c8b455eda029935c56efa8de0be2443d8eabba207197

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://hairsalon.jingames.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 17585
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4173
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sat, 20 Jan 2024 00:21:23 GMT
etag: 9219409622527106327
expires: Sat, 03 Feb 2024 00:21:23 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 1BEA 36 KB
14 KB 285ms
285ms Document
text/html 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3861338687785014&output=html&h=90&slotname=9914328682&adk=2757561866&adf=178305755&pi=t.ma~as.9914328682&w=728&lmt=1705727668&format=728x90&url=https%3A%2F%2Fhairsalon.jingames.net%2F&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1705727668597&bpp=2&bdt=340&idt=233&shv=r20240118&mjsv=m202401170101&ptt=9&saldr=aa&abxe=1&correlator=2853118610858&frm=20&pv=2&ga_vid=1594399411.1705727669&ga_sid=1705727669&ga_hid=1161117567&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=262&ady=601&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=95320239%2C44759876%2C44759927%2C44808398%2C42531706%2C42532523%2C44809531%2C31080557%2C95321958%2C95321627%2C95322163&oid=2&pvsid=3770801778785737&tmod=1696652066&uas=0&nvt=1&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeE%7C&abl=CS&pfx=0&fu=0&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=1&uci=a!1&fsb=1&dtd=245

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202401170101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-3861338687785014&plah=hairsalon.jingames.net&bust=31080557

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f49d93c6d4ea4cbabfe15c95219f4583ff9a36671e404d92bea42df56358fd41

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://hairsalon.jingames.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 14478
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sat, 20 Jan 2024 05:14:29 GMT
expires: Sat, 20 Jan 2024 05:14:29 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 10CC 125 KB
41 KB 410ms
410ms Document
text/html 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3861338687785014&output=html&h=90&slotname=3867795080&adk=2782272358&adf=1612621598&pi=t.ma~as.3867795080&w=728&lmt=1705727668&format=728x90&url=https%3A%2F%2Fhairsalon.jingames.net%2F&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1705727668599&bpp=1&bdt=343&idt=248&shv=r20240118&mjsv=m202401170101&ptt=9&saldr=aa&abxe=1&prev_fmts=728x90&correlator=2853118610858&frm=20&pv=1&ga_vid=1594399411.1705727669&ga_sid=1705727669&ga_hid=1161117567&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=267&ady=3811&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=95320239%2C44759876%2C44759927%2C44808398%2C42531706%2C42532523%2C44809531%2C31080557%2C95321958%2C95321627%2C95322163&oid=2&pvsid=3770801778785737&tmod=1696652066&uas=0&nvt=1&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&btvi=1&fsb=1&dtd=250

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3eb7aaef3388cddce5171dd8f0ddfd5584f2a23412242be4da9a7a3bbf2032e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://hairsalon.jingames.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 41690
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sat, 20 Jan 2024 05:14:29 GMT
expires: Sat, 20 Jan 2024 05:14:29 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame D7AC 91 KB
42 KB 426ms
426ms Document
text/html 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3861338687785014&output=html&h=600&slotname=2391061885&adk=3543907923&adf=2961538820&pi=t.ma~as.2391061885&w=300&lmt=1705727668&format=300x600&url=https%3A%2F%2Fhairsalon.jingames.net%2F&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1705727668599&bpp=1&bdt=343&idt=252&shv=r20240118&mjsv=m202401170101&ptt=9&saldr=aa&abxe=1&prev_fmts=728x90%2C728x90&correlator=2853118610858&frm=20&pv=1&ga_vid=1594399411.1705727669&ga_sid=1705727669&ga_hid=1161117567&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1042&ady=813&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=95320239%2C44759876%2C44759927%2C44808398%2C42531706%2C42532523%2C44809531%2C31080557%2C95321958%2C95321627%2C95322163&oid=2&pvsid=3770801778785737&tmod=1696652066&uas=0&nvt=1&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeE%7C&abl=CS&pfx=0&fu=0&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=3&uci=a!3&fsb=1&dtd=254

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

1e5c99239ba9edf25178dacec7b44cad25292c74dbc886025cadd687e83d7595

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://hairsalon.jingames.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 42409
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sat, 20 Jan 2024 05:14:29 GMT
expires: Sat, 20 Jan 2024 05:14:29 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame A5A0 571 KB
130 KB 1477ms
1476ms Document
text/html 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3861338687785014&output=html&adk=1812271804&adf=3025194257&lmt=1705727668&plat=9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C41%3A32%2C42%3A32&plas=236x1080_l%7C236x1080_r&format=0x0&url=https%3A%2F%2Fhairsalon.jingames.net%2F&pra=7&wgl=1&easpi=0&asro=0&aslmt=0.4&asamt=-1&asedf=0&asefa=1&aseiel=1~2~4~6&aslcwct=150&asacwct=25&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1705727668609&bpp=1&bdt=353&idt=250&shv=r20240118&mjsv=m202401170101&ptt=9&saldr=aa&abxe=1&prev_fmts=728x90%2C728x90%2C300x600&nras=1&correlator=2853118610858&frm=20&pv=1&ga_vid=1594399411.1705727669&ga_sid=1705727669&ga_hid=1161117567&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=95320239%2C44759876%2C44759927%2C44808398%2C42531706%2C42532523%2C44809531%2C31080557%2C95321958%2C95321627%2C95322163&oid=2&pvsid=3770801778785737&tmod=1696652066&uas=0&nvt=1&fsapi=1&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=4&uci=a!4&fsb=1&dtd=261

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

60a8d82d73b73bdbb295998310ef362cf2d0302c12bf6da9f15254174c51f268

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://hairsalon.jingames.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 132379
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sat, 20 Jan 2024 05:14:30 GMT
expires: Sat, 20 Jan 2024 05:14:30 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 rtb Show response
rtb.ads.travelaudience.com/ Frame 4E30 6 KB
4 KB 126ms
32ms Document
text/html 35.187.184.108
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://rtb.ads.travelaudience.com/rtb?ads=1000249.2.0.70019635.0.0..0.DE.-1..7sOMk32o1KNqb38Y2MsA0w%3D%3D.60020881.OTk5JTJjMQ==...7sOMk32o1KNqb38Y2MsA0w%3D%3D.a3M9OmRwPTpycz06ZHB0PTpkcGQ9OnJ0ZD06b2lhPQ==.2.0&p=90000&x=728&y=90&click=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCG4nRtFarZYWbNd6V1PIPqZq_qA3KkbX7ctPipc7RCsCNtwEQASAAYJWCgICwB4IBF2NhLXB1Yi0zODYxMzM4Njg3Nzg1MDE0yAEJqQKdimvoZUiyPqgDAcgDAqoE1AFP0O43-9yflwMpCIL4jv9Mg5NiUPlT63WYSjkhKMUWFPyFrBn8ZZ62JrcGJGLqsdH91RZqtrq3vlTsTWbTt85t9SZlx5ff9gZPgSutI6J_Uwejv2Yd2RuePmYXtnBUpWAtP3NiX7uFsfPeg7jrxzZ_74dO-7VpuoZ9qc4zMW29cTJsj-53e5Na3HR5y25ueUiWxR5aYUADmBvp1E69u2vHDbZu7RhDkHWfg6CEGSGXb7ze6OwnWmLuEPAyiMtazhS0QKePyS7H3YS4lGoJP70mxm1r5oAGqO2U6432uoY8oAYhqAemvhuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIHQiA4YBwEAEyAusCOgKAQEi9_cE6WIeZpd6a64MD-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_2RC21Yu_ULcv9n3KSn-BwBr9bsWQ%26client%3Dca-pub-3861338687785014%26adurl%3D&googlewinningprice=ZatWtAANTYUIVQreAA_NKSZAtM4kad-HRib0vQ&wpc=EUR&site=hairsalon.jingames.net&slotvisibility=1&gcpm=1217123&gpos=1&bidder=bidder-rtb-production-746b898cf6-rftcx&dv=1&uuid=&suid=&brq=yz0YUshD2YULkA5vyxvrpP2KZq2Cd_kRADbwTg&ssp_id=0&l=en&ts=1705727668&uc=DE&at=1&ia=0&mai=&mat=1&ir=0&an=&rg=1&hm=aSf_Dej45RkSwbrQt6Cuj6ZMfE6PRkA8awicUziiVlY=

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3861338687785014&output=html&h=90&slotname=9914328682&adk=2757561866&adf=178305755&pi=t.ma~as.9914328682&w=728&lmt=1705727668&format=728x90&url=https%3A%2F%2Fhairsalon.jingames.net%2F&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1705727668597&bpp=2&bdt=340&idt=233&shv=r20240118&mjsv=m202401170101&ptt=9&saldr=aa&abxe=1&correlator=2853118610858&frm=20&pv=2&ga_vid=1594399411.1705727669&ga_sid=1705727669&ga_hid=1161117567&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=262&ady=601&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=95320239%2C44759876%2C44759927%2C44808398%2C42531706%2C42532523%2C44809531%2C31080557%2C95321958%2C95321627%2C95322163&oid=2&pvsid=3770801778785737&tmod=1696652066&uas=0&nvt=1&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeE%7C&abl=CS&pfx=0&fu=0&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=1&uci=a!1&fsb=1&dtd=245

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

35.187.184.108 Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

108.184.187.35.bc.googleusercontent.com

Software

Resource Hash

a99aec2b2aa2ef044aa35f08620f188b59ec47a0f1fbd374b260a3ef49fe17f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

content-encoding: gzip
content-type: text/html; charset=utf-8
date: Sat, 20 Jan 2024 05:14:29 GMT
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR LAW CUR DEV PSA PSD IVA OUR BUS UNI COM NAV INT CNT LOC"
strict-transport-security: max-age=15724800; includeSubDomains
vary: Accept-Encoding
x-engine-version: 0.0.0
x-host: deliveryengine-rtb-production-b78967497-lg2v6

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240118/r20110914/client/ Frame 1BEA 3 KB
1 KB 75ms
24ms Script
text/javascript 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240118/r20110914/client/window_focus_fy2021.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Fri, 19 Jan 2024 18:40:08 GMT
content-encoding: br
x-content-type-options: nosniff
age: 38061
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 02 Feb 2024 18:40:08 GMT

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240118/r20110914/client/ Frame 1BEA 20 KB
9 KB 72ms
21ms Script
text/javascript 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240118/r20110914/client/qs_click_protection_fy2021.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d58acf16b5e4521c9eb24fe9fd97308e5f8be1297e4b63a547e5b610611799ae

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Fri, 19 Jan 2024 18:29:17 GMT
content-encoding: br
x-content-type-options: nosniff
age: 38712
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8492
x-xss-protection: 0
server: cafe
etag: 9878124937798820110
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 02 Feb 2024 18:29:17 GMT

GET
H2 200 ufs_web_display.js Show response
www.googletagservices.com/activeview/js/current/ Frame 1BEA 206 KB
66 KB 100ms
37ms Script
text/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

69c32d8650b1e5f0bcb76d787972b68a1ba327ea5bd8da7ab8ca1a04336735c0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Sat, 20 Jan 2024 05:14:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 66453
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1705495733332172"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 20 Jan 2024 05:14:29 GMT

GET
DATA 200
OK truncated
/ Frame 1BEA 212 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: c9be04e675a8bca92ee0d8d9cbd1d841d697847316fef385be8975322b7075be

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 css
fonts.googleapis.com/ Frame 10CC 14 KB
2 KB 80ms
31ms Stylesheet
text/css 2a00:1450:4001:80b::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3861338687785014&output=html&h=90&slotname=3867795080&adk=2782272358&adf=1612621598&pi=t.ma~as.3867795080&w=728&lmt=1705727668&format=728x90&url=https%3A%2F%2Fhairsalon.jingames.net%2F&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1705727668599&bpp=1&bdt=343&idt=248&shv=r20240118&mjsv=m202401170101&ptt=9&saldr=aa&abxe=1&prev_fmts=728x90&correlator=2853118610858&frm=20&pv=1&ga_vid=1594399411.1705727669&ga_sid=1705727669&ga_hid=1161117567&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=267&ady=3811&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=95320239%2C44759876%2C44759927%2C44808398%2C42531706%2C42532523%2C44809531%2C31080557%2C95321958%2C95321627%2C95322163&oid=2&pvsid=3770801778785737&tmod=1696652066&uas=0&nvt=1&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&btvi=1&fsb=1&dtd=250

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

aade7746342f608807b7eb107059c842fe200e1ff09e146db822250055cecaed

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Sat, 20 Jan 2024 05:14:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Sat, 20 Jan 2024 03:16:57 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Sat, 20 Jan 2024 05:14:29 GMT

GET
H2 200 el.ashx
ads.travelaudience.com/ Frame 4E30 631 B
675 B 142ms
85ms Image
image/jpeg 35.190.0.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ads.travelaudience.com/el.ashx?__trackerRequestId=0.3531497864991256&adPos=&ai1=1%3B1000249%3B2%3B1%3B%3B%3B0%3B-1%3B%3B%3B%3B7sOMk32o1KNqb38Y2MsA0w%3D%3D%3B60020881%3B999%252c1%3B%3B%3B2%3B4%3B50000316%3B7sOMk32o1KNqb38Y2MsA0w%3D%3D%3BEUR%3B%3B%3B%3B%3B%3B%3B%3B%3B%3B%3B%3B%3B%3B70019635%3Byz0YUshD2YULkA5vyxvrpP2KZq2Cd_kRADbwTg%3BEUR%3B2%3B%3B%3B%3B%3B0%3B%3B&aid=&an=&ask=&at=1&bc=1&bd=bidder-rtb-production-746b898cf6-rftcx&bnr=0&brq=yz0YUshD2YULkA5vyxvrpP2KZq2Cd_kRADbwTg&di=&did=-1&dnt=&dv=1&ed=&ev=ic&fm=728x90&gcpm=1217123&gctr=&ia=0&id5Decr=&id5Encr=&id5PID=&id5Src=&iid=&ilt=&ir=0&ld=&mai=&mat=1&mid=&na=&no=&oo=&pb=90000&pos_old=&rg=1&rts=&salt=18&sc=&site=hairsalon.jingames.net&ssp=0&sv=1&tsf=&ua=&uc=DE&ucy=&uuid=C3556B5F-4481-4FD7-BC00-942419D43BBA&view=&vrt=&vw=&wp=ZatWtAANTYUIVQreAA_NKSZAtM4kad-HRib0vQ
Requested by: Host: rtb.ads.travelaudience.com
URL: https://rtb.ads.travelaudience.com/rtb?ads=1000249.2.0.70019635.0.0..0.DE.-1..7sOMk32o1KNqb38Y2MsA0w%3D%3D.60020881.OTk5JTJjMQ==...7sOMk32o1KNqb38Y2MsA0w%3D%3D.a3M9OmRwPTpycz06ZHB0PTpkcGQ9OnJ0ZD06b2lhPQ==.2.0&p=90000&x=728&y=90&click=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCG4nRtFarZYWbNd6V1PIPqZq_qA3KkbX7ctPipc7RCsCNtwEQASAAYJWCgICwB4IBF2NhLXB1Yi0zODYxMzM4Njg3Nzg1MDE0yAEJqQKdimvoZUiyPqgDAcgDAqoE1AFP0O43-9yflwMpCIL4jv9Mg5NiUPlT63WYSjkhKMUWFPyFrBn8ZZ62JrcGJGLqsdH91RZqtrq3vlTsTWbTt85t9SZlx5ff9gZPgSutI6J_Uwejv2Yd2RuePmYXtnBUpWAtP3NiX7uFsfPeg7jrxzZ_74dO-7VpuoZ9qc4zMW29cTJsj-53e5Na3HR5y25ueUiWxR5aYUADmBvp1E69u2vHDbZu7RhDkHWfg6CEGSGXb7ze6OwnWmLuEPAyiMtazhS0QKePyS7H3YS4lGoJP70mxm1r5oAGqO2U6432uoY8oAYhqAemvhuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIHQiA4YBwEAEyAusCOgKAQEi9_cE6WIeZpd6a64MD-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_2RC21Yu_ULcv9n3KSn-BwBr9bsWQ%26client%3Dca-pub-3861338687785014%26adurl%3D&googlewinningprice=ZatWtAANTYUIVQreAA_NKSZAtM4kad-HRib0vQ&wpc=EUR&site=hairsalon.jingames.net&slotvisibility=1&gcpm=1217123&gpos=1&bidder=bidder-rtb-production-746b898cf6-rftcx&dv=1&uuid=&suid=&brq=yz0YUshD2YULkA5vyxvrpP2KZq2Cd_kRADbwTg&ssp_id=0&l=en&ts=1705727668&uc=DE&at=1&ia=0&mai=&mat=1&ir=0&an=&rg=1&hm=aSf_Dej45RkSwbrQt6Cuj6ZMfE6PRkA8awicUziiVlY=
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.190.0.66 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 66.0.190.35.bc.googleusercontent.com
Software: nginx/1.21.6 /
Resource Hash: 25cf0f0ce42f8acd9ea6facc223f54105c7fd0cce63fb7bb5d83e6600100acbd

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://rtb.ads.travelaudience.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Sat, 20 Jan 2024 05:14:29 GMT
content-encoding: gzip
x-engine-version: 0.0.0
via: 1.1 google
server: nginx/1.21.6
vary: Accept-Encoding
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR LAW CUR DEV PSA PSD IVA OUR BUS UNI COM NAV INT CNT LOC"
content-type: image/jpeg
x-host: tde-deliveryengine-production-5db7bf8975-9xdt4
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

GET
H2 200 728x90_Dubai_Adventure_DE.gif
static.travelaudience.com/img/import/Dubai_DMO/Adventure/DE/ Frame 4E30 141 KB
142 KB 77ms
22ms Image
image/gif 35.244.170.237
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.travelaudience.com/img/import/Dubai_DMO/Adventure/DE/728x90_Dubai_Adventure_DE.gif
Requested by: Host: rtb.ads.travelaudience.com
URL: https://rtb.ads.travelaudience.com/rtb?ads=1000249.2.0.70019635.0.0..0.DE.-1..7sOMk32o1KNqb38Y2MsA0w%3D%3D.60020881.OTk5JTJjMQ==...7sOMk32o1KNqb38Y2MsA0w%3D%3D.a3M9OmRwPTpycz06ZHB0PTpkcGQ9OnJ0ZD06b2lhPQ==.2.0&p=90000&x=728&y=90&click=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCG4nRtFarZYWbNd6V1PIPqZq_qA3KkbX7ctPipc7RCsCNtwEQASAAYJWCgICwB4IBF2NhLXB1Yi0zODYxMzM4Njg3Nzg1MDE0yAEJqQKdimvoZUiyPqgDAcgDAqoE1AFP0O43-9yflwMpCIL4jv9Mg5NiUPlT63WYSjkhKMUWFPyFrBn8ZZ62JrcGJGLqsdH91RZqtrq3vlTsTWbTt85t9SZlx5ff9gZPgSutI6J_Uwejv2Yd2RuePmYXtnBUpWAtP3NiX7uFsfPeg7jrxzZ_74dO-7VpuoZ9qc4zMW29cTJsj-53e5Na3HR5y25ueUiWxR5aYUADmBvp1E69u2vHDbZu7RhDkHWfg6CEGSGXb7ze6OwnWmLuEPAyiMtazhS0QKePyS7H3YS4lGoJP70mxm1r5oAGqO2U6432uoY8oAYhqAemvhuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIHQiA4YBwEAEyAusCOgKAQEi9_cE6WIeZpd6a64MD-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_2RC21Yu_ULcv9n3KSn-BwBr9bsWQ%26client%3Dca-pub-3861338687785014%26adurl%3D&googlewinningprice=ZatWtAANTYUIVQreAA_NKSZAtM4kad-HRib0vQ&wpc=EUR&site=hairsalon.jingames.net&slotvisibility=1&gcpm=1217123&gpos=1&bidder=bidder-rtb-production-746b898cf6-rftcx&dv=1&uuid=&suid=&brq=yz0YUshD2YULkA5vyxvrpP2KZq2Cd_kRADbwTg&ssp_id=0&l=en&ts=1705727668&uc=DE&at=1&ia=0&mai=&mat=1&ir=0&an=&rg=1&hm=aSf_Dej45RkSwbrQt6Cuj6ZMfE6PRkA8awicUziiVlY=
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.170.237 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 237.170.244.35.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: bc444d33e738dae0721139bbb6d283b4caaf9149be271214a4fbcd74e6f51a98

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://rtb.ads.travelaudience.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Sat, 20 Jan 2024 04:25:30 GMT
age: 2939
x-guploader-uploadid: ABPtcPoCTEaTfc0eY_JzfOrgAvmcJU-vVAMm5OCtLaRZhe3sWv0C4GE2fe4k5jsAM9C7c8fe9SUn55gyIpfJg3o
x-goog-storage-class: REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 144440
last-modified: Wed, 17 Jan 2024 09:07:16 GMT
server: UploadServer
etag: "174bf0779d575fb37f848cc6976d999a"
vary: Origin
x-goog-generation: 1705482436688858
x-goog-hash: crc32c=jVqSgA==, md5=F0vwd51XX7N/hIzGl22Zmg==
content-type: image/gif
cache-control: public, max-age=3600
x-goog-stored-content-length: 144440
accept-ranges: bytes
expires: Sat, 20 Jan 2024 05:25:30 GMT

GET
H2 200 moatad.js Show response
z.moatads.com/travel198849194933/ Frame 4E30 334 KB
113 KB 105ms
27ms Script
application/x-javascript 184.30.17.133
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://z.moatads.com/travel198849194933/moatad.js
Requested by: Host: rtb.ads.travelaudience.com
URL: https://rtb.ads.travelaudience.com/rtb?ads=1000249.2.0.70019635.0.0..0.DE.-1..7sOMk32o1KNqb38Y2MsA0w%3D%3D.60020881.OTk5JTJjMQ==...7sOMk32o1KNqb38Y2MsA0w%3D%3D.a3M9OmRwPTpycz06ZHB0PTpkcGQ9OnJ0ZD06b2lhPQ==.2.0&p=90000&x=728&y=90&click=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCG4nRtFarZYWbNd6V1PIPqZq_qA3KkbX7ctPipc7RCsCNtwEQASAAYJWCgICwB4IBF2NhLXB1Yi0zODYxMzM4Njg3Nzg1MDE0yAEJqQKdimvoZUiyPqgDAcgDAqoE1AFP0O43-9yflwMpCIL4jv9Mg5NiUPlT63WYSjkhKMUWFPyFrBn8ZZ62JrcGJGLqsdH91RZqtrq3vlTsTWbTt85t9SZlx5ff9gZPgSutI6J_Uwejv2Yd2RuePmYXtnBUpWAtP3NiX7uFsfPeg7jrxzZ_74dO-7VpuoZ9qc4zMW29cTJsj-53e5Na3HR5y25ueUiWxR5aYUADmBvp1E69u2vHDbZu7RhDkHWfg6CEGSGXb7ze6OwnWmLuEPAyiMtazhS0QKePyS7H3YS4lGoJP70mxm1r5oAGqO2U6432uoY8oAYhqAemvhuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIHQiA4YBwEAEyAusCOgKAQEi9_cE6WIeZpd6a64MD-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_2RC21Yu_ULcv9n3KSn-BwBr9bsWQ%26client%3Dca-pub-3861338687785014%26adurl%3D&googlewinningprice=ZatWtAANTYUIVQreAA_NKSZAtM4kad-HRib0vQ&wpc=EUR&site=hairsalon.jingames.net&slotvisibility=1&gcpm=1217123&gpos=1&bidder=bidder-rtb-production-746b898cf6-rftcx&dv=1&uuid=&suid=&brq=yz0YUshD2YULkA5vyxvrpP2KZq2Cd_kRADbwTg&ssp_id=0&l=en&ts=1705727668&uc=DE&at=1&ia=0&mai=&mat=1&ir=0&an=&rg=1&hm=aSf_Dej45RkSwbrQt6Cuj6ZMfE6PRkA8awicUziiVlY=
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 184.30.17.133 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a184-30-17-133.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: 8ad699b94dcb8ac5c24ab5f4e6bfaa6fa8ddd26d90ff42fc3e395a8310684512

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://rtb.ads.travelaudience.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Sat, 20 Jan 2024 05:14:29 GMT
content-encoding: gzip
last-modified: Wed, 17 Jan 2024 10:56:36 GMT
server: AmazonS3
x-amz-request-id: 5ADD2SR6FVQW52ZN
etag: "37dd62b52cf0e911ad78369a74658368"
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
content-type: application/x-javascript
cache-control: max-age=16649
accept-ranges: bytes
content-length: 115629
x-amz-id-2: pDgLJ/GC6iJcEq1w9HPnL5hxp5Yl0hMIxYlTeVWDpPG0k8FmTDjsCf81esmNtOs4aNdcYCs9Jaw=

GET
H2 200 creative.js Show response
ads.travelaudience.com/js/ Frame 4E30 56 KB
20 KB 89ms
33ms Script
application/javascript 35.190.0.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.travelaudience.com/js/creative.js?version=0.0.0
Requested by: Host: rtb.ads.travelaudience.com
URL: https://rtb.ads.travelaudience.com/rtb?ads=1000249.2.0.70019635.0.0..0.DE.-1..7sOMk32o1KNqb38Y2MsA0w%3D%3D.60020881.OTk5JTJjMQ==...7sOMk32o1KNqb38Y2MsA0w%3D%3D.a3M9OmRwPTpycz06ZHB0PTpkcGQ9OnJ0ZD06b2lhPQ==.2.0&p=90000&x=728&y=90&click=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCG4nRtFarZYWbNd6V1PIPqZq_qA3KkbX7ctPipc7RCsCNtwEQASAAYJWCgICwB4IBF2NhLXB1Yi0zODYxMzM4Njg3Nzg1MDE0yAEJqQKdimvoZUiyPqgDAcgDAqoE1AFP0O43-9yflwMpCIL4jv9Mg5NiUPlT63WYSjkhKMUWFPyFrBn8ZZ62JrcGJGLqsdH91RZqtrq3vlTsTWbTt85t9SZlx5ff9gZPgSutI6J_Uwejv2Yd2RuePmYXtnBUpWAtP3NiX7uFsfPeg7jrxzZ_74dO-7VpuoZ9qc4zMW29cTJsj-53e5Na3HR5y25ueUiWxR5aYUADmBvp1E69u2vHDbZu7RhDkHWfg6CEGSGXb7ze6OwnWmLuEPAyiMtazhS0QKePyS7H3YS4lGoJP70mxm1r5oAGqO2U6432uoY8oAYhqAemvhuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIHQiA4YBwEAEyAusCOgKAQEi9_cE6WIeZpd6a64MD-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_2RC21Yu_ULcv9n3KSn-BwBr9bsWQ%26client%3Dca-pub-3861338687785014%26adurl%3D&googlewinningprice=ZatWtAANTYUIVQreAA_NKSZAtM4kad-HRib0vQ&wpc=EUR&site=hairsalon.jingames.net&slotvisibility=1&gcpm=1217123&gpos=1&bidder=bidder-rtb-production-746b898cf6-rftcx&dv=1&uuid=&suid=&brq=yz0YUshD2YULkA5vyxvrpP2KZq2Cd_kRADbwTg&ssp_id=0&l=en&ts=1705727668&uc=DE&at=1&ia=0&mai=&mat=1&ir=0&an=&rg=1&hm=aSf_Dej45RkSwbrQt6Cuj6ZMfE6PRkA8awicUziiVlY=
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.190.0.66 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 66.0.190.35.bc.googleusercontent.com
Software: nginx/1.21.6 /
Resource Hash: baccf45a36486a2abc76291138c8661c88e8a2aa1ad74d279882ae80245e0fb4

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://rtb.ads.travelaudience.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma: public
date: Sat, 20 Jan 2024 05:14:29 GMT
content-encoding: gzip
via: 1.1 google
last-modified: Wed, 17 Jan 2024 16:02:44 GMT
server: nginx/1.21.6
etag: W/"65a7fa24-e1b5"
vary: Accept-Encoding, Origin
content-type: application/javascript
cache-control: max-age=86400, public
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Sun, 21 Jan 2024 05:14:29 GMT

