orangesport.ro Open in urlscan Pro
195.191.47.72 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://telekomsport.ro/
Effective URL:
https://orangesport.ro/
Submission: On March 16 via automatic, source certstream-suspicious (March 16th 2023, 2:30:09 pm UTC) — Scanned from DE

Summary HTTP 576 Redirects Links 7 Behaviour Indicators

Summary

This website contacted 67 IPs in 7 countries across 51 domains to perform 576 HTTP transactions. The main IP is 195.191.47.72, located in Romania and belongs to ZONTERRA-AS, RO. The main domain is orangesport.ro.
TLS certificate: Issued by R3 on January 15th 2023. Valid for: 3 months.

This is the only time orangesport.ro was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 1	80.158.66.24 80.158.66.24	34086 (SCZN-AS) (SCZN-AS)
1 13	195.191.47.72 195.191.47.72	50347 (ZONTERRA-AS) (ZONTERRA-AS)
1	35.241.45.217 35.241.45.217	15169 (GOOGLE) (GOOGLE)
1	2606:4700:303... 2606:4700:3035::6815:53e6	13335 (CLOUDFLAR...) (CLOUDFLARENET)
116	2a00:1450:400... 2a00:1450:4001:80e::2002	15169 (GOOGLE) (GOOGLE)
1	2a06:98c1:312... 2a06:98c1:3121::3	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	128.140.224.229 128.140.224.229	5606 (GTS-BACKB...) (GTS-BACKBONE GTS Telecom)
9	2a00:1450:400... 2a00:1450:4001:82f::2002	15169 (GOOGLE) (GOOGLE)
12	2a00:1450:400... 2a00:1450:4001:828::2002	15169 (GOOGLE) (GOOGLE)
1	2a06:98c1:312... 2a06:98c1:3120::3	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2600:9000:225... 2600:9000:2250:ac00:15:efbc:e300:93a1	16509 (AMAZON-02) (AMAZON-02)
57	195.191.47.140 195.191.47.140	50347 (ZONTERRA-AS) (ZONTERRA-AS)
1	109.166.184.23 109.166.184.23	8953 (ASN-ORANG...) (ASN-ORANGE-ROMANIA)
1	2a00:1450:400... 2a00:1450:4001:813::2008	15169 (GOOGLE) (GOOGLE)
1	2606:4700:303... 2606:4700:3033::6815:325a	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	178.128.139.113 178.128.139.113	14061 (DIGITALOC...) (DIGITALOCEAN-ASN)
2	2a03:2880:f01... 2a03:2880:f01c:8012:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
2	162.55.144.218 162.55.144.218	24940 (HETZNER-AS) (HETZNER-AS)
1	2606:4700:303... 2606:4700:3031::ac43:81b0	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	3.124.137.35 3.124.137.35	16509 (AMAZON-02) (AMAZON-02)
20	2a00:1450:400... 2a00:1450:4001:800::2002	15169 (GOOGLE) (GOOGLE)
8	2606:4700:440... 2606:4700:4400::ac40:936c	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2a00:1450:400... 2a00:1450:4001:810::200e	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:802::2002	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:80f::2002	15169 (GOOGLE) (GOOGLE)
11	2a00:1450:400... 2a00:1450:4001:830::2001	15169 (GOOGLE) (GOOGLE)
3 3	54.155.55.194 54.155.55.194	16509 (AMAZON-02) (AMAZON-02)
2	35.71.131.137 35.71.131.137	16509 (AMAZON-02) (AMAZON-02)
1 2	104.79.88.164 104.79.88.164	16625 (AKAMAI-AS) (AKAMAI-AS)
1	151.101.65.44 151.101.65.44	54113 (FASTLY) (FASTLY)
1	2a00:1450:400... 2a00:1450:4001:813::2002	15169 (GOOGLE) (GOOGLE)
1	34.96.70.87 34.96.70.87	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1	18.66.97.9 18.66.97.9	16509 (AMAZON-02) (AMAZON-02)
1	2600:9000:225... 2600:9000:2250:a800:a:e047:752:b361	16509 (AMAZON-02) (AMAZON-02)
1	2606:4700:10:... 2606:4700:10::6816:3556	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6810:5814	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a02:2638:3::3 2a02:2638:3::3	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
1	34.102.146.192 34.102.146.192	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
2	2a00:1450:400... 2a00:1450:4001:812::200a	15169 (GOOGLE) (GOOGLE)
51	2a00:1450:400... 2a00:1450:4001:827::2001	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:830::2003	15169 (GOOGLE) (GOOGLE)
2	35.190.39.111 35.190.39.111	15169 (GOOGLE) (GOOGLE)
2	162.19.138.118 162.19.138.118	16276 (OVH) (OVH)
1	52.31.114.167 52.31.114.167	16509 (AMAZON-02) (AMAZON-02)
3	151.139.128.10 151.139.128.10	20446 (STACKPATH...) (STACKPATH-CDN)
1 2	34.120.135.53 34.120.135.53	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
2 4	2a02:2638:3::c 2a02:2638:3::c	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
13 23	142.250.186.66 142.250.186.66	15169 (GOOGLE) (GOOGLE)
4 8	185.80.39.216 185.80.39.216	27381 (CASALE-MEDIA) (CASALE-MEDIA)
4 6	185.89.210.212 185.89.210.212	29990 (ASN-APPNEX) (ASN-APPNEX)
3	35.244.159.8 35.244.159.8	15169 (GOOGLE) (GOOGLE)
2	104.111.217.42 104.111.217.42	16625 (AKAMAI-AS) (AKAMAI-AS)
12 16	185.94.180.126 185.94.180.126	35220 (SPOTX-AMS) (SPOTX-AMS)
8 8	3.75.62.37 3.75.62.37	16509 (AMAZON-02) (AMAZON-02)
1	23.35.236.201 23.35.236.201	16625 (AKAMAI-AS) (AKAMAI-AS)
2	185.86.139.102 185.86.139.102	201081 (SMARTADSE...) (SMARTADSERVER)
3	178.250.0.157 178.250.0.157	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
5 10	52.30.84.16 52.30.84.16	16509 (AMAZON-02) (AMAZON-02)
118	2a00:1450:400... 2a00:1450:4001:810::2006	15169 (GOOGLE) (GOOGLE)
4	99.81.25.188 99.81.25.188	16509 (AMAZON-02) (AMAZON-02)
6	52.51.126.33 52.51.126.33	16509 (AMAZON-02) (AMAZON-02)
18	142.250.185.66 142.250.185.66	15169 (GOOGLE) (GOOGLE)
10	2600:9000:223... 2600:9000:223f:ec00:8:48e:53c0:93a1	16509 (AMAZON-02) (AMAZON-02)
29	2600:1f18:1ac... 2600:1f18:1aca:4282:ffb2:25bd:a3d3:4283	14618 (AMAZON-AES) (AMAZON-AES)
4	2a00:1450:400... 2a00:1450:4001:810::200a	15169 (GOOGLE) (GOOGLE)
1	34.102.243.38 34.102.243.38	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1	2600:1901:0:8... 2600:1901:0:8344::	15169 (GOOGLE) (GOOGLE)
1	52.215.24.184 52.215.24.184	16509 (AMAZON-02) (AMAZON-02)
1	2a00:1450:400... 2a00:1450:4001:831::2004	15169 (GOOGLE) (GOOGLE)
576	67

1 80.158.66.24 (Germany) 1 redirects

ASN34086 (SCZN-AS, DE)

telekomsport.ro	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

13 195.191.47.72 (Romania) 1 redirects

ASN50347 (ZONTERRA-AS, RO)
PTR: 195.191.47.72.nextvm.net

www.telekomsport.ro	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
orangesport.ro	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.241.45.217 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 217.45.241.35.bc.googleusercontent.com

pghub.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:3035::6815:53e6 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.omniconvert.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

116 2a00:1450:4001:80e::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a06:98c1:3121::3 (United States)

ASN13335 (CLOUDFLARENET, US)

paht.tech	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 128.140.224.229 (Romania)

ASN5606 (GTS-BACKBONE GTS Telecom, RO)

ro.adocean.pl	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 2a00:1450:4001:82f::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 2a00:1450:4001:828::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a06:98c1:3120::3 (United States)

ASN13335 (CLOUDFLARENET, US)

ad.plus	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:2250:ac00:15:efbc:e300:93a1 (United States)

ASN16509 (AMAZON-02, US)

js.agkn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

57 195.191.47.140 (Romania)

ASN50347 (ZONTERRA-AS, RO)
PTR: 195.191.47.140.nextvm.net

i0.1616.ro	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 109.166.184.23 (Iasi, Romania)

ASN8953 (ASN-ORANGE-ROMANIA, RO)
PTR: web5.orange.ro

www.orange.ro	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:813::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:3033::6815:325a (United States)

ASN13335 (CLOUDFLARENET, US)

sdk.mrf.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 178.128.139.113 (Amsterdam, Netherlands)

ASN14061 (DIGITALOCEAN-ASN, US)

app.omniconvert.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f01c:8012:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 162.55.144.218 (Germany)

ASN24940 (HETZNER-AS, DE)
PTR: haproxy04.cl03.het.mrf.io

events.newsroom.bi	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:3031::ac43:81b0 (United States)

ASN13335 (CLOUDFLARENET, US)

aghtag.tech	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 3.124.137.35 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-124-137-35.eu-central-1.compute.amazonaws.com

d.agkn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

20 2a00:1450:4001:800::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2606:4700:4400::ac40:936c (United States)

ASN13335 (CLOUDFLARENET, US)

cookie-cdn.cookiepro.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:810::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:802::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:80f::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 2a00:1450:4001:830::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 54.155.55.194 (Dublin, Ireland) 3 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-54-155-55-194.eu-west-1.compute.amazonaws.com

aa.agkn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.71.131.137 (United States)

ASN16509 (AMAZON-02, US)
PTR: a6370ebea231e0c9a.awsglobalaccelerator.com

match.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.79.88.164 (Frankfurt am Main, Germany) 1 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a104-79-88-164.deploy.static.akamaitechnologies.com

pixel.mathtag.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.65.44 (United States)

ASN54113 (FASTLY, US)

cdn.taboola.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:813::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

partner.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.96.70.87 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 87.70.96.34.bc.googleusercontent.com

invstatic101.creativecdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.66.97.9 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-66-97-9.fra56.r.cloudfront.net

tags.crwdcntrl.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:2250:a800:a:e047:752:b361 (United States)

ASN16509 (AMAZON-02, US)

cdn.prod.uidapi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:10::6816:3556 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.id5-sync.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:5814 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.jsdelivr.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:2638:3::3 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

static.criteo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.102.146.192 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 192.146.102.34.bc.googleusercontent.com

oa.openxcdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:812::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

51 2a00:1450:4001:827::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:830::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.190.39.111 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 111.39.190.35.bc.googleusercontent.com

esp.rtbhouse.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 162.19.138.118 (France)

ASN16276 (OVH, FR)
PTR: ns31533569.ip-162-19-138.eu

id5-sync.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.31.114.167 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-31-114-167.eu-west-1.compute.amazonaws.com

bcp.crwdcntrl.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 151.139.128.10 (United States)

ASN20446 (STACKPATH-CDN, US)
PTR: map3.hwcdn.net

assets.revcontent.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
images.revcontent.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.120.135.53 (Kansas City, United States) 1 redirects

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 53.135.120.34.bc.googleusercontent.com

oajs.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a02:2638:3::c (France) 2 redirects

ASN44788 (ASN-CRITEO-EUROPE, FR)

gum.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

23 142.250.186.66 (United States) 13 redirects

ASN15169 (GOOGLE, US)
PTR: fra24s05-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 185.80.39.216 (Canada) 4 redirects

ASN27381 (CASALE-MEDIA, CA)

dsum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 185.89.210.212 (Frankfurt am Main, Germany) 4 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 942.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 35.244.159.8 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 8.159.244.35.bc.googleusercontent.com

us-u.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
google-bidout-d.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.111.217.42 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a104-111-217-42.deploy.static.akamaitechnologies.com

sync.teads.tv	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

16 185.94.180.126 (Amsterdam, Netherlands) 12 redirects

ASN35220 (SPOTX-AMS, US)

sync.search.spotxchange.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 3.75.62.37 (Frankfurt am Main, Germany) 8 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-3-75-62-37.eu-central-1.compute.amazonaws.com

ups.analytics.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.35.236.201 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a23-35-236-201.deploy.static.akamaitechnologies.com

ads.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.86.139.102 (France)

ASN201081 (SMARTADSERVER, FR)

rtb-csync.smartadserver.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 178.250.0.157 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

mug.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 52.30.84.16 (Dublin, Ireland) 5 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-52-30-84-16.eu-west-1.compute.amazonaws.com

fw.adsafeprotected.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

118 2a00:1450:4001:810::2006 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

s0.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 99.81.25.188 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-99-81-25-188.eu-west-1.compute.amazonaws.com

trends.revcontent.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 52.51.126.33 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-51-126-33.eu-west-1.compute.amazonaws.com

yeet.revcontent.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

18 142.250.185.66 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s48-in-f2.1e100.net

googleads4.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 2600:9000:223f:ec00:8:48e:53c0:93a1 (United States)

ASN16509 (AMAZON-02, US)

static.adsafeprotected.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

29 2600:1f18:1aca:4282:ffb2:25bd:a3d3:4283 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)

dt.adsafeprotected.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:810::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

ajax.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.102.243.38 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 38.243.102.34.bc.googleusercontent.com

pandg.tapad.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:1901:0:8344:: (Kansas City, United States)

ASN15169 (GOOGLE, US)

lexicon.33across.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.215.24.184 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-215-24-184.eu-west-1.compute.amazonaws.com

id.crwdcntrl.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:831::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
178	googlesyndication.com pagead2.googlesyndication.com — Cisco Umbrella Rank: 104 a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com tpc.googlesyndication.com — Cisco Umbrella Rank: 134	1 MB
118	2mdn.net s0.2mdn.net — Cisco Umbrella Rank: 272	2 MB
70	doubleclick.net 13 redirects securepubads.g.doubleclick.net — Cisco Umbrella Rank: 188 googleads.g.doubleclick.net — Cisco Umbrella Rank: 32 cm.g.doubleclick.net — Cisco Umbrella Rank: 210 googleads4.g.doubleclick.net — Cisco Umbrella Rank: 310	622 KB
57	1616.ro i0.1616.ro — Cisco Umbrella Rank: 550171	2 MB
49	adsafeprotected.com 5 redirects fw.adsafeprotected.com — Cisco Umbrella Rank: 711 static.adsafeprotected.com — Cisco Umbrella Rank: 541 dt.adsafeprotected.com — Cisco Umbrella Rank: 513	492 KB
16	spotxchange.com 12 redirects sync.search.spotxchange.com — Cisco Umbrella Rank: 741	10 KB
13	revcontent.com assets.revcontent.com — Cisco Umbrella Rank: 6348 trends.revcontent.com — Cisco Umbrella Rank: 1938 yeet.revcontent.com — Cisco Umbrella Rank: 7397 images.revcontent.com — Cisco Umbrella Rank: 7052	62 KB
12	googletagservices.com www.googletagservices.com — Cisco Umbrella Rank: 185	560 KB
12	orangesport.ro orangesport.ro	131 KB
8	yahoo.com 8 redirects ups.analytics.yahoo.com — Cisco Umbrella Rank: 271	1 KB
8	casalemedia.com 4 redirects dsum-sec.casalemedia.com — Cisco Umbrella Rank: 524	6 KB
8	cookiepro.com cookie-cdn.cookiepro.com — Cisco Umbrella Rank: 6098	120 KB
7	criteo.com 2 redirects gum.criteo.com — Cisco Umbrella Rank: 386 mug.criteo.com — Cisco Umbrella Rank: 2753	9 KB
6	adnxs.com 4 redirects ib.adnxs.com — Cisco Umbrella Rank: 214	6 KB
6	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 34 ajax.googleapis.com — Cisco Umbrella Rank: 305	24 KB
5	openx.net 1 redirects oajs.openx.net — Cisco Umbrella Rank: 2470 us-u.openx.net — Cisco Umbrella Rank: 420 google-bidout-d.openx.net — Cisco Umbrella Rank: 2424	1003 B
5	agkn.com 3 redirects js.agkn.com — Cisco Umbrella Rank: 16827 d.agkn.com — Cisco Umbrella Rank: 634 aa.agkn.com — Cisco Umbrella Rank: 472	6 KB
3	gstatic.com www.gstatic.com	16 KB
3	id5-sync.com cdn.id5-sync.com — Cisco Umbrella Rank: 896 id5-sync.com — Cisco Umbrella Rank: 408	18 KB
3	crwdcntrl.net tags.crwdcntrl.net — Cisco Umbrella Rank: 1250 bcp.crwdcntrl.net — Cisco Umbrella Rank: 910 id.crwdcntrl.net — Cisco Umbrella Rank: 1424	12 KB
2	smartadserver.com rtb-csync.smartadserver.com — Cisco Umbrella Rank: 582	227 B
2	teads.tv sync.teads.tv — Cisco Umbrella Rank: 1230	344 B
2	rtbhouse.com esp.rtbhouse.com — Cisco Umbrella Rank: 3803	315 B
2	mathtag.com 1 redirects pixel.mathtag.com — Cisco Umbrella Rank: 975	1 KB
2	adsrvr.org match.adsrvr.org — Cisco Umbrella Rank: 295	653 B
2	google.com adservice.google.com — Cisco Umbrella Rank: 68 www.google.com — Cisco Umbrella Rank: 2	1 KB
2	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 25	20 KB
2	newsroom.bi events.newsroom.bi — Cisco Umbrella Rank: 10190	850 B
2	facebook.net connect.facebook.net — Cisco Umbrella Rank: 147	88 KB
2	adocean.pl ro.adocean.pl — Cisco Umbrella Rank: 266229	35 KB
2	omniconvert.com cdn.omniconvert.com — Cisco Umbrella Rank: 101725 app.omniconvert.com — Cisco Umbrella Rank: 93372	86 KB
2	telekomsport.ro 2 redirects telekomsport.ro www.telekomsport.ro	656 B
1	33across.com lexicon.33across.com — Cisco Umbrella Rank: 1302	249 B
1	tapad.com pandg.tapad.com — Cisco Umbrella Rank: 1715	257 B
1	pubmatic.com ads.pubmatic.com — Cisco Umbrella Rank: 457	65 KB
1	openxcdn.net oa.openxcdn.net — Cisco Umbrella Rank: 2604	8 KB
1	criteo.net static.criteo.net — Cisco Umbrella Rank: 629	13 KB
1	jsdelivr.net cdn.jsdelivr.net — Cisco Umbrella Rank: 337	1 KB
1	uidapi.com cdn.prod.uidapi.com — Cisco Umbrella Rank: 2765	2 KB
1	creativecdn.com invstatic101.creativecdn.com — Cisco Umbrella Rank: 3432	2 KB
1	googleadservices.com partner.googleadservices.com — Cisco Umbrella Rank: 860	606 B
1	taboola.com cdn.taboola.com — Cisco Umbrella Rank: 936	217 B
1	google.de adservice.google.de — Cisco Umbrella Rank: 8720	531 B
1	aghtag.tech aghtag.tech — Cisco Umbrella Rank: 45582	93 KB
1	mrf.io sdk.mrf.io — Cisco Umbrella Rank: 12712	28 KB
1	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 42	63 KB
1	orange.ro www.orange.ro — Cisco Umbrella Rank: 476812	276 KB
1	ad.plus ad.plus — Cisco Umbrella Rank: 59338	992 B
1	paht.tech paht.tech — Cisco Umbrella Rank: 334894	2 KB
1	pghub.io pghub.io — Cisco Umbrella Rank: 1651	5 KB
0	rlcdn.com Failed api.rlcdn.com Failed
576	51

	Domain	Requested by
118	s0.2mdn.net	orangesport.ro s0.2mdn.net a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com
116	pagead2.googlesyndication.com	orangesport.ro pagead2.googlesyndication.com a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com googleads.g.doubleclick.net tpc.googlesyndication.com www.googletagservices.com s0.2mdn.net securepubads.g.doubleclick.net
57	i0.1616.ro	orangesport.ro
51	tpc.googlesyndication.com	orangesport.ro a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com tpc.googlesyndication.com s0.2mdn.net securepubads.g.doubleclick.net
29	dt.adsafeprotected.com	a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com orangesport.ro
23	cm.g.doubleclick.net	13 redirects googleads.g.doubleclick.net
20	googleads.g.doubleclick.net	pagead2.googlesyndication.com a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com orangesport.ro
18	googleads4.g.doubleclick.net	orangesport.ro
16	sync.search.spotxchange.com	12 redirects googleads.g.doubleclick.net
12	www.googletagservices.com	orangesport.ro securepubads.g.doubleclick.net a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com
12	orangesport.ro	orangesport.ro
11	a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
10	static.adsafeprotected.com	a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com
10	fw.adsafeprotected.com	5 redirects orangesport.ro
9	securepubads.g.doubleclick.net	orangesport.ro www.googletagservices.com securepubads.g.doubleclick.net
8	ups.analytics.yahoo.com	8 redirects
8	dsum-sec.casalemedia.com	4 redirects googleads.g.doubleclick.net
8	cookie-cdn.cookiepro.com	orangesport.ro cookie-cdn.cookiepro.com
6	yeet.revcontent.com	assets.revcontent.com
6	ib.adnxs.com	4 redirects googleads.g.doubleclick.net
4	ajax.googleapis.com	s0.2mdn.net
4	trends.revcontent.com	assets.revcontent.com
4	gum.criteo.com	2 redirects static.criteo.net
3	mug.criteo.com	orangesport.ro
3	www.gstatic.com	orangesport.ro a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com
3	aa.agkn.com	3 redirects
2	rtb-csync.smartadserver.com	googleads.g.doubleclick.net
2	sync.teads.tv	googleads.g.doubleclick.net
2	us-u.openx.net	googleads.g.doubleclick.net
2	oajs.openx.net	1 redirects orangesport.ro
2	assets.revcontent.com	securepubads.g.doubleclick.net assets.revcontent.com
2	id5-sync.com	cdn.id5-sync.com ads.pubmatic.com
2	esp.rtbhouse.com	invstatic101.creativecdn.com
2	fonts.googleapis.com	a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com orangesport.ro
2	pixel.mathtag.com	1 redirects d.agkn.com
2	match.adsrvr.org	d.agkn.com ads.pubmatic.com
2	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com
2	events.newsroom.bi	sdk.mrf.io
2	connect.facebook.net	orangesport.ro connect.facebook.net
2	ro.adocean.pl	orangesport.ro ro.adocean.pl
1	www.google.com	tpc.googlesyndication.com
1	id.crwdcntrl.net	ads.pubmatic.com
1	lexicon.33across.com	ads.pubmatic.com
1	pandg.tapad.com	pghub.io
1	images.revcontent.com	orangesport.ro
1	google-bidout-d.openx.net	oa.openxcdn.net
1	ads.pubmatic.com	assets.revcontent.com
1	bcp.crwdcntrl.net	tags.crwdcntrl.net
1	oa.openxcdn.net	securepubads.g.doubleclick.net
1	static.criteo.net	securepubads.g.doubleclick.net
1	cdn.jsdelivr.net	securepubads.g.doubleclick.net
1	cdn.id5-sync.com	securepubads.g.doubleclick.net
1	cdn.prod.uidapi.com	securepubads.g.doubleclick.net
1	tags.crwdcntrl.net	securepubads.g.doubleclick.net
1	invstatic101.creativecdn.com	securepubads.g.doubleclick.net
1	partner.googleadservices.com	pagead2.googlesyndication.com
1	cdn.taboola.com	aghtag.tech
1	adservice.google.com	securepubads.g.doubleclick.net
1	adservice.google.de	securepubads.g.doubleclick.net
1	d.agkn.com	js.agkn.com
1	aghtag.tech	paht.tech
1	app.omniconvert.com	cdn.omniconvert.com
1	sdk.mrf.io	orangesport.ro
1	www.googletagmanager.com	orangesport.ro
1	www.orange.ro	orangesport.ro
1	js.agkn.com	orangesport.ro
1	ad.plus	orangesport.ro
1	paht.tech	orangesport.ro
1	cdn.omniconvert.com	orangesport.ro
1	pghub.io	orangesport.ro
1	www.telekomsport.ro	1 redirects
1	telekomsport.ro	1 redirects
0	api.rlcdn.com Failed	ads.pubmatic.com
576	73

This site contains links to these domains. Also see Links.