GET
H2 200 load_preloaded_resource_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240118/r20110914/client/ Frame 10CC 2 KB
875 B 21ms
20ms Script
text/javascript 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240118/r20110914/client/load_preloaded_resource_fy2021.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

41d2526e9c4595fc1fc747555bda18a041033a863a9b2ed180e7b5836918facd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Fri, 19 Jan 2024 18:29:17 GMT
content-encoding: br
x-content-type-options: nosniff
age: 38712
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 795
x-xss-protection: 0
server: cafe
etag: 4925184154378345226
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 02 Feb 2024 18:29:17 GMT

GET
H2 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240118/r20110914/ Frame 10CC 23 KB
9 KB 21ms
21ms Script
text/javascript 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240118/r20110914/abg_lite_fy2021.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

428f4d59e61cdf9887ad4cd7c4592a24b214d2d9c0ba09db01c4cfde66a3cd11

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Fri, 19 Jan 2024 09:16:21 GMT
content-encoding: br
x-content-type-options: nosniff
age: 71888
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9276
x-xss-protection: 0
server: cafe
etag: 3558958386372919956
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 02 Feb 2024 09:16:21 GMT

GET
H3 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 0CFE 143 B
166 B 24ms
23ms Document
text/html 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3861338687785014&output=html&h=90&slotname=3867795080&adk=2782272358&adf=1612621598&pi=t.ma~as.3867795080&w=728&lmt=1705727668&format=728x90&url=https%3A%2F%2Fhairsalon.jingames.net%2F&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1705727668599&bpp=1&bdt=343&idt=248&shv=r20240118&mjsv=m202401170101&ptt=9&saldr=aa&abxe=1&prev_fmts=728x90&correlator=2853118610858&frm=20&pv=1&ga_vid=1594399411.1705727669&ga_sid=1705727669&ga_hid=1161117567&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=267&ady=3811&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=95320239%2C44759876%2C44759927%2C44808398%2C42531706%2C42532523%2C44809531%2C31080557%2C95321958%2C95321627%2C95322163&oid=2&pvsid=3770801778785737&tmod=1696652066&uas=0&nvt=1&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&btvi=1&fsb=1&dtd=250
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 2169
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=3600
content-encoding: gzip
content-length: 145
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sat, 20 Jan 2024 04:38:20 GMT
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240118/r20110914/client/ Frame 10CC 3 KB
1 KB 28ms
27ms Script
text/javascript 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240118/r20110914/client/window_focus_fy2021.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Fri, 19 Jan 2024 18:40:08 GMT
content-encoding: br
x-content-type-options: nosniff
age: 38061
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 02 Feb 2024 18:40:08 GMT

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240118/r20110914/client/ Frame 10CC 20 KB
8 KB 23ms
23ms Script
text/javascript 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240118/r20110914/client/qs_click_protection_fy2021.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d58acf16b5e4521c9eb24fe9fd97308e5f8be1297e4b63a547e5b610611799ae

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Fri, 19 Jan 2024 18:29:17 GMT
content-encoding: br
x-content-type-options: nosniff
age: 38712
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8492
x-xss-protection: 0
server: cafe
etag: 9878124937798820110
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 02 Feb 2024 18:29:17 GMT

GET
H2 200 ufs_web_display.js Show response
www.googletagservices.com/activeview/js/current/ Frame 10CC 206 KB
65 KB 46ms
45ms Script
text/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

69c32d8650b1e5f0bcb76d787972b68a1ba327ea5bd8da7ab8ca1a04336735c0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Sat, 20 Jan 2024 05:14:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 66453
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1705495733332172"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 20 Jan 2024 05:14:29 GMT

GET
H2 200 4cee352c918c506f58256258d534a665.js Show response
www.gstatic.com/mysidia/ Frame 10CC 37 KB
16 KB 70ms
21ms Script
text/javascript 2a00:1450:4001:82a::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/4cee352c918c506f58256258d534a665.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e6b20a1535a6d3ca3d7a611ae199a6f4b464e0b67b450379ed43a7ef3e66957c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Wed, 17 Jan 2024 17:10:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 216226
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15452
x-xss-protection: 0
last-modified: Sat, 13 Jan 2024 00:04:01 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Tue, 16 Apr 2024 17:10:43 GMT

GET
DATA 200
OK truncated
/ Frame 10CC 161 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 29e4c24a2fa1b6c2218b217e252a8d838cb65819a3b959a73c1a3565067ec0d9

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame D7AC 42 B
63 B 53ms
53ms Image
image/gif 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-CXHf7KqEpjH0UWJy2B2IiYPeZU0C7h1-crpz0_2bXu7nr9AOYrTd0lIlD8CFKcG83ZjD_19HA6-8rrGznQkzDS9IBfSrp5jq5awN_moQMOQMxNzlI

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3861338687785014&output=html&h=600&slotname=2391061885&adk=3543907923&adf=2961538820&pi=t.ma~as.2391061885&w=300&lmt=1705727668&format=300x600&url=https%3A%2F%2Fhairsalon.jingames.net%2F&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1705727668599&bpp=1&bdt=343&idt=252&shv=r20240118&mjsv=m202401170101&ptt=9&saldr=aa&abxe=1&prev_fmts=728x90%2C728x90&correlator=2853118610858&frm=20&pv=1&ga_vid=1594399411.1705727669&ga_sid=1705727669&ga_hid=1161117567&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1042&ady=813&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=95320239%2C44759876%2C44759927%2C44808398%2C42531706%2C42532523%2C44809531%2C31080557%2C95321958%2C95321627%2C95322163&oid=2&pvsid=3770801778785737&tmod=1696652066&uas=0&nvt=1&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeE%7C&abl=CS&pfx=0&fu=0&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=3&uci=a!3&fsb=1&dtd=254

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 20 Jan 2024 05:14:29 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240118/r20110914/client/ Frame D7AC 3 KB
1 KB 25ms
24ms Script
text/javascript 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240118/r20110914/client/window_focus_fy2021.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Fri, 19 Jan 2024 18:40:08 GMT
content-encoding: br
x-content-type-options: nosniff
age: 38061
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 02 Feb 2024 18:40:08 GMT

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240118/r20110914/client/ Frame D7AC 20 KB
8 KB 21ms
20ms Script
text/javascript 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240118/r20110914/client/qs_click_protection_fy2021.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d58acf16b5e4521c9eb24fe9fd97308e5f8be1297e4b63a547e5b610611799ae

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Fri, 19 Jan 2024 18:29:17 GMT
content-encoding: br
x-content-type-options: nosniff
age: 38712
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8492
x-xss-protection: 0
server: cafe
etag: 9878124937798820110
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 02 Feb 2024 18:29:17 GMT

GET
H2 200 ufs_web_display.js Show response
www.googletagservices.com/activeview/js/current/ Frame D7AC 206 KB
65 KB 40ms
40ms Script
text/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

69c32d8650b1e5f0bcb76d787972b68a1ba327ea5bd8da7ab8ca1a04336735c0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Sat, 20 Jan 2024 05:14:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 66453
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1705495733332172"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 20 Jan 2024 05:14:29 GMT

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 5ED7 0
20 B 60ms
60ms Document
text/html 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CLbFxQEQq9bcARi3v53cATAB&v=APEucNWrnbhGas_AyfxdJucYVPzEOcc2bVXx0_yhvkk17H_AjvwbCQU_0TTIMrjx9Ig0PvBMw16l0s8t6sX5WugIJxqrdvxaTQ

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3861338687785014&output=html&h=600&slotname=2391061885&adk=3543907923&adf=2961538820&pi=t.ma~as.2391061885&w=300&lmt=1705727668&format=300x600&url=https%3A%2F%2Fhairsalon.jingames.net%2F&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1705727668599&bpp=1&bdt=343&idt=252&shv=r20240118&mjsv=m202401170101&ptt=9&saldr=aa&abxe=1&prev_fmts=728x90%2C728x90&correlator=2853118610858&frm=20&pv=1&ga_vid=1594399411.1705727669&ga_sid=1705727669&ga_hid=1161117567&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1042&ady=813&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=95320239%2C44759876%2C44759927%2C44808398%2C42531706%2C42532523%2C44809531%2C31080557%2C95321958%2C95321627%2C95322163&oid=2&pvsid=3770801778785737&tmod=1696652066&uas=0&nvt=1&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeE%7C&abl=CS&pfx=0&fu=0&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=3&uci=a!3&fsb=1&dtd=254
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sat, 20 Jan 2024 05:14:29 GMT
expires: Sat, 20 Jan 2024 05:14:29 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 abg_lite_fy2021.js Show response
pagead2.googlesyndication.com/pagead/js/r20240118/r20110914/ Frame D7AC 23 KB
9 KB 24ms
24ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20240118/r20110914/abg_lite_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

428f4d59e61cdf9887ad4cd7c4592a24b214d2d9c0ba09db01c4cfde66a3cd11

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Fri, 19 Jan 2024 18:32:08 GMT
content-encoding: br
x-content-type-options: nosniff
age: 38541
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9276
x-xss-protection: 0
server: cafe
etag: 3558958386372919956
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 02 Feb 2024 18:32:08 GMT

GET
H3 200 omrhp_fy2021.js Show response
pagead2.googlesyndication.com/pagead/js/r20240118/r20110914/elements/html/ Frame D7AC 8 KB
3 KB 23ms
23ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20240118/r20110914/elements/html/omrhp_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef34301455784e8a56ecc7a80985d6fd317ddd8328b6232dc0bc3223d79c91c2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Fri, 19 Jan 2024 18:37:48 GMT
content-encoding: br
x-content-type-options: nosniff
age: 38201
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 3206
x-xss-protection: 0
server: cafe
etag: 12640889860211258669
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 02 Feb 2024 18:37:48 GMT

GET
H2 200 view
ad.doubleclick.net/pcs/ Frame D7AC 0
0 139ms
64ms Fetch
image/gif 142.250.184.198
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ad.doubleclick.net/pcs/view?xai=AKAOjstel28_WhJd_hRUJAUnZsA-c0J-GBEOmfjbvuBz_z8So7jqGFssK-tbWfvTuJf-NHuP6hk2VHTI9vtxH8QGHHgRSDcFj8_bOnKYFnG4k6hrUnXuGUDxIVBP8kZQ5DXQcNo10QXQRyQViWbSDNhEwEV3lm0EPyZWEqDglcm1jkSUb1wbu-Yao_zu2ChsSWbWOSxK2u2LXIwH_MI8AxNGuk1IK7FF7p_LcladSbpQaozSnVS_g_8rhmq-mv0A1OW1dTn5LyRI2Tv0O2K18fVlAY4NzbfUdTFqG2fdqnl6sCXZanr5BWFZivS_VpC0mWGu5ml9mW0-X6GxBAr_hSvdGvX0jsbzjSxWixSXiZkydsabSWLJl1bhv9fqLdZK1lcjUpX-FbMTOqLku_FEdt6TGHgyHus4u55TQnx0PMOrYSOBrl_vN2rn3x5XG9l_rkIbcsKMLm9TV9303GylH8D6Kzro7BXeNoXe65m908OE09tSjC9vKIbX-tLvkkq9eiLohNnfTQE_DjOq0EO4J9qsncHw076cn-uQvn5IB1bdYNJ_1J3JzSPJ_-V074Tz-Fhlx_IN3EX6ww9ksJ9cRbgbNddrhPZjJ6GGdoceaZndf_UknQXeSXKh0vvHTLE3ER_hNmDkJ8tZU2IIE7zlP4aCf1yb2NOXw7Mgbrwr7VqX0p0OoevX-rTqOtM_4Cps8QEKgd_KqJG6FRdS7g51w_czPA5c1OUUpB4xWEJld2s4BqLqSlGpI8N-KE9W5FYis3hIu6PGiZRiU2ezJpzNe_So4caAn_dqY5166DAd-JTVSs3GEp1BREb4VlrK3A-5O6glqZsKvOEfenyap_nPjTq10cc5V_x2JRjS961ERRYhWMqrH3RoyA6AX1oNQjjF7xoOB3mocv-Muxv0U-ewlwQ1Ck_i0quHhyY9aI-_kHZ2GULf-5IBsbCPru0ERnG73VQdby1_59w9f2RjNI-0w5KSKtga9egXLcTOfbXih9zN18u_oZGeprrKTTn5UoWeV-X2kvglBXN0rFgVm-kYhJLrVubN89UclwtXOhvfplSjHeB8P6gb7BfE7Jjr5OSx0zhHZBXN5jwKbUEVVOxpr8r91GFiGJ28iLz2gfWWMYqsZhltr47uqJUxzGr00798g8PzHYOUX7QiJ6GbMcStjA18lz4Dz1aTMXYY2puY2CqD0XixPM6f4lWM9zsNwfqfPztb2phrbkUalkTAw2egdbxNx2bLojEJ5K5gd4vYH6kl0r2TYBX_z6qvISyK0cvr1pK6vSX3xgo0f9ttmkfRF6v5mCelrMBrTC6-uELJ8hGi6Z63F9ZAMK_LVeiZzR7_vKrkDesmWeLlfwocl3l2zT0-1M1z5zeU2Ow&sai=AMfl-YSL1EBqZbtzUm0xCEWFpj2MFk2skJQYoU1lXbm_R9Kukvc8BJ1saiMNYkMMKZorJcK-3Vp2k-9eEB0RmvkRJYbbVvX6UvVOid1oBt6sV3bTf-jByFk4d35kxf3bMeuy_jmsNndfxO3DNS8WCYyKFt9q8rCEMPJTxbXlf65YrOowSGU3eNYR_s_30pr4L-ZclhG2hKAQGE6vPAg7kEKorRAStuOf-vfp-RicaJwmGxx0vCBfTmgDCJPA5PvU1BOhh4VMFRveIJSdn2ZrVCFJc_6wCa_I1lmfooOAy5ifMCD9weTEyURnOWB41EpX2HGvbksu5bMOfLr3srdhMYg-aWY47gzBL2hekUzcacOHq6xtj5Qz1nj_nI96PLPRlw9MGqGAE4MYps8IyuzmwfYc8wGSnDQSkwRhL4dc1eYIFB9ZWfboRcMaUvPz7vgtUjbZMn-yQn9jIJFiqtJ712nWpPoByjR4Obm2WyDZOVh8XWVFf8RcDMWkcikpK-pEcv_PhmZ_rg&sig=Cg0ArKJSzGtMz62XaSNZEAE&uach_m=%5BUACH%5D&pr=missingexchangepricemacro&crd=aHR0cHM6Ly9maXZlcnIuY29t&fbs_aeid=%5Bgw_fbsaeid%5D&urlfix=1&omid=0&rm=1&ctpt=1&cbvp=1&cstd=0&cisv=r20240118.44962&arae=0&ftch=1&adurl=

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.184.198 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f6.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Sat, 20 Jan 2024 05:14:29 GMT
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
cache-control: private
access-control-allow-credentials: true
timing-allow-origin: *
expires: Sat, 20 Jan 2024 05:14:29 GMT

GET
H2 200 Q12zgMmT.js Show response
tpc.googlesyndication.com/sodar/ Frame D7AC 41 KB
14 KB 22ms
22ms Script
text/javascript 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Q12zgMmT.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

435db380c9936c0970dcd3d9941eab6aec2fcf2a38c3e2b4e02d957e8e76bd1f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Wed, 17 Jan 2024 17:14:48 GMT
content-encoding: br
x-content-type-options: nosniff
age: 215981
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13937
x-xss-protection: 0
last-modified: Fri, 25 Aug 2023 23:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 16 Jan 2025 17:14:48 GMT

GET
H2 200 14333413303970195053
s0.2mdn.net/simgad/ Frame D7AC 131 KB
131 KB 73ms
22ms Image
image/jpeg 2a00:1450:4001:831::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/simgad/14333413303970195053

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2c3be6d72c70df9c4b7dcc44f8f8255baf097c0dae2498cbc8fdcf7fba1bb0fa

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

expires: Wed, 15 Jan 2025 00:07:33 GMT
date: Tue, 16 Jan 2024 00:07:33 GMT
x-content-type-options: nosniff
age: 364016
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 133709
x-xss-protection: 0
last-modified: Thu, 04 Nov 2021 13:52:40 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
allow-fenced-frame-automatic-beacons: true

GET
H3

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 0CFE
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

0
17 B

35ms
35ms

Document
text/html

2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sat, 20 Jan 2024 05:14:29 GMT
expires: Sat, 20 Jan 2024 05:14:29 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
x-content-type-options: nosniff
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sat, 20 Jan 2024 05:14:29 GMT
location: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame 10CC 212 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: ea3cc94737900b4a5cb8a9665fa5b57f44c853235732010f769c00f4e6b13a4e

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame D7AC 217 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 2615941297374e6b8d6590580c3633856a80ff974da3848f96cd2025f0d5fb53

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 62bHydCX.html Show response
tpc.googlesyndication.com/sodar/ Frame 5532 38 KB
13 KB 22ms
22ms Document
text/html 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/62bHydCX.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Q12zgMmT.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

eb66c7c9d097d5ba414230f422484c17fa6f37157d30e1ded2cc5f65a9667987

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 215981
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: br
content-length: 13045
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Wed, 17 Jan 2024 17:14:48 GMT
expires: Thu, 16 Jan 2025 17:14:48 GMT
last-modified: Fri, 25 Aug 2023 23:48:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 4UasrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RPjIUvQ.woff2
fonts.gstatic.com/s/googlesans/v58/ Frame 10CC 33 KB
34 KB 522ms
24ms Font
font/woff2 2a00:1450:4001:828::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/googlesans/v58/4UasrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RPjIUvQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

65c99d3b9f1a1b905046e30d00a97f2d4d605e565c32917e7a89a35926e04b98

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://googleads.g.doubleclick.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Tue, 16 Jan 2024 00:19:37 GMT
x-content-type-options: nosniff
age: 363292
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 34108
x-xss-protection: 0
last-modified: Tue, 23 May 2023 16:35:55 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 15 Jan 2025 00:19:37 GMT

GET
H3 200 IHSjRKKj3q_1Pt3c2sGWHmUCy_Bw5n5yhKh9CWyZSw4.js Show response
pagead2.googlesyndication.com/bg/ Frame 5532 39 KB
15 KB 22ms
22ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/IHSjRKKj3q_1Pt3c2sGWHmUCy_Bw5n5yhKh9CWyZSw4.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/62bHydCX.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2074a344a2a3deaff53edddcdac1961e6502cbf070e67e7284a87d096c994b0e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Fri, 19 Jan 2024 14:00:04 GMT
content-encoding: br
x-content-type-options: nosniff
age: 54865
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15219
x-xss-protection: 0
last-modified: Mon, 15 Jan 2024 09:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sat, 18 Jan 2025 14:00:04 GMT

GET
H2 200 n.js Show response
mb.moatads.com/ Frame 4E30 97 B
273 B 169ms
50ms Script
text/html 130.162.160.243
ORACLE-BMC-31898

General

Check archive.org

Show headers Download Go to

Full URL: https://mb.moatads.com/n.js?e=35&ol=610885206&qn=%604%7BZEYwoqI%24%5BK%2BdLLU)%2CMm~tM!90vv9L%24%2FoDb%2Fz(lKm3GFlNUU%2Cu%5Bh_GcS%25%5BHvLU%5B4(K%2B%7BgeFWl_%3DNqUXR%3A%3D%2BAxMn%3Ch%2CyenA8p%2FHm%24%60%233P(ry5*ZRocMp1tq%5BN%7Bq%60RP%3CG.ceFW%7CoG%22mxT%3Bwv%40V374BKm55%3D%261fp%5BoU5t(K%25.K%24%3D!%5DxqxLmEV2fy%5D6WAJN3NZ_h)G%3E3%5D*lTr1W*d%5B4kf%2FLyUoRdByZ%3CPnKMV%25%3C%2Cbq.%22oDOk%2Cz%25GY&tf=1_nMzjG---CSa7H-nHVQZC-bW7qhB-LRwqH-nMzjG-&vi=111111&rc=2%2C1%2C0%2C3%2C3326192205%2C1%2C4%2C0%2Cprobably%2Cprobably&rb=1-xKZpxzFtVWlgP6m3tVv3EhYKQlBk9l%2Bd1Ss78ABRGBCPEpCfxlXpQB8EOC0dEk1CVCWz&rs=1-TOQdWwIJVy50og%3D%3D&sc=1&os=1-Dg%3D%3D&qp=10000&is=BBBBB2BBEYBvGl2BBCBBtUTE1RmsqbKW8BsrBu0rCFE48CRBeeBS2hWTMBBQeQBBn2soYggyUig0CBlWZ0uBBCCCCCCOgRBBiOfnE6Bkg7Oxib8MwBtJYHCBdm5kBhIcC9Y8oBXckXBR76iUUsJBCBBBBBBBBBWBBBj3BBBZeGV2BBBCMciUBBBjgEBBBBBB94UMgTdJMtEcpMBBBQBBBniOccBBBBBB47kNwxBbBBBBBBBBBhcjG6BBJM2L4Bk8BwCBQmIoRBBCzBz1BBCTClBBrbBBC4ehueB57NG9aJfR0BqBBiuwBBBB&iv=8&qt=0&gz=0&hh=0&hn=0&tw=&qc=0&qd=0&qf=728&qe=90&qh=1600&qg=1200&qm=-60&qa=1600&qb=1200&qi=1600&qj=1200&to=000&po=1-0020002000002120&vy=ot%24b%5Bh%40%22oD~T_Gr1%3E%3AB%40NVt7%3BY%3EhyMmxNXJZPV8t6%3D%3Dh_GW3r4Aj!L%3E%2BbK0pH%23H&ql=%3B%5BpwxnRd%7Dt%3Aal9EU%22y%2F.D%5B5%2F%5BGI%3Fi6%5EB61%2F%3DSqcMr1%7B%2CTu9LJJ(a.P%2B)s1(uA&qo=0&qr=0&i=TRAVELAUDIENCE_DISPLAY1&hp=1&ra=1&pxm=7&sgs=3&vb=-1&kq=1&hq=0&hs=0&hu=0&hr=0&ht=1&dnt=0&bq=0&f=1&nh=1&j=https%3A%2F%2Fgoogleads.g.doubleclick.net&lp=https%3A%2F%2Fhairsalon.jingames.net&t=1705727669443&de=513583707870&m=0&ar=805b0ce1b97-clean&iw=4a25902&q=2&cb=0&ym=0&cu=1705727669443&ll=2&lm=2&ln=1&r=0&em=0&en=0&d=1000249%3A50000316%3A60020881%3A70019635&zMoatSSP=0&zMoatDeal=-1&zMoatSubdomain=hairsalon.jingames.net&zMoatIMPID=yz0YUshD2YULkA5vyxvrpP2KZq2Cd_kRADbwTg&zMoatGSR=1&ph=&pj=standard&zGSRC=1&gu=https%3A%2F%2Fhairsalon.jingames.net&id=0&ii=2&bo=googleads.g.doubleclick.net&bd=728x90&zMoatOrigSlicer1=googleads.g.doubleclick.net&zMoatOrigSlicer2=728x90&zMoatDomain=jingames.net&gw=travel198849194933&fd=1&it=500&ti=0&ih=2&pe=0%3A256%3A256%3A0%3A0&jk=-1&jm=-1&fs=207009&na=751988267&cs=0&ord=1705727669443&jv=1464614195&callback=DOMlessLLDcallback_34375902
Requested by: Host: z.moatads.com
URL: https://z.moatads.com/travel198849194933/moatad.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 130.162.160.243 Slough, United Kingdom, ASN31898 (ORACLE-BMC-31898, US),
Reverse DNS
Software: istio-envoy /
Resource Hash: 20e500cf00538dddc433823eb018632236a10228ab515d461d14869819ade1f2

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://rtb.ads.travelaudience.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Sat, 20 Jan 2024 05:14:30 GMT
server: istio-envoy
etag: "c885500e738ece2189d6642d451c5ec4a5e03c1e"
content-type: text/html; charset=UTF-8
cache-control: max-age=900
x-envoy-upstream-service-time: 8
timing-allow-origin: *
content-length: 97

GET
H2 200 pixel.gif
px.moatads.com/ Frame 4E30 43 B
265 B 33ms
25ms Image
image/gif 184.30.17.133
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px.moatads.com/pixel.gif?e=17&i=TRAVELAUDIENCE_DISPLAY1&hp=1&ra=1&pxm=7&sgs=3&vb=-1&kq=1&hq=0&hs=0&hu=0&hr=0&ht=1&dnt=0&bq=0&f=1&nh=1&j=https%3A%2F%2Fgoogleads.g.doubleclick.net&lp=https%3A%2F%2Fhairsalon.jingames.net&t=1705727669443&de=513583707870&m=0&ar=805b0ce1b97-clean&iw=4a25902&q=3&cb=0&ym=0&cu=1705727669443&ll=2&lm=2&ln=1&r=0&em=0&en=0&d=1000249%3A50000316%3A60020881%3A70019635&zMoatSSP=0&zMoatDeal=-1&zMoatSubdomain=hairsalon.jingames.net&zMoatIMPID=yz0YUshD2YULkA5vyxvrpP2KZq2Cd_kRADbwTg&zMoatGSR=1&ph=&pj=standard&zGSRC=1&gu=https%3A%2F%2Fhairsalon.jingames.net&id=0&ii=2&bo=googleads.g.doubleclick.net&bd=728x90&zMoatOrigSlicer1=googleads.g.doubleclick.net&zMoatOrigSlicer2=728x90&zMoatDomain=jingames.net&gw=travel198849194933&fd=1&it=500&ti=0&ih=2&pe=0%3A256%3A256%3A0%3A0&jk=-1&jm=-1&fs=207009&na=521787316&cs=0
Requested by: Host: rtb.ads.travelaudience.com
URL: https://rtb.ads.travelaudience.com/rtb?ads=1000249.2.0.70019635.0.0..0.DE.-1..7sOMk32o1KNqb38Y2MsA0w%3D%3D.60020881.OTk5JTJjMQ==...7sOMk32o1KNqb38Y2MsA0w%3D%3D.a3M9OmRwPTpycz06ZHB0PTpkcGQ9OnJ0ZD06b2lhPQ==.2.0&p=90000&x=728&y=90&click=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCG4nRtFarZYWbNd6V1PIPqZq_qA3KkbX7ctPipc7RCsCNtwEQASAAYJWCgICwB4IBF2NhLXB1Yi0zODYxMzM4Njg3Nzg1MDE0yAEJqQKdimvoZUiyPqgDAcgDAqoE1AFP0O43-9yflwMpCIL4jv9Mg5NiUPlT63WYSjkhKMUWFPyFrBn8ZZ62JrcGJGLqsdH91RZqtrq3vlTsTWbTt85t9SZlx5ff9gZPgSutI6J_Uwejv2Yd2RuePmYXtnBUpWAtP3NiX7uFsfPeg7jrxzZ_74dO-7VpuoZ9qc4zMW29cTJsj-53e5Na3HR5y25ueUiWxR5aYUADmBvp1E69u2vHDbZu7RhDkHWfg6CEGSGXb7ze6OwnWmLuEPAyiMtazhS0QKePyS7H3YS4lGoJP70mxm1r5oAGqO2U6432uoY8oAYhqAemvhuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIHQiA4YBwEAEyAusCOgKAQEi9_cE6WIeZpd6a64MD-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_2RC21Yu_ULcv9n3KSn-BwBr9bsWQ%26client%3Dca-pub-3861338687785014%26adurl%3D&googlewinningprice=ZatWtAANTYUIVQreAA_NKSZAtM4kad-HRib0vQ&wpc=EUR&site=hairsalon.jingames.net&slotvisibility=1&gcpm=1217123&gpos=1&bidder=bidder-rtb-production-746b898cf6-rftcx&dv=1&uuid=&suid=&brq=yz0YUshD2YULkA5vyxvrpP2KZq2Cd_kRADbwTg&ssp_id=0&l=en&ts=1705727668&uc=DE&at=1&ia=0&mai=&mat=1&ir=0&an=&rg=1&hm=aSf_Dej45RkSwbrQt6Cuj6ZMfE6PRkA8awicUziiVlY=
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 184.30.17.133 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a184-30-17-133.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://rtb.ads.travelaudience.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

unused62: 8096267
pragma: no-cache
date: Sat, 20 Jan 2024 05:14:29 GMT
last-modified: Fri, 20 May 2016 15:16:00 GMT
server: AkamaiNetStorage
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Sat, 20 Jan 2024 05:14:29 GMT