Domain
www.orange.ro
www.facebook.com
www.youtube.com
www.instagram.com
www.1616.ro
www.cookiepro.com

Subject Issuer	Validity	Valid
orangesport.ro R3	`2023-01-15` - `2023-04-15`	3 months	crt.sh
*.pghub.io DigiCert TLS RSA SHA256 2020 CA1	`2023-02-09` - `2024-02-08`	a year	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2022-06-21` - `2023-06-20`	a year	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2023-03-02` - `2023-05-25`	3 months	crt.sh
*.adocean.pl Sectigo ECC Domain Validation Secure Server CA	`2023-01-30` - `2024-02-06`	a year	crt.sh
*.agkn.com RapidSSL Global TLS RSA4096 SHA256 2022 CA1	`2022-09-06` - `2023-09-21`	a year	crt.sh
i0.1616.ro Sectigo RSA Domain Validation Secure Server CA	`2022-12-04` - `2023-12-04`	a year	crt.sh
*.orange.ro Sectigo RSA Domain Validation Secure Server CA	`2022-05-24` - `2023-06-24`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2023-03-02` - `2023-05-25`	3 months	crt.sh
app.omniconvert.com Sectigo RSA Domain Validation Secure Server CA	`2022-09-21` - `2023-10-09`	a year	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2023-01-10` - `2023-03-23`	2 months	crt.sh
ssl03.cert.cl03.k8s.mrf.io R3	`2023-03-01` - `2023-05-30`	3 months	crt.sh
cookiepro.com Cloudflare Inc ECC CA-3	`2022-04-19` - `2023-04-19`	a year	crt.sh
*.google.de GTS CA 1C3	`2023-03-02` - `2023-05-25`	3 months	crt.sh
*.google.com GTS CA 1C3	`2023-03-02` - `2023-05-25`	3 months	crt.sh
*.taboola.com DigiCert TLS RSA SHA256 2020 CA1	`2022-12-08` - `2023-12-31`	a year	crt.sh
*.googleadservices.com GTS CA 1C3	`2023-03-02` - `2023-05-25`	3 months	crt.sh
invstatic101.creativecdn.com GTS CA 1D4	`2023-02-28` - `2023-05-29`	3 months	crt.sh
*.crwdcntrl.net Go Daddy Secure Certificate Authority - G2	`2022-05-01` - `2023-06-02`	a year	crt.sh
cdn.prod.uidapi.com R3	`2023-02-25` - `2023-05-26`	3 months	crt.sh
*.criteo.net DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2023-01-13` - `2023-04-15`	3 months	crt.sh
oa.openxcdn.net GTS CA 1D4	`2023-01-29` - `2023-04-29`	3 months	crt.sh
upload.video.google.com GTS CA 1C3	`2023-03-02` - `2023-05-25`	3 months	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2023-03-02` - `2023-05-25`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2023-03-02` - `2023-05-25`	3 months	crt.sh
esp.rtbhouse.com GTS CA 1D4	`2023-01-21` - `2023-04-21`	3 months	crt.sh
*.id5-sync.com R3	`2023-01-25` - `2023-04-25`	3 months	crt.sh
assets.revcontent.com R3	`2023-03-13` - `2023-06-11`	3 months	crt.sh
*.criteo.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-03-09` - `2023-06-03`	3 months	crt.sh
*.openx.net GeoTrust RSA CA 2018	`2022-07-21` - `2023-08-21`	a year	crt.sh
teads.tv R3	`2023-02-21` - `2023-05-22`	3 months	crt.sh
*.pubmatic.com DigiCert TLS RSA SHA256 2020 CA1	`2023-01-25` - `2024-01-24`	a year	crt.sh
*.smartadserver.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2023-01-21` - `2024-01-23`	a year	crt.sh
fw.adsafeprotected.com Amazon RSA 2048 M02	`2023-02-10` - `2023-05-27`	4 months	crt.sh
*.doubleclick.net GTS CA 1C3	`2023-03-02` - `2023-05-25`	3 months	crt.sh
revcontent.com Amazon RSA 2048 M01	`2023-02-14` - `2023-07-16`	5 months	crt.sh
static.adsafeprotected.com Amazon RSA 2048 M01	`2023-02-24` - `2023-09-04`	6 months	crt.sh
dt.adsafeprotected.com Amazon RSA 2048 M01	`2023-03-01` - `2023-05-08`	2 months	crt.sh
images.revcontent.com R3	`2023-03-06` - `2023-06-04`	3 months	crt.sh
*.tapad.com DigiCert TLS RSA SHA256 2020 CA1	`2022-09-14` - `2023-10-15`	a year	crt.sh
lexicon.33across.com GTS CA 1D4	`2023-02-15` - `2023-05-17`	3 months	crt.sh
*.adsrvr.org GlobalSign GCC R3 DV TLS CA 2020	`2022-03-31` - `2023-05-02`	a year	crt.sh
www.google.com GTS CA 1C3	`2023-03-02` - `2023-05-25`	3 months	crt.sh

This page contains 65 frames:

Primary Page: https://orangesport.ro/
Frame ID: CF13C27280B315C5D0F63310B437C020
Requests: 124 HTTP requests in this frame

Frame: https://d.agkn.com/iframe/8613/?che=957803991&gdpr=0&gdpr_consent=&ref=&bpid=eadromania&c=%7B%22bpid%22%3A%22eadromania%22%2C%22loc%22%3A%22https%3A%2F%2Forangesport.ro%2F%22%2C%22gdpr%22%3A%220%22%2C%22gdpr_consent%22%3A%22%22%2C%22ref%22%3A%22-1%22%2C%22cid%22%3A%22-1%22%2C%22sid%22%3A%22-1%22%2C%22gen%22%3A%22-1%22%2C%22age%22%3A%22-1%22%2C%22cat%22%3A%22Homepage%22%2C%22brd%22%3A%22-1%22%2C%22subcategory%22%3A%22%22%7D
Frame ID: 5406AA5A19AF9D3CCCB9F5677000462E
Requests: 3 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20230314/r20190131/zrt_lookup.html
Frame ID: 55CD6D44297E3BA6FC00123E4024B259
Requests: 1 HTTP requests in this frame

Frame: https://a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: F8A720A5B46DE884564F1C0E17375E7F
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4841000241565878&output=html&adk=1812271804&adf=3025194257&lmt=1678976998&plat=8%3A64%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C41%3A32%2C42%3A32&plas=188x945_l%7C188x945_r&format=0x0&url=https%3A%2F%2Forangesport.ro%2F&ea=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1678976998346&bpp=3&bdt=602&idt=312&shv=r20230314&mjsv=m202303060101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=8656127045470&frm=20&pv=2&ga_vid=115104387.1678976999&ga_sid=1678976999&ga_hid=1609397219&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759927%2C44777876%2C44759842%2C44759876%2C31072914&oid=2&pvsid=3098948467370611&tmod=2006283706&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=1&uci=a!1&fsb=1&dtd=336
Frame ID: 433D4D65FBDA7EDE3F95CAD1E28645EA
Requests: 1 HTTP requests in this frame

Frame: https://a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: 1BAE5C24B3ACECF40CF9AF1C27C61D5B
Requests: 5 HTTP requests in this frame

Frame: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500
Frame ID: 895CE0EEECD3BD6B3DE2F02891348DFE
Requests: 7 HTTP requests in this frame

Frame: https://ro.adocean.pl/files/html/test-cookie.html
Frame ID: 28634A3BFCC5E332F9031FE262A85638
Requests: 1 HTTP requests in this frame

Frame: https://a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: 24F9BD27EA767989C9B43B34555555D1
Requests: 25 HTTP requests in this frame

Frame: https://a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: 184F596949C73F3BE5845F044D6CFFE3
Requests: 24 HTTP requests in this frame

Frame: https://a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: 62010092A551165CD3931CE349A866B9
Requests: 1 HTTP requests in this frame

Frame: https://a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: F0A99DEF2EFEF112C017D1D702B52264
Requests: 1 HTTP requests in this frame

Frame: https://a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: 5C64007D4DDB2B7C4F0861B54BDA68DD
Requests: 33 HTTP requests in this frame

Frame: https://a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: 738F755BCD13B3B988E0BD96E28B6E2D
Requests: 18 HTTP requests in this frame

Frame: https://a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: 7AE0BCD121FF1F4D6216D3FDABBC39CF
Requests: 18 HTTP requests in this frame

Frame: https://a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: 73E7FA8D07A7BA77773D6CA4E04076F4
Requests: 18 HTTP requests in this frame