GET
H2 200 js-err
rtb.ads.travelaudience.com/ Frame 4E30 35 B
354 B 29ms
28ms Image
image/gif 35.187.184.108
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://rtb.ads.travelaudience.com/js-err?description=Script%20error.&url=&line=0&col=0&parent_url=https%3A%2F%2Frtb.ads.travelaudience.com%2Frtb%3Fads%3D1000249.2.0.70019635.0.0..0.DE.-1..7sOMk32o1KNqb38Y2MsA0w%253D%253D.60020881.OTk5JTJjMQ%3D%3D...7sOMk32o1KNqb38Y2MsA0w%253D%253D.a3M9OmRwPTpycz06ZHB0PTpkcGQ9OnJ0ZD06b2lhPQ%3D%3D.2.0%26p%3D90000%26x%3D728%26y%3D90%26click%3Dhttps%3A%2F%2Fadclick.g.doubleclick.net%2Faclk%253Fsa%253DL%2526ai%253DCG4nRtFarZYWbNd6V1PIPqZq_qA3KkbX7ctPipc7RCsCNtwEQASAAYJWCgICwB4IBF2NhLXB1Yi0zODYxMzM4Njg3Nzg1MDE0yAEJqQKdimvoZUiyPqgDAcgDAqoE1AFP0O43-9yflwMpCIL4jv9Mg5NiUPlT63WYSjkhKMUWFPyFrBn8ZZ62JrcGJGLqsdH91RZqtrq3vlTsTWbTt85t9SZlx5ff9gZPgSutI6J_Uwejv2Yd2RuePmYXtnBUpWAtP3NiX7uFsfPeg7jrxzZ_74dO-7VpuoZ9qc4zMW29cTJsj-53e5Na3HR5y25ueUiWxR5aYUADmBvp1E69u2vHDbZu7RhDkHWfg6CEGSGXb7ze6OwnWmLuEPAyiMtazhS0QKePyS7H3YS4lGoJP70mxm1r5oAGqO2U6432uoY8oAYhqAemvhuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIHQiA4YBwEAEyAusCOgKAQEi9_cE6WIeZpd6a64MD-gsCCAGADAHQFQGAFwE%2526num%253D1%2526sig%253DAOD64_2RC21Yu_ULcv9n3KSn-BwBr9bsWQ%2526client%253Dca-pub-3861338687785014%2526adurl%253D%26googlewinningprice%3DZatWtAANTYUIVQreAA_NKSZAtM4kad-HRib0vQ%26wpc%3DEUR%26site%3Dhairsalon.jingames.net%26slotvisibility%3D1%26gcpm%3D1217123%26gpos%3D1%26bidder%3Dbidder-rtb-production-746b898cf6-rftcx%26dv%3D1%26uuid%3D%26suid%3D%26brq%3Dyz0YUshD2YULkA5vyxvrpP2KZq2Cd_kRADbwTg%26ssp_id%3D0%26l%3Den%26ts%3D1705727668%26uc%3DDE%26at%3D1%26ia%3D0%26mai%3D%26mat%3D1%26ir%3D0%26an%3D%26rg%3D1%26hm%3DaSf_Dej45RkSwbrQt6Cuj6ZMfE6PRkA8awicUziiVlY%3D

Requested by

Host: rtb.ads.travelaudience.com
URL: https://rtb.ads.travelaudience.com/rtb?ads=1000249.2.0.70019635.0.0..0.DE.-1..7sOMk32o1KNqb38Y2MsA0w%3D%3D.60020881.OTk5JTJjMQ==...7sOMk32o1KNqb38Y2MsA0w%3D%3D.a3M9OmRwPTpycz06ZHB0PTpkcGQ9OnJ0ZD06b2lhPQ==.2.0&p=90000&x=728&y=90&click=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCG4nRtFarZYWbNd6V1PIPqZq_qA3KkbX7ctPipc7RCsCNtwEQASAAYJWCgICwB4IBF2NhLXB1Yi0zODYxMzM4Njg3Nzg1MDE0yAEJqQKdimvoZUiyPqgDAcgDAqoE1AFP0O43-9yflwMpCIL4jv9Mg5NiUPlT63WYSjkhKMUWFPyFrBn8ZZ62JrcGJGLqsdH91RZqtrq3vlTsTWbTt85t9SZlx5ff9gZPgSutI6J_Uwejv2Yd2RuePmYXtnBUpWAtP3NiX7uFsfPeg7jrxzZ_74dO-7VpuoZ9qc4zMW29cTJsj-53e5Na3HR5y25ueUiWxR5aYUADmBvp1E69u2vHDbZu7RhDkHWfg6CEGSGXb7ze6OwnWmLuEPAyiMtazhS0QKePyS7H3YS4lGoJP70mxm1r5oAGqO2U6432uoY8oAYhqAemvhuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIHQiA4YBwEAEyAusCOgKAQEi9_cE6WIeZpd6a64MD-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_2RC21Yu_ULcv9n3KSn-BwBr9bsWQ%26client%3Dca-pub-3861338687785014%26adurl%3D&googlewinningprice=ZatWtAANTYUIVQreAA_NKSZAtM4kad-HRib0vQ&wpc=EUR&site=hairsalon.jingames.net&slotvisibility=1&gcpm=1217123&gpos=1&bidder=bidder-rtb-production-746b898cf6-rftcx&dv=1&uuid=&suid=&brq=yz0YUshD2YULkA5vyxvrpP2KZq2Cd_kRADbwTg&ssp_id=0&l=en&ts=1705727668&uc=DE&at=1&ia=0&mai=&mat=1&ir=0&an=&rg=1&hm=aSf_Dej45RkSwbrQt6Cuj6ZMfE6PRkA8awicUziiVlY=

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

35.187.184.108 Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

108.184.187.35.bc.googleusercontent.com

Software

Resource Hash

6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

Referer: https://rtb.ads.travelaudience.com/rtb?ads=1000249.2.0.70019635.0.0..0.DE.-1..7sOMk32o1KNqb38Y2MsA0w%3D%3D.60020881.OTk5JTJjMQ==...7sOMk32o1KNqb38Y2MsA0w%3D%3D.a3M9OmRwPTpycz06ZHB0PTpkcGQ9OnJ0ZD06b2lhPQ==.2.0&p=90000&x=728&y=90&click=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCG4nRtFarZYWbNd6V1PIPqZq_qA3KkbX7ctPipc7RCsCNtwEQASAAYJWCgICwB4IBF2NhLXB1Yi0zODYxMzM4Njg3Nzg1MDE0yAEJqQKdimvoZUiyPqgDAcgDAqoE1AFP0O43-9yflwMpCIL4jv9Mg5NiUPlT63WYSjkhKMUWFPyFrBn8ZZ62JrcGJGLqsdH91RZqtrq3vlTsTWbTt85t9SZlx5ff9gZPgSutI6J_Uwejv2Yd2RuePmYXtnBUpWAtP3NiX7uFsfPeg7jrxzZ_74dO-7VpuoZ9qc4zMW29cTJsj-53e5Na3HR5y25ueUiWxR5aYUADmBvp1E69u2vHDbZu7RhDkHWfg6CEGSGXb7ze6OwnWmLuEPAyiMtazhS0QKePyS7H3YS4lGoJP70mxm1r5oAGqO2U6432uoY8oAYhqAemvhuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIHQiA4YBwEAEyAusCOgKAQEi9_cE6WIeZpd6a64MD-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_2RC21Yu_ULcv9n3KSn-BwBr9bsWQ%26client%3Dca-pub-3861338687785014%26adurl%3D&googlewinningprice=ZatWtAANTYUIVQreAA_NKSZAtM4kad-HRib0vQ&wpc=EUR&site=hairsalon.jingames.net&slotvisibility=1&gcpm=1217123&gpos=1&bidder=bidder-rtb-production-746b898cf6-rftcx&dv=1&uuid=&suid=&brq=yz0YUshD2YULkA5vyxvrpP2KZq2Cd_kRADbwTg&ssp_id=0&l=en&ts=1705727668&uc=DE&at=1&ia=0&mai=&mat=1&ir=0&an=&rg=1&hm=aSf_Dej45RkSwbrQt6Cuj6ZMfE6PRkA8awicUziiVlY=
Origin: https://rtb.ads.travelaudience.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Sat, 20 Jan 2024 05:14:29 GMT
content-encoding: gzip
strict-transport-security: max-age=15724800; includeSubDomains
vary: Accept-Encoding
access-control-allow-methods: GET
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR LAW CUR DEV PSA PSD IVA OUR BUS UNI COM NAV INT CNT LOC"
access-control-allow-origin: https://rtb.ads.travelaudience.com
content-type: image/gif

GET
H2 200 view
ad.doubleclick.net/pcs/ Frame D7AC 0
0 58ms
57ms Fetch
image/gif 142.250.184.198
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ad.doubleclick.net/pcs/view?xai=AKAOjstel28_WhJd_hRUJAUnZsA-c0J-GBEOmfjbvuBz_z8So7jqGFssK-tbWfvTuJf-NHuP6hk2VHTI9vtxH8QGHHgRSDcFj8_bOnKYFnG4k6hrUnXuGUDxIVBP8kZQ5DXQcNo10QXQRyQViWbSDNhEwEV3lm0EPyZWEqDglcm1jkSUb1wbu-Yao_zu2ChsSWbWOSxK2u2LXIwH_MI8AxNGuk1IK7FF7p_LcladSbpQaozSnVS_g_8rhmq-mv0A1OW1dTn5LyRI2Tv0O2K18fVlAY4NzbfUdTFqG2fdqnl6sCXZanr5BWFZivS_VpC0mWGu5ml9mW0-X6GxBAr_hSvdGvX0jsbzjSxWixSXiZkydsabSWLJl1bhv9fqLdZK1lcjUpX-FbMTOqLku_FEdt6TGHgyHus4u55TQnx0PMOrYSOBrl_vN2rn3x5XG9l_rkIbcsKMLm9TV9303GylH8D6Kzro7BXeNoXe65m908OE09tSjC9vKIbX-tLvkkq9eiLohNnfTQE_DjOq0EO4J9qsncHw076cn-uQvn5IB1bdYNJ_1J3JzSPJ_-V074Tz-Fhlx_IN3EX6ww9ksJ9cRbgbNddrhPZjJ6GGdoceaZndf_UknQXeSXKh0vvHTLE3ER_hNmDkJ8tZU2IIE7zlP4aCf1yb2NOXw7Mgbrwr7VqX0p0OoevX-rTqOtM_4Cps8QEKgd_KqJG6FRdS7g51w_czPA5c1OUUpB4xWEJld2s4BqLqSlGpI8N-KE9W5FYis3hIu6PGiZRiU2ezJpzNe_So4caAn_dqY5166DAd-JTVSs3GEp1BREb4VlrK3A-5O6glqZsKvOEfenyap_nPjTq10cc5V_x2JRjS961ERRYhWMqrH3RoyA6AX1oNQjjF7xoOB3mocv-Muxv0U-ewlwQ1Ck_i0quHhyY9aI-_kHZ2GULf-5IBsbCPru0ERnG73VQdby1_59w9f2RjNI-0w5KSKtga9egXLcTOfbXih9zN18u_oZGeprrKTTn5UoWeV-X2kvglBXN0rFgVm-kYhJLrVubN89UclwtXOhvfplSjHeB8P6gb7BfE7Jjr5OSx0zhHZBXN5jwKbUEVVOxpr8r91GFiGJ28iLz2gfWWMYqsZhltr47uqJUxzGr00798g8PzHYOUX7QiJ6GbMcStjA18lz4Dz1aTMXYY2puY2CqD0XixPM6f4lWM9zsNwfqfPztb2phrbkUalkTAw2egdbxNx2bLojEJ5K5gd4vYH6kl0r2TYBX_z6qvISyK0cvr1pK6vSX3xgo0f9ttmkfRF6v5mCelrMBrTC6-uELJ8hGi6Z63F9ZAMK_LVeiZzR7_vKrkDesmWeLlfwocl3l2zT0-1M1z5zeU2Ow&sai=AMfl-YSL1EBqZbtzUm0xCEWFpj2MFk2skJQYoU1lXbm_R9Kukvc8BJ1saiMNYkMMKZorJcK-3Vp2k-9eEB0RmvkRJYbbVvX6UvVOid1oBt6sV3bTf-jByFk4d35kxf3bMeuy_jmsNndfxO3DNS8WCYyKFt9q8rCEMPJTxbXlf65YrOowSGU3eNYR_s_30pr4L-ZclhG2hKAQGE6vPAg7kEKorRAStuOf-vfp-RicaJwmGxx0vCBfTmgDCJPA5PvU1BOhh4VMFRveIJSdn2ZrVCFJc_6wCa_I1lmfooOAy5ifMCD9weTEyURnOWB41EpX2HGvbksu5bMOfLr3srdhMYg-aWY47gzBL2hekUzcacOHq6xtj5Qz1nj_nI96PLPRlw9MGqGAE4MYps8IyuzmwfYc8wGSnDQSkwRhL4dc1eYIFB9ZWfboRcMaUvPz7vgtUjbZMn-yQn9jIJFiqtJ712nWpPoByjR4Obm2WyDZOVh8XWVFf8RcDMWkcikpK-pEcv_PhmZ_rg&sig=Cg0ArKJSzGtMz62XaSNZEAE&uach_m=%5BUACH%5D&pr=missingexchangepricemacro&crd=aHR0cHM6Ly9maXZlcnIuY29t&fbs_aeid=%5Bgw_fbsaeid%5D&urlfix=1&omid=0&rm=1&ctpt=594&vt=11&dtpt=593&dett=2&cstd=0&cisv=r20240118.44962&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&arae=0&ftch=1&adurl=

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.184.198 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f6.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Sat, 20 Jan 2024 05:14:29 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H3

200

/
www.googleadservices.com/pagead/ar-adview/ Frame 10CC
Redirect Chain

https://googleads.g.doubleclick.net/pagead/adview?ai=CIKvwtFarZZrGNa-I1PIPx5KDuA376PmSZ4fEwo7ZD8G4jJjjCRABIMX6zh9glYKAgLAHoAG8nfbvA8gBAakCnYpr6GVIsj6oAwHIA8sEqgTeAU_QlLqaYmgChD0OfO_9lXVdrC0yFtATv6W...
https://www.googleadservices.com/pagead/ar-adview/?nrh={%22debug_key%22:%2215042380023212236269%22,%22debug_reporting%22:true,%22destination%22:%22https://wolf-online-shop.de%22,%22event_report_win...

0
0

100ms
54ms

Fetch
text/css

216.58.206.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/ar-adview/?nrh={%22debug_key%22:%2215042380023212236269%22,%22debug_reporting%22:true,%22destination%22:%22https://wolf-online-shop.de%22,%22event_report_window%22:%22259200%22,%22expiry%22:%222592000%22,%22filter_data%22:{%222%22:[%221040027324%22],%2222%22:[%22true%22],%224%22:[%2201-20%22],%226%22:[%22true%22]},%22priority%22:%22500%22,%22source_event_id%22:%223105691716694273441%22}&andc=true

Requested by

Host: hairsalon.jingames.net
URL: https://hairsalon.jingames.net/

Protocol

Server

216.58.206.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lcfraa-aa-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Sat, 20 Jan 2024 05:14:30 GMT
x-content-type-options: nosniff
attribution-reporting-register-source: {"debug_key":"15042380023212236269","debug_reporting":true,"destination":"https://wolf-online-shop.de","event_report_window":"259200","expiry":"2592000","filter_data":{"2":["1040027324"],"22":["true"],"4":["01-20"],"6":["true"]},"priority":"500","source_event_id":"3105691716694273441"}
server: cafe
content-type: text/css; charset=UTF-8
access-control-allow-origin: https://googleads.g.doubleclick.net
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: private
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Sat, 20 Jan 2024 05:14:30 GMT

Redirect headers

content-security-policy: script-src 'none'; object-src 'none'
date: Sat, 20 Jan 2024 05:14:29 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
location: https://www.googleadservices.com/pagead/ar-adview/?nrh={"debug_key":"15042380023212236269","debug_reporting":true,"destination":"https://wolf-online-shop.de","event_report_window":"259200","expiry":"2592000","filter_data":{"2":["1040027324"],"22":["true"],"4":["01-20"],"6":["true"]},"priority":"500","source_event_id":"3105691716694273441"}&andc=true
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H3 200 WihAbdPmEAuwNNTtrWjgEsQMZ632wtWEawfwOklMupQ.js Show response
pagead2.googlesyndication.com/bg/ Frame 4488 50 KB
19 KB 22ms
22ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/WihAbdPmEAuwNNTtrWjgEsQMZ632wtWEawfwOklMupQ.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5a28406dd3e6100bb034d4edad68e012c40c67adf6c2d5846b07f03a494cba94

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Tue, 16 Jan 2024 18:00:43 GMT
content-encoding: br
x-content-type-options: nosniff
age: 299626
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 19644
x-xss-protection: 0
last-modified: Mon, 15 Jan 2024 09:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 15 Jan 2025 18:00:43 GMT

GET
H2 200 pixel.gif
px.moatads.com/ Frame 4E30 43 B
265 B 24ms
24ms Image
image/gif 184.30.17.133
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px.moatads.com/pixel.gif?e=0&q=0&hp=1&ra=1&pxm=7&sgs=3&vb=-1&kq=1&lo=0&uk=null&pk=0&wk=0&rk=0&tk=0&ak=https%3A%2F%2Fstatic.travelaudience.com%2Fimg%2Fimport%2FDubai_DMO%2FAdventure%2FDE%2F728x90_Dubai_Adventure_DE.gif&i=TRAVELAUDIENCE_DISPLAY1&ol=610885206&qn=%604%7BZEYwoqI%24%5BK%2BdLLU)%2CMm~tM!90vv9L%24%2FoDb%2Fz(lKm3GFlNUU%2Cu%5Bh_GcS%25%5BHvLU%5B4(K%2B%7BgeFWl_%3DNqUXR%3A%3D%2BAxMn%3Ch%2CyenA8p%2FHm%24%60%233P(ry5*ZRocMp1tq%5BN%7Bq%60RP%3CG.ceFW%7CoG%22mxT%3Bwv%40V374BKm55%3D%261fp%5BoU5t(K%25.K%24%3D!%5DxqxLmEV2fy%5D6WAJN3NZ_h)G%3E3%5D*lTr1W*d%5B4kf%2FLyUoRdByZ%3CPnKMV%25%3C%2Cbq.%22oDOk%2Cz%25GY&tf=1_nMzjG---CSa7H-nHVQZC-bW7qhB-LRwqH-nMzjG-&vi=111111&rc=2%2C1%2C0%2C3%2C3326192205%2C1%2C4%2C0%2Cprobably%2Cprobably&rb=1-xKZpxzFtVWlgP6m3tVv3EhYKQlBk9l%2Bd1Ss78ABRGBCPEpCfxlXpQB8EOC0dEk1CVCWz&rs=1-TOQdWwIJVy50og%3D%3D&sc=1&os=1-Dg%3D%3D&qp=10000&is=BBBBB2BBEYBvGl2BBCBBtUTE1RmsqbKW8BsrBu0rCFE48CRBeeBS2hWTMBBQeQBBn2soYggyUig0CBlWZ0uBBCCCCCCOgRBBiOfnE6Bkg7Oxib8MwBtJYHCBdm5kBhIcC9Y8oBXckXBR76iUUsJBCBBBBBBBBBWBBBj3BBBZeGV2BBBCMciUBBBjgEBBBBBB94UMgTdJMtEcpMBBBQBBBniOccBBBBBB47kNwxBbBBBBBBBBBhcjG6BBJM2L4Bk8BwCBQmIoRBBCzBz1BBCTClBBrbBBC4ehueB57NG9aJfR0BqBBiuwBBBB&iv=8&qt=0&gz=0&hh=0&hn=0&tw=&qc=0&qd=0&qf=728&qe=90&qh=1600&qg=1200&qm=-60&qa=1600&qb=1200&qi=1600&qj=1200&to=000&po=1-0020002000002120&vy=ot%24b%5Bh%40%22oD~T_Gr1%3E%3AB%40NVt7%3BY%3EhyMmxNXJZPV8t6%3D%3Dh_GW3r4Aj!L%3E%2BbK0pH%23H&ql=%3B%5BpwxnRd%7Dt%3Aal9EU%22y%2F.D%5B5%2F%5BGI%3Fi6%5EB61%2F%3DSqcMr1%7B%2CTu9LJJ(a.P%2B)s1(uA&qo=0&qr=0&bq=0&g=0&h=90&w=728&hq=0&hs=0&hu=0&hr=0&ht=1&dnt=0&zMoatGSR=1&ph=&pj=standard&zGSRC=1&gu=https%3A%2F%2Fhairsalon.jingames.net&id=0&ii=2&f=1&j=https%3A%2F%2Fgoogleads.g.doubleclick.net&lp=https%3A%2F%2Fhairsalon.jingames.net&t=1705727669443&de=513583707870&cu=1705727669443&m=468&ar=805b0ce1b97-clean&iw=4a25902&cb=0&ym=0&ll=2&lm=2&ln=1&r=0&dl=0&nh=1&xx=undefined%3A875484570224&td=1&lk=undefined&lb=90&le=1&gm=1&io=1&vv=3&vw=0%3A3%3A0&vp=-&vx=-%3A-%3A-&pe=0%3A256%3A256%3A0%3A0&aa=0&ad=0&cn=0&gk=0&gl=0&ik=0&ic=0&im=0&in=0&pd=0&em=0&en=0&st=1&su=1&of=1&oz=1&oe=0%3A0%3A0%3Anull%3A-1%3Anull%3A-1%3Anull%3A-1&bu=458&cd=0&ah=458&am=0&xd=00&rf=0&re=1&wb=1&cl=0&at=0&d=1000249%3A50000316%3A60020881%3A70019635&bo=googleads.g.doubleclick.net&bd=728x90&gw=travel198849194933&zMoatOrigSlicer1=googleads.g.doubleclick.net&zMoatOrigSlicer2=728x90&zMoatDomain=jingames.net&zMoatSubdomain=hairsalon.jingames.net&zMoatSSP=0&zMoatDeal=-1&zMoatIMPID=yz0YUshD2YULkA5vyxvrpP2KZq2Cd_kRADbwTg&hv=Standard%20Image%20Ad%20finding%20&ab=1&fd=1&kt=sframe&it=500&oq=0&ot=0&zMoatJS=3%3A-&ti=0&ih=2&jk=-1&jm=-1&tc=0&fs=207009&na=39932935&cs=0
Requested by: Host: rtb.ads.travelaudience.com
URL: https://rtb.ads.travelaudience.com/rtb?ads=1000249.2.0.70019635.0.0..0.DE.-1..7sOMk32o1KNqb38Y2MsA0w%3D%3D.60020881.OTk5JTJjMQ==...7sOMk32o1KNqb38Y2MsA0w%3D%3D.a3M9OmRwPTpycz06ZHB0PTpkcGQ9OnJ0ZD06b2lhPQ==.2.0&p=90000&x=728&y=90&click=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCG4nRtFarZYWbNd6V1PIPqZq_qA3KkbX7ctPipc7RCsCNtwEQASAAYJWCgICwB4IBF2NhLXB1Yi0zODYxMzM4Njg3Nzg1MDE0yAEJqQKdimvoZUiyPqgDAcgDAqoE1AFP0O43-9yflwMpCIL4jv9Mg5NiUPlT63WYSjkhKMUWFPyFrBn8ZZ62JrcGJGLqsdH91RZqtrq3vlTsTWbTt85t9SZlx5ff9gZPgSutI6J_Uwejv2Yd2RuePmYXtnBUpWAtP3NiX7uFsfPeg7jrxzZ_74dO-7VpuoZ9qc4zMW29cTJsj-53e5Na3HR5y25ueUiWxR5aYUADmBvp1E69u2vHDbZu7RhDkHWfg6CEGSGXb7ze6OwnWmLuEPAyiMtazhS0QKePyS7H3YS4lGoJP70mxm1r5oAGqO2U6432uoY8oAYhqAemvhuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIHQiA4YBwEAEyAusCOgKAQEi9_cE6WIeZpd6a64MD-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_2RC21Yu_ULcv9n3KSn-BwBr9bsWQ%26client%3Dca-pub-3861338687785014%26adurl%3D&googlewinningprice=ZatWtAANTYUIVQreAA_NKSZAtM4kad-HRib0vQ&wpc=EUR&site=hairsalon.jingames.net&slotvisibility=1&gcpm=1217123&gpos=1&bidder=bidder-rtb-production-746b898cf6-rftcx&dv=1&uuid=&suid=&brq=yz0YUshD2YULkA5vyxvrpP2KZq2Cd_kRADbwTg&ssp_id=0&l=en&ts=1705727668&uc=DE&at=1&ia=0&mai=&mat=1&ir=0&an=&rg=1&hm=aSf_Dej45RkSwbrQt6Cuj6ZMfE6PRkA8awicUziiVlY=
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 184.30.17.133 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a184-30-17-133.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://rtb.ads.travelaudience.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

unused62: 8096267
pragma: no-cache
date: Sat, 20 Jan 2024 05:14:29 GMT
last-modified: Fri, 20 May 2016 15:16:00 GMT
server: AkamaiNetStorage
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Sat, 20 Jan 2024 05:14:29 GMT