Frame: https://a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: 321824B536E1A513F653FB858512F462
Requests: 18 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsuLM7eiwvVjPwOniW5tvYIwQLwZJgAJtqc7_7qpAbpgSmRBVTfgLkbkguz6xpiaSoNRmfdquLyzbzTwrxyPGJo04xp6kGWC8AZVaWHCJnBExwa4Vh-wIZ6XdBZ0GEaJX4e9VVibJvY7fGL4SUEv8xP-Prqb6Sp6zV3dCG9hex6BXwrTQPSr4n5WJg121oau99b5jt7fq80WF9BsoEWvCqMGRYnCJ75G1152K8wD9DjqZI8NnWvbo2fzEjYEWdHoL9ws2ZjBwpnh_s4QGknEMzVwzPmq6PQiASKKaDVU9Nq5RDSMjaxOTD8WSRQVO7hwEp-67wF49BU&sai=AMfl-YTf70NP2VFNIKZrmw4gqbiIAVoNO-0VFDppdmj5YbjfUkgC51BEAL_pFyid2VS45re3wb6xMEzts4TxNxAdEFD2nlGWvtxr4H77gK_GbBuJAhUlz7yz2qKrg7DYrdOpT9NdRHfk_RdqONB-tiE&sig=Cg0ArKJSzBn_ksA0F98REAE&uach_m=[UACH]&urlfix=1&adurl=
Frame ID: BC55E4E3C730853B7ABF8C2EB08D569F
Requests: 23 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CNKOMxDkyTkY8NiZyAEwAQ&v=APEucNXxRqGRqQfgSuRVGAAbJ48nG0BlBh_ahP6Fh8ajPFUJZk4Zx_YtVC2QlRKxafFnb-Li5D7d4ZPslO78WjvWp0LY4vjiybXseyAP4-5rSYtg-fYHsSs4V8HGnngMutwb_RATKTTDSiP6Z4Q9BmA8sJjcpmxD4_Pz4FoYeXlfXxV_tJY2Uoo
Frame ID: 958CA547781AA8EF08A0F845BBA8CE2E
Requests: 5 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CNKOMxDkyTkY8NiZyAEwAQ&v=APEucNUm-9KSLP5FmUzfbqIG6fF19e9Y8hIVH-uA2Pv4P1LU3a1Q3UTJQXlc_2uXoV__0Fds1OzhNzbscNuZPpYLIhguXoDaxL2dwGuaT2MC66uNhHzHVCtImWl0uYvjbTsAkd9N7fc27rRZk6zwRyKPtIxHDHPgxZ3GOlixo3-ZAL03B5OY95k
Frame ID: 70858D9727EA31366AE9ED2480FFABD0
Requests: 5 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CNKo89UCEOuOtqEDGNyNnOEBMAE&v=APEucNX_4AevaFoEJRDPNLpAMbXW7ebINEfXWimYVNdthA-Wu7vUcf0OwZjhejRzb2cQtgpQemhM3G6hYJdMNn3606u5xy3gOkDQpOVsbFpwEfxcFhWCw59xfPoEDrd_O3_6rwZQfsYkswGkHoptYH5Gyf5SmLPMeOILXEOp3Tsdbf63dJJ6u1s
Frame ID: 0AB9E43C0C2902EB03104D35B10BF5C1
Requests: 5 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/js/dv3.js
Frame ID: 267FA7125D808F0110CFBC6A7565ACB3
Requests: 24 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CNKo89UCEOuOtqEDGNyNnOEBMAE&v=APEucNWKceS5rwiNxHNwevw4HGnA7YS5dIFc8iw1-TSt7yZHemvBP6KjFmYYNRRJrKvEJoGAgl23Yd_yOEQCdETdsdLE7--Czi2jKJBLnflH-2Ww2hDevfqGngI6lpUMO9rBvnQHGz23b4WPyXobRiq5WUnL54vtHHFhqP91jn0MUa2cYrN8zv4
Frame ID: 749467DDA408D0981F7EB0720CC62B6F
Requests: 4 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/js/dv3.js
Frame ID: 3E3545ED078AC7F6647C5EA76D30473A
Requests: 23 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CNKOMxDkyTkYmeGZyAEwAQ&v=APEucNWvdinmx3Qvam6MU9VxoXyBBtE-zBZLNXyGE7VntpKBCK22EQFfu7bni0htrG_rk-a2M8RSpfj7xXV7JTCZRX1acLJno4Lmft5lA4ZNktQxamQ7kWwbuCN1rLPkYe2wdFkr-A-2LGJNX33uSq3jOMUOg9IfJQKwApmc5LzkE47uLemFpLo
Frame ID: 65978D865B83ACEBE17F401C4240FDE6
Requests: 4 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=COGKFRCp6RsYvN7jwAEwAQ&v=APEucNXzwn3rg9dxYQ0B1e1yhKiZNeqtL9ImwwRCVa8-tX3FmHRRivj5FhycGShwXgfzp_XLBjuViKo7P06QbFiaVHCoGC1VK2LIWmSasBNc4TyLkN9XqOtXIqR8DxLMT_gzcbFdtDEwKE7rTHOSbmPixpbJBBUJJrzRUKc8j6VA9QyqFL5pxPg
Frame ID: 72A09FE2E51E61BE1A0BD557D6E28C9E
Requests: 4 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=COGKFRCp6RsYvN7jwAEwAQ&v=APEucNVxyZlIE8ZLrubUdS-OYUQW28ieJwjqTovGSBt-g4Zi-q9tkDIrgSwr5pdt5q1_-OI8YHAijsUWpYmoBQfemSLzIQL7-mjy-T6O_yvVBIu7UfHe7HtPrwzouXryGStcVMT236jo8dUQcVIXFu7UbsNiRbCH-MmCa832Lzjis1Rk_F3-6DQ
Frame ID: 6F60A72C67E02C9D5158A48C32DBFEBC
Requests: 4 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=COGKFRCp6RsYvN7jwAEwAQ&v=APEucNV6C0gXtHfJ-jDqZCL1aosei2-pZs1g8oZzFgNMG1YFL3uJR1TuVRYv-unCdE1G1DPoQu_aXz77MV8AgHyBQe7VPuQaYf60N_-oJR6BgJhKoyKdWzzjPcrocOlGNjpRJZNklPBDpp0Mh9oaHNWOZhpI3Xog5tqXBpNxx2QZ4puoPhVzsUA
Frame ID: 46B0CA7C239B1024D653259C0A20AF99
Requests: 3 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=COGKFRCp6RsYvN7jwAEwAQ&v=APEucNU25xGyuJb69_0iE4-oPFDi_V2rKlMIv3D2voWCilbgeqKfJP8ES9FrDE4qjYEMI-SmL8Y_tZmu7ZME1ER_GUTdkFQcNHttfEcS-3Yac1ZFyFAsmuQk5kdpTdbZdi36YXq-nANPiqvjtOlnD2PY9NfeO9G21DqiukS8P8ibIk2mkRH4xQ0
Frame ID: 9A283652C674703599EFAF6A0F3C71FE
Requests: 1 HTTP requests in this frame

Frame: https://gum.criteo.com/syncframe?origin=publishertagids&topUrl=orangesport.ro
Frame ID: C94E5CAC3EAC4AD40C66EB9A81FDA788
Requests: 2 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/haezTdMeijvNpzpe-iMvzf0waJjhxHRsaf2aRdVkA3o.js
Frame ID: 48DE027680B9542C45F30675C7E76F42
Requests: 1 HTTP requests in this frame

Frame: https://google-bidout-d.openx.net/w/1.0/pd?plm=5
Frame ID: B7D1BAFFF50E4F74B60C06FA4BEB5C9F
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 97CB74D48A0D0890374DEF24E3E3BB39
Requests: 3 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/16046623051478990848/300x250-Live_Happy/index.html?e=69&leftOffset=0&topOffset=0&c=Av8zpsw209&t=1&renderingType=2&ev=01_247
Frame ID: 300746E79530C593BB1D5ED226A379C9
Requests: 24 HTTP requests in this frame

Frame: https://s0.2mdn.net/9912961/1676374217816/160x600.html
Frame ID: B31E1BD9AC86771BCBEA3C9418C3587D
Requests: 4 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/9548364509937149214/index.html?e=69&leftOffset=0&topOffset=0&c=BRndvIgLyS&t=1&renderingType=2&ev=01_247
Frame ID: AD536EC814AE0006C2CDF8CE0B0D2831
Requests: 12 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: D707A09A0454CABA62CAF39AD961EF5D
Requests: 3 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/9548364509937149214/index.html?e=69&leftOffset=0&topOffset=0&c=k02vPx69ko&t=1&renderingType=2&ev=01_247
Frame ID: 2370F167ED04F63642ADC6FA7A78DAAD
Requests: 12 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/9548364509937149214/index.html?e=69&leftOffset=0&topOffset=0&c=uIfgOF2LHx&t=1&renderingType=2&ev=01_247
Frame ID: 7C94A44B060954F94071B18331505343
Requests: 12 HTTP requests in this frame

Frame: https://s0.2mdn.net/9912961/1676374217816/160x600.html
Frame ID: ED585B9DA0B0EEEDEAD44B6E7E24CA19
Requests: 4 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/9548364509937149214/index.html?e=69&leftOffset=0&topOffset=0&c=acEf2kB9KP&t=1&renderingType=2&ev=01_247
Frame ID: 3D316CAA5A1D2E860508A0ED779373E4
Requests: 12 HTTP requests in this frame

Frame: https://static.adsafeprotected.com/sca.17.6.2.js
Frame ID: 56D40E3C4C2BD5063C6A0A63109B02E4
Requests: 1 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/16046623051478990848/300x250-Live_Happy/index.html?e=69&leftOffset=0&topOffset=0&c=SJsGLb7TbI&t=1&renderingType=2&ev=01_247
Frame ID: D591907DAD402CB811731838A4046B90
Requests: 24 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/5949325981360586752/728x90-Live_Happy/index.html?e=69&leftOffset=0&topOffset=0&c=lPCkWJ52pY&t=1&renderingType=2&ev=01_247
Frame ID: 1EBDD0998BBCD75557C2899CBF15390E
Requests: 23 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 530421E850ECFD917402C29DB537F970
Requests: 3 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: C9AC5119641AD83E0930A7F69BEC0B46
Requests: 3 HTTP requests in this frame

Frame: https://static.adsafeprotected.com/sca.17.6.2.js
Frame ID: 9528D49141B0B995E30BA6D1AC858848
Requests: 1 HTTP requests in this frame

Frame: https://static.adsafeprotected.com/sca.17.6.2.js
Frame ID: EB861C383C49D757D7FD14C8147F0632
Requests: 1 HTTP requests in this frame

Frame: https://static.adsafeprotected.com/sca.17.6.2.js
Frame ID: A2EE4FB4391AD0C94E2B507E4A1D70A3
Requests: 1 HTTP requests in this frame

Frame: https://static.adsafeprotected.com/sca.17.6.2.js
Frame ID: 6C2BA227EC3DD19BA1ECF8E613197887
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 8470FBEC9886EB9F0C7CED5CB556FFEA
Requests: 3 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 0132FCDEFF95DF094896EFA96DCD7060
Requests: 3 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 35513100E971B745074A3DB7C86F27DC
Requests: 3 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: D515ADB384A7EA695F4B570496CF7AE9
Requests: 3 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 7D8BA9568157A9047A9A9F6296EF31EA
Requests: 3 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/haezTdMeijvNpzpe-iMvzf0waJjhxHRsaf2aRdVkA3o.js
Frame ID: D7E95E56725BAB1DDB5E62A636F4BE05
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/haezTdMeijvNpzpe-iMvzf0waJjhxHRsaf2aRdVkA3o.js
Frame ID: 9A88B18CCC646A42A46762ABDDE4D219
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/haezTdMeijvNpzpe-iMvzf0waJjhxHRsaf2aRdVkA3o.js
Frame ID: A0F8C24F30FD78026542108829DFBE05
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/haezTdMeijvNpzpe-iMvzf0waJjhxHRsaf2aRdVkA3o.js
Frame ID: F990D85E61673D9C39622311E5D9E775
Requests: 1 HTTP requests in this frame

Frame: https://pandg.tapad.com/tag?gdpr=1&referrer_url=&page_url=https%3A%2F%2Forangesport.ro%2F&owner=P%26G&bp_id=eadromania&ch=%7B%22architecture%22%3A%22%22%2C%22bitness%22%3A%22%22%2C%22brands%22%3A%5B%5D%2C%22fullVersionList%22%3A%5B%5D%2C%22mobile%22%3Afalse%2C%22model%22%3A%22%22%2C%22platform%22%3A%22%22%2C%22platformVersion%22%3A%22%22%7D&initiator=js&data=%7B%22category%22%3A%22%22%7D
Frame ID: 60DCFB7B055B33F97CE000B76B3E6751
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/haezTdMeijvNpzpe-iMvzf0waJjhxHRsaf2aRdVkA3o.js
Frame ID: DCAEE9C1BF840A466B8371369790CCDA
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/haezTdMeijvNpzpe-iMvzf0waJjhxHRsaf2aRdVkA3o.js
Frame ID: 2C6B550A798460C77F68E13729238D67
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/haezTdMeijvNpzpe-iMvzf0waJjhxHRsaf2aRdVkA3o.js
Frame ID: F9E6455DCEA1D88C35E4663790478665
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 4F8AFEE0BA4F5E79AB865DF0CC97953F
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 560B72DDAEC25B584B5F7705A42E593F
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Orangesport - Mereu în jocBack ButtonFilter Button

Page URL History Show full URLs

https://telekomsport.ro/ HTTP 301
http://www.telekomsport.ro/ HTTP 307
https://www.telekomsport.ro/ HTTP 301
https://orangesport.ro/ Page URL

Detected technologies

AdOcean (Advertising) Expand

Overall confidence: 100%
Detected patterns

adocean\.pl/files/js/ado\.js
adocean\.pl

AppNexus (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.(?:net|com)

DoubleClick Campaign Manager (DCM) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

2mdn\.net

DoubleClick for Publishers (DFP) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googletagservices\.com/tag/js/gpt(?:_mobile)?\.js

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

//connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/
2mdn\.net

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

googleapis\.com/.+webfont

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js

OneTrust (Cookie compliance) Expand

Overall confidence: 100%
Detected patterns

otSDKStub\.js

OpenX (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.openx\.net

PubMatic (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.pubmatic\.com

jsDelivr (CDN) Expand

Overall confidence: 100%
Detected patterns

//cdn\.jsdelivr\.net/

Page Statistics

576
Requests

94 %
HTTPS

46 %
IPv6

51
Domains

73
Subdomains

67
IPs

7
Countries

8860 kB
Transfer

19037 kB
Size

38
Cookies

7 Outgoing links

These are links going to different origins than the main page.

URL: https://www.orange.ro/
Title: orange.ro

Search URL Search Domain Scan URL

URL: https://www.facebook.com/orangesportromania

Search URL Search Domain Scan URL

URL: https://www.youtube.com/orangesportromania

Search URL Search Domain Scan URL

URL: https://www.instagram.com/orangesportromania/

Search URL Search Domain Scan URL

URL: http://www.1616.ro/
Title: 1616.ro

Search URL Search Domain Scan URL

URL: https://www.orange.ro/termeni-si-conditii/cookies/
Title: Mai multe informaţii

Search URL Search Domain Scan URL

URL: https://www.cookiepro.com/products/cookie-consent/

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://telekomsport.ro/ HTTP 301
http://www.telekomsport.ro/ HTTP 307
https://www.telekomsport.ro/ HTTP 301
https://orangesport.ro/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 99

https://aa.agkn.com/adscores/g.pixel?sid=9212293468&gdpr=0&gdpr_consent= HTTP 302
https://match.adsrvr.org/track/cmf/generic?ttd_pid=adadvisor&ttd_tpi=1&gdpr=0&gdpr_consent=

Request Chain 100

https://aa.agkn.com/adscores/g.pixel?sid=9212293438 HTTP 302
https://pixel.mathtag.com/sync/img?redir=https://aa.agkn.com/adscores/g.pixel%3Fsid%3D9312292258%26mt%3D%5BMM_UUID%5D HTTP 302
https://aa.agkn.com/adscores/g.pixel?sid=9312292258&mt=c7e66413-27e6-4e00-9ee1-6c0ed0eca3a1 HTTP 302
https://pixel.mathtag.com/sync/img/?mt_exid=10009&mt_exuid=266500604457182048377

Request Chain 149

https://oajs.openx.net/esp?url=https%3A%2F%2Forangesport.ro%2F&rid=esp HTTP 302
https://oajs.openx.net/esp?url=https%3A%2F%2Forangesport.ro%2F&rid=esp&cc=1

Request Chain 215

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEIv0JSDc7a1CAcnptgijER8&google_cver=1

Request Chain 216

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZBMn5w.i1uo6rvuE5ijhTgAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEIv0JSDc7a1CAcnptgijER8&google_cver=1&google_hm=2

Request Chain 217

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESEJF55DRF8tAZXsxoLvQTZW4&google_cver=1

Request Chain 218

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=Njg2OTkwOTA0MDc5NDk0NzQ5Nw%3D%3D

Request Chain 219

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEIv0JSDc7a1CAcnptgijER8&google_cver=1

Request Chain 220

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZBMn5w.i1uo6rvuE5ijhTgAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEIv0JSDc7a1CAcnptgijER8&google_cver=1&google_hm=2

Request Chain 221

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESEJF55DRF8tAZXsxoLvQTZW4&google_cver=1

Request Chain 222

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=Njg2OTkwOTA0MDc5NDk0NzQ5Nw%3D%3D

Request Chain 223

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_dbm HTTP 302
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEA7iG_YlWGPmIrQJGt_MAX4&google_cver=1

Request Chain 225

https://cm.g.doubleclick.net/pixel?google_nid=teadstv_dbm&google_cm&google_dbm HTTP 302
https://sync.teads.tv/um?eid=3&uid=CAESEDuUW2G4MRWAVqwMJvXwbjw&google_cver=1

Request Chain 228

https://cm.g.doubleclick.net/pixel?google_nid=spotxchange_dbm&google_cm&google_dbm HTTP 302
https://sync.search.spotxchange.com/partner?adv_id=7025&uid=CAESEJzbCppGcLmDb2sF9BB45N4&google_cver=1 HTTP 302
https://sync.search.spotxchange.com/partner?adv_id=7025&uid=CAESEJzbCppGcLmDb2sF9BB45N4&google_cver=1&__user_check__=1&sync_id=082dec9e-c407-11ed-b56c-1ce730eb0206

Request Chain 229

https://sync.search.spotxchange.com/partner?adv_id=7025&redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dspotxchange_dbm%26google_hm%3D%24SPOTX_BASE64_USER_ID HTTP 302
https://sync.search.spotxchange.com/partner?adv_id=7025&redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dspotxchange_dbm%26google_hm%3D%24SPOTX_BASE64_USER_ID&__user_check__=1&sync_id=08235b21-c407-11ed-a200-1d7abbad0206 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=spotxchange_dbm&google_hm=MDgyMzk4NDQtYzQwNy0xMWVkLWE1OTktMWFjMDU0NDIwNTA2

Request Chain 230

https://ups.analytics.yahoo.com/ups/58269/sync?_origin=1&redir=true HTTP 302
https://ups.analytics.yahoo.com/ups/58269/sync?_origin=1&redir=true&verify=true HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=oath_dbm&google_hm=eS1qZXZpZ0JSRTJ1RVRVUVNsRUUyRzhxcThXNDZiR2NsX35B

Request Chain 231

https://cm.g.doubleclick.net/pixel?google_nid=spotxchange_dbm&google_cm&google_dbm HTTP 302
https://sync.search.spotxchange.com/partner?adv_id=7025&uid=CAESEJzbCppGcLmDb2sF9BB45N4&google_cver=1 HTTP 302
https://sync.search.spotxchange.com/partner?adv_id=7025&uid=CAESEJzbCppGcLmDb2sF9BB45N4&google_cver=1&__user_check__=1&sync_id=082ded96-c407-11ed-9ca6-14f0ef8b0306

Request Chain 232

https://sync.search.spotxchange.com/partner?adv_id=7025&redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dspotxchange_dbm%26google_hm%3D%24SPOTX_BASE64_USER_ID HTTP 302
https://sync.search.spotxchange.com/partner?adv_id=7025&redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dspotxchange_dbm%26google_hm%3D%24SPOTX_BASE64_USER_ID&__user_check__=1&sync_id=082387c8-c407-11ed-9fae-1a7ccaea0206 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=spotxchange_dbm&google_hm=MDgyMzk4NDQtYzQwNy0xMWVkLWE1OTktMWFjMDU0NDIwNTA2

Request Chain 233

https://ups.analytics.yahoo.com/ups/58269/sync?_origin=1&redir=true HTTP 302
https://ups.analytics.yahoo.com/ups/58269/sync?_origin=1&redir=true&verify=true HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=oath_dbm&google_hm=eS1qZXZpZ0JSRTJ1RVRVUVNsRUUyRzhxcThXNDZiR2NsX35B

Request Chain 235

https://cm.g.doubleclick.net/pixel?google_nid=spotxchange_dbm&google_cm&google_dbm HTTP 302
https://sync.search.spotxchange.com/partner?adv_id=7025&uid=CAESEJzbCppGcLmDb2sF9BB45N4&google_cver=1 HTTP 302
https://sync.search.spotxchange.com/partner?adv_id=7025&uid=CAESEJzbCppGcLmDb2sF9BB45N4&google_cver=1&__user_check__=1&sync_id=082d892a-c407-11ed-b567-14684a3a0406

Request Chain 236

https://sync.search.spotxchange.com/partner?adv_id=7025&redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dspotxchange_dbm%26google_hm%3D%24SPOTX_BASE64_USER_ID HTTP 302
https://sync.search.spotxchange.com/partner?adv_id=7025&redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dspotxchange_dbm%26google_hm%3D%24SPOTX_BASE64_USER_ID&__user_check__=1&sync_id=0823854e-c407-11ed-9dc3-190e06a80306 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=spotxchange_dbm&google_hm=MDgyMzk4NDQtYzQwNy0xMWVkLWE1OTktMWFjMDU0NDIwNTA2

Request Chain 237

https://ups.analytics.yahoo.com/ups/58269/sync?_origin=1&redir=true HTTP 302
https://ups.analytics.yahoo.com/ups/58269/sync?_origin=1&redir=true&verify=true HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=oath_dbm&google_hm=eS1qZXZpZ0JSRTJ1RVRVUVNsRUUyRzhxcThXNDZiR2NsX35B

Request Chain 238

https://cm.g.doubleclick.net/pixel?google_nid=spotxchange_dbm&google_cm&google_dbm HTTP 302
https://sync.search.spotxchange.com/partner?adv_id=7025&uid=CAESEJzbCppGcLmDb2sF9BB45N4&google_cver=1 HTTP 302
https://sync.search.spotxchange.com/partner?adv_id=7025&uid=CAESEJzbCppGcLmDb2sF9BB45N4&google_cver=1&__user_check__=1&sync_id=082dce26-c407-11ed-9efd-1093d7b30106

Request Chain 239

https://sync.search.spotxchange.com/partner?adv_id=7025&redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dspotxchange_dbm%26google_hm%3D%24SPOTX_BASE64_USER_ID HTTP 302
https://sync.search.spotxchange.com/partner?adv_id=7025&redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dspotxchange_dbm%26google_hm%3D%24SPOTX_BASE64_USER_ID&__user_check__=1&sync_id=0823989c-c407-11ed-a599-1ac054420506 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=spotxchange_dbm&google_hm=MDgyMzk4NDQtYzQwNy0xMWVkLWE1OTktMWFjMDU0NDIwNTA2

Request Chain 240

https://ups.analytics.yahoo.com/ups/58269/sync?_origin=1&redir=true HTTP 302
https://ups.analytics.yahoo.com/ups/58269/sync?_origin=1&redir=true&verify=true HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=oath_dbm&google_hm=eS1qZXZpZ0JSRTJ1RVRVUVNsRUUyRzhxcThXNDZiR2NsX35B

Request Chain 241

https://cm.g.doubleclick.net/pixel?google_nid=smartrtb_dbm&google_cm&google_dbm HTTP 302
https://rtb-csync.smartadserver.com/redir/?partnerid=76&partneruserid=CAESEG1_1aOwChv6Iq5K8gyQJII&google_cver=1

Request Chain 246

https://gum.criteo.com/sid/json?origin=publishertagids&domain=orangesport.ro&sn=ChromeSyncframe&so=0&topUrl=orangesport.ro&cw=1&lsw=1&topicsavail=0&fledgeavail=0 HTTP 302
https://mug.criteo.com/sid?cpp=bIpst3xHOGUrbkFJczd1a010a0NscVVUbitSLzhqWE5USlJiamZqTkdLRHo5SmNOWG45RWNMZ2p0bTRacnFuT2t6REtaVHlORVl4OTRuNTB0NVpLL25sQjBDTThNTURLb2pDcTZvTWRENE1mQ3RtWnNUTEJsMzlXVWtKb1FiOGY4MVhrQjVVR01jcHA5V1gyQmVUMVF3Z28zSkQ5UFdxSWRSZVU5QTRtTXBWOXlncEd4dncxUFRnL0hYMnpoZmloeUZEeXM0OENjZlNKUlhsYkJSVnA0TGxJcEVsYlh6M1JuWk9XU3Zsb3ZvMGlJUTZJWUJ6aGVFYWcvZktFZCszcVFJbzFUWlI2clF6ajhaQ3J4NGpvUmtybk1YUT09fA&cppv=2