GET
H2 200 pixel.gif
px.moatads.com/ Frame 4E30 43 B
265 B 24ms
24ms Image
image/gif 184.30.17.133
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px.moatads.com/pixel.gif?e=37&q=0&hp=1&ra=1&pxm=7&sgs=3&vb=-1&kq=1&lo=0&uk=null&pk=0&wk=0&rk=0&tk=0&ak=-&i=TRAVELAUDIENCE_DISPLAY1&ol=610885206&qn=%604%7BZEYwoqI%24%5BK%2BdLLU)%2CMm~tM!90vv9L%24%2FoDb%2Fz(lKm3GFlNUU%2Cu%5Bh_GcS%25%5BHvLU%5B4(K%2B%7BgeFWl_%3DNqUXR%3A%3D%2BAxMn%3Ch%2CyenA8p%2FHm%24%60%233P(ry5*ZRocMp1tq%5BN%7Bq%60RP%3CG.ceFW%7CoG%22mxT%3Bwv%40V374BKm55%3D%261fp%5BoU5t(K%25.K%24%3D!%5DxqxLmEV2fy%5D6WAJN3NZ_h)G%3E3%5D*lTr1W*d%5B4kf%2FLyUoRdByZ%3CPnKMV%25%3C%2Cbq.%22oDOk%2Cz%25GY&tf=1_nMzjG---CSa7H-nHVQZC-bW7qhB-LRwqH-nMzjG-&vi=111111&rc=2%2C1%2C0%2C3%2C3326192205%2C1%2C4%2C0%2Cprobably%2Cprobably&rb=1-xKZpxzFtVWlgP6m3tVv3EhYKQlBk9l%2Bd1Ss78ABRGBCPEpCfxlXpQB8EOC0dEk1CVCWz&rs=1-TOQdWwIJVy50og%3D%3D&sc=1&os=1-Dg%3D%3D&qp=10000&is=BBBBB2BBEYBvGl2BBCBBtUTE1RmsqbKW8BsrBu0rCFE48CRBeeBS2hWTMBBQeQBBn2soYggyUig0CBlWZ0uBBCCCCCCOgRBBiOfnE6Bkg7Oxib8MwBtJYHCBdm5kBhIcC9Y8oBXckXBR76iUUsJBCBBBBBBBBBWBBBj3BBBZeGV2BBBCMciUBBBjgEBBBBBB94UMgTdJMtEcpMBBBQBBBniOccBBBBBB47kNwxBbBBBBBBBBBhcjG6BBJM2L4Bk8BwCBQmIoRBBCzBz1BBCTClBBrbBBC4ehueB57NG9aJfR0BqBBiuwBBBB&iv=8&qt=0&gz=0&hh=0&hn=0&tw=&qc=0&qd=0&qf=728&qe=90&qh=1600&qg=1200&qm=-60&qa=1600&qb=1200&qi=1600&qj=1200&to=000&po=1-0020002000002120&vy=ot%24b%5Bh%40%22oD~T_Gr1%3E%3AB%40NVt7%3BY%3EhyMmxNXJZPV8t6%3D%3Dh_GW3r4Aj!L%3E%2BbK0pH%23H&ql=%3B%5BpwxnRd%7Dt%3Aal9EU%22y%2F.D%5B5%2F%5BGI%3Fi6%5EB61%2F%3DSqcMr1%7B%2CTu9LJJ(a.P%2B)s1(uA&qo=0&qr=0&bq=0&g=1&h=90&w=728&hq=0&hs=0&hu=0&hr=0&ht=1&dnt=0&zMoatGSR=1&ph=&pj=standard&zGSRC=1&gu=https%3A%2F%2Fhairsalon.jingames.net&id=0&ii=2&f=1&j=https%3A%2F%2Fgoogleads.g.doubleclick.net&lp=https%3A%2F%2Fhairsalon.jingames.net&t=1705727669443&de=513583707870&cu=1705727669443&m=480&ar=805b0ce1b97-clean&iw=4a25902&cb=0&ym=0&ll=2&lm=2&ln=1&r=0&dl=0&nh=1&xx=undefined%3A875484570224&td=1&lk=undefined&lb=90&le=1&lh=15&gm=1&io=1&ch=1&vv=3&vw=0%3A3%3A0&vp=100&vx=-%3A100%3A-&pe=0%3A256%3A256%3A0%3A0&aa=0&ad=8&cn=0&gk=8&gl=0&ik=8&ic=8&ez=1&cq=1&im=0&in=0&pd=0&em=0&en=0&st=1&su=1&of=1&oz=1&oe=0%3A0%3A0%3Anull%3A-1%3Anull%3A-1%3Anull%3A-1&bu=458&cd=458&ah=458&am=458&xd=00&rf=0&re=1&wb=1&cl=0&at=0&d=1000249%3A50000316%3A60020881%3A70019635&bo=googleads.g.doubleclick.net&bd=728x90&gw=travel198849194933&zMoatOrigSlicer1=googleads.g.doubleclick.net&zMoatOrigSlicer2=728x90&zMoatDomain=jingames.net&zMoatSubdomain=hairsalon.jingames.net&zMoatSSP=0&zMoatDeal=-1&zMoatIMPID=yz0YUshD2YULkA5vyxvrpP2KZq2Cd_kRADbwTg&hv=Standard%20Image%20Ad%20finding%20&ab=1&fd=1&kt=sframe&it=500&fz=1&oq=1&ot=ff&zMoatJS=3%3A-&ti=0&ih=2&jk=-1&jm=-1&tc=0&fs=207009&na=2038445866&cs=0
Requested by: Host: rtb.ads.travelaudience.com
URL: https://rtb.ads.travelaudience.com/rtb?ads=1000249.2.0.70019635.0.0..0.DE.-1..7sOMk32o1KNqb38Y2MsA0w%3D%3D.60020881.OTk5JTJjMQ==...7sOMk32o1KNqb38Y2MsA0w%3D%3D.a3M9OmRwPTpycz06ZHB0PTpkcGQ9OnJ0ZD06b2lhPQ==.2.0&p=90000&x=728&y=90&click=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCG4nRtFarZYWbNd6V1PIPqZq_qA3KkbX7ctPipc7RCsCNtwEQASAAYJWCgICwB4IBF2NhLXB1Yi0zODYxMzM4Njg3Nzg1MDE0yAEJqQKdimvoZUiyPqgDAcgDAqoE1AFP0O43-9yflwMpCIL4jv9Mg5NiUPlT63WYSjkhKMUWFPyFrBn8ZZ62JrcGJGLqsdH91RZqtrq3vlTsTWbTt85t9SZlx5ff9gZPgSutI6J_Uwejv2Yd2RuePmYXtnBUpWAtP3NiX7uFsfPeg7jrxzZ_74dO-7VpuoZ9qc4zMW29cTJsj-53e5Na3HR5y25ueUiWxR5aYUADmBvp1E69u2vHDbZu7RhDkHWfg6CEGSGXb7ze6OwnWmLuEPAyiMtazhS0QKePyS7H3YS4lGoJP70mxm1r5oAGqO2U6432uoY8oAYhqAemvhuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIHQiA4YBwEAEyAusCOgKAQEi9_cE6WIeZpd6a64MD-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_2RC21Yu_ULcv9n3KSn-BwBr9bsWQ%26client%3Dca-pub-3861338687785014%26adurl%3D&googlewinningprice=ZatWtAANTYUIVQreAA_NKSZAtM4kad-HRib0vQ&wpc=EUR&site=hairsalon.jingames.net&slotvisibility=1&gcpm=1217123&gpos=1&bidder=bidder-rtb-production-746b898cf6-rftcx&dv=1&uuid=&suid=&brq=yz0YUshD2YULkA5vyxvrpP2KZq2Cd_kRADbwTg&ssp_id=0&l=en&ts=1705727668&uc=DE&at=1&ia=0&mai=&mat=1&ir=0&an=&rg=1&hm=aSf_Dej45RkSwbrQt6Cuj6ZMfE6PRkA8awicUziiVlY=
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 184.30.17.133 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a184-30-17-133.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://rtb.ads.travelaudience.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

unused62: 8096267
pragma: no-cache
date: Sat, 20 Jan 2024 05:14:30 GMT
last-modified: Fri, 20 May 2016 15:16:00 GMT
server: AkamaiNetStorage
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Sat, 20 Jan 2024 05:14:30 GMT

OPTIONS
H2 204 /
www.googleadservices.com/pagead/ar-adview/ Frame 0
0 100ms
52ms Preflight
text/html 216.58.206.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

216.58.206.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lcfraa-aa-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept: */*
Access-Control-Request-Headers: attribution-reporting-eligible
Access-Control-Request-Method: GET
Origin: https://googleads.g.doubleclick.net
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: attribution-reporting-eligible
access-control-allow-methods: POST, GET, OPTIONS
access-control-allow-origin: https://googleads.g.doubleclick.net
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
content-type: text/html; charset=UTF-8
date: Sat, 20 Jan 2024 05:14:30 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 5532 0
20 B 56ms
56ms Image
image/gif 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=44&t=2&bgai=BhTHLtFarZc7TNbKD_NUPlr2wgAgAAAAAOAHgBAI&bg=!SEulSwTNAAa8BdJLnAU7ADQBe5WfOIzeh37rsIwlsnk6Mg1YEqKqMUQQJlxdXMMBrRhQ9o9y-Dyt1FWb0ox7Nb-z17IzAgAAAGRSAAAAAWgBB5kC2yVV4HyAidwTdMetHh6P5hHrgGukNcHOXx5Jhzpl9WvPmnCM17u-ZLvhjsxsHwOQO5gqadxpam22FDhSNKnyD3CZnCSlgeNnZXag85dGrDDpbXV3jU3IzXJf9xBEIEF4EUzymkuJYYN6iywK7zrznWd-r39Cpx-Z7NHLHOZzCA5cpHLPcxZY71eFW5jonn4KUf-VSxDcalNfunCeE28aPXcN4BSFYno53nGyIFlWg0V9E9I3ldLIC9nI0GUOwLw_UYU5y91yu3Gpkg533zMgG9Wg9tbENNpG1K6D4dy4Tsy1THXkKzyd7Bgh_9Rwh64zddZkr2objC3mCjzcwcAEWyWaUZjRp27zI7vZwr37DvU64UUQ53IBN5MGhEEKXyl2y73ZXaQua6Dpaxmxx6ddDlX8XPSx0zUuv0vzwfYmIYhxoTBtNvYRVADCQ0NZwTC_bIurNU1e93OWWji6K0DsQxFEATB3T3Dp-fFLL-_9SrilJEIqBug9XVFQIZKsDBN2JTu-Y5yG2POULSiOMcdEpzigfCnKfNKZ5wOV33_2Wicqfh0FRc6Rne9R1eVnmvVllQs27boswghx4xEAhuROjJ8537a8emvCd73Ss44DzjO6ov_kQHWl8MOW1az_E-pQWbAVWXC6yPmoxKFGRJlVdzpxpheSR0yy7-EHdxr6VsByDtclPorrxWBjT4LoGw0vSuiNMABm2pyGCTvRv4jiGdgFnLjMGXrmcCdZjbc-PFE1kuiMJyaYxfDOjdhP6njzMgy4VD-qRTYGHXgTg6dSa9zsyW8KsChr4idsTTYBngYmu3NglrK_08wW6AeDP2883zlhDWUn6wZh7kQjDtnclHCdFWFhAMh7mLvZfSLzmucEFhQ-kHwoRtQNF2zQo9dEyeSRTaU7ZkV6oMtZi5a6QB8n-GyVaCZFznuQ3aiUsGTYFcFr5ql53Spq8CAcrKkxNnz-ITQCS9p7NBtH

Requested by

Host: hairsalon.jingames.net
URL: https://hairsalon.jingames.net/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 20 Jan 2024 05:14:30 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 pixel.gif
travel198849194933.s.moatpixel.com/ Frame 4E30 43 B
265 B 111ms
31ms Image
image/gif 2.18.161.148
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://travel198849194933.s.moatpixel.com/pixel.gif?m=1&iv=0&tuv=-1&tet=0&fi=0&apd=458&ui=0&uit=0&h=0&th=-1&s=-1&ts=-1&bfa=-1&d=hairsalon.jingames.net&L1id=1000249&L2id=50000316&L3id=60020881&L4id=70019635&S1id=googleads.g.doubleclick.net&S2id=728x90&ord=1705727669443&r=513583707870&t=meas&os=0&fi2=0&div1=0&ait=0&zMoatSubdomain=hairsalon.jingames.net&zMoatIMPID=yz0YUshD2YULkA5vyxvrpP2KZq2Cd_kRADbwTg&bedc=1&nosend&q=1&nu=1&ib=0&dc=1&ob=0&oh=0&lt=1&ab=0&n=1&nm=1&sp=0&pt=0
Requested by: Host: rtb.ads.travelaudience.com
URL: https://rtb.ads.travelaudience.com/rtb?ads=1000249.2.0.70019635.0.0..0.DE.-1..7sOMk32o1KNqb38Y2MsA0w%3D%3D.60020881.OTk5JTJjMQ==...7sOMk32o1KNqb38Y2MsA0w%3D%3D.a3M9OmRwPTpycz06ZHB0PTpkcGQ9OnJ0ZD06b2lhPQ==.2.0&p=90000&x=728&y=90&click=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCG4nRtFarZYWbNd6V1PIPqZq_qA3KkbX7ctPipc7RCsCNtwEQASAAYJWCgICwB4IBF2NhLXB1Yi0zODYxMzM4Njg3Nzg1MDE0yAEJqQKdimvoZUiyPqgDAcgDAqoE1AFP0O43-9yflwMpCIL4jv9Mg5NiUPlT63WYSjkhKMUWFPyFrBn8ZZ62JrcGJGLqsdH91RZqtrq3vlTsTWbTt85t9SZlx5ff9gZPgSutI6J_Uwejv2Yd2RuePmYXtnBUpWAtP3NiX7uFsfPeg7jrxzZ_74dO-7VpuoZ9qc4zMW29cTJsj-53e5Na3HR5y25ueUiWxR5aYUADmBvp1E69u2vHDbZu7RhDkHWfg6CEGSGXb7ze6OwnWmLuEPAyiMtazhS0QKePyS7H3YS4lGoJP70mxm1r5oAGqO2U6432uoY8oAYhqAemvhuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIHQiA4YBwEAEyAusCOgKAQEi9_cE6WIeZpd6a64MD-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_2RC21Yu_ULcv9n3KSn-BwBr9bsWQ%26client%3Dca-pub-3861338687785014%26adurl%3D&googlewinningprice=ZatWtAANTYUIVQreAA_NKSZAtM4kad-HRib0vQ&wpc=EUR&site=hairsalon.jingames.net&slotvisibility=1&gcpm=1217123&gpos=1&bidder=bidder-rtb-production-746b898cf6-rftcx&dv=1&uuid=&suid=&brq=yz0YUshD2YULkA5vyxvrpP2KZq2Cd_kRADbwTg&ssp_id=0&l=en&ts=1705727668&uc=DE&at=1&ia=0&mai=&mat=1&ir=0&an=&rg=1&hm=aSf_Dej45RkSwbrQt6Cuj6ZMfE6PRkA8awicUziiVlY=
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.18.161.148 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-161-148.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://rtb.ads.travelaudience.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

unused62: 8096267
pragma: no-cache
date: Sat, 20 Jan 2024 05:14:30 GMT
last-modified: Fri, 20 May 2016 15:16:00 GMT
server: AkamaiNetStorage
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Sat, 20 Jan 2024 05:14:30 GMT

GET
H2 200 pixel.gif
travel198849194933.s.moatpixel.com/ Frame 4E30 43 B
265 B 110ms
30ms Image
image/gif 2.18.161.148
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://travel198849194933.s.moatpixel.com/pixel.gif?m=1&iv=0&tuv=-1&tet=8&fi=1&apd=474&ui=0&uit=0&h=0&th=-1&s=-1&ts=-1&bfa=-1&d=hairsalon.jingames.net&L1id=1000249&L2id=50000316&L3id=60020881&L4id=70019635&S1id=googleads.g.doubleclick.net&S2id=728x90&ord=1705727669443&r=513583707870&t=hdn&os=1&fi2=0&div1=0&ait=0&zMoatSubdomain=hairsalon.jingames.net&zMoatIMPID=yz0YUshD2YULkA5vyxvrpP2KZq2Cd_kRADbwTg&bedc=1&nosend&q=2&nu=1&ib=0&dc=1&ob=0&oh=0&lt=1&ab=0&n=1&nm=1&sp=0&pt=0
Requested by: Host: rtb.ads.travelaudience.com
URL: https://rtb.ads.travelaudience.com/rtb?ads=1000249.2.0.70019635.0.0..0.DE.-1..7sOMk32o1KNqb38Y2MsA0w%3D%3D.60020881.OTk5JTJjMQ==...7sOMk32o1KNqb38Y2MsA0w%3D%3D.a3M9OmRwPTpycz06ZHB0PTpkcGQ9OnJ0ZD06b2lhPQ==.2.0&p=90000&x=728&y=90&click=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCG4nRtFarZYWbNd6V1PIPqZq_qA3KkbX7ctPipc7RCsCNtwEQASAAYJWCgICwB4IBF2NhLXB1Yi0zODYxMzM4Njg3Nzg1MDE0yAEJqQKdimvoZUiyPqgDAcgDAqoE1AFP0O43-9yflwMpCIL4jv9Mg5NiUPlT63WYSjkhKMUWFPyFrBn8ZZ62JrcGJGLqsdH91RZqtrq3vlTsTWbTt85t9SZlx5ff9gZPgSutI6J_Uwejv2Yd2RuePmYXtnBUpWAtP3NiX7uFsfPeg7jrxzZ_74dO-7VpuoZ9qc4zMW29cTJsj-53e5Na3HR5y25ueUiWxR5aYUADmBvp1E69u2vHDbZu7RhDkHWfg6CEGSGXb7ze6OwnWmLuEPAyiMtazhS0QKePyS7H3YS4lGoJP70mxm1r5oAGqO2U6432uoY8oAYhqAemvhuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIHQiA4YBwEAEyAusCOgKAQEi9_cE6WIeZpd6a64MD-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_2RC21Yu_ULcv9n3KSn-BwBr9bsWQ%26client%3Dca-pub-3861338687785014%26adurl%3D&googlewinningprice=ZatWtAANTYUIVQreAA_NKSZAtM4kad-HRib0vQ&wpc=EUR&site=hairsalon.jingames.net&slotvisibility=1&gcpm=1217123&gpos=1&bidder=bidder-rtb-production-746b898cf6-rftcx&dv=1&uuid=&suid=&brq=yz0YUshD2YULkA5vyxvrpP2KZq2Cd_kRADbwTg&ssp_id=0&l=en&ts=1705727668&uc=DE&at=1&ia=0&mai=&mat=1&ir=0&an=&rg=1&hm=aSf_Dej45RkSwbrQt6Cuj6ZMfE6PRkA8awicUziiVlY=
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.18.161.148 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-161-148.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://rtb.ads.travelaudience.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

unused62: 8096267
pragma: no-cache
date: Sat, 20 Jan 2024 05:14:30 GMT
last-modified: Fri, 20 May 2016 15:16:00 GMT
server: AkamaiNetStorage
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Sat, 20 Jan 2024 05:14:30 GMT

GET
H2 200 pixel.gif
travel198849194933.s.moatpixel.com/ Frame 4E30 43 B
265 B 109ms
29ms Image
image/gif 2.18.161.148
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://travel198849194933.s.moatpixel.com/pixel.gif?m=1&iv=0&tuv=-1&tet=8&fi=1&apd=474&ui=0&uit=0&h=0&th=-1&s=-1&ts=-1&bfa=-1&d=hairsalon.jingames.net&L1id=1000249&L2id=50000316&L3id=60020881&L4id=70019635&S1id=googleads.g.doubleclick.net&S2id=728x90&ord=1705727669443&r=513583707870&t=fv&os=1&fi2=0&div1=0&ait=0&zMoatSubdomain=hairsalon.jingames.net&zMoatIMPID=yz0YUshD2YULkA5vyxvrpP2KZq2Cd_kRADbwTg&bedc=1&nosend&q=3&nu=1&ib=0&dc=1&ob=0&oh=0&lt=1&ab=0&n=1&nm=1&sp=0&pt=0
Requested by: Host: rtb.ads.travelaudience.com
URL: https://rtb.ads.travelaudience.com/rtb?ads=1000249.2.0.70019635.0.0..0.DE.-1..7sOMk32o1KNqb38Y2MsA0w%3D%3D.60020881.OTk5JTJjMQ==...7sOMk32o1KNqb38Y2MsA0w%3D%3D.a3M9OmRwPTpycz06ZHB0PTpkcGQ9OnJ0ZD06b2lhPQ==.2.0&p=90000&x=728&y=90&click=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCG4nRtFarZYWbNd6V1PIPqZq_qA3KkbX7ctPipc7RCsCNtwEQASAAYJWCgICwB4IBF2NhLXB1Yi0zODYxMzM4Njg3Nzg1MDE0yAEJqQKdimvoZUiyPqgDAcgDAqoE1AFP0O43-9yflwMpCIL4jv9Mg5NiUPlT63WYSjkhKMUWFPyFrBn8ZZ62JrcGJGLqsdH91RZqtrq3vlTsTWbTt85t9SZlx5ff9gZPgSutI6J_Uwejv2Yd2RuePmYXtnBUpWAtP3NiX7uFsfPeg7jrxzZ_74dO-7VpuoZ9qc4zMW29cTJsj-53e5Na3HR5y25ueUiWxR5aYUADmBvp1E69u2vHDbZu7RhDkHWfg6CEGSGXb7ze6OwnWmLuEPAyiMtazhS0QKePyS7H3YS4lGoJP70mxm1r5oAGqO2U6432uoY8oAYhqAemvhuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIHQiA4YBwEAEyAusCOgKAQEi9_cE6WIeZpd6a64MD-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_2RC21Yu_ULcv9n3KSn-BwBr9bsWQ%26client%3Dca-pub-3861338687785014%26adurl%3D&googlewinningprice=ZatWtAANTYUIVQreAA_NKSZAtM4kad-HRib0vQ&wpc=EUR&site=hairsalon.jingames.net&slotvisibility=1&gcpm=1217123&gpos=1&bidder=bidder-rtb-production-746b898cf6-rftcx&dv=1&uuid=&suid=&brq=yz0YUshD2YULkA5vyxvrpP2KZq2Cd_kRADbwTg&ssp_id=0&l=en&ts=1705727668&uc=DE&at=1&ia=0&mai=&mat=1&ir=0&an=&rg=1&hm=aSf_Dej45RkSwbrQt6Cuj6ZMfE6PRkA8awicUziiVlY=
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.18.161.148 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-161-148.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://rtb.ads.travelaudience.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

unused62: 8096267
pragma: no-cache
date: Sat, 20 Jan 2024 05:14:30 GMT
last-modified: Fri, 20 May 2016 15:16:00 GMT
server: AkamaiNetStorage
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Sat, 20 Jan 2024 05:14:30 GMT

GET
H2 200 pixel.gif
travel198849194933.s.moatpixel.com/ Frame 4E30 43 B
265 B 61ms
32ms Image
image/gif 2.18.161.148
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://travel198849194933.s.moatpixel.com/pixel.gif?m=1&iv=0&tuv=-1&tet=210&fi=1&apd=676&ui=0&uit=0&h=0&th=-1&s=-1&ts=-1&bfa=-1&d=hairsalon.jingames.net&L1id=1000249&L2id=50000316&L3id=60020881&L4id=70019635&S1id=googleads.g.doubleclick.net&S2id=728x90&ord=1705727669443&r=513583707870&t=nht&os=1&fi2=0&div1=0&ait=0&zMoatSubdomain=hairsalon.jingames.net&zMoatIMPID=yz0YUshD2YULkA5vyxvrpP2KZq2Cd_kRADbwTg&bedc=1&nosend&q=4&nu=1&ib=0&dc=1&ob=0&oh=0&lt=1&ab=0&n=1&nm=1&sp=0&pt=0
Requested by: Host: rtb.ads.travelaudience.com
URL: https://rtb.ads.travelaudience.com/rtb?ads=1000249.2.0.70019635.0.0..0.DE.-1..7sOMk32o1KNqb38Y2MsA0w%3D%3D.60020881.OTk5JTJjMQ==...7sOMk32o1KNqb38Y2MsA0w%3D%3D.a3M9OmRwPTpycz06ZHB0PTpkcGQ9OnJ0ZD06b2lhPQ==.2.0&p=90000&x=728&y=90&click=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCG4nRtFarZYWbNd6V1PIPqZq_qA3KkbX7ctPipc7RCsCNtwEQASAAYJWCgICwB4IBF2NhLXB1Yi0zODYxMzM4Njg3Nzg1MDE0yAEJqQKdimvoZUiyPqgDAcgDAqoE1AFP0O43-9yflwMpCIL4jv9Mg5NiUPlT63WYSjkhKMUWFPyFrBn8ZZ62JrcGJGLqsdH91RZqtrq3vlTsTWbTt85t9SZlx5ff9gZPgSutI6J_Uwejv2Yd2RuePmYXtnBUpWAtP3NiX7uFsfPeg7jrxzZ_74dO-7VpuoZ9qc4zMW29cTJsj-53e5Na3HR5y25ueUiWxR5aYUADmBvp1E69u2vHDbZu7RhDkHWfg6CEGSGXb7ze6OwnWmLuEPAyiMtazhS0QKePyS7H3YS4lGoJP70mxm1r5oAGqO2U6432uoY8oAYhqAemvhuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIHQiA4YBwEAEyAusCOgKAQEi9_cE6WIeZpd6a64MD-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_2RC21Yu_ULcv9n3KSn-BwBr9bsWQ%26client%3Dca-pub-3861338687785014%26adurl%3D&googlewinningprice=ZatWtAANTYUIVQreAA_NKSZAtM4kad-HRib0vQ&wpc=EUR&site=hairsalon.jingames.net&slotvisibility=1&gcpm=1217123&gpos=1&bidder=bidder-rtb-production-746b898cf6-rftcx&dv=1&uuid=&suid=&brq=yz0YUshD2YULkA5vyxvrpP2KZq2Cd_kRADbwTg&ssp_id=0&l=en&ts=1705727668&uc=DE&at=1&ia=0&mai=&mat=1&ir=0&an=&rg=1&hm=aSf_Dej45RkSwbrQt6Cuj6ZMfE6PRkA8awicUziiVlY=
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.18.161.148 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-161-148.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://rtb.ads.travelaudience.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

unused62: 8096267
pragma: no-cache
date: Sat, 20 Jan 2024 05:14:30 GMT
last-modified: Fri, 20 May 2016 15:16:00 GMT
server: AkamaiNetStorage
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Sat, 20 Jan 2024 05:14:30 GMT

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame 1BEA 0
19 B 61ms
61ms Image
text/html 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=Cz7KxtFarZYWbNd6V1PIPqZq_qA3KkbX7ctPipc7RCsCNtwEQASAAYJWCgICwB4IBF2NhLXB1Yi0zODYxMzM4Njg3Nzg1MDE0yAEJqQKdimvoZUiyPqgDAcgDAqoE0QFP0O43-9yflwMpCIL4jv9Mg5NiUPlT63WYSjkhKMUWFPyFrBn8ZZ62JrcGJGLqsdH91RZqtrq3vlTsTWbTt85t9SZlx5ff9gZPgSutI6J_Uwejv2Yd2RuePmYXtnBUpWAtP3NiX7uFsfPeg7jrxzZ_74dO-7VpuoZ9qc4zMW29cTJsj-53e5Na3HR5y25ueUiWxR5aYUADmBvp1E69u2vHDbZu7RhDkHWfg6DGGwAF_RIx4XPIc8d5FWKNkOxQYx6aWBc8RitVaDGVuHKZtEovWYAGqO2U6432uoY8oAYhqAemvhuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIHQiA4YBwEAEyAusCOgKAQEi9_cE6WIeZpd6a64MDgAoB-gsCCAGADAHQFQGAFwGyFxoKGBIUcHViLTM4NjEzMzg2ODc3ODUwMTQYAA&sigh=VikV4EBkmAQ&uach_m=%5BUACH%5D&cid=CAQSTwAvHhf_qnwqSZ2qTG-2LIAs4-5biM76rJhm53DGEW44IxhpIMIOr6Q3DaqmdRU6AU_GtWypP3iBvuvQn7ona3nAuvvdp8sKDErt0fUh9fUYAQ&cbvp=2&vis=1

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3861338687785014&output=html&h=90&slotname=9914328682&adk=2757561866&adf=178305755&pi=t.ma~as.9914328682&w=728&lmt=1705727668&format=728x90&url=https%3A%2F%2Fhairsalon.jingames.net%2F&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1705727668597&bpp=2&bdt=340&idt=233&shv=r20240118&mjsv=m202401170101&ptt=9&saldr=aa&abxe=1&correlator=2853118610858&frm=20&pv=2&ga_vid=1594399411.1705727669&ga_sid=1705727669&ga_hid=1161117567&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=262&ady=601&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=95320239%2C44759876%2C44759927%2C44808398%2C42531706%2C42532523%2C44809531%2C31080557%2C95321958%2C95321627%2C95322163&oid=2&pvsid=3770801778785737&tmod=1696652066&uas=0&nvt=1&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeE%7C&abl=CS&pfx=0&fu=0&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=1&uci=a!1&fsb=1&dtd=245
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Sat, 20 Jan 2024 05:14:30 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 1BEA 42 B
64 B 102ms
56ms Fetch
image/gif 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsub0wUQ0rVpfLFrwdOiSXoB0ty-2WSLWuI5d_2UGZSe1H7M_xsD9EwQyVD1WZVIEtJV7yzveO16jSaNHHxTTCrhhDoM3nNmomdiw5QyhStV4K5K4DN8uA&sig=Cg0ArKJSzFAiWaWHwG0bEAE&id=lidar2&mcvt=1000&p=0,0,90,728&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20240117&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=20&adk=2757561866&rs=2&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0%3D&vs=4&r=v&rst=1705727668844&rpt=463&met=ie&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 20 Jan 2024 05:14:30 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 reactive_library_fy2021.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202401170101/ 161 KB
55 KB 73ms
73ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202401170101/reactive_library_fy2021.js?bust=31080557

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

2cfd6cd94995636a960ebbb22aa18f5b3f38caaf9abca7fbe54b2a30f481e5de

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hairsalon.jingames.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Sat, 20 Jan 2024 05:14:30 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 56328
x-xss-protection: 0
server: cafe
etag: 18365464150223851276
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=1209600
timing-allow-origin: *
expires: Sat, 20 Jan 2024 05:14:30 GMT

GET
H3 200 zrt_lookup_fy2021.html Show response
googleads.g.doubleclick.net/pagead/html/r20240118/r20110914/ Frame 7779 9 KB
4 KB 23ms
23ms Document
text/html 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20240118/r20110914/zrt_lookup_fy2021.html?fsb=1

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e93b8c0ae5b5910b7107c8b455eda029935c56efa8de0be2443d8eabba207197

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://hairsalon.jingames.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 16138
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4173
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sat, 20 Jan 2024 00:45:32 GMT
etag: 9219409622527106327
expires: Sat, 03 Feb 2024 00:45:32 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 zrt_lookup_fy2021.html Show response
googleads.g.doubleclick.net/pagead/html/r20240118/r20110914/ Frame CB27 9 KB
4 KB 23ms
22ms Document
text/html 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20240118/r20110914/zrt_lookup_fy2021.html?fsb=1

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e93b8c0ae5b5910b7107c8b455eda029935c56efa8de0be2443d8eabba207197

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://hairsalon.jingames.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 16138
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4173
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sat, 20 Jan 2024 00:45:32 GMT
etag: 9219409622527106327
expires: Sat, 03 Feb 2024 00:45:32 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 zrt_lookup_fy2021.html Show response
googleads.g.doubleclick.net/pagead/html/r20240118/r20110914/ Frame C30B 9 KB
4 KB 23ms
23ms Document
text/html 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20240118/r20110914/zrt_lookup_fy2021.html?fsb=1

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e93b8c0ae5b5910b7107c8b455eda029935c56efa8de0be2443d8eabba207197

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://hairsalon.jingames.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 16138
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4173
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sat, 20 Jan 2024 00:45:32 GMT
etag: 9219409622527106327
expires: Sat, 03 Feb 2024 00:45:32 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 zrt_lookup_fy2021.html Show response
googleads.g.doubleclick.net/pagead/html/r20240118/r20110914/ Frame 5A24 9 KB
4 KB 25ms
25ms Document
text/html 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20240118/r20110914/zrt_lookup_fy2021.html?fsb=1

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e93b8c0ae5b5910b7107c8b455eda029935c56efa8de0be2443d8eabba207197

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://hairsalon.jingames.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 16138
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4173
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sat, 20 Jan 2024 00:45:32 GMT
etag: 9219409622527106327
expires: Sat, 03 Feb 2024 00:45:32 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 css2
fonts.googleapis.com/ Frame 7779 4 KB
767 B 31ms
31ms Stylesheet
text/css 2a00:1450:4001:80b::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Roboto:wght@400;700&display=swap

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240118/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

2d0922bd18f06df3c7413fcd6a3f1c5ec9545b4b07b131e362f30df7275fc058

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Sat, 20 Jan 2024 05:14:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Sat, 20 Jan 2024 03:25:19 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Sat, 20 Jan 2024 05:14:30 GMT

GET
H2 200 feedback_grey600_24dp.png
www.gstatic.com/images/icons/material/system/2x/ Frame 7779 205 B
296 B 23ms
22ms Image
image/png 2a00:1450:4001:82a::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/images/icons/material/system/2x/feedback_grey600_24dp.png

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240118/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4d45982f2dc34f36c9045ee46a75a1943666bb7fd64e103cac8c7429e7012840

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Wed, 17 Jan 2024 09:40:51 GMT
x-content-type-options: nosniff
age: 243219
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 205
x-xss-protection: 0
last-modified: Thu, 20 Jul 2023 22:48:00 GMT
server: sffe
vary: Origin
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
expires: Thu, 16 Jan 2025 09:40:51 GMT

GET
H2 200 settings_grey600_24dp.png
www.gstatic.com/images/icons/material/system/2x/ Frame 7779 604 B
920 B 22ms
21ms Image
image/png 2a00:1450:4001:82a::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/images/icons/material/system/2x/settings_grey600_24dp.png

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240118/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5c4a713ee4250851232be9f9f68d41586be39b299528cfc7266e0b0e7e582e1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Thu, 18 Jan 2024 21:39:38 GMT
x-content-type-options: nosniff
age: 113692
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 604
x-xss-protection: 0
last-modified: Thu, 20 Jul 2023 22:48:00 GMT
server: sffe
vary: Origin
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
expires: Fri, 17 Jan 2025 21:39:38 GMT

GET
H3 200 fullscreen_api_adapter_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240118/r20110914/elements/html/ Frame 7779 16 KB
7 KB 24ms
23ms Script
text/javascript 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240118/r20110914/elements/html/fullscreen_api_adapter_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240118/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

972f7a26f860f2f122dcf2a4c5cae616df3a4a83e0c8318a1afb824c766fb651

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Fri, 19 Jan 2024 22:06:14 GMT
content-encoding: br
x-content-type-options: nosniff
age: 25696
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6823
x-xss-protection: 0
server: cafe
etag: 11129212757755515379
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 02 Feb 2024 22:06:14 GMT

GET
H3 200 interstitial_ad_frame_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240118/r20110914/elements/html/ Frame 7779 22 KB
9 KB 24ms
24ms Script
text/javascript 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240118/r20110914/elements/html/interstitial_ad_frame_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240118/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7a519c62e734157227e61ce5209158e1b7b484b5f2b68e3ccaed1ffe444de36d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Fri, 19 Jan 2024 18:45:31 GMT
content-encoding: br
x-content-type-options: nosniff
age: 37739
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9422
x-xss-protection: 0
server: cafe
etag: 10624764489894593518
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 02 Feb 2024 18:45:31 GMT

GET
H3 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240118/r20110914/ Frame CB27 23 KB
9 KB 22ms
22ms Script
text/javascript 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240118/r20110914/abg_lite_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240118/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

428f4d59e61cdf9887ad4cd7c4592a24b214d2d9c0ba09db01c4cfde66a3cd11

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Fri, 19 Jan 2024 09:16:21 GMT
content-encoding: br
x-content-type-options: nosniff
age: 71889
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9276
x-xss-protection: 0
server: cafe
etag: 3558958386372919956
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 02 Feb 2024 09:16:21 GMT

GET
H3 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 6720 143 B
166 B 23ms
22ms Document
text/html 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240118/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/html/r20240118/r20110914/zrt_lookup_fy2021.html?fsb=1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 2170
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=3600
content-encoding: gzip
content-length: 145
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sat, 20 Jan 2024 04:38:20 GMT
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 redir.html Show response
p4-gob2hisaziwjy-yty4insc2c5hbnlr-if-v6exp3-v4.metric.gstatic.com/v6exp3/ Frame 5834 247 B
868 B 121ms
29ms Document
text/html 142.250.186.67
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://p4-gob2hisaziwjy-yty4insc2c5hbnlr-if-v6exp3-v4.metric.gstatic.com/v6exp3/redir.html

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240118/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.67 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f3.1e100.net

Software

sffe /

Resource Hash

b51b2124e1b05c4adea0aa2d077823edcba650405f9a7902ead8f1d1b4fe0a32

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, must-revalidate
content-encoding: gzip
content-length: 203
content-security-policy-report-only: script-src 'nonce-l7EDIgxeN__lBHvlDVbccA' 'report-sample' 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' http: https:; object-src 'none'; report-uri https://csp.withgoogle.com/csp/static-on-bigtable; base-uri 'none'
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
cross-origin-resource-policy: cross-origin
date: Sat, 20 Jan 2024 05:14:30 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
last-modified: Tue, 14 Nov 2023 14:08:00 GMT
pragma: no-cache
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240118/r20110914/client/ Frame CB27 3 KB
1 KB 29ms
28ms Script
text/javascript 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240118/r20110914/client/window_focus_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240118/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Fri, 19 Jan 2024 18:40:08 GMT
content-encoding: br
x-content-type-options: nosniff
age: 38062
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 02 Feb 2024 18:40:08 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240118/r20110914/client/ Frame CB27 20 KB
8 KB 24ms
23ms Script
text/javascript 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240118/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240118/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d58acf16b5e4521c9eb24fe9fd97308e5f8be1297e4b63a547e5b610611799ae

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Fri, 19 Jan 2024 18:29:17 GMT
content-encoding: br
x-content-type-options: nosniff
age: 38713
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8492
x-xss-protection: 0
server: cafe
etag: 9878124937798820110
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 02 Feb 2024 18:29:17 GMT

GET
H3 200 15122893668453802735
tpc.googlesyndication.com/daca_images/simgad/ Frame CB27 73 KB
73 KB 42ms
42ms Image
image/png 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/daca_images/simgad/15122893668453802735

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240118/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8a501116c79996dd7937d07a9af6ed63da208ff30782e36e61181afc650e5ed2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

expires: Wed, 15 Jan 2025 19:45:16 GMT
date: Tue, 16 Jan 2024 19:45:16 GMT
x-content-type-options: nosniff
age: 293354
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 74901
x-xss-protection: 0
last-modified: Thu, 11 Jan 2024 16:56:42 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
allow-fenced-frame-automatic-beacons: true

GET
H3 200 ufs_web_display.js Show response
www.googletagservices.com/activeview/js/current/ Frame CB27 206 KB
65 KB 32ms
32ms Script
text/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240118/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

69c32d8650b1e5f0bcb76d787972b68a1ba327ea5bd8da7ab8ca1a04336735c0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Sat, 20 Jan 2024 05:14:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 66453
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1705495733332172"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 20 Jan 2024 05:14:30 GMT

GET
H3 200 one_click_handler_one_afma_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240118/r20110914/client/ Frame CB27 36 KB
14 KB 29ms
29ms Script
text/javascript 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240118/r20110914/client/one_click_handler_one_afma_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240118/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7e84408aa66b9c10dd6e2d630f717b4b4f03345cd77fc5360f4ccba99ce1fa74

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Fri, 19 Jan 2024 18:44:43 GMT
content-encoding: br
x-content-type-options: nosniff
age: 37787
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14790
x-xss-protection: 0
server: cafe
etag: 14910708302111541132
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 02 Feb 2024 18:44:43 GMT

GET
H3 200 15122893668453802735
tpc.googlesyndication.com/daca_images/simgad/ Frame C30B 73 KB
73 KB 41ms
41ms Image
image/png 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/daca_images/simgad/15122893668453802735

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240118/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8a501116c79996dd7937d07a9af6ed63da208ff30782e36e61181afc650e5ed2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

expires: Wed, 15 Jan 2025 19:45:16 GMT
date: Tue, 16 Jan 2024 19:45:16 GMT
x-content-type-options: nosniff
age: 293354
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 74901
x-xss-protection: 0
last-modified: Thu, 11 Jan 2024 16:56:42 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
allow-fenced-frame-automatic-beacons: true

GET
H3 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240118/r20110914/ Frame C30B 23 KB
9 KB 45ms
45ms Script
text/javascript 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240118/r20110914/abg_lite_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240118/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

428f4d59e61cdf9887ad4cd7c4592a24b214d2d9c0ba09db01c4cfde66a3cd11

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Fri, 19 Jan 2024 09:16:21 GMT
content-encoding: br
x-content-type-options: nosniff
age: 71889
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9276
x-xss-protection: 0
server: cafe
etag: 3558958386372919956
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 02 Feb 2024 09:16:21 GMT

GET
H3 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame AAC7 143 B
166 B 24ms
24ms Document
text/html 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240118/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/html/r20240118/r20110914/zrt_lookup_fy2021.html?fsb=1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 2170
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=3600
content-encoding: gzip
content-length: 145
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sat, 20 Jan 2024 04:38:20 GMT
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 redir.html Show response
p4-dnz4iljm3jnxm-seagmf7zapycik54-if-v6exp3-v4.metric.gstatic.com/v6exp3/ Frame 4685 247 B
871 B 114ms
33ms Document
text/html 216.58.212.163
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://p4-dnz4iljm3jnxm-seagmf7zapycik54-if-v6exp3-v4.metric.gstatic.com/v6exp3/redir.html

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240118/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

216.58.212.163 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s22-in-f163.1e100.net

Software

sffe /

Resource Hash

29074948764c993c33961a088c19665beb32f70d76a32c902396c3e85cca19ff

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, must-revalidate
content-encoding: gzip
content-length: 205
content-security-policy-report-only: script-src 'nonce-zIWK_KqTHOudMuTnZV4iYQ' 'report-sample' 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' http: https:; object-src 'none'; report-uri https://csp.withgoogle.com/csp/static-on-bigtable; base-uri 'none'
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
cross-origin-resource-policy: cross-origin
date: Sat, 20 Jan 2024 05:14:30 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
last-modified: Tue, 14 Nov 2023 14:08:00 GMT
pragma: no-cache
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240118/r20110914/client/ Frame C30B 3 KB
1 KB 47ms
47ms Script
text/javascript 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240118/r20110914/client/window_focus_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240118/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Fri, 19 Jan 2024 18:40:08 GMT
content-encoding: br
x-content-type-options: nosniff
age: 38062
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 02 Feb 2024 18:40:08 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240118/r20110914/client/ Frame C30B 20 KB
8 KB 23ms
23ms Script
text/javascript 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240118/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240118/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d58acf16b5e4521c9eb24fe9fd97308e5f8be1297e4b63a547e5b610611799ae

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Fri, 19 Jan 2024 18:29:17 GMT
content-encoding: br
x-content-type-options: nosniff
age: 38713
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8492
x-xss-protection: 0
server: cafe
etag: 9878124937798820110
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 02 Feb 2024 18:29:17 GMT

GET
H3 200 ufs_web_display.js Show response
www.googletagservices.com/activeview/js/current/ Frame C30B 206 KB
65 KB 47ms
47ms Script
text/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240118/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

69c32d8650b1e5f0bcb76d787972b68a1ba327ea5bd8da7ab8ca1a04336735c0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Sat, 20 Jan 2024 05:14:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 66453
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1705495733332172"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 20 Jan 2024 05:14:30 GMT

GET
H3 200 one_click_handler_one_afma_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240118/r20110914/client/ Frame C30B 36 KB
14 KB 47ms
47ms Script
text/javascript 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240118/r20110914/client/one_click_handler_one_afma_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240118/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7e84408aa66b9c10dd6e2d630f717b4b4f03345cd77fc5360f4ccba99ce1fa74

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Fri, 19 Jan 2024 18:44:43 GMT
content-encoding: br
x-content-type-options: nosniff
age: 37787
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14790
x-xss-protection: 0
server: cafe
etag: 14910708302111541132
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 02 Feb 2024 18:44:43 GMT

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 82B9 0
19 B 62ms
61ms Document
text/html 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CLbFxQEQq9bcARjD-r7cATAB&v=APEucNWRs6Qf0hC4CQ5Uw1689aY9nYthKc1vJaBWjhfuIlHmNPskLdiD0DhHKVbNoOBpD4l5T_2AXavu9ZFQRDaW3JM3W_CyOw

Requested by

Host: hairsalon.jingames.net
URL: https://hairsalon.jingames.net/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/html/r20240118/r20110914/zrt_lookup_fy2021.html?fsb=1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sat, 20 Jan 2024 05:14:30 GMT
expires: Sat, 20 Jan 2024 05:14:30 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 abg_lite_fy2021.js Show response
pagead2.googlesyndication.com/pagead/js/r20240118/r20110914/ Frame 5DB7 23 KB
9 KB 23ms
23ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20240118/r20110914/abg_lite_fy2021.js

Requested by

Host: hairsalon.jingames.net
URL: https://hairsalon.jingames.net/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

428f4d59e61cdf9887ad4cd7c4592a24b214d2d9c0ba09db01c4cfde66a3cd11

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Fri, 19 Jan 2024 18:32:08 GMT
content-encoding: br
x-content-type-options: nosniff
age: 38542
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9276
x-xss-protection: 0
server: cafe
etag: 3558958386372919956
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 02 Feb 2024 18:32:08 GMT

GET
H3 200 omrhp_fy2021.js Show response
pagead2.googlesyndication.com/pagead/js/r20240118/r20110914/elements/html/ Frame 5DB7 8 KB
3 KB 24ms
24ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20240118/r20110914/elements/html/omrhp_fy2021.js

Requested by

Host: hairsalon.jingames.net
URL: https://hairsalon.jingames.net/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef34301455784e8a56ecc7a80985d6fd317ddd8328b6232dc0bc3223d79c91c2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Fri, 19 Jan 2024 18:37:48 GMT
content-encoding: br
x-content-type-options: nosniff
age: 38202
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 3206
x-xss-protection: 0
server: cafe
etag: 12640889860211258669
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 02 Feb 2024 18:37:48 GMT

GET
H3 200 view
ad.doubleclick.net/pcs/ Frame 5DB7 0
0 66ms
65ms Fetch
image/gif 142.250.184.198
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ad.doubleclick.net/pcs/view?xai=AKAOjsv4dDPT0lfaySJQzRE9rkYNyvXGd1N_Jir-Ffo1_JA0dFpE-lKYb8FtmNBwO_9t5vLf2iyMvsXbwLXF9xndqDJ9pkY2S8NvSUVkF_5h1hSksGy1ggaN1v6hxf7G4zCGGJu-4SRIpPhJxPEAxDG80jFCNqQPIePH6vgqf9gwOV6Edh44wlAa7CSCzHrQ4fVL7cx_Lu0aITlT0HNvq-RII314qLDVb-c1u2S1v6dipbSYy6ioum_cWJRUlc9ob-mTtv-78nSvfoQyqJtLjlOg-crs1Jaz4g2jfGcVjNZO92za3gyTMMDSZNofpqQmKF1yOgkRGxO6yM-JqNQ1mduogHp6_qNQYp6IGEXNVJoBLfGfR1cvzJqTIyIwfmg05O7fcJ7XqdfwKiEypqep0UFoHzg9q0ZQKX8qOfSZfMNGgmApbkCnA6s29Pe_pIaBLRNOqGlejhSkBUAs-n3LLQVlN5eY2n1hqVAYVrkNeyvjUCzjSWlrSTMj4JSwkt8Fu6ti6ywFkpboWHroWTttMrkQx1FW94t0_0ZFvDiVYxBbcdcmqd5pH5oNifDDQnhkacT7cLO5z0ivDThdLJKK8UcKROeDisYbYcgeDakvY44_s0Svr39_8dEWdyrrm0lw7ICiXnktZhGAwK-3RQHMFsvAa8JMxmT7NYyyUG6YA0YAGg7GhFYU4HBhuKgKiqZ05VlNNbBN9Mh5HFaC2wR03B7Rn3AcAzjlmAyRxvCEOSfb-Y2xmDyHHJwI5hMtWRr7pbvLlKRVOphbD6fewuEfUjfgG-9ccGXHSW-_zPX_3yTg58gx6KuRyp7iMlFPkB5CUA6QZ3KiWxUDA4fx_yNErdKwuVJHOCs0jklpbOwbRTXTQdYqMTp_tSN4c1lRmMnWIqq5pyNEPaU_wkHPtxtokjH8qEab8PP7g5g5pGRA5x5Yd2igpfNaVJVmLY2jk9TsxsiG13pZSTf7srnx8Cb1-gY-epA3qZbFfpUS7cKPXZuG5tIYW_DQ8uslM5TiNuqJ0WiELwIkS7mVMA4yIJ5CO0gsaUXgidfWQaJ6biY_FWbj6Msy-RLSk6yUl0Is4GujethGF7vRIzu7DUT0dowlzD8Vt_0qf6zo7BUVLnuC3mHLmJi2mpGnpltXfPSgJxyveRGNndX0GKOAJ95TEFaDT0ywe1eOGetwelxK0TH36Xczmz_kiW9iHZV8hWxbjm_jCLm1LMrFk8HfN_jy9OMzNgjV3C6XHICdFG5Fn1hyPhTy_PC6ru1TP5ufPpygtiMjunwWfppl1ScM0TYAR-9xjvhHcfnF917LImaqGShx2DjhJK1e0ofDljEU50qOm8a1Brjxo7CFm0w&sai=AMfl-YSDS5FSK5rntkGh7ng0dMCDAQ2osc_jpGiJpEcY6rqqH5ilVQh3LkCRy7nM3WhkrJYtmZ400DW-3_WvaeSMbRjPsbc55q2qqPwneb_DB6wRTY9WsR5rfSHDX3X3hLUwms-1Qfmxc54fbFAvahf48NwZqqX9n_NRoMC7CIxQ7UiUldz7XPqm6jKzZGUg60tPcuWPGjvo2QzP0dJt8L-OVzuxfxFpOW-614_NusPM0O--R1JQxPbct4-LgBj1L5z1reXzngdlqF_DkC460xmGHIGnLLQuksRk4f-5PeFVJ9T4EybALRDo3Rx-dD9DYS9ABZzEwgYfL2gg6bys3ZPolVhah5FWoBkTzg6nIn3cWM731nLm9p-T7w0nNXAzhcbTGYjiZiO3vbC9UFXZTUgW33JP3r1XuF8IgZqFU6FM5E8lr0H-W4yt82CtlXMMWJSdX0UeyBkvzJ4RTPnsXR3tQCjE-WvXBtOpSMCuT-VTkJMKL8iiVAycb-THiXITx7n_U5RS5Q&sig=Cg0ArKJSzGfvAmZgEz2JEAE&uach_m=%5BUACH%5D&pr=missingexchangepricemacro&crd=aHR0cHM6Ly9maXZlcnIuY29t&fbs_aeid=%5Bgw_fbsaeid%5D&urlfix=1&omid=0&rm=1&ctpt=1&cbvp=1&cstd=0&cisv=r20240118.90219&arae=0&ftch=1&adurl=

Requested by

Host: hairsalon.jingames.net
URL: https://hairsalon.jingames.net/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.198 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f6.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Sat, 20 Jan 2024 05:14:30 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
content-type: image/gif
cache-control: private
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H3 200 Q12zgMmT.js Show response
tpc.googlesyndication.com/sodar/ Frame 5DB7 41 KB
14 KB 40ms
39ms Script
text/javascript 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Q12zgMmT.js

Requested by

Host: hairsalon.jingames.net
URL: https://hairsalon.jingames.net/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

435db380c9936c0970dcd3d9941eab6aec2fcf2a38c3e2b4e02d957e8e76bd1f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Wed, 17 Jan 2024 17:14:48 GMT
content-encoding: br
x-content-type-options: nosniff
age: 215982
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13937
x-xss-protection: 0
last-modified: Fri, 25 Aug 2023 23:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 16 Jan 2025 17:14:48 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240118/r20110914/client/ Frame 5DB7 3 KB
1 KB 46ms
45ms Script
text/javascript 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240118/r20110914/client/window_focus_fy2021.js

Requested by

Host: hairsalon.jingames.net
URL: https://hairsalon.jingames.net/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Fri, 19 Jan 2024 18:40:08 GMT
content-encoding: br
x-content-type-options: nosniff
age: 38062
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 02 Feb 2024 18:40:08 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240118/r20110914/client/ Frame 5DB7 20 KB
8 KB 24ms
23ms Script
text/javascript 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240118/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: hairsalon.jingames.net
URL: https://hairsalon.jingames.net/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d58acf16b5e4521c9eb24fe9fd97308e5f8be1297e4b63a547e5b610611799ae

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Fri, 19 Jan 2024 18:29:17 GMT
content-encoding: br
x-content-type-options: nosniff
age: 38713
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8492
x-xss-protection: 0
server: cafe
etag: 9878124937798820110
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 02 Feb 2024 18:29:17 GMT

GET
H3 200 ufs_web_display.js Show response
www.googletagservices.com/activeview/js/current/ Frame 5DB7 206 KB
65 KB 48ms
47ms Script
text/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Requested by

Host: hairsalon.jingames.net
URL: https://hairsalon.jingames.net/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

69c32d8650b1e5f0bcb76d787972b68a1ba327ea5bd8da7ab8ca1a04336735c0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Sat, 20 Jan 2024 05:14:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 66453
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1705495733332172"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 20 Jan 2024 05:14:30 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 5DB7 42 B
63 B 54ms
54ms Image
image/gif 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-A_TiqfTfv8VoZdA2fhlDOjjDU8XePDR44snJUjlRIHxlnt3swgn5vDAJeKS5m2wZnvDVyg2q1jMD3694tJl9bI6bTj17eOurXd0hDtmg6qBPxjswc

Requested by

Host: hairsalon.jingames.net
URL: https://hairsalon.jingames.net/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 20 Jan 2024 05:14:30 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 14760175816907913160
s0.2mdn.net/simgad/ Frame 5DB7 24 KB
24 KB 22ms
21ms Image
image/png 2a00:1450:4001:831::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/simgad/14760175816907913160

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240118/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

baf28ddd2dcf0a7ea32052eb7a066df465ef72054ec9d90ac2cdb981006dcb70

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

expires: Wed, 15 Jan 2025 05:28:00 GMT
date: Tue, 16 Jan 2024 05:28:00 GMT
x-content-type-options: nosniff
age: 344790
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 24186
x-xss-protection: 0
last-modified: Sun, 11 Dec 2022 07:06:41 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
allow-fenced-frame-automatic-beacons: true

GET
H3 200 css
fonts.googleapis.com/ Frame 6115 14 KB
1 KB 31ms
31ms Stylesheet
text/css 2a00:1450:4001:80b::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240118/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

aade7746342f608807b7eb107059c842fe200e1ff09e146db822250055cecaed

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Sat, 20 Jan 2024 05:14:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Sat, 20 Jan 2024 03:15:03 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Sat, 20 Jan 2024 05:14:30 GMT

GET
H3 200 load_preloaded_resource_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240118/r20110914/client/ Frame 6115 2 KB
822 B 34ms
34ms Script
text/javascript 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240118/r20110914/client/load_preloaded_resource_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240118/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

41d2526e9c4595fc1fc747555bda18a041033a863a9b2ed180e7b5836918facd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Fri, 19 Jan 2024 18:29:17 GMT
content-encoding: br
x-content-type-options: nosniff
age: 38713
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 795
x-xss-protection: 0
server: cafe
etag: 4925184154378345226
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 02 Feb 2024 18:29:17 GMT

GET
H3 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240118/r20110914/ Frame 6115 23 KB
9 KB 33ms
32ms Script
text/javascript 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240118/r20110914/abg_lite_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240118/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

428f4d59e61cdf9887ad4cd7c4592a24b214d2d9c0ba09db01c4cfde66a3cd11

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Fri, 19 Jan 2024 09:16:21 GMT
content-encoding: br
x-content-type-options: nosniff
age: 71889
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9276
x-xss-protection: 0
server: cafe
etag: 3558958386372919956
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 02 Feb 2024 09:16:21 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240118/r20110914/client/ Frame 6115 3 KB
1 KB 34ms
34ms Script
text/javascript 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240118/r20110914/client/window_focus_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240118/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Fri, 19 Jan 2024 18:40:08 GMT
content-encoding: br
x-content-type-options: nosniff
age: 38062
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 02 Feb 2024 18:40:08 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240118/r20110914/client/ Frame 6115 20 KB
8 KB 23ms
22ms Script
text/javascript 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240118/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240118/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d58acf16b5e4521c9eb24fe9fd97308e5f8be1297e4b63a547e5b610611799ae

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Fri, 19 Jan 2024 18:29:17 GMT
content-encoding: br
x-content-type-options: nosniff
age: 38713
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8492
x-xss-protection: 0
server: cafe
etag: 9878124937798820110
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 02 Feb 2024 18:29:17 GMT

GET
H3 200 ufs_web_display.js Show response
www.googletagservices.com/activeview/js/current/ Frame 6115 206 KB
65 KB 44ms
44ms Script
text/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240118/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

69c32d8650b1e5f0bcb76d787972b68a1ba327ea5bd8da7ab8ca1a04336735c0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Sat, 20 Jan 2024 05:14:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 66453
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1705495733332172"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 20 Jan 2024 05:14:30 GMT

GET
H3 200 0c5a714edd9118dc9a192723ed81c7a6.js Show response
www.gstatic.com/mysidia/ Frame 6115 37 KB
15 KB 23ms
23ms Script
text/javascript 2a00:1450:4001:82a::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/0c5a714edd9118dc9a192723ed81c7a6.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240118/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a2da484e85debdc069e2c470a27fa29be56c6cda3ee39ef3ac041e9c1fc90e9d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Wed, 17 Jan 2024 21:52:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 199315
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15431
x-xss-protection: 0
last-modified: Wed, 17 Jan 2024 21:36:12 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Tue, 16 Apr 2024 21:52:35 GMT