Request Chain 355

https://fw.adsafeprotected.com/rfw/st/886862/62195780/4.js?ias_dspID=&ias_campId=&ias_pubId=&ias_chanId=&ias_placementId=&bidurl=&ias_dealId=&adsafe_par&ias_impId=&adContainerId=brand_safety_5ycTZMfEMebnx_AP8YyloA4&cbFunctionName=goog_wrapCb_5ycTZMfEMebnx_AP8YyloA4&true_pb=https%3A%2F%2Fstatic.adsafeprotected.com%2Fpassback_300x250.js&adsafe_pb=https%3A%2F%2Fstatic.adsafeprotected.com%2F4a.js&adsafe_url=https%3A%2F%2Forangesport.ro&adsafe_type=y&adsafe_url=https%3A%2F%2Forangesport.ro%2F&adsafe_type=e&adsafe_url=https%3A%2F%2Fa2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com%2F&adsafe_type=f&adsafe_url=https%3A%2F%2Fa2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-40%2Fhtml%2Fcontainer.html&adsafe_type=d&adsafe_jsinfo=,id:bcbcff77-5dfa-c486-b694-2a5f9ed0cd33,c:72dVaD,sl:outOfView,em:true,fr:false,thd:1,mn:jsserver-primary-65fb65bbbb-cr7w8,rg:ie,pt:1-5-15,wc:0.0.1600.1200,ac:NaN.NaN.300.250,am:sp,cc:0.0.300.250,piv:0,obst:0,th:0,reas:r,mu:10000,br:c,bru:c,an:n,oam:0,scm:grpm1,mtim:3,mot:0,app:0,maw:0,fm:tyG4o9D+11%7C12%7C13%7C14%7C1511%7C16%7C17%7C18*.886862-62195780%7C181%7C182%7C183%7C191%7C1a11%7C1a12%7C1a13%7C1b11%7C1b12%7C1c1%7C1d1%7C1d2%7C1e1%7C1e2%7C1f1%7C1f2%7C1g1%7C1g2%7C1h%7C1i%7C1j,idMap:18*,pl:CV8L.VEBo.0YtC,rmeas:1,rend:0,renddet:na,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:1,tt:rjss,et:27,oid:0845cad9-c407-11ed-ac56-be5b5661058f,v:19.8.397,sp:0,st:0,fwm:0,wr:1600.1200,sr:1600.1200,ov:0 HTTP 302
https://static.adsafeprotected.com/4.js

Request Chain 367

https://fw.adsafeprotected.com/rfw/st/1272511/69505651/4.js?bundleId=${BUNDLE_ID}&ias_dspID=3&ias_campId=1010256565&ias_pubId=pub-4841000241565878&ias_chanId=1&ias_placementId=19312088295&bidurl=https://orangesport.ro/&ias_dealId=&adsafe_par&ias_impId=v4~~ABAjH0iWoBbuItX0curgUpEDvQ3b&adContainerId=brand_safety_5ycTZP-EOO-k9u8P8PeqqAw&cbFunctionName=goog_wrapCb_5ycTZP-EOO-k9u8P8PeqqAw&true_pb=https%3A%2F%2Fstatic.adsafeprotected.com%2Fpassback_160x600.js&adsafe_pb=https%3A%2F%2Fstatic.adsafeprotected.com%2F4a.js&adsafe_url=https%3A%2F%2Forangesport.ro&adsafe_type=g&adsafe_url=https%3A%2F%2Forangesport.ro%2F&adsafe_type=c&adsafe_url=https%3A%2F%2Fa2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com%2F&adsafe_type=f&adsafe_url=https%3A%2F%2Fa2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-40%2Fhtml%2Fcontainer.html&adsafe_type=bed&adsafe_jsinfo=,id:2024076d-4c72-08f3-3cd4-e94b99023914,c:72dVcY,sl:outOfView,em:true,fr:false,thd:1,mn:jsserver-primary-65fb65bbbb-dsqnt,rg:ie,pt:1-5-15,wc:0.0.1600.1200,ac:NaN.NaN.160.600,am:sp,cc:0.0.160.600,piv:0,obst:0,th:0,reas:r,mu:10000,br:c,bru:c,an:n,oam:0,scm:publ1,mtim:3,mot:0,app:0,maw:0,fm:tyG4obU+11%7C12%7C13%7C14%7C1511%7C16%7C17%7C181%7C182%7C183%7C184%7C191%7C192%7C1a1*.1272511-69505651%7C1a11%7C1a12%7C1a13%7C1b11%7C1b12%7C1b13%7C1c1%7C1c2%7C1d1%7C1d2%7C1e1%7C1e2%7C1e3%7C1f1%7C1f2%7C1g1%7C1g2%7C1h%7C1i%7C1j,idMap:1a1*,pl:CV8L.VEBo.0YtC,rmeas:1,rend:0,renddet:na,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:0,tt:rjss,et:31,oid:0845cab9-c407-11ed-972b-926930f7b125,v:19.8.397,sp:0,st:0,fwm:0,wr:1600.1200,sr:1600.1200,ov:0 HTTP 302
https://static.adsafeprotected.com/4.js?bundleId=${BUNDLE_ID}

Request Chain 369

https://fw.adsafeprotected.com/rfw/st/1272511/69505651/4.js?bundleId=${BUNDLE_ID}&ias_dspID=3&ias_campId=1010256565&ias_pubId=pub-4841000241565878&ias_chanId=1&ias_placementId=19312088295&bidurl=https://orangesport.ro/&ias_dealId=&adsafe_par&ias_impId=v4~~ABAjH0iM1XhWJov7M_mNBJ03K5cE&adContainerId=brand_safety_5ycTZOO0OYWj9u8P_e-EmA4&cbFunctionName=goog_wrapCb_5ycTZOO0OYWj9u8P_e-EmA4&true_pb=https%3A%2F%2Fstatic.adsafeprotected.com%2Fpassback_160x600.js&adsafe_pb=https%3A%2F%2Fstatic.adsafeprotected.com%2F4a.js&adsafe_url=https%3A%2F%2Forangesport.ro&adsafe_type=g&adsafe_url=https%3A%2F%2Forangesport.ro%2F&adsafe_type=c&adsafe_url=https%3A%2F%2Fa2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com%2F&adsafe_type=f&adsafe_url=https%3A%2F%2Fa2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-40%2Fhtml%2Fcontainer.html&adsafe_type=bed&adsafe_jsinfo=,id:50bd15bf-7cbd-075d-1536-ed708d7d9a4c,c:72dVdN,sl:outOfView,em:true,fr:false,thd:1,mn:jsserver-primary-65fb65bbbb-khrvg,rg:ie,pt:1-5-15,wc:0.0.1600.1200,ac:NaN.NaN.160.600,am:sp,cc:0.0.160.600,piv:0,obst:0,th:0,reas:r,mu:10000,br:c,bru:c,an:n,oam:0,scm:publ1,mtim:3,mot:0,app:0,maw:0,fm:tyG4ocO+11%7C12%7C13%7C14%7C1511%7C16%7C17%7C181%7C182%7C183%7C184%7C191%7C192%7C1a11%7C1a12%7C1a13%7C1a14%7C1b1*.1272511-69505651%7C1b11%7C1b12%7C1b13%7C1c1%7C1c2%7C1d1%7C1d2%7C1e1%7C1e2%7C1e3%7C1f1%7C1f2%7C1g1%7C1g2%7C1h%7C1i%7C1j,idMap:1b1*,pl:CV8L.VEBo.0YtC,rmeas:1,rend:0,renddet:DIV,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:0,tt:rjss,et:25,oid:084aac70-c407-11ed-b5ce-76e61c52c932,v:19.8.397,sp:0,st:0,fwm:0,wr:1600.1200,sr:1600.1200,ov:0 HTTP 302
https://static.adsafeprotected.com/4.js?bundleId=${BUNDLE_ID}

Request Chain 384

https://fw.adsafeprotected.com/rfw/st/886862/62195778/4.js?ias_dspID=&ias_campId=&ias_pubId=&ias_chanId=&ias_placementId=&bidurl=&ias_dealId=&adsafe_par&ias_impId=&adContainerId=brand_safety_5ycTZP3OON_hx_APzq-BkAI&cbFunctionName=goog_wrapCb_5ycTZP3OON_hx_APzq-BkAI&true_pb=https%3A%2F%2Fstatic.adsafeprotected.com%2Fpassback_728x90.js&adsafe_pb=https%3A%2F%2Fstatic.adsafeprotected.com%2F4a.js&adsafe_url=https%3A%2F%2Forangesport.ro&adsafe_type=y&adsafe_url=https%3A%2F%2Forangesport.ro%2F&adsafe_type=e&adsafe_url=https%3A%2F%2Fa2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com%2F&adsafe_type=f&adsafe_url=https%3A%2F%2Fa2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-40%2Fhtml%2Fcontainer.html&adsafe_type=d&adsafe_jsinfo=,id:733096cb-92e3-f88d-4dcc-9893788dba82,c:72dVf8,sl:outOfView,em:true,fr:false,thd:1,mn:jsserver-primary-65fb65bbbb-26hqd,rg:ie,pt:1-2-3-4-5-6-7-8-9-10-11-12-13-14-15,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:sp,cc:0.0.728.90,piv:0,obst:0,th:0,reas:r,mu:10000,br:c,bru:c,an:n,oam:0,scm:grpm1,mtim:3,mot:0,app:0,maw:0,fm:tyG4oeh+11%7C12%7C13%7C14%7C1511%7C16%7C17%7C181%7C182%7C183%7C184%7C191%7C192%7C1a11%7C1a12%7C1a13%7C1a14%7C1b11%7C1b12%7C1b13%7C1b14%7C1c*.886862-62195778%7C1c1%7C1c2%7C1d1%7C1d2%7C1e1%7C1e2%7C1e3%7C1f1%7C1f2%7C1g1%7C1g2%7C1h%7C1i%7C1j,idMap:1c*,pl:CV8L.VEBo.0YtC,rmeas:1,rend:0,renddet:DIV,es:1,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:1,tt:rjss,et:18,oid:084fdc43-c407-11ed-ac1f-e25c8b93008f,v:19.8.397,sp:0,st:0,fwm:0,wr:1600.1200,sr:1600.1200,ov:0 HTTP 302
https://static.adsafeprotected.com/4.js

Request Chain 386

https://fw.adsafeprotected.com/rfw/st/886862/62195780/4.js?ias_dspID=&ias_campId=&ias_pubId=&ias_chanId=&ias_placementId=&bidurl=&ias_dealId=&adsafe_par&ias_impId=&adContainerId=brand_safety_5ycTZIPQOJXegAfh5qaIDA&cbFunctionName=goog_wrapCb_5ycTZIPQOJXegAfh5qaIDA&true_pb=https%3A%2F%2Fstatic.adsafeprotected.com%2Fpassback_300x250.js&adsafe_pb=https%3A%2F%2Fstatic.adsafeprotected.com%2F4a.js&adsafe_url=https%3A%2F%2Forangesport.ro&adsafe_type=y&adsafe_url=https%3A%2F%2Forangesport.ro%2F&adsafe_type=e&adsafe_url=https%3A%2F%2Fa2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com%2F&adsafe_type=f&adsafe_url=https%3A%2F%2Fa2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-40%2Fhtml%2Fcontainer.html&adsafe_type=d&adsafe_jsinfo=,id:287db009-3141-a5d2-644b-fa23c3d31ed8,c:72dVfO,sl:outOfView,em:true,fr:false,thd:1,mn:jsserver-primary-65fb65bbbb-zh9mz,rg:ie,pt:1-5-15,wc:0.0.1600.1200,ac:NaN.NaN.300.250,am:sp,cc:0.0.300.250,piv:0,obst:0,th:0,reas:r,mu:10000,br:c,bru:c,an:n,oam:0,scm:grpm1,mtim:3,mot:0,app:0,maw:0,fm:tyG4oeW+11%7C12%7C13%7C14%7C1511%7C16%7C17%7C181%7C182%7C183%7C184%7C19*.886862-62195780%7C191%7C192%7C1a11%7C1a12%7C1a13%7C1a14%7C1b11%7C1b12%7C1b13%7C1b14%7C1c1%7C1c2%7C1c3%7C1d1%7C1d2%7C1e1%7C1e2%7C1e3%7C1f1%7C1f2%7C1g1%7C1g2%7C1h%7C1i%7C1j,idMap:19*,pl:CV8L.VEBo.0YtC,rmeas:1,rend:0,renddet:DIV,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:1,tt:rjss,et:19,oid:084e7cf9-c407-11ed-b95b-a6896e7fcfc2,v:19.8.397,sp:0,st:0,fwm:0,wr:1600.1200,sr:1600.1200,ov:0 HTTP 302
https://static.adsafeprotected.com/4.js