GET
H3

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 6720
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

0
17 B

31ms
31ms

Document
text/html

2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240118/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sat, 20 Jan 2024 05:14:30 GMT
expires: Sat, 20 Jan 2024 05:14:30 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
x-content-type-options: nosniff
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sat, 20 Jan 2024 05:14:30 GMT
location: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 view
ad.doubleclick.net/pcs/ Frame 5DB7 0
0 56ms
56ms Fetch
image/gif 142.250.184.198
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ad.doubleclick.net/pcs/view?xai=AKAOjsv4dDPT0lfaySJQzRE9rkYNyvXGd1N_Jir-Ffo1_JA0dFpE-lKYb8FtmNBwO_9t5vLf2iyMvsXbwLXF9xndqDJ9pkY2S8NvSUVkF_5h1hSksGy1ggaN1v6hxf7G4zCGGJu-4SRIpPhJxPEAxDG80jFCNqQPIePH6vgqf9gwOV6Edh44wlAa7CSCzHrQ4fVL7cx_Lu0aITlT0HNvq-RII314qLDVb-c1u2S1v6dipbSYy6ioum_cWJRUlc9ob-mTtv-78nSvfoQyqJtLjlOg-crs1Jaz4g2jfGcVjNZO92za3gyTMMDSZNofpqQmKF1yOgkRGxO6yM-JqNQ1mduogHp6_qNQYp6IGEXNVJoBLfGfR1cvzJqTIyIwfmg05O7fcJ7XqdfwKiEypqep0UFoHzg9q0ZQKX8qOfSZfMNGgmApbkCnA6s29Pe_pIaBLRNOqGlejhSkBUAs-n3LLQVlN5eY2n1hqVAYVrkNeyvjUCzjSWlrSTMj4JSwkt8Fu6ti6ywFkpboWHroWTttMrkQx1FW94t0_0ZFvDiVYxBbcdcmqd5pH5oNifDDQnhkacT7cLO5z0ivDThdLJKK8UcKROeDisYbYcgeDakvY44_s0Svr39_8dEWdyrrm0lw7ICiXnktZhGAwK-3RQHMFsvAa8JMxmT7NYyyUG6YA0YAGg7GhFYU4HBhuKgKiqZ05VlNNbBN9Mh5HFaC2wR03B7Rn3AcAzjlmAyRxvCEOSfb-Y2xmDyHHJwI5hMtWRr7pbvLlKRVOphbD6fewuEfUjfgG-9ccGXHSW-_zPX_3yTg58gx6KuRyp7iMlFPkB5CUA6QZ3KiWxUDA4fx_yNErdKwuVJHOCs0jklpbOwbRTXTQdYqMTp_tSN4c1lRmMnWIqq5pyNEPaU_wkHPtxtokjH8qEab8PP7g5g5pGRA5x5Yd2igpfNaVJVmLY2jk9TsxsiG13pZSTf7srnx8Cb1-gY-epA3qZbFfpUS7cKPXZuG5tIYW_DQ8uslM5TiNuqJ0WiELwIkS7mVMA4yIJ5CO0gsaUXgidfWQaJ6biY_FWbj6Msy-RLSk6yUl0Is4GujethGF7vRIzu7DUT0dowlzD8Vt_0qf6zo7BUVLnuC3mHLmJi2mpGnpltXfPSgJxyveRGNndX0GKOAJ95TEFaDT0ywe1eOGetwelxK0TH36Xczmz_kiW9iHZV8hWxbjm_jCLm1LMrFk8HfN_jy9OMzNgjV3C6XHICdFG5Fn1hyPhTy_PC6ru1TP5ufPpygtiMjunwWfppl1ScM0TYAR-9xjvhHcfnF917LImaqGShx2DjhJK1e0ofDljEU50qOm8a1Brjxo7CFm0w&sai=AMfl-YSDS5FSK5rntkGh7ng0dMCDAQ2osc_jpGiJpEcY6rqqH5ilVQh3LkCRy7nM3WhkrJYtmZ400DW-3_WvaeSMbRjPsbc55q2qqPwneb_DB6wRTY9WsR5rfSHDX3X3hLUwms-1Qfmxc54fbFAvahf48NwZqqX9n_NRoMC7CIxQ7UiUldz7XPqm6jKzZGUg60tPcuWPGjvo2QzP0dJt8L-OVzuxfxFpOW-614_NusPM0O--R1JQxPbct4-LgBj1L5z1reXzngdlqF_DkC460xmGHIGnLLQuksRk4f-5PeFVJ9T4EybALRDo3Rx-dD9DYS9ABZzEwgYfL2gg6bys3ZPolVhah5FWoBkTzg6nIn3cWM731nLm9p-T7w0nNXAzhcbTGYjiZiO3vbC9UFXZTUgW33JP3r1XuF8IgZqFU6FM5E8lr0H-W4yt82CtlXMMWJSdX0UeyBkvzJ4RTPnsXR3tQCjE-WvXBtOpSMCuT-VTkJMKL8iiVAycb-THiXITx7n_U5RS5Q&sig=Cg0ArKJSzGfvAmZgEz2JEAE&uach_m=%5BUACH%5D&pr=missingexchangepricemacro&crd=aHR0cHM6Ly9maXZlcnIuY29t&fbs_aeid=%5Bgw_fbsaeid%5D&urlfix=1&omid=0&rm=1&ctpt=32&vt=11&dtpt=31&dett=2&cstd=0&cisv=r20240118.90219&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&arae=0&ftch=1&adurl=

Requested by

Host: hairsalon.jingames.net
URL: https://hairsalon.jingames.net/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.198 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f6.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Sat, 20 Jan 2024 05:14:30 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H3

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame AAC7
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

0
17 B

33ms
33ms

Document
text/html

2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240118/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sat, 20 Jan 2024 05:14:30 GMT
expires: Sat, 20 Jan 2024 05:14:30 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
x-content-type-options: nosniff
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sat, 20 Jan 2024 05:14:30 GMT
location: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame 5DB7 218 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 8fbcb9fbc0660bb29558e573b5f77830fa3cbfd507fb956e34ecd87fbd9a6bc1

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 62bHydCX.html Show response
tpc.googlesyndication.com/sodar/ Frame 73EE 38 KB
13 KB 22ms
22ms Document
text/html 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/62bHydCX.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Q12zgMmT.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

eb66c7c9d097d5ba414230f422484c17fa6f37157d30e1ded2cc5f65a9667987

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 215982
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: br
content-length: 13045
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Wed, 17 Jan 2024 17:14:48 GMT
expires: Thu, 16 Jan 2025 17:14:48 GMT
last-modified: Fri, 25 Aug 2023 23:48:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 redir.html Show response
p4-gr7imatle26v2-atfeu735tl3tbcne-if-v6exp3-v4.metric.gstatic.com/v6exp3/ Frame B484 247 B
869 B 105ms
29ms Document
text/html 172.217.16.195
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://p4-gr7imatle26v2-atfeu735tl3tbcne-if-v6exp3-v4.metric.gstatic.com/v6exp3/redir.html

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240118/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.16.195 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s65-in-f3.1e100.net

Software

sffe /

Resource Hash

69024dded9c8fd077ecdb2b23393648739944d00d8f342cdcc6a74f791ec1eb0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, must-revalidate
content-encoding: gzip
content-length: 204
content-security-policy-report-only: script-src 'nonce-QNTAS-0tjYnON3QxGm7iVA' 'report-sample' 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' http: https:; object-src 'none'; report-uri https://csp.withgoogle.com/csp/static-on-bigtable; base-uri 'none'
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
cross-origin-resource-policy: cross-origin
date: Sat, 20 Jan 2024 05:14:30 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
last-modified: Tue, 14 Nov 2023 14:08:00 GMT
pragma: no-cache
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 iframe.html Show response
p4-gob2hisaziwjy-yty4insc2c5hbnlr-if-v6exp3-v4.metric.gstatic.com/v6exp3/ Frame 5834 5 KB
2 KB 33ms
32ms Document
text/html 142.250.186.67
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://p4-gob2hisaziwjy-yty4insc2c5hbnlr-if-v6exp3-v4.metric.gstatic.com/v6exp3/iframe.html

Requested by

Host: p4-gob2hisaziwjy-yty4insc2c5hbnlr-if-v6exp3-v4.metric.gstatic.com
URL: https://p4-gob2hisaziwjy-yty4insc2c5hbnlr-if-v6exp3-v4.metric.gstatic.com/v6exp3/redir.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.67 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f3.1e100.net

Software

sffe /

Resource Hash

a072165dfa15da0a8aee8ccdbb0843f4164a6c2b2a15e19c34bc77a2f91f3584

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://p4-gob2hisaziwjy-yty4insc2c5hbnlr-if-v6exp3-v4.metric.gstatic.com/v6exp3/redir.html
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, must-revalidate
content-encoding: gzip
content-length: 1987
content-security-policy-report-only: script-src 'nonce-nPqfPzVGQPx7rhHhCLLJDA' 'report-sample' 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' http: https:; object-src 'none'; report-uri https://csp.withgoogle.com/csp/static-on-bigtable; base-uri 'none'
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
cross-origin-resource-policy: cross-origin
date: Sat, 20 Jan 2024 05:14:30 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
last-modified: Tue, 14 Nov 2023 14:08:00 GMT
pragma: no-cache
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 iframe.html Show response
p4-dnz4iljm3jnxm-seagmf7zapycik54-if-v6exp3-v4.metric.gstatic.com/v6exp3/ Frame 4685 5 KB
2 KB 31ms
30ms Document
text/html 216.58.212.163
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://p4-dnz4iljm3jnxm-seagmf7zapycik54-if-v6exp3-v4.metric.gstatic.com/v6exp3/iframe.html

Requested by

Host: p4-dnz4iljm3jnxm-seagmf7zapycik54-if-v6exp3-v4.metric.gstatic.com
URL: https://p4-dnz4iljm3jnxm-seagmf7zapycik54-if-v6exp3-v4.metric.gstatic.com/v6exp3/redir.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

216.58.212.163 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s22-in-f163.1e100.net

Software

sffe /

Resource Hash

0d8d391ec8ac8402e5c8421f04626dc9757a39d4c9660f06db77562f8f9d6aa7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://p4-dnz4iljm3jnxm-seagmf7zapycik54-if-v6exp3-v4.metric.gstatic.com/v6exp3/redir.html
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, must-revalidate
content-encoding: gzip
content-length: 1985
content-security-policy-report-only: script-src 'nonce-MSP180K2kNKdayoDgFeOUA' 'report-sample' 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' http: https:; object-src 'none'; report-uri https://csp.withgoogle.com/csp/static-on-bigtable; base-uri 'none'
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
cross-origin-resource-policy: cross-origin
date: Sat, 20 Jan 2024 05:14:30 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
last-modified: Tue, 14 Nov 2023 14:08:00 GMT
pragma: no-cache
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 IHSjRKKj3q_1Pt3c2sGWHmUCy_Bw5n5yhKh9CWyZSw4.js Show response
pagead2.googlesyndication.com/bg/ Frame 73EE 39 KB
15 KB 25ms
24ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/IHSjRKKj3q_1Pt3c2sGWHmUCy_Bw5n5yhKh9CWyZSw4.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/62bHydCX.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2074a344a2a3deaff53edddcdac1961e6502cbf070e67e7284a87d096c994b0e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Fri, 19 Jan 2024 14:00:04 GMT
content-encoding: br
x-content-type-options: nosniff
age: 54866
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15219
x-xss-protection: 0
last-modified: Mon, 15 Jan 2024 09:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sat, 18 Jan 2025 14:00:04 GMT

GET
DATA 200
OK truncated
/ Frame C30B 214 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 50a592b5299075b66b98f90471238e32fe7c8c27d8cecc431456099bd0ed0691

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame CB27 214 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 1599da4f699d737af16571466377b60cc4adc3ddd2513768794a22ef682cc5c3

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 WihAbdPmEAuwNNTtrWjgEsQMZ632wtWEawfwOklMupQ.js Show response
pagead2.googlesyndication.com/bg/ Frame 4E28 50 KB
19 KB 23ms
23ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/WihAbdPmEAuwNNTtrWjgEsQMZ632wtWEawfwOklMupQ.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240118/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5a28406dd3e6100bb034d4edad68e012c40c67adf6c2d5846b07f03a494cba94

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Tue, 16 Jan 2024 18:00:43 GMT
content-encoding: br
x-content-type-options: nosniff
age: 299627
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 19644
x-xss-protection: 0
last-modified: Mon, 15 Jan 2024 09:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 15 Jan 2025 18:00:43 GMT

GET
H3 200 WihAbdPmEAuwNNTtrWjgEsQMZ632wtWEawfwOklMupQ.js Show response
pagead2.googlesyndication.com/bg/ Frame AE97 50 KB
19 KB 22ms
22ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/WihAbdPmEAuwNNTtrWjgEsQMZ632wtWEawfwOklMupQ.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240118/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5a28406dd3e6100bb034d4edad68e012c40c67adf6c2d5846b07f03a494cba94

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Tue, 16 Jan 2024 18:00:43 GMT
content-encoding: br
x-content-type-options: nosniff
age: 299627
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 19644
x-xss-protection: 0
last-modified: Mon, 15 Jan 2024 09:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 15 Jan 2025 18:00:43 GMT

GET
H3

200

/
www.googleadservices.com/pagead/ar-adview/ Frame CB27
Redirect Chain

https://googleads.g.doubleclick.net/pagead/adview?ai=Ccfu0tFarZb6_O6TPn88P-9KLyA_Oo_qUdc74suSREsCa1vyKDhABIMX6zh9glYKAgLAHoAGcr_uoAsgBAqgDAcgDyQSqBOQBT9CrLJH30HPWT6_28nf9X3fARdQ2ExDRlqKgDMRQhyEdBqv...
https://www.googleadservices.com/pagead/ar-adview/?nrh={%22debug_key%22:%2211750429039907521324%22,%22debug_reporting%22:true,%22destination%22:%22https://hero-wars.com%22,%22event_report_window%22...

0
0

54ms
54ms

Fetch
text/css

216.58.206.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/ar-adview/?nrh={%22debug_key%22:%2211750429039907521324%22,%22debug_reporting%22:true,%22destination%22:%22https://hero-wars.com%22,%22event_report_window%22:%22259200%22,%22expiry%22:%222592000%22,%22filter_data%22:{%222%22:[%22622778268%22],%2222%22:[%22true%22],%224%22:[%2201-20%22],%226%22:[%22true%22]},%22priority%22:%22500%22,%22source_event_id%22:%224707081082431429249%22}&andc=true

Requested by

Host: hairsalon.jingames.net
URL: https://hairsalon.jingames.net/

Protocol

Server

216.58.206.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lcfraa-aa-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Sat, 20 Jan 2024 05:14:30 GMT
x-content-type-options: nosniff
attribution-reporting-register-source: {"debug_key":"11750429039907521324","debug_reporting":true,"destination":"https://hero-wars.com","event_report_window":"259200","expiry":"2592000","filter_data":{"2":["622778268"],"22":["true"],"4":["01-20"],"6":["true"]},"priority":"500","source_event_id":"4707081082431429249"}
server: cafe
content-type: text/css; charset=UTF-8
access-control-allow-origin: https://googleads.g.doubleclick.net
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: private
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Sat, 20 Jan 2024 05:14:30 GMT

Redirect headers

content-security-policy: script-src 'none'; object-src 'none'
date: Sat, 20 Jan 2024 05:14:30 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
location: https://www.googleadservices.com/pagead/ar-adview/?nrh={"debug_key":"11750429039907521324","debug_reporting":true,"destination":"https://hero-wars.com","event_report_window":"259200","expiry":"2592000","filter_data":{"2":["622778268"],"22":["true"],"4":["01-20"],"6":["true"]},"priority":"500","source_event_id":"4707081082431429249"}&andc=true
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H3

200

/
www.googleadservices.com/pagead/ar-adview/ Frame C30B
Redirect Chain

https://googleads.g.doubleclick.net/pagead/adview?ai=Cv3T0tFarZb-_O6TPn88P-9KLyA_Oo_qUdc74suSREsCa1vyKDhABIMX6zh9glYKAgLAHoAGcr_uoAsgBAqgDAcgDyQSqBOQBT9Bu9bqWQ41AZKfaVesAHZ4VwNZ3QjAOmli_I_fPTJrC5-M...
https://www.googleadservices.com/pagead/ar-adview/?nrh={%22debug_key%22:%222964040596397595146%22,%22debug_reporting%22:true,%22destination%22:%22https://hero-wars.com%22,%22event_report_window%22:...

0
0

54ms
54ms

Fetch
text/css

216.58.206.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/ar-adview/?nrh={%22debug_key%22:%222964040596397595146%22,%22debug_reporting%22:true,%22destination%22:%22https://hero-wars.com%22,%22event_report_window%22:%22259200%22,%22expiry%22:%222592000%22,%22filter_data%22:{%222%22:[%22622778268%22],%2222%22:[%22true%22],%224%22:[%2201-20%22],%226%22:[%22true%22]},%22priority%22:%22500%22,%22source_event_id%22:%225880609367997881073%22}&andc=true

Requested by

Host: hairsalon.jingames.net
URL: https://hairsalon.jingames.net/

Protocol

Server

216.58.206.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lcfraa-aa-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Sat, 20 Jan 2024 05:14:30 GMT
x-content-type-options: nosniff
attribution-reporting-register-source: {"debug_key":"2964040596397595146","debug_reporting":true,"destination":"https://hero-wars.com","event_report_window":"259200","expiry":"2592000","filter_data":{"2":["622778268"],"22":["true"],"4":["01-20"],"6":["true"]},"priority":"500","source_event_id":"5880609367997881073"}
server: cafe
content-type: text/css; charset=UTF-8
access-control-allow-origin: https://googleads.g.doubleclick.net
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: private
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Sat, 20 Jan 2024 05:14:30 GMT

Redirect headers

content-security-policy: script-src 'none'; object-src 'none'
date: Sat, 20 Jan 2024 05:14:30 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
location: https://www.googleadservices.com/pagead/ar-adview/?nrh={"debug_key":"2964040596397595146","debug_reporting":true,"destination":"https://hero-wars.com","event_report_window":"259200","expiry":"2592000","filter_data":{"2":["622778268"],"22":["true"],"4":["01-20"],"6":["true"]},"priority":"500","source_event_id":"5880609367997881073"}&andc=true
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H2 200 iframe.html Show response
p4-gr7imatle26v2-atfeu735tl3tbcne-if-v6exp3-v4.metric.gstatic.com/v6exp3/ Frame B484 5 KB
2 KB 30ms
29ms Document
text/html 172.217.16.195
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://p4-gr7imatle26v2-atfeu735tl3tbcne-if-v6exp3-v4.metric.gstatic.com/v6exp3/iframe.html

Requested by

Host: p4-gr7imatle26v2-atfeu735tl3tbcne-if-v6exp3-v4.metric.gstatic.com
URL: https://p4-gr7imatle26v2-atfeu735tl3tbcne-if-v6exp3-v4.metric.gstatic.com/v6exp3/redir.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.16.195 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s65-in-f3.1e100.net

Software

sffe /

Resource Hash

070ce7644ca41bbbbf228c9f1b95663a995a00736157443df473527b38691622

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://p4-gr7imatle26v2-atfeu735tl3tbcne-if-v6exp3-v4.metric.gstatic.com/v6exp3/redir.html
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, must-revalidate
content-encoding: gzip
content-length: 1986
content-security-policy-report-only: script-src 'nonce-IwnXykA3hF-__U_lw0VZpg' 'report-sample' 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' http: https:; object-src 'none'; report-uri https://csp.withgoogle.com/csp/static-on-bigtable; base-uri 'none'
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
cross-origin-resource-policy: cross-origin
date: Sat, 20 Jan 2024 05:14:30 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
last-modified: Tue, 14 Nov 2023 14:08:00 GMT
pragma: no-cache
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

OPTIONS
H2 204 /
www.googleadservices.com/pagead/ar-adview/ Frame 0
0 53ms
52ms Preflight
text/html 216.58.206.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

216.58.206.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lcfraa-aa-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept: */*
Access-Control-Request-Headers: attribution-reporting-eligible
Access-Control-Request-Method: GET
Origin: https://googleads.g.doubleclick.net
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: attribution-reporting-eligible
access-control-allow-methods: POST, GET, OPTIONS
access-control-allow-origin: https://googleads.g.doubleclick.net
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
content-type: text/html; charset=UTF-8
date: Sat, 20 Jan 2024 05:14:30 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

OPTIONS
H2 204 /
www.googleadservices.com/pagead/ar-adview/ Frame 0
0 53ms
52ms Preflight
text/html 216.58.206.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

216.58.206.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lcfraa-aa-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept: */*
Access-Control-Request-Headers: attribution-reporting-eligible
Access-Control-Request-Method: GET
Origin: https://googleads.g.doubleclick.net
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: attribution-reporting-eligible
access-control-allow-methods: POST, GET, OPTIONS
access-control-allow-origin: https://googleads.g.doubleclick.net
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
content-type: text/html; charset=UTF-8
date: Sat, 20 Jan 2024 05:14:30 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 16 KB
12 KB 72ms
71ms XHR
application/json 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20240118&st=env

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8aee0487a317a8bc53c72893473677b3ba4285c02fd7cd6c73c0aa809347d06b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hairsalon.jingames.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Sat, 20 Jan 2024 05:14:30 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 12501
x-xss-protection: 0

GET
H3 200 WihAbdPmEAuwNNTtrWjgEsQMZ632wtWEawfwOklMupQ.js Show response
pagead2.googlesyndication.com/bg/ Frame 8DE9 50 KB
19 KB 23ms
23ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/WihAbdPmEAuwNNTtrWjgEsQMZ632wtWEawfwOklMupQ.js

Requested by

Host: hairsalon.jingames.net
URL: https://hairsalon.jingames.net/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5a28406dd3e6100bb034d4edad68e012c40c67adf6c2d5846b07f03a494cba94

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Tue, 16 Jan 2024 18:00:43 GMT
content-encoding: br
x-content-type-options: nosniff
age: 299627
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 19644
x-xss-protection: 0
last-modified: Mon, 15 Jan 2024 09:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 15 Jan 2025 18:00:43 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 73EE 0
20 B 56ms
56ms Image
image/gif 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=44&t=2&bgai=BXDVItFarZcC_O6TPn88P-9KLyA8AAAAAOAHgBAI&bg=!DA-lD0DNAAa8BdJLnAU7ADQBe5WfOF81h44foQC_9YJJAVscZGV7-ygNapFP7OmtaXl8wW1hu88BIUhwqpu4k6RDZTddAgAAAHtSAAAAAWgBB5kDBXr51le_GCS35pVrswHAuaF0ulwR_QA8XP10Ta7x0qc8WKUJS8bwRnn-lZyQv27gv5AG3RpXmOcqhTanSWUryzechSUsZE5a5TpMNADTqU3KI37ec42z-p89ktH5_hEAoiwDda5UTjTILq63LKB32YDpAMUpN1UWMDlmkmvHWk9bLNNaoray0rRH-YEqiDLoFMssl0OcLplqmlUEFqESRrHUP6lxblt3kqnTLzKr5Gw_yqAu-znX8tm5GbHpG55NGLQkBpVLTzYbe95B27JIRa_lbqRyNLnBhiRMsSciN3EWtd-G8PaIQEQXGSwNejl9vntuhBodHPFo_pfYFOPsJKtRfcWNduXrQUtCnzsHy4PjAdSSASCEEBZ-eTefmHet14LZs0S6qHQdXTIcs95vXb1dtQN_qNQ_cdlMzS_VsNq4xYajb-uRA8l6u9W-Q0rEVg-42qPSFr_pI5Exhdb0ztZeLVYuB1fHhhxm6tbXQDVJRNVqjKDvuZ7CpmJHYV0FN-oCL75oSRZHdp6V1CVIKE3X5tqA-rk0zMYdhzJc486N9RvlQxEF8ubqYAFRCH6NpgSGJQdcRSGPqktwQowpo4kuDI17R5WZwYj7X9wMNwhBxqoHAEqbJ7u2ltsSowUYpPCjoVDhLb1SUSxR3BLQZfVFQToXvU3kPOWw6Qz_vI9ISeB_0bcJG4Nsz39GryTwoozQBEH3RGphCVaI_xVx16g_Jl9wcs7_KK25AE7mMymyKqmwACeCamkRfVCsEeeUFjpdcX-cU-wiDJ0X4SMbF-vJ2z0KdMaT4vSw3KxO_SfKGh6V1MYJQmteboaFOFgIPZ19vrfYgWrpf5vlwmMSYMYMzXoRo8sKjF0k2tSveKl-IQbBE-N0qMTPDFRbksw2J_IM_3ckE_BWbyd4brp26WqfbdhCeQnkB43D0Cht6rL_OwDCxIXFJ44pqaBN0javxaXLEatVW_kMoQBbe0hjHiwk9WGjERhQ0PvMBBif4jW4DLshGM2nQOH3QO5R5qwz8FBwGp4W

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 20 Jan 2024 05:14:30 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame D7AC 42 B
64 B 57ms
56ms Fetch
image/gif 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsvpMrBKI6sLTovlKlPIOAJebmoZD2yd_G8NuJ71Fn6a1wm_Lvg8lAVNLqUhNrM8uE0ocjcTj6aYwFHPXvWSmQlmkghUd2Y6tzttyO8jz3WX_kDyTtfCK1jP6G0kdQj5PmTuITAh8dTViRQzq8pYNttLnj-A&sai=AMfl-YS8CODM-KIijYJfsBvoLmtWRdf4Jae4ubI0d16MK12Aky95ncamoEokW0qN0UmL2hNYmkuF4-9_jcX6Z1WK5lAltvKnHnWfv0DJid5_KzvotQe4aK7NdI8qn7CU6lI-9pmzlEMLGXcEK17OYkx9&sig=Cg0ArKJSzAfk919Mkvy8EAE&cid=CAQSTgAvHhf_f56gUZwB_lEVuEZBoRH_YyZA3RlaEsTlj431IBS7l9YRruaPK7PxuSXg9lAHMjjlWELk8S-eQVgsxiVAkVOh75xP6JEqq2OwCxgB&id=lidar2&mcvt=1020&p=0,0,600,300&mtos=0,0,1020,1020,1020&tos=0,0,1020,0,0&v=20240117&bin=7&avms=nio&bs=0,0&mc=0.65&if=1&vu=1&app=0&itpl=20&adk=3543907923&rs=2&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0%3D&vs=4&r=v&rst=1705727668854&rpt=1067&met=ie&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 20 Jan 2024 05:14:30 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 pixel.gif
px.moatads.com/ Frame 4E30 43 B
265 B 24ms
24ms Image
image/gif 184.30.17.133
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px.moatads.com/pixel.gif?e=37&q=1&hp=1&ra=1&pxm=7&sgs=3&vb=-1&kq=1&lo=0&uk=null&pk=0&wk=0&rk=0&tk=0&ak=-&i=TRAVELAUDIENCE_DISPLAY1&ol=610885206&qn=%604%7BZEYwoqI%24%5BK%2BdLLU)%2CMm~tM!90vv9L%24%2FoDb%2Fz(lKm3GFlNUU%2Cu%5Bh_GcS%25%5BHvLU%5B4(K%2B%7BgeFWl_%3DNqUXR%3A%3D%2BAxMn%3Ch%2CyenA8p%2FHm%24%60%233P(ry5*ZRocMp1tq%5BN%7Bq%60RP%3CG.ceFW%7CoG%22mxT%3Bwv%40V374BKm55%3D%261fp%5BoU5t(K%25.K%24%3D!%5DxqxLmEV2fy%5D6WAJN3NZ_h)G%3E3%5D*lTr1W*d%5B4kf%2FLyUoRdByZ%3CPnKMV%25%3C%2Cbq.%22oDOk%2Cz%25GY&tf=1_nMzjG---CSa7H-nHVQZC-bW7qhB-LRwqH-nMzjG-&vi=111111&rc=2%2C1%2C0%2C3%2C3326192205%2C1%2C4%2C0%2Cprobably%2Cprobably&rb=1-xKZpxzFtVWlgP6m3tVv3EhYKQlBk9l%2Bd1Ss78ABRGBCPEpCfxlXpQB8EOC0dEk1CVCWz&rs=1-TOQdWwIJVy50og%3D%3D&sc=1&os=1-Dg%3D%3D&qp=10000&is=BBBBB2BBEYBvGl2BBCBBtUTE1RmsqbKW8BsrBu0rCFE48CRBeeBS2hWTMBBQeQBBn2soYggyUig0CBlWZ0uBBCCCCCCOgRBBiOfnE6Bkg7Oxib8MwBtJYHCBdm5kBhIcC9Y8oBXckXBR76iUUsJBCBBBBBBBBBWBBBj3BBBZeGV2BBBCMciUBBBjgEBBBBBB94UMgTdJMtEcpMBBBQBBBniOccBBBBBB47kNwxBbBBBBBBBBBhcjG6BBJM2L4Bk8BwCBQmIoRBBCzBz1BBCTClBBrbBBC4ehueB57NG9aJfR0BqBBiuwBBBB&iv=8&qt=0&gz=0&hh=0&hn=0&tw=&qc=0&qd=0&qf=728&qe=90&qh=1600&qg=1200&qm=-60&qa=1600&qb=1200&qi=1600&qj=1200&to=000&po=1-0020002000002120&vy=ot%24b%5Bh%40%22oD~T_Gr1%3E%3AB%40NVt7%3BY%3EhyMmxNXJZPV8t6%3D%3Dh_GW3r4Aj!L%3E%2BbK0pH%23H&ql=%3B%5BpwxnRd%7Dt%3Aal9EU%22y%2F.D%5B5%2F%5BGI%3Fi6%5EB61%2F%3DSqcMr1%7B%2CTu9LJJ(a.P%2B)s1(uA&qo=0&qr=0&vf=1&vg=100&bq=0&g=2&h=90&w=728&hq=0&hs=0&hu=0&hr=0&ht=1&dnt=0&zMoatGSR=1&ph=&pj=standard&zGSRC=1&gu=https%3A%2F%2Fhairsalon.jingames.net&id=0&ii=2&f=1&j=https%3A%2F%2Fgoogleads.g.doubleclick.net&lp=https%3A%2F%2Fhairsalon.jingames.net&t=1705727669443&de=513583707870&cu=1705727669443&m=1503&ar=805b0ce1b97-clean&iw=4a25902&cb=0&ym=0&ll=2&lm=2&ln=1&r=0&dl=0&nh=1&xx=undefined%3A875484570224&td=1&lk=undefined&lb=90&le=1&lf=171&lg=1&lh=15&gm=1&io=1&ch=1&vv=3&vw=0%3A3%3A0&vp=100&vx=-%3A100%3A-&pe=0%3A256%3A256%3A1044%3A783&aa=1&ad=1032&cn=8&gn=1&gk=1032&gl=8&ik=1032&ic=1032&ez=1&co=1032&cp=1284&cq=1&im=1&in=1&pd=1&nb=1&em=0&en=0&st=1&su=1&of=1&oz=1&oe=0%3A0%3A0%3Anull%3A-1%3Anull%3A-1%3Anull%3A-1&bu=1284&cd=458&ah=1284&am=458&xd=00&rf=0&re=1&wb=1&cl=0&at=0&d=1000249%3A50000316%3A60020881%3A70019635&bo=googleads.g.doubleclick.net&bd=728x90&gw=travel198849194933&zMoatOrigSlicer1=googleads.g.doubleclick.net&zMoatOrigSlicer2=728x90&zMoatDomain=jingames.net&zMoatSubdomain=hairsalon.jingames.net&zMoatSSP=0&zMoatDeal=-1&zMoatIMPID=yz0YUshD2YULkA5vyxvrpP2KZq2Cd_kRADbwTg&hv=Standard%20Image%20Ad%20finding%20&ab=1&fd=1&kt=sframe&it=500&fz=1&oq=1&ot=ff&zMoatJS=3%3A-&ti=0&ih=2&jk=4&jm=-1&tc=0&fs=207009&na=1408113991&cs=0
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 184.30.17.133 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a184-30-17-133.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://rtb.ads.travelaudience.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

unused62: 8096267
pragma: no-cache
date: Sat, 20 Jan 2024 05:14:30 GMT
last-modified: Fri, 20 May 2016 15:16:00 GMT
server: AkamaiNetStorage
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Sat, 20 Jan 2024 05:14:30 GMT

GET
H2 200 pixel.gif
travel198849194933.s.moatpixel.com/ Frame 4E30 43 B
265 B 29ms
29ms Image
image/gif 2.18.161.148
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://travel198849194933.s.moatpixel.com/pixel.gif?m=1&iv=1&tuv=1284&tet=1032&fi=1&apd=1498&ui=0&uit=0&h=0&th=-1&s=-1&ts=-1&bfa=-1&d=hairsalon.jingames.net&L1id=1000249&L2id=50000316&L3id=60020881&L4id=70019635&S1id=googleads.g.doubleclick.net&S2id=728x90&ord=1705727669443&r=513583707870&t=iv&os=1&fi2=0&div1=1&ait=0&zMoatSubdomain=hairsalon.jingames.net&zMoatIMPID=yz0YUshD2YULkA5vyxvrpP2KZq2Cd_kRADbwTg&bedc=1&nosend&q=5&nu=1&ib=0&dc=1&ob=0&oh=0&lt=1&ab=0&n=1&nm=1&sp=0&pt=0
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.18.161.148 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-161-148.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://rtb.ads.travelaudience.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

unused62: 8096267
pragma: no-cache
date: Sat, 20 Jan 2024 05:14:30 GMT
last-modified: Fri, 20 May 2016 15:16:00 GMT
server: AkamaiNetStorage
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Sat, 20 Jan 2024 05:14:30 GMT

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
6 KB 30ms
30ms Script
text/javascript 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hairsalon.jingames.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Sat, 20 Jan 2024 05:14:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Sat, 20 Jan 2024 05:14:30 GMT

GET
H2 200 pixel.gif
px.moatads.com/ Frame 4E30 43 B
265 B 24ms
23ms Image
image/gif 184.30.17.133
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px.moatads.com/pixel.gif?e=5&q=0&hp=1&ra=1&pxm=7&sgs=3&vb=-1&kq=1&lo=0&uk=null&pk=0&wk=0&rk=0&tk=0&ak=-&i=TRAVELAUDIENCE_DISPLAY1&ol=610885206&qn=%604%7BZEYwoqI%24%5BK%2BdLLU)%2CMm~tM!90vv9L%24%2FoDb%2Fz(lKm3GFlNUU%2Cu%5Bh_GcS%25%5BHvLU%5B4(K%2B%7BgeFWl_%3DNqUXR%3A%3D%2BAxMn%3Ch%2CyenA8p%2FHm%24%60%233P(ry5*ZRocMp1tq%5BN%7Bq%60RP%3CG.ceFW%7CoG%22mxT%3Bwv%40V374BKm55%3D%261fp%5BoU5t(K%25.K%24%3D!%5DxqxLmEV2fy%5D6WAJN3NZ_h)G%3E3%5D*lTr1W*d%5B4kf%2FLyUoRdByZ%3CPnKMV%25%3C%2Cbq.%22oDOk%2Cz%25GY&tf=1_nMzjG---CSa7H-nHVQZC-bW7qhB-LRwqH-nMzjG-&vi=111111&rc=2%2C1%2C0%2C3%2C3326192205%2C1%2C4%2C0%2Cprobably%2Cprobably&rb=1-xKZpxzFtVWlgP6m3tVv3EhYKQlBk9l%2Bd1Ss78ABRGBCPEpCfxlXpQB8EOC0dEk1CVCWz&rs=1-TOQdWwIJVy50og%3D%3D&sc=1&os=1-Dg%3D%3D&qp=10000&is=BBBBB2BBEYBvGl2BBCBBtUTE1RmsqbKW8BsrBu0rCFE48CRBeeBS2hWTMBBQeQBBn2soYggyUig0CBlWZ0uBBCCCCCCOgRBBiOfnE6Bkg7Oxib8MwBtJYHCBdm5kBhIcC9Y8oBXckXBR76iUUsJBCBBBBBBBBBWBBBj3BBBZeGV2BBBCMciUBBBjgEBBBBBB94UMgTdJMtEcpMBBBQBBBniOccBBBBBB47kNwxBbBBBBBBBBBhcjG6BBJM2L4Bk8BwCBQmIoRBBCzBz1BBCTClBBrbBBC4ehueB57NG9aJfR0BqBBiuwBBBB&iv=8&qt=0&gz=0&hh=0&hn=0&tw=&qc=0&qd=0&qf=728&qe=90&qh=1600&qg=1200&qm=-60&qa=1600&qb=1200&qi=1600&qj=1200&to=000&po=1-0020002000002120&vy=ot%24b%5Bh%40%22oD~T_Gr1%3E%3AB%40NVt7%3BY%3EhyMmxNXJZPV8t6%3D%3Dh_GW3r4Aj!L%3E%2BbK0pH%23H&ql=%3B%5BpwxnRd%7Dt%3Aal9EU%22y%2F.D%5B5%2F%5BGI%3Fi6%5EB61%2F%3DSqcMr1%7B%2CTu9LJJ(a.P%2B)s1(uA&qo=0&qr=0&vf=1&vg=100&bq=0&g=3&h=90&w=728&hq=0&hs=0&hu=0&hr=0&ht=1&dnt=0&zMoatGSR=1&ph=&pj=standard&zGSRC=1&gu=https%3A%2F%2Fhairsalon.jingames.net&id=0&ii=2&f=1&j=https%3A%2F%2Fgoogleads.g.doubleclick.net&lp=https%3A%2F%2Fhairsalon.jingames.net&t=1705727669443&de=513583707870&cu=1705727669443&m=1504&ar=805b0ce1b97-clean&iw=4a25902&cb=0&ym=0&ll=2&lm=2&ln=1&r=0&dl=0&nh=1&xx=undefined%3A875484570224&td=1&lk=undefined&lb=90&le=1&lf=171&lg=1&lh=15&gm=1&io=1&ch=1&vv=3&vw=0%3A3%3A0&vp=100&vx=-%3A100%3A-&pe=0%3A256%3A256%3A1044%3A783&aa=1&ad=1032&cn=1032&gn=1&gk=1032&gl=1032&ik=1032&ic=1032&ez=1&co=1032&cp=1284&cq=1&im=1&in=1&pd=1&nb=1&em=0&en=0&st=1&su=1&of=1&oz=1&oe=0%3A0%3A0%3Anull%3A-1%3Anull%3A-1%3Anull%3A-1&bu=1284&cd=1284&ah=1284&am=1284&xd=00&rf=0&re=1&wb=1&cl=0&at=0&d=1000249%3A50000316%3A60020881%3A70019635&bo=googleads.g.doubleclick.net&bd=728x90&gw=travel198849194933&zMoatOrigSlicer1=googleads.g.doubleclick.net&zMoatOrigSlicer2=728x90&zMoatDomain=jingames.net&zMoatSubdomain=hairsalon.jingames.net&zMoatSSP=0&zMoatDeal=-1&zMoatIMPID=yz0YUshD2YULkA5vyxvrpP2KZq2Cd_kRADbwTg&hv=Standard%20Image%20Ad%20finding%20&ab=1&fd=1&kt=sframe&it=500&fz=1&oq=1&ot=ff&zMoatJS=3%3A-&ti=0&ih=2&jk=4&jm=-1&tc=0&fs=207009&na=710816647&cs=0
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 184.30.17.133 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a184-30-17-133.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://rtb.ads.travelaudience.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

unused62: 8096267
pragma: no-cache
date: Sat, 20 Jan 2024 05:14:30 GMT
last-modified: Fri, 20 May 2016 15:16:00 GMT
server: AkamaiNetStorage
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Sat, 20 Jan 2024 05:14:30 GMT

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 7BA7 13 KB
5 KB 23ms
22ms Document
text/html 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://hairsalon.jingames.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 25418
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Fri, 19 Jan 2024 22:10:53 GMT
expires: Sat, 18 Jan 2025 22:10:53 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 91A5 829 B
559 B 34ms
34ms Document
text/html 2a00:1450:4001:829::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

839c0c63fe1828a2c3c75395e4a81565ea33c9badf465d256c6d1e310e3d49e8

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-_FsmZYbfpHlrcXxXTMPnqQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://hairsalon.jingames.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=300
content-encoding: gzip
content-security-policy: script-src 'report-sample' 'nonce-_FsmZYbfpHlrcXxXTMPnqQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Sat, 20 Jan 2024 05:14:31 GMT
expires: Sat, 20 Jan 2024 05:14:31 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H2 200 pixel.gif
px.moatads.com/ Frame 4E30 43 B
265 B 24ms
24ms Image
image/gif 184.30.17.133
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px.moatads.com/pixel.gif?e=37&q=2&hp=1&ra=1&pxm=7&sgs=3&vb=-1&kq=1&lo=0&uk=null&pk=0&wk=0&rk=0&tk=0&ak=-&i=TRAVELAUDIENCE_DISPLAY1&ol=610885206&qn=%604%7BZEYwoqI%24%5BK%2BdLLU)%2CMm~tM!90vv9L%24%2FoDb%2Fz(lKm3GFlNUU%2Cu%5Bh_GcS%25%5BHvLU%5B4(K%2B%7BgeFWl_%3DNqUXR%3A%3D%2BAxMn%3Ch%2CyenA8p%2FHm%24%60%233P(ry5*ZRocMp1tq%5BN%7Bq%60RP%3CG.ceFW%7CoG%22mxT%3Bwv%40V374BKm55%3D%261fp%5BoU5t(K%25.K%24%3D!%5DxqxLmEV2fy%5D6WAJN3NZ_h)G%3E3%5D*lTr1W*d%5B4kf%2FLyUoRdByZ%3CPnKMV%25%3C%2Cbq.%22oDOk%2Cz%25GY&tf=1_nMzjG---CSa7H-nHVQZC-bW7qhB-LRwqH-nMzjG-&vi=111111&rc=2%2C1%2C0%2C3%2C3326192205%2C1%2C4%2C0%2Cprobably%2Cprobably&rb=1-xKZpxzFtVWlgP6m3tVv3EhYKQlBk9l%2Bd1Ss78ABRGBCPEpCfxlXpQB8EOC0dEk1CVCWz&rs=1-TOQdWwIJVy50og%3D%3D&sc=1&os=1-Dg%3D%3D&qp=10000&is=BBBBB2BBEYBvGl2BBCBBtUTE1RmsqbKW8BsrBu0rCFE48CRBeeBS2hWTMBBQeQBBn2soYggyUig0CBlWZ0uBBCCCCCCOgRBBiOfnE6Bkg7Oxib8MwBtJYHCBdm5kBhIcC9Y8oBXckXBR76iUUsJBCBBBBBBBBBWBBBj3BBBZeGV2BBBCMciUBBBjgEBBBBBB94UMgTdJMtEcpMBBBQBBBniOccBBBBBB47kNwxBbBBBBBBBBBhcjG6BBJM2L4Bk8BwCBQmIoRBBCzBz1BBCTClBBrbBBC4ehueB57NG9aJfR0BqBBiuwBBBB&iv=8&qt=0&gz=0&hh=0&hn=0&tw=&qc=0&qd=0&qf=728&qe=90&qh=1600&qg=1200&qm=-60&qa=1600&qb=1200&qi=1600&qj=1200&to=000&po=1-0020002000002120&vy=ot%24b%5Bh%40%22oD~T_Gr1%3E%3AB%40NVt7%3BY%3EhyMmxNXJZPV8t6%3D%3Dh_GW3r4Aj!L%3E%2BbK0pH%23H&ql=%3B%5BpwxnRd%7Dt%3Aal9EU%22y%2F.D%5B5%2F%5BGI%3Fi6%5EB61%2F%3DSqcMr1%7B%2CTu9LJJ(a.P%2B)s1(uA&qo=0&qr=0&vf=1&vg=100&bq=0&g=4&h=90&w=728&hq=0&hs=0&hu=0&hr=0&ht=1&dnt=0&zMoatGSR=1&ph=&pj=standard&zGSRC=1&gu=https%3A%2F%2Fhairsalon.jingames.net&id=0&ii=2&f=1&j=https%3A%2F%2Fgoogleads.g.doubleclick.net&lp=https%3A%2F%2Fhairsalon.jingames.net&t=1705727669443&de=513583707870&cu=1705727669443&m=1504&ar=805b0ce1b97-clean&iw=4a25902&cb=0&ym=0&ll=2&lm=2&ln=1&r=0&dl=0&nh=1&xx=undefined%3A875484570224&td=1&lk=undefined&lb=90&le=1&lf=171&lg=1&lh=15&gm=1&io=1&ch=1&vv=3&vw=0%3A3%3A0&vp=100&vx=-%3A100%3A-&pe=0%3A256%3A256%3A1044%3A783&aa=1&ad=1032&cn=1032&gn=1&gk=1032&gl=1032&ik=1032&ic=1032&ez=1&co=1032&cp=1284&cq=1&im=1&in=1&pd=1&nb=1&em=0&en=0&st=1&su=1&of=1&oz=1&oe=0%3A0%3A0%3Anull%3A-1%3Anull%3A-1%3Anull%3A-1&bu=1284&cd=1284&ah=1284&am=1284&xd=00&rf=0&re=1&wb=1&cl=0&at=0&d=1000249%3A50000316%3A60020881%3A70019635&bo=googleads.g.doubleclick.net&bd=728x90&gw=travel198849194933&zMoatOrigSlicer1=googleads.g.doubleclick.net&zMoatOrigSlicer2=728x90&zMoatDomain=jingames.net&zMoatSubdomain=hairsalon.jingames.net&zMoatSSP=0&zMoatDeal=-1&zMoatIMPID=yz0YUshD2YULkA5vyxvrpP2KZq2Cd_kRADbwTg&hv=Standard%20Image%20Ad%20finding%20&ab=1&fd=1&kt=sframe&it=500&fz=1&oq=1&ot=ff&zMoatJS=3%3A-&ti=0&ih=2&jk=4&jm=-1&tc=0&fs=207009&na=454748503&cs=0
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 184.30.17.133 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a184-30-17-133.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://rtb.ads.travelaudience.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

unused62: 8096267
pragma: no-cache
date: Sat, 20 Jan 2024 05:14:31 GMT
last-modified: Fri, 20 May 2016 15:16:00 GMT
server: AkamaiNetStorage
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Sat, 20 Jan 2024 05:14:31 GMT

GET
H3 200 IHSjRKKj3q_1Pt3c2sGWHmUCy_Bw5n5yhKh9CWyZSw4.js Show response
pagead2.googlesyndication.com/bg/ Frame 7BA7 39 KB
15 KB 22ms
22ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/IHSjRKKj3q_1Pt3c2sGWHmUCy_Bw5n5yhKh9CWyZSw4.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2074a344a2a3deaff53edddcdac1961e6502cbf070e67e7284a87d096c994b0e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Fri, 19 Jan 2024 14:00:04 GMT
content-encoding: br
x-content-type-options: nosniff
age: 54867
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15219
x-xss-protection: 0
last-modified: Mon, 15 Jan 2024 09:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sat, 18 Jan 2025 14:00:04 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 91A5 0
0 54ms
53ms Image
text/html 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gda_r20240118&jk=3770801778785737&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame 7BA7 0
11 B 22ms
22ms Image
text/plain 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?9PMnmQ
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Sat, 20 Jan 2024 05:14:31 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ 0
0 56ms
56ms Image
text/html 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gda_r20240118&jk=3770801778785737&bg=!JySlJGvNAAa8BdJLnAU7ADQBe5WfOHvwkTTEcwgErwljiY8_DMmB4bht7db3WlFhaeNnyupQNAPAcaujTyJAVFlWBFRcAgAAADJSAAAAAWgBB5kC1DzQ_R2qPwxSxisjz0Dyeazp_Lt5DUM68Q3mEdyKVNUy-64W9cM47xHCfh6NMJGUfsgSIA9ql_k8uMH4F2W5BTfDTuOfGEXi41aQTYFkXe4sZfh-NZY0Xcws-v7db7FSZTgcRQdaOE0fqmEErQEbBgBsHqO3f2OL539_fg1kjlZyj3NFtbGVWPDsQMX-4HG28yus3jms-J8T0TEMkXenftixtfeg5uycJXIJTupNiB8FzKZuJZ_tkhhOA70xvXyPVdZFOVyOSmeqdy_KwXrBF20Qt1Ir0llBHnzMsSpXeENGrwXd5YQkYDApZFyBzbPlABD0dr9bSSC_EBGsX0u-J2LDBlX4pHUpVQvrF6-kPZwIv_jUFmG3dvgzDZMxI3pam63fWNxlp5qpLGtnEgoavHsD0AnkVz6zbm9AmiSL5lFdGFfvTqV2PatpGfrgaClIQkzSHm7OKVJf8dZXcGagna77XJadiSUuXsDUFKO6c7wpcHI87slAUy3KVaLXbGWkjSrVmvAOV2Z0CUH-duwR8GTvzzbz3wMOqXk3YQMidcKz7wOrQx9DXTqBx3oUzKt-EgcmGf7XPhrJRbMtBxARBinupSIsWog8fVpQT6bVY1567M_WSRCcFYineT_Qc8NZRb7_Cip8pFaPVA21EHPtIbkWIRRJgFDcrfI1IuBM3Kvffs_LLTj-5qPrdaEpRHKgQPD8-OeVcKRIJTlMweh7o8Jp1Sja4F2RXqGwsWkAFXDXKXrDbIA00oms39mG_Hh0d4BYqrzH3H5MgWp6g0_QUcQr0MlGpYHR6aEI72h8MOnu1hM8pXZW_HPOtdbxgVuxawiE96XZqael7YHVc3vXspUT9MxU4PO3zLX8NwbRvW6V-G4pJgZy4raZGUFNpZYNJHchU10sT9jRjtvY61-HURxbQgnBq_6eNcTBsixMvZZE1b6-6At_fThGEfXvi3eaq70LBJU
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hairsalon.jingames.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame CB27 42 B
64 B 57ms
56ms Fetch
image/gif 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjstFPeJOKgahflzrQpvIdpea6fKEYATM5q4U1I3Kr9FzwZquhWjdR4cOy9H3GrvaAAlVv_M5R5MzZ95_DktkpGdSKHX3n8nar79k3v1k0nqzj5ThBhkrCaiGM32Mxg_jXGqHhpe05xg0IUWhyq9LzL_t4RAD&sai=AMfl-YTF1CoP34PSVk1_fkuktoKqAcfRyvQQ_4Ik70-KheNo-BHn-9d1kY7_QBZLAHVg4XakwqWf28q0HL1-J3EOGBz0mOX8V3C2Tn08m8edZWMKUSAue34bm2HcctmXreleBGjvrYHbyNTJ3vn2BDIh&sig=Cg0ArKJSzNMmFwk81GPTEAE&cid=CAQSTgAvHhf_pg1ubd9O9KIq-K43MvWfZg1z1bdi3NJfe03GUI92EqMHtvvNvsnFiiThwmA5qtNmlVNRDejVghZKZLga-ffdeEkE5Q4tLSOYchgB&id=lidar2&mcvt=1000&p=0,0,600,160&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20240117&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=4&adk=1812271803&rs=2&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0%3D&vs=4&r=v&rst=1705727670508&rpt=128&met=mue&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 20 Jan 2024 05:14:31 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame C30B 42 B
64 B 57ms
57ms Fetch
image/gif 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsscM-LM7LS6zrNsmtMDAcUqWYWxlMfoyPvaHTpy9TeaW9OE2vXFzjZAvELjfwiX-HA8d3LEdcEVlLNIgTWfhCmbe5IY3T6tw-IHeqzzVHIfLFR6B2BYIM_deLz4QsEjfNfjwW0mCzGtWkNd3amh6ne0dycd&sai=AMfl-YST3s_WZwJtNqkjedE8A-bIJagpBCOE9ny-Bv1OFBcYlf18LjgZYVbRXAStTeUOFnsRSWMWswI4W9htkb3rRTj5YSi4tn7jGECMmxyUN9rE50qB5oI55Z0OHIucfWSNF5WAtt4OKnNmN3BLO2Fz&sig=Cg0ArKJSzEIXGX5A8zkHEAE&cid=CAQSTgAvHhf_pg1ubd9O9KIq-K43MvWfZg1z1bdi3NJfe03GUI92EqMHtvvNvsnFiiThwmA5qtNmlVNRDejVghZKZLga-ffdeEkE5Q4tLSOYchgB&id=lidar2&mcvt=1001&p=0,0,600,160&mtos=1001,1001,1001,1001,1001&tos=1001,0,0,0,0&v=20240117&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=4&adk=1812271804&rs=2&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0%3D&vs=4&r=v&rst=1705727670510&rpt=146&met=mue&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 20 Jan 2024 05:14:31 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 5DB7 42 B
64 B 56ms
56ms Fetch
image/gif 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjstdZPfJHmePxQFK4GmAouSMMStIs52zLCy61c872G6p8rV7-GjWdI5LrqywEEjEXBrDjs73Q9_x7lVotB5Ft2659zBQhVHh0YoUeyVI2Agmr89WY2Yb-R_nsvrTWFVL5lwjtzj89z_zYEyz40FTL4-gMyh1&sai=AMfl-YSKAhGR_8rXdBwIbiJHQthkDHfa7Gnnp0KqPRZZ139rUV6vSE840zSJPZTqUXVuYlFoqwzNUXcYcoaDpbeqyqGOITTt9cX4n7WHdDl_PcNfLCtkP4ioTEU_3syFoVS9e43EDiIVjRIglyF7o0aO&sig=Cg0ArKJSzO2-Qj8byXPhEAE&cid=CAQSTgAvHhf_pg1ubd9O9KIq-K43MvWfZg1z1bdi3NJfe03GUI92EqMHtvvNvsnFiiThwmA5qtNmlVNRDejVghZKZLga-ffdeEkE5Q4tLSOYchgB&id=lidar2&mcvt=1000&p=0,0,90,728&mtos=343,842,1000,1114,1159&tos=343,499,158,114,45&v=20240117&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=20&adk=1812271801&rs=2&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0%3D&vs=4&r=v&rst=1705727670576&rpt=103&met=ie&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 20 Jan 2024 05:14:31 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: main.jingames.net
URL: http://main.jingames.net/wp-content/plugins/login-box/login-box-script.js

Domain: main.jingames.net
URL: http://main.jingames.net/wp-content/plugins/login-box/wpclassic/scripts.js

Domain: main.jingames.net
URL: http://main.jingames.net/wp-content/plugins/login-box/wpclassic/style.css

Verdicts & Comments Add Verdict or Comment

51 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

10 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
hairsalon.jingames.net/	1969-12-31 23:59:59	Name: PHPSESSID Value: gip88milo48l0hu7fir15hags6
hairsalon.jingames.net/	1970-01-21 02:34:23	Name: gdpr[consent_types] Value: %5B%5D
hairsalon.jingames.net/	1970-01-21 02:34:23	Name: gdpr[allowed_cookies] Value: %5B%22%22%2C%22id%22%2C%22IDE%22%2C%22FLC%22%2C%22DSID%22%2C%22SNID%22%2C%22NID%22%2C%22_ga%22%2C%22_gat%22%5D
.jingames.net/	1970-01-21 03:10:23	Name: __gads Value: ID=d789ebef3dc5ec5b:T=1705727668:RT=1705727668:S=ALNI_Mau8Qz7G9_heJUDAqOKW0GWD5Gfkg
.jingames.net/	1970-01-21 03:10:23	Name: __gpi Value: UID=00000d4443b1c82f:T=1705727668:RT=1705727668:S=ALNI_MY7DDknqrWcT7vfTgw24Z1b0snOcw
.jingames.net/	1970-01-20 22:07:59	Name: __eoi Value: ID=227d258ac750f330:T=1705727668:RT=1705727668:S=AA-AfjZKfwea43RtxQcCsItZCf_1
.travelaudience.com/	1970-01-21 03:20:28	Name: _tracker Value: %7B%22pb%22%3A%2290000%22%2C%22UUID%22%3A%22C3556B5F-4481-4FD7-BC00-942419D43BBA%22%7D
.doubleclick.net/	1970-01-20 17:48:51	Name: DSID Value: NO_DATA
.doubleclick.net/	1970-01-21 03:10:23	Name: IDE Value: AHWqTUnxJQLZqd3Au2V0VMxmTFjxxG61g4iMb7-UABqCY9YMvl-7p7xzoWBK9Na6gHg
.googleadservices.com/	1970-01-20 19:58:23	Name: ar_debug Value: 1