Request Chain 526

https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Forangesport.ro%2F&domain=orangesport.ro&cw=1&lsw=1 HTTP 302
https://mug.criteo.com/sid?cpp=nvKWoHxsSzdGNXYyMGlqZCtLOHJSc0k0aXc3cTBoVHRnUjMzVWRzMHJkOWdYSTBZMU9XNlUzM1V2YVZuYzFjbXY3U1ZqUHZvdzYyWXA4eHVjdjJoUXVDS204QktXRjVqTmZqRE1kMVUzenZLWm9VL0VURHBObytFNWJRVngzaWNOQzAzNXYyemdnUUtuU1FYdStCOXV4OE0rSFFKODhnWlUvSnRSa0JSQmQwNW9Rdm1TakpsZ2E1SWFyNU81SURTYUlyWFJhclljMzJheDAyOXNVZHI4eXUzMFU2R2lmZWlwbzUwdHNwc0QyYnJDdFRwRk5oNkg4SDJYYVBRemtGb1FoemF0QW1CWEpyOXIzRS93Ylo1bUJlUkZqQT09fA&cppv=2

576 HTTP transactions
10 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1

200
OK

Primary Request / Show response
orangesport.ro/
Redirect Chain

https://telekomsport.ro/
http://www.telekomsport.ro/
https://www.telekomsport.ro/
https://orangesport.ro/

139 KB
22 KB

390ms
142ms

Document
text/html

195.191.47.72
ZONTERRA-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://orangesport.ro/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 195.191.47.72 , Romania, ASN50347 (ZONTERRA-AS, RO),
Reverse DNS: 195.191.47.72.nextvm.net
Software: Apache/2.4.10 (Debian) /
Resource Hash: 6fadd538ea50895cad27c1a05a9262436612ea1b448b50ec2067b67985f95185

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Content-Encoding: gzip
Content-Language: ro
Content-Type: text/html; charset=UTF-8
Date: Thu, 16 Mar 2023 14:29:57 GMT
Server: Apache/2.4.10 (Debian)
Transfer-Encoding: chunked
Vary: Accept-Encoding

Redirect headers

Connection: close
Content-length: 0
Location: https://orangesport.ro/

GET
H/1.1 200
OK style.css
orangesport.ro/assets/css/ 275 KB
35 KB 77ms
77ms Stylesheet
text/css 195.191.47.72
ZONTERRA-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://orangesport.ro/assets/css/style.css
Requested by: Host: orangesport.ro
URL: https://orangesport.ro/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 195.191.47.72 , Romania, ASN50347 (ZONTERRA-AS, RO),
Reverse DNS: 195.191.47.72.nextvm.net
Software: Apache/2.4.10 (Debian) /
Resource Hash: f5e0f79923e8d14d23c1215707beff394614bbee6e1bd9b2f1c85e3a8c55e51a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://orangesport.ro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

Date: Thu, 16 Mar 2023 14:29:57 GMT
Content-Encoding: gzip
Last-Modified: Mon, 21 Mar 2022 17:30:50 GMT
Server: Apache/2.4.10 (Debian)
ETag: "44cff-5dabddb82a680-gzip"
Vary: Accept-Encoding
Content-Type: text/css
Access-Control-Allow-Origin: *
Cache-Control: max-age=31536000
Accept-Ranges: bytes
Content-Length: 35160
Expires: Fri, 15 Mar 2024 14:29:57 GMT

GET
H/1.1 200
OK banners.css
orangesport.ro/assets/css/ 99 B
472 B 199ms
68ms Stylesheet
text/css 195.191.47.72
ZONTERRA-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://orangesport.ro/assets/css/banners.css
Requested by: Host: orangesport.ro
URL: https://orangesport.ro/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 195.191.47.72 , Romania, ASN50347 (ZONTERRA-AS, RO),
Reverse DNS: 195.191.47.72.nextvm.net
Software: Apache/2.4.10 (Debian) /
Resource Hash: 0f4450b80aba3a223e6fc59efc7ec071621b71fcec65b5d6eb4ca22a8e6b34cf

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://orangesport.ro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

Date: Thu, 16 Mar 2023 14:29:57 GMT
Content-Encoding: gzip
Last-Modified: Mon, 21 Mar 2022 17:22:29 GMT
Server: Apache/2.4.10 (Debian)
ETag: "63-5dabdbda5ff40-gzip"
Vary: Accept-Encoding
Content-Type: text/css
Access-Control-Allow-Origin: *
Cache-Control: max-age=31536000
Accept-Ranges: bytes
Content-Length: 89
Expires: Fri, 15 Mar 2024 14:29:57 GMT

GET
H2 200 pandg-sdk.js Show response
pghub.io/js/ 17 KB
5 KB 129ms
40ms Script
application/javascript 35.241.45.217
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://pghub.io/js/pandg-sdk.js
Requested by: Host: orangesport.ro
URL: https://orangesport.ro/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.241.45.217 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 217.45.241.35.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: 09244740f4a5bf8ab1aa815df2f809d370c932e5c5e977221091acbee7b66570

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://orangesport.ro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 14:08:36 GMT
content-encoding: gzip
age: 1281
x-guploader-uploadid: ADPycdsMuNcQf0rDXDjAdSMSUG-yqA0qm9bp8O4CE6BTqNeS7zfUyusBIUZZOyAn8FPusyKtZwDJoJt0IQAgVgoXuP_za1alm1OI
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: gzip
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4955
last-modified: Fri, 20 Jan 2023 18:31:19 GMT
server: UploadServer
etag: "b3517e216253857ea8c4209cb84004df"
vary: Accept-Encoding
x-goog-generation: 1674239479122517
x-goog-hash: crc32c=rClt4g==, md5=s1F+IWJThX6oxCCcuEAE3w==
access-control-allow-origin: *
access-control-expose-headers: Access-Control-Allow-Origin
cache-control: public,max-age=3600
x-goog-stored-content-length: 4955
accept-ranges: bytes
content-type: application/javascript

GET
H2 200 ofab188.js Show response
cdn.omniconvert.com/js/ 273 KB
86 KB 207ms
106ms Script
text/javascript 2606:4700:3035::6815:53e6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.omniconvert.com/js/ofab188.js
Requested by: Host: orangesport.ro
URL: https://orangesport.ro/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3035::6815:53e6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 01c06080dd4dd480e82e86ebb2551e062f115c9633696499067dbbddefd1e464

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://orangesport.ro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 14:29:57 GMT
content-encoding: br
cf-cache-status: BYPASS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-cache-sr-miss: 2
last-modified: Thu, 16 Mar 2023 14:29:57 GMT
x-cache-cr-hit: 0
server: cloudflare
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: text/javascript;charset=UTF-8
x-cache-sr-hit: 7
access-control-allow-origin: *
cache-control: private, max-age=300
access-control-allow-credentials: true
x-machine: Tracking-PROD-1
x-cache-cr-miss: 0
cf-ray: 7a8db0fcac3a9b9a-FRA
access-control-allow-headers: origin,accept,accept-encoding,user-agent,x-requested-with,x-omni-tool-auth,sentry-trace,baggage
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UliZB20xk%2FAhzJbHRtsxQVthdPggV500UV1eVEQ06dA9CCt7JYR8lRPSicIbpdGVekw44KSTPK2FANGXHDaskKzOWaQnwFLalw4Xfrg39aJ%2B9V5ZrU8xSJWsPPt%2BHK1fMmqK3mJb5tvJlccs1m%2FBnoY%3D"}],"group":"cf-nel","max_age":604800}

GET
H2 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ 142 KB
48 KB 203ms
97ms Script
text/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Requested by

Host: orangesport.ro
URL: https://orangesport.ro/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a35505df6d4d3a7d78f0538af612526fa8d5b9562874b10215834857949284bd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://orangesport.ro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 14:29:58 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 48465
x-xss-protection: 0
server: cafe
etag: 3236739574854088195
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Thu, 16 Mar 2023 14:29:58 GMT

GET
H2 200 telekomsport.ro.js Show response
paht.tech/c/ 6 KB
2 KB 161ms
53ms Script
application/javascript 2a06:98c1:3121::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://paht.tech/c/telekomsport.ro.js
Requested by: Host: orangesport.ro
URL: https://orangesport.ro/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c0b453d8af04776f5e058884699e2a13cb0e06a48eaf337e982fe91bd2887eaa

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://orangesport.ro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 14:29:58 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-request-id: 63QA786HEWV65R1F
age: 3959
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2: hVI/fCDptdrKkad5BI7YX/KXamgyXcCW6Ct9tHU4zZBh6T+XlRfXPHFVs5fm52hSgyi4uxutGMY=
last-modified: Wed, 10 Feb 2021 16:41:13 GMT
server: cloudflare
etag: W/"a02277694487c00140a30e14194343a7"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2fOA5%2B9P5xgBOlJ7HMHNH2haJ1FhUHrcxJZVLF2GT2FyY6%2FXAdFX7U0r4lMkqy%2Br4cYLJsEwETU1rM89ns1WqjHs2cT%2B4DV4QK4ouHVuHtlLXKe0Ag08jOmTiOFfUJPphdu36Hutv7k%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=14400
cf-ray: 7a8db0fea8833a72-FRA

GET
H2 200 ado.js Show response
ro.adocean.pl/files/js/ 90 KB
34 KB 248ms
63ms Script
application/x-javascript 128.140.224.229
GTS-BACKBONE GTS ...