63 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
security	warning	URL: https://hairsalon.jingames.net/ Message: Mixed Content: The page at 'https://hairsalon.jingames.net/' was loaded over HTTPS, but requested an insecure element 'http://main.jingames.net/wp-content/themes/mantra/images/socials/YouTube.png'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
security	warning	URL: https://hairsalon.jingames.net/ Message: Mixed Content: The page at 'https://hairsalon.jingames.net/' was loaded over HTTPS, but requested an insecure element 'http://main.jingames.net/wp-content/themes/mantra/images/socials/Facebook.png'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
security	warning	URL: https://hairsalon.jingames.net/ Message: Mixed Content: The page at 'https://hairsalon.jingames.net/' was loaded over HTTPS, but requested an insecure element 'http://main.jingames.net/wp-content/themes/mantra/images/socials/Facebook.png'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
security	warning	URL: https://hairsalon.jingames.net/ Message: Mixed Content: The page at 'https://hairsalon.jingames.net/' was loaded over HTTPS, but requested an insecure element 'http://i.imgur.com/gYgWKaD.png?1'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
security	warning	URL: https://hairsalon.jingames.net/ Message: Mixed Content: The page at 'https://hairsalon.jingames.net/' was loaded over HTTPS, but requested an insecure element 'http://i.imgur.com/v5DA1SP.png?1'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
security	warning	URL: https://hairsalon.jingames.net/ Message: Mixed Content: The page at 'https://hairsalon.jingames.net/' was loaded over HTTPS, but requested an insecure element 'http://i.imgur.com/Dh4n4Qc.png'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
security	warning	URL: https://hairsalon.jingames.net/ Message: Mixed Content: The page at 'https://hairsalon.jingames.net/' was loaded over HTTPS, but requested an insecure element 'http://i.imgur.com/btkpmDV.png'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
security	warning	URL: https://hairsalon.jingames.net/ Message: Mixed Content: The page at 'https://hairsalon.jingames.net/' was loaded over HTTPS, but requested an insecure element 'http://i.imgur.com/F7CnMIb.png'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
security	warning	URL: https://hairsalon.jingames.net/ Message: Mixed Content: The page at 'https://hairsalon.jingames.net/' was loaded over HTTPS, but requested an insecure element 'http://i.imgur.com/VZaWeJV.png'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
security	warning	URL: https://hairsalon.jingames.net/ Message: Mixed Content: The page at 'https://hairsalon.jingames.net/' was loaded over HTTPS, but requested an insecure element 'http://i.imgur.com/C0w4Rlw.png'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
security	warning	URL: https://hairsalon.jingames.net/ Message: Mixed Content: The page at 'https://hairsalon.jingames.net/' was loaded over HTTPS, but requested an insecure element 'http://i.imgur.com/DAFF1Dr.png'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
security	warning	URL: https://hairsalon.jingames.net/ Message: Mixed Content: The page at 'https://hairsalon.jingames.net/' was loaded over HTTPS, but requested an insecure element 'http://i.imgur.com/p8EDQ1b.png'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
security	warning	URL: https://hairsalon.jingames.net/ Message: Mixed Content: The page at 'https://hairsalon.jingames.net/' was loaded over HTTPS, but requested an insecure element 'http://i.imgur.com/zrjmZhG.png'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
security	warning	URL: https://hairsalon.jingames.net/ Message: Mixed Content: The page at 'https://hairsalon.jingames.net/' was loaded over HTTPS, but requested an insecure element 'http://i.imgur.com/Xg4YaHE.png'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
security	warning	URL: https://hairsalon.jingames.net/ Message: Mixed Content: The page at 'https://hairsalon.jingames.net/' was loaded over HTTPS, but requested an insecure element 'http://i.imgur.com/CJ2penH.png'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
security	warning	URL: https://hairsalon.jingames.net/ Message: Mixed Content: The page at 'https://hairsalon.jingames.net/' was loaded over HTTPS, but requested an insecure element 'http://i.imgur.com/Nl3oCEP.png'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
security	warning	URL: https://hairsalon.jingames.net/ Message: Mixed Content: The page at 'https://hairsalon.jingames.net/' was loaded over HTTPS, but requested an insecure element 'http://i.imgur.com/DHtHMWq.png'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
security	warning	URL: https://hairsalon.jingames.net/ Message: Mixed Content: The page at 'https://hairsalon.jingames.net/' was loaded over HTTPS, but requested an insecure element 'http://i.imgur.com/wYr2w7r.png'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
security	warning	URL: https://hairsalon.jingames.net/ Message: Mixed Content: The page at 'https://hairsalon.jingames.net/' was loaded over HTTPS, but requested an insecure element 'http://i.imgur.com/tv5ytF6.png'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
security	warning	URL: https://hairsalon.jingames.net/ Message: Mixed Content: The page at 'https://hairsalon.jingames.net/' was loaded over HTTPS, but requested an insecure element 'http://i.imgur.com/UhYUyNH.jpg'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
security	warning	URL: https://hairsalon.jingames.net/ Message: Mixed Content: The page at 'https://hairsalon.jingames.net/' was loaded over HTTPS, but requested an insecure element 'http://i.imgur.com/2uUfq06.png'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
security	warning	URL: https://hairsalon.jingames.net/ Message: Mixed Content: The page at 'https://hairsalon.jingames.net/' was loaded over HTTPS, but requested an insecure element 'http://i.imgur.com/gPnJgTg.png'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
security	warning	URL: https://hairsalon.jingames.net/ Message: Mixed Content: The page at 'https://hairsalon.jingames.net/' was loaded over HTTPS, but requested an insecure element 'http://i.imgur.com/nxadgkN.png'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
security	warning	URL: https://hairsalon.jingames.net/ Message: Mixed Content: The page at 'https://hairsalon.jingames.net/' was loaded over HTTPS, but requested an insecure element 'http://i.imgur.com/4GGx1z4.png'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
security	warning	URL: https://hairsalon.jingames.net/ Message: Mixed Content: The page at 'https://hairsalon.jingames.net/' was loaded over HTTPS, but requested an insecure element 'http://i.imgur.com/eJrM2Tu.png'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
security	warning	URL: https://hairsalon.jingames.net/ Message: Mixed Content: The page at 'https://hairsalon.jingames.net/' was loaded over HTTPS, but requested an insecure element 'http://i.imgur.com/qjqksvI.png'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
security	warning	URL: https://hairsalon.jingames.net/ Message: Mixed Content: The page at 'https://hairsalon.jingames.net/' was loaded over HTTPS, but requested an insecure element 'http://imgur.com/wYmmLJi][img]'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
security	warning	URL: https://hairsalon.jingames.net/ Message: Mixed Content: The page at 'https://hairsalon.jingames.net/' was loaded over HTTPS, but requested an insecure element 'http://i.imgur.com/wYmmLJi.png[/img][/url]'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
security	error	URL: https://hairsalon.jingames.net/ Message: Mixed Content: The page at 'https://hairsalon.jingames.net/' was loaded over HTTPS, but requested an insecure script 'http://main.jingames.net/wp-content/plugins/login-box/login-box-script.js'. This request has been blocked; the content must be served over HTTPS.
security	error	URL: https://hairsalon.jingames.net/ Message: Mixed Content: The page at 'https://hairsalon.jingames.net/' was loaded over HTTPS, but requested an insecure script 'http://main.jingames.net/wp-content/plugins/login-box/wpclassic/scripts.js'. This request has been blocked; the content must be served over HTTPS.
security	error	URL: https://hairsalon.jingames.net/(Line 27) Message: Mixed Content: The page at 'https://hairsalon.jingames.net/' was loaded over HTTPS, but requested an insecure stylesheet 'http://main.jingames.net/wp-content/plugins/login-box/wpclassic/style.css'. This request has been blocked; the content must be served over HTTPS.
security	warning	URL: https://hairsalon.jingames.net/(Line 161) Message: Mixed Content: The page at 'https://hairsalon.jingames.net/' was loaded over HTTPS, but requested an insecure element 'http://main.jingames.net/wp-content/themes/mantra/images/socials/YouTube.png'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
security	warning	URL: https://hairsalon.jingames.net/(Line 161) Message: Mixed Content: The page at 'https://hairsalon.jingames.net/' was loaded over HTTPS, but requested an insecure element 'http://main.jingames.net/wp-content/themes/mantra/images/socials/Facebook.png'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
security	warning	URL: https://hairsalon.jingames.net/(Line 161) Message: Mixed Content: The page at 'https://hairsalon.jingames.net/' was loaded over HTTPS, but requested an insecure element 'http://main.jingames.net/wp-content/themes/mantra/images/socials/Facebook.png'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
security	warning	URL: https://hairsalon.jingames.net/(Line 230) Message: Mixed Content: The page at 'https://hairsalon.jingames.net/' was loaded over HTTPS, but requested an insecure element 'http://i.imgur.com/gYgWKaD.png?1'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
security	warning	URL: https://hairsalon.jingames.net/(Line 230) Message: Mixed Content: The page at 'https://hairsalon.jingames.net/' was loaded over HTTPS, but requested an insecure element 'http://i.imgur.com/v5DA1SP.png?1'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
security	warning	URL: https://hairsalon.jingames.net/(Line 258) Message: Mixed Content: The page at 'https://hairsalon.jingames.net/' was loaded over HTTPS, but requested an insecure element 'http://i.imgur.com/Dh4n4Qc.png'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
security	warning	URL: https://hairsalon.jingames.net/(Line 286) Message: Mixed Content: The page at 'https://hairsalon.jingames.net/' was loaded over HTTPS, but requested an insecure element 'http://i.imgur.com/btkpmDV.png'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
security	warning	URL: https://hairsalon.jingames.net/(Line 314) Message: Mixed Content: The page at 'https://hairsalon.jingames.net/' was loaded over HTTPS, but requested an insecure element 'http://i.imgur.com/F7CnMIb.png'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
security	warning	URL: https://hairsalon.jingames.net/(Line 339) Message: Mixed Content: The page at 'https://hairsalon.jingames.net/' was loaded over HTTPS, but requested an insecure element 'http://i.imgur.com/VZaWeJV.png'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
security	warning	URL: https://hairsalon.jingames.net/(Line 367) Message: Mixed Content: The page at 'https://hairsalon.jingames.net/' was loaded over HTTPS, but requested an insecure element 'http://i.imgur.com/C0w4Rlw.png'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
security	warning	URL: https://hairsalon.jingames.net/(Line 396) Message: Mixed Content: The page at 'https://hairsalon.jingames.net/' was loaded over HTTPS, but requested an insecure element 'http://i.imgur.com/DAFF1Dr.png'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
security	warning	URL: https://hairsalon.jingames.net/(Line 425) Message: Mixed Content: The page at 'https://hairsalon.jingames.net/' was loaded over HTTPS, but requested an insecure element 'http://i.imgur.com/p8EDQ1b.png'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
security	warning	URL: https://hairsalon.jingames.net/(Line 455) Message: Mixed Content: The page at 'https://hairsalon.jingames.net/' was loaded over HTTPS, but requested an insecure element 'http://i.imgur.com/zrjmZhG.png'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
security	warning	URL: https://hairsalon.jingames.net/(Line 485) Message: Mixed Content: The page at 'https://hairsalon.jingames.net/' was loaded over HTTPS, but requested an insecure element 'http://i.imgur.com/Xg4YaHE.png'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
security	warning	URL: https://hairsalon.jingames.net/(Line 540) Message: Mixed Content: The page at 'https://hairsalon.jingames.net/' was loaded over HTTPS, but requested an insecure element 'http://i.imgur.com/CJ2penH.png'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
security	warning	URL: https://hairsalon.jingames.net/(Line 623) Message: Mixed Content: The page at 'https://hairsalon.jingames.net/' was loaded over HTTPS, but requested an insecure element 'http://i.imgur.com/Nl3oCEP.png'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
security	warning	URL: https://hairsalon.jingames.net/(Line 623) Message: Mixed Content: The page at 'https://hairsalon.jingames.net/' was loaded over HTTPS, but requested an insecure element 'http://i.imgur.com/DHtHMWq.png'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
security	warning	URL: https://hairsalon.jingames.net/(Line 623) Message: Mixed Content: The page at 'https://hairsalon.jingames.net/' was loaded over HTTPS, but requested an insecure element 'http://i.imgur.com/wYr2w7r.png'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
security	warning	URL: https://hairsalon.jingames.net/(Line 623) Message: Mixed Content: The page at 'https://hairsalon.jingames.net/' was loaded over HTTPS, but requested an insecure element 'http://i.imgur.com/tv5ytF6.png'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
security	warning	URL: https://hairsalon.jingames.net/(Line 653) Message: Mixed Content: The page at 'https://hairsalon.jingames.net/' was loaded over HTTPS, but requested an insecure element 'http://i.imgur.com/UhYUyNH.jpg'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
security	warning	URL: https://hairsalon.jingames.net/(Line 722) Message: Mixed Content: The page at 'https://hairsalon.jingames.net/' was loaded over HTTPS, but requested an insecure element 'http://i.imgur.com/2uUfq06.png'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
security	warning	URL: https://hairsalon.jingames.net/(Line 722) Message: Mixed Content: The page at 'https://hairsalon.jingames.net/' was loaded over HTTPS, but requested an insecure element 'http://i.imgur.com/gPnJgTg.png'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
security	warning	URL: https://hairsalon.jingames.net/(Line 722) Message: Mixed Content: The page at 'https://hairsalon.jingames.net/' was loaded over HTTPS, but requested an insecure element 'http://i.imgur.com/nxadgkN.png'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
security	warning	URL: https://hairsalon.jingames.net/(Line 722) Message: Mixed Content: The page at 'https://hairsalon.jingames.net/' was loaded over HTTPS, but requested an insecure element 'http://i.imgur.com/4GGx1z4.png'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
security	warning	URL: https://hairsalon.jingames.net/(Line 752) Message: Mixed Content: The page at 'https://hairsalon.jingames.net/' was loaded over HTTPS, but requested an insecure element 'http://i.imgur.com/eJrM2Tu.png'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
security	warning	URL: https://hairsalon.jingames.net/(Line 808) Message: Mixed Content: The page at 'https://hairsalon.jingames.net/' was loaded over HTTPS, but requested an insecure element 'http://i.imgur.com/qjqksvI.png'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
security	warning	URL: https://hairsalon.jingames.net/(Line 844) Message: Mixed Content: The page at 'https://hairsalon.jingames.net/' was loaded over HTTPS, but requested an insecure element 'http://imgur.com/wYmmLJi][img]'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
security	warning	URL: https://hairsalon.jingames.net/(Line 844) Message: Mixed Content: The page at 'https://hairsalon.jingames.net/' was loaded over HTTPS, but requested an insecure element 'http://i.imgur.com/wYmmLJi.png[/img][/url]'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
security	warning	URL: https://hairsalon.jingames.net/(Line 901) Message: Mixed Content: The page at 'https://hairsalon.jingames.net/' was loaded over a secure connection, but contains a form that targets an insecure endpoint 'http://main.jingames.net/wp-login.php'. This endpoint should be made available over a secure connection.
security	warning	URL: https://hairsalon.jingames.net/ Message: Mixed Content: The page at 'https://hairsalon.jingames.net/' was loaded over HTTPS, but requested an insecure element 'http://main.jingames.net/wp-content/uploads/2015/01/cropped-header1.png'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
violation	error	URL: https://z.moatads.com/travel198849194933/moatad.js(Line 139) Message: Permissions policy violation: accelerometer is not allowed in this document.
javascript	warning	URL: https://z.moatads.com/travel198849194933/moatad.js(Line 139) Message: The deviceorientation events are blocked by permissions policy. See https://github.com/w3c/webappsec-permissions-policy/blob/master/features.md#sensor-features

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ad.doubleclick.net
ads.travelaudience.com
fonts.googleapis.com
fonts.gstatic.com
googleads.g.doubleclick.net
hairsalon.jingames.net
i.imgur.com
imgur.com
main.jingames.net
mb.moatads.com
p4-dnz4iljm3jnxm-seagmf7zapycik54-if-v6exp3-v4.metric.gstatic.com
p4-gob2hisaziwjy-yty4insc2c5hbnlr-if-v6exp3-v4.metric.gstatic.com
p4-gr7imatle26v2-atfeu735tl3tbcne-if-v6exp3-v4.metric.gstatic.com
pagead2.googlesyndication.com
px.moatads.com
rtb.ads.travelaudience.com
s0.2mdn.net
static.travelaudience.com
tpc.googlesyndication.com
travel198849194933.s.moatpixel.com
www.google.com
www.googleadservices.com
www.googletagservices.com
www.gstatic.com
z.moatads.com
main.jingames.net
130.162.160.243
142.250.184.198
142.250.186.67
146.75.120.193
172.217.16.195
184.30.17.133
185.80.49.249
199.232.192.193
2.18.161.148
216.58.206.34
216.58.212.163
2a00:1450:4001:80b::200a
2a00:1450:4001:811::2002
2a00:1450:4001:812::2001
2a00:1450:4001:828::2003
2a00:1450:4001:829::2004
2a00:1450:4001:82a::2003
2a00:1450:4001:82f::2002
2a00:1450:4001:831::2002
2a00:1450:4001:831::2006
35.187.184.108
35.190.0.66
35.244.170.237
05bb3e7b6befc00816b63a3c50555832495513e28a0f9c5e605fbb79e0d8d495
070ce7644ca41bbbbf228c9f1b95663a995a00736157443df473527b38691622
0ae8d2ebd4d24ebebb1d850ddbc48c3394b7fb79ac01ab6dc227e6489aeaa862
0bcc9959e25dea025ee9a70a550c2a127fc3ff29d9b71c3ab81602f5ada5a9c4
0d8d391ec8ac8402e5c8421f04626dc9757a39d4c9660f06db77562f8f9d6aa7
1599da4f699d737af16571466377b60cc4adc3ddd2513768794a22ef682cc5c3
15b869b02c6fbaa8c6c26445a2dd2d9bad80fd27b1409f8179e5dd89dc89d90a
1644a837db5cf4f3b0224c2518dc0d29fdbc830ef844a0cbcd3c4f0fcea22c91
18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421
1e5c99239ba9edf25178dacec7b44cad25292c74dbc886025cadd687e83d7595
1efbd89776d2711d93abdcbe92ba4680258af85c690358896a3d1a31c0a03f4b
2074a344a2a3deaff53edddcdac1961e6502cbf070e67e7284a87d096c994b0e
20e500cf00538dddc433823eb018632236a10228ab515d461d14869819ade1f2
225aa88b6ab02c06222ec9468d62e15fa188e39cdb9431d1f55401ad380753ed
25cf0f0ce42f8acd9ea6facc223f54105c7fd0cce63fb7bb5d83e6600100acbd
2615941297374e6b8d6590580c3633856a80ff974da3848f96cd2025f0d5fb53
29074948764c993c33961a088c19665beb32f70d76a32c902396c3e85cca19ff
29cda2ed62ac6a68ee82b7a52fca3b306b467fe15093f3ca755842a186a86257
29e4c24a2fa1b6c2218b217e252a8d838cb65819a3b959a73c1a3565067ec0d9
2c3be6d72c70df9c4b7dcc44f8f8255baf097c0dae2498cbc8fdcf7fba1bb0fa
2cfd6cd94995636a960ebbb22aa18f5b3f38caaf9abca7fbe54b2a30f481e5de
2d0922bd18f06df3c7413fcd6a3f1c5ec9545b4b07b131e362f30df7275fc058
2fda446210f480afd2c2dfb33be25b8943de1e00b741e07bfc1c22369ad2beb1
3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5
36f283a22a46932851eda6d756a6289a7d3a1f740f3dc2e21d14dedf820a2ea0
3b4854276d704345a017d873d14e45dceab9ad1aa7cd09f3b5015ec16a249cc7
3bb28b38c9b760b981cc53e24f1d45c3b34a8d8e00c7872741d8cebdab943566
4066df2bffec203ba6a727276b94b7997c435b47f17eb30d6938a1e1f1aa58bb
41d2526e9c4595fc1fc747555bda18a041033a863a9b2ed180e7b5836918facd
428f4d59e61cdf9887ad4cd7c4592a24b214d2d9c0ba09db01c4cfde66a3cd11
435db380c9936c0970dcd3d9941eab6aec2fcf2a38c3e2b4e02d957e8e76bd1f
452acd09eda3c896c51d1e583b8a1486ebafd773e55a8985ca23cc918be2f6c0
4d45982f2dc34f36c9045ee46a75a1943666bb7fd64e103cac8c7429e7012840
4e1d7d234c7a5927859f10908ad09106aef746b68e34370ca4fc695e64f89957
4fb39048b8810113fcf3acfe101ba586a97ae9481fc02804712e2f4cf96706f8
505022d86f149fc0ca5e56db8f7def31acbd780372ae4e72b05aeaa67e751094
50a592b5299075b66b98f90471238e32fe7c8c27d8cecc431456099bd0ed0691
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
5a28406dd3e6100bb034d4edad68e012c40c67adf6c2d5846b07f03a494cba94
5c4a713ee4250851232be9f9f68d41586be39b299528cfc7266e0b0e7e582e1b
5c9bca654e3b4508bbfb85cf1b871ad4ecb67554664c4203a927e1df12bb8296
5d62e6c90005bfb71f6abb440f9e4753681cb23bbd5e60477ab6f442d2f0e69c
60a8d82d73b73bdbb295998310ef362cf2d0302c12bf6da9f15254174c51f268
60dc0148688852de8c26cba837c86045099c4f40cb5f763da74d9a62b2b62eff
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
65c99d3b9f1a1b905046e30d00a97f2d4d605e565c32917e7a89a35926e04b98
6647fea76ad0ed167fd4fc0b54086de7e609c148f3a8a26be643601bd7ea31ac
69024dded9c8fd077ecdb2b23393648739944d00d8f342cdcc6a74f791ec1eb0
69c32d8650b1e5f0bcb76d787972b68a1ba327ea5bd8da7ab8ca1a04336735c0
6a87fdfa3fe7951f4d71c11f58f5ccee7bf291e8d8f227306cfda9e9d970ec61
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
6d9ed1d11bf10386253e7b950a51fcb1ea0cb8b4079e7147c7917132df636ac3
7a519c62e734157227e61ce5209158e1b7b484b5f2b68e3ccaed1ffe444de36d
7e84408aa66b9c10dd6e2d630f717b4b4f03345cd77fc5360f4ccba99ce1fa74
7fd9273f20fdb1229c224341271a119020a5eee74ccf6b4605730917c864caf2
7ff30bc5bea8de7cc3ce237450c5a79d23bc4dc7f2ab48c901b56e0941b99eca
839c0c63fe1828a2c3c75395e4a81565ea33c9badf465d256c6d1e310e3d49e8
83b348246d8b17459fbb72c53547b83a27bb25a95b1398f7af301eb15b3dd8b1
83dbaa0bc2d7e537bb62d602123d3d667b37448d448b59045d504d93ee9553c1
859fbca443befc30e88c800971f32a91d0928d9a708fb9cb01e28447320e2345
88d3342019cb40e7abd7e305bf58270653db34eaca0cd8f631dfbfdbd5772302
89fdc3682ba7b435d92947f318c9a8a1c4544ee02922f6012fe2e450799f59f1
8a501116c79996dd7937d07a9af6ed63da208ff30782e36e61181afc650e5ed2
8ad699b94dcb8ac5c24ab5f4e6bfaa6fa8ddd26d90ff42fc3e395a8310684512
8aee0487a317a8bc53c72893473677b3ba4285c02fd7cd6c73c0aa809347d06b
8fbcb9fbc0660bb29558e573b5f77830fa3cbfd507fb956e34ecd87fbd9a6bc1
93bb199d3abd68c438e4e11b1169223fbb7a123329a7d46a5a1a34617441acb3
9404536a8f4d78d41cdbb47bc7bdc5402e81653b6afe022f621aed516a4b7c26
951af233b9948bf5f4b5a6baea6256641df11a61aacaa0e179bbcd45dbd98d9a
972f7a26f860f2f122dcf2a4c5cae616df3a4a83e0c8318a1afb824c766fb651
988688356dc54a7ac123416df30c77f104bf518103d18df67129da00b9de121c
a072165dfa15da0a8aee8ccdbb0843f4164a6c2b2a15e19c34bc77a2f91f3584
a2da484e85debdc069e2c470a27fa29be56c6cda3ee39ef3ac041e9c1fc90e9d
a99aec2b2aa2ef044aa35f08620f188b59ec47a0f1fbd374b260a3ef49fe17f8
aade7746342f608807b7eb107059c842fe200e1ff09e146db822250055cecaed
aed37d23a522a77ad4e3568eafcc17e69f780286608f3b70c2e16b193cd26ccc
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b294e973896f8f874e90a8eb1a8908ac790980d034c4c4bdf0fc3d37b8abf682
b51b2124e1b05c4adea0aa2d077823edcba650405f9a7902ead8f1d1b4fe0a32
b6516367a4082d9ff4d26b2e592acb604cbc4006c682bfdaa249ee1d3591c480
ba1a686b053caeabf630e5eb0f5585b0559c2c1014a37624b51045763fd5c78c
baccf45a36486a2abc76291138c8661c88e8a2aa1ad74d279882ae80245e0fb4
baf28ddd2dcf0a7ea32052eb7a066df465ef72054ec9d90ac2cdb981006dcb70
bc444d33e738dae0721139bbb6d283b4caaf9149be271214a4fbcd74e6f51a98
c8f55f961e59665b9d86dafd1bc8e996c0d9f4e20d4aef7f2308c1f8e804d47c
c9be04e675a8bca92ee0d8d9cbd1d841d697847316fef385be8975322b7075be
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
d1a9fd0bd6b1014d1ad42f71f7e1d0cb7823df0fc0337e21ad05567523309852
d3a17df2fd4d04f89533a05d640b202a026f37f06654904f9b746024c948c813
d58acf16b5e4521c9eb24fe9fd97308e5f8be1297e4b63a547e5b610611799ae
dd3426e528a9a8b6a8edc8a7f3836ef6b445f488dd807fb4daf1f3549d802ae9
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e3eb7aaef3388cddce5171dd8f0ddfd5584f2a23412242be4da9a7a3bbf2032e
e6b20a1535a6d3ca3d7a611ae199a6f4b464e0b67b450379ed43a7ef3e66957c
e93b8c0ae5b5910b7107c8b455eda029935c56efa8de0be2443d8eabba207197
ea3cc94737900b4a5cb8a9665fa5b57f44c853235732010f769c00f4e6b13a4e
eb66c7c9d097d5ba414230f422484c17fa6f37157d30e1ded2cc5f65a9667987
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
ef34301455784e8a56ecc7a80985d6fd317ddd8328b6232dc0bc3223d79c91c2
ef5bbf104b13a29fd500a221f3a81babce750e791dd462fde66d9f90865ad8f0
f49d93c6d4ea4cbabfe15c95219f4583ff9a36671e404d92bea42df56358fd41
fe0c7255c105a9be331b462dc5a759e1d38850e51884100331506b1308d62977

hairsalon.jingames.net Open in urlscan Pro 185.80.49.249 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

176 Requests

96 %HTTPS

39 %IPv6

13 Domains

25 Subdomains

24 IPs

5 Countries

6809 kBTransfer

9991 kBSize

10 Cookies

80 Outgoing links

Page URL History

Redirected requests

176 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 8 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

hairsalon.jingames.net Open in urlscan Pro
185.80.49.249 Public Scan

Screenshot
Live screenshot

Full Image

176
Requests

96 %
HTTPS

39 %
IPv6

13
Domains

25
Subdomains

24
IPs

5
Countries

6809 kB
Transfer

9991 kB
Size

10
Cookies

176 HTTP transactions
8 data transactions