General

Check archive.org

Show headers Download Go to

Full URL: https://ro.adocean.pl/files/js/ado.js
Requested by: Host: orangesport.ro
URL: https://orangesport.ro/
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 128.140.224.229 , Romania, ASN5606 (GTS-BACKBONE GTS Telecom, RO),
Reverse DNS
Software: GAD /
Resource Hash: 551c9151f4816e93d37fc2a6be317ae002389f4733c7c9a732960ceda32078d6

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://orangesport.ro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 14:29:58 GMT
content-encoding: gzip
last-modified: Mon, 13 Mar 2023 10:56:20 GMT
server: GAD
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
etag: "00016974A49E6EAF"
vary: Accept-Encoding,Origin
p3p: CP="NOI DSP COR NID PSAo OUR IND"
content-type: application/x-javascript
cache-control: public, must-revalidate, max-age=14400
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
content-length: 34506
expires: Thu, 16 Mar 2023 18:29:58 GMT

GET
H2 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ 79 KB
27 KB 174ms
59ms Script
text/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: orangesport.ro
URL: https://orangesport.ro/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

17dad3cf989058ccb2e3d814ac1e0816927cccb700716aa51accc5577472cd15

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://orangesport.ro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 14:29:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 27443
x-xss-protection: 0
server: sffe
etag: "1512 / 427 of 1000 / last-modified: 1678964797"
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Thu, 16 Mar 2023 14:29:58 GMT

GET
H2 200 gpt.js Show response
www.googletagservices.com/tag/js/ 79 KB
27 KB 165ms
58ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/tag/js/gpt.js

Requested by

Host: orangesport.ro
URL: https://orangesport.ro/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5fc814f76311281ae957d4e6df3a27c3ce41fb8f436311c147a1486c325af8f2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://orangesport.ro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 14:29:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 27405
x-xss-protection: 0
server: sffe
etag: "1512 / 654 of 1000 / last-modified: 1678964715"
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Thu, 16 Mar 2023 14:29:58 GMT

GET
H2 200 adplus-advertising.svg
ad.plus/ 735 B
992 B 163ms
56ms Image
image/svg+xml 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ad.plus/adplus-advertising.svg
Requested by: Host: orangesport.ro
URL: https://orangesport.ro/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: dbdcd5032177710f51c04a98ab8d155e72b8ea23f0f86fc504408b7fbe735639

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://orangesport.ro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 14:29:58 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Sat, 04 Apr 2020 20:49:12 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 507
etag: W/"2df-5a27d2a9698fb"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=r%2FjfuKb5PP2%2FVeDhsjMJV990vKafH%2Fm5hKQ5NUHFF6g8Vxo2td9gJ0hSrt5AO67oDEDH%2Fq%2BrnWY5f6uKzncQMl6MaxzVCZYpJgIEupbI8TwZErqIQQBiOMkXvhrg4uhzZD68wDFX"}],"group":"cf-nel","max_age":604800}
content-type: image/svg+xml
cache-control: max-age=31536000
cf-ray: 7a8db0feacddbb8f-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 tag.js Show response
js.agkn.com/prod/v0/ 3 KB
3 KB 178ms
40ms Script
application/javascript 2600:9000:2250:ac00:15:efbc:e300:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://js.agkn.com/prod/v0/tag.js
Requested by: Host: orangesport.ro
URL: https://orangesport.ro/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2250:ac00:15:efbc:e300:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: dc82de33871a9ed40a5379ed264dd0456d9bf58839286b913231648f527bc72b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://orangesport.ro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Wed, 15 Mar 2023 19:52:06 GMT
via: 1.1 3fd7afcdda21f0b562dfcbf7920c44a0.cloudfront.net (CloudFront)
last-modified: Tue, 22 Oct 2019 20:22:52 GMT
server: AmazonS3
x-amz-cf-pop: FRA60-P2
age: 67073
etag: "f53f55cbab099be3a970b446a66c496a"
x-cache: Hit from cloudfront
content-type: application/javascript
accept-ranges: bytes
content-length: 3167
x-amz-cf-id: 4XBnifYVdXKjnlrA1zDBNpiEFa6d_Medaj0v-gclnF9gHnZ6qO4_7A==

GET
H/1.1 200
OK gigi-becali.jpg
i0.1616.ro/media/541/2981/36186/21060036/1/ 156 KB
156 KB 372ms
137ms Image
image/jpeg 195.191.47.140
ZONTERRA-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i0.1616.ro/media/541/2981/36186/21060036/1/gigi-becali.jpg??width=774&height=435
Requested by: Host: orangesport.ro
URL: https://orangesport.ro/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 195.191.47.140 , Romania, ASN50347 (ZONTERRA-AS, RO),
Reverse DNS: 195.191.47.140.nextvm.net
Software: nginx /
Resource Hash: 6eb13c8ef60084c1f559db34e3d28afdee4f243c0dfe31e1f264ccc7433cc18e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://orangesport.ro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

Expires: Sat, 15 Apr 2023 07:17:57 GMT
Date: Thu, 16 Mar 2023 14:29:58 GMT
Last-Modified: Thu, 16 Mar 2023 07:12:33 GMT
Server: nginx
ETag: "27052-5f6ff2f448973"
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Cache-Control: max-age=2592000
Accept-Ranges: bytes
Content-Length: 159826
X-Proxy-Cache: HIT

GET
H/1.1 200
OK fcsb-sepsi-osk-sfantu-gheorghe-superliga-superbet-12-03-2023.jpg
i0.1616.ro/media/541/2981/36186/21060634/1/ 20 KB
20 KB 374ms
139ms Image
image/jpeg 195.191.47.140
ZONTERRA-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i0.1616.ro/media/541/2981/36186/21060634/1/fcsb-sepsi-osk-sfantu-gheorghe-superliga-superbet-12-03-2023.jpg?width=387&height=218
Requested by: Host: orangesport.ro
URL: https://orangesport.ro/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 195.191.47.140 , Romania, ASN50347 (ZONTERRA-AS, RO),
Reverse DNS: 195.191.47.140.nextvm.net
Software: nginx /
Resource Hash: d6e7f843eb017ad1852772a63c151d5efe982faffbbc1e0b5a63c4a4bf84c351

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://orangesport.ro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

Expires: Sat, 15 Apr 2023 14:05:30 GMT
Date: Thu, 16 Mar 2023 14:29:58 GMT
Last-Modified: Thu, 16 Mar 2023 14:05:20 GMT
Server: nginx
ETag: "4f19-5f704f3819489"
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Cache-Control: max-age=2592000
Accept-Ranges: bytes
Content-Length: 20249
X-Proxy-Cache: HIT

GET
H/1.1 200
OK moldova-romania-amical-20-11-2022-1.jpg
i0.1616.ro/media/541/2981/36251/21060521/2/ 27 KB
28 KB 452ms
75ms Image
image/jpeg 195.191.47.140
ZONTERRA-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i0.1616.ro/media/541/2981/36251/21060521/2/moldova-romania-amical-20-11-2022-1.jpg?width=387&height=218
Requested by: Host: orangesport.ro
URL: https://orangesport.ro/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 195.191.47.140 , Romania, ASN50347 (ZONTERRA-AS, RO),
Reverse DNS: 195.191.47.140.nextvm.net
Software: nginx /
Resource Hash: 8a95cd72dd11748d95bbefd4108f3f794340d83f982fd0b095d6d68f125ed50f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://orangesport.ro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

Expires: Sat, 15 Apr 2023 13:55:09 GMT
Date: Thu, 16 Mar 2023 14:29:58 GMT
Last-Modified: Thu, 16 Mar 2023 13:55:00 GMT
Server: nginx
ETag: "6dfd-5f704ce8b0857"
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Cache-Control: max-age=2592000
Accept-Ranges: bytes
Content-Length: 28157
X-Proxy-Cache: HIT

GET
H/1.1 200
OK razvan-zavaleanu.jpg
i0.1616.ro/media/541/2981/36186/21060459/1/ 28 KB
28 KB 301ms
66ms Image
image/jpeg 195.191.47.140
ZONTERRA-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i0.1616.ro/media/541/2981/36186/21060459/1/razvan-zavaleanu.jpg?width=387&height=218
Requested by: Host: orangesport.ro
URL: https://orangesport.ro/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 195.191.47.140 , Romania, ASN50347 (ZONTERRA-AS, RO),
Reverse DNS: 195.191.47.140.nextvm.net
Software: nginx /
Resource Hash: 382a4d68ec2446aefd581f808266ef857ae77218161bcd3a4b488327e57ca167

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://orangesport.ro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

Expires: Sat, 15 Apr 2023 12:13:01 GMT
Date: Thu, 16 Mar 2023 14:29:58 GMT
Last-Modified: Thu, 16 Mar 2023 12:12:45 GMT
Server: nginx
ETag: "6f46-5f70360e18cd1"
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Cache-Control: max-age=2592000
Accept-Ranges: bytes
Content-Length: 28486
X-Proxy-Cache: HIT

GET
H/1.1 200
OK spartak-moscova.jpg
i0.1616.ro/media/541/2981/36258/21060554/1/ 29 KB
29 KB 375ms
65ms Image
image/jpeg 195.191.47.140
ZONTERRA-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i0.1616.ro/media/541/2981/36258/21060554/1/spartak-moscova.jpg?width=387&height=218
Requested by: Host: orangesport.ro
URL: https://orangesport.ro/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 195.191.47.140 , Romania, ASN50347 (ZONTERRA-AS, RO),
Reverse DNS: 195.191.47.140.nextvm.net
Software: nginx /
Resource Hash: 14446a1f5f436a59c1d7ec0348e8a67fd715121dfb965d3a1e0b2f6a13d1d656

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://orangesport.ro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

Expires: Sat, 15 Apr 2023 13:08:07 GMT
Date: Thu, 16 Mar 2023 14:29:58 GMT
Last-Modified: Thu, 16 Mar 2023 13:07:41 GMT
Server: nginx
ETag: "731e-5f704254cfea3"
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Cache-Control: max-age=2592000
Accept-Ranges: bytes
Content-Length: 29470
X-Proxy-Cache: HIT

GET
H/1.1 200
OK antrenament-oficial-fcsb-inaintea-meciului-cu-silkeborg-if-grupe-uefa-europa-conference-league-12-10-2022.jpg
i0.1616.ro/media/541/2981/36189/21060341/1/ 25 KB
26 KB 302ms
67ms Image
image/jpeg 195.191.47.140
ZONTERRA-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i0.1616.ro/media/541/2981/36189/21060341/1/antrenament-oficial-fcsb-inaintea-meciului-cu-silkeborg-if-grupe-uefa-europa-conference-league-12-10-2022.jpg?width=360&height=203
Requested by: Host: orangesport.ro
URL: https://orangesport.ro/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 195.191.47.140 , Romania, ASN50347 (ZONTERRA-AS, RO),
Reverse DNS: 195.191.47.140.nextvm.net
Software: nginx /
Resource Hash: c8d68d7caa203db844c704e3cf54e7fbe2a2fa1793f58ed5e74d9f6f2b805964

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://orangesport.ro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

Expires: Sat, 15 Apr 2023 11:21:13 GMT
Date: Thu, 16 Mar 2023 14:29:58 GMT
Last-Modified: Thu, 16 Mar 2023 11:21:11 GMT
Server: nginx
ETag: "64d8-5f702a875664b"
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Cache-Control: max-age=2592000
Accept-Ranges: bytes
Content-Length: 25816
X-Proxy-Cache: HIT

GET
H/1.1 200
OK fc-u-craiova-fcsb-superliga-superbet-13-11-2022.jpg
i0.1616.ro/media/541/2981/36186/21060319/1/ 25 KB
25 KB 368ms
133ms Image
image/jpeg 195.191.47.140
ZONTERRA-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i0.1616.ro/media/541/2981/36186/21060319/1/fc-u-craiova-fcsb-superliga-superbet-13-11-2022.jpg?width=360&height=203
Requested by: Host: orangesport.ro
URL: https://orangesport.ro/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 195.191.47.140 , Romania, ASN50347 (ZONTERRA-AS, RO),
Reverse DNS: 195.191.47.140.nextvm.net
Software: nginx /
Resource Hash: 9bef1adc900a29316ab4dc1f44cfd254bb03fa823bffce8ec6fa796436371967

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://orangesport.ro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

Expires: Sat, 15 Apr 2023 10:44:25 GMT
Date: Thu, 16 Mar 2023 14:29:58 GMT
Last-Modified: Thu, 16 Mar 2023 10:44:22 GMT
Server: nginx
ETag: "6465-5f70224cd762f"
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Cache-Control: max-age=2592000
Accept-Ranges: bytes
Content-Length: 25701
X-Proxy-Cache: HIT

GET
H/1.1 200
OK adrian-mazilu.jpg
i0.1616.ro/media/541/2981/36186/21060297/1/ 11 KB
12 KB 302ms
67ms Image
image/jpeg 195.191.47.140
ZONTERRA-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i0.1616.ro/media/541/2981/36186/21060297/1/adrian-mazilu.jpg?width=360&height=203
Requested by: Host: orangesport.ro
URL: https://orangesport.ro/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 195.191.47.140 , Romania, ASN50347 (ZONTERRA-AS, RO),
Reverse DNS: 195.191.47.140.nextvm.net
Software: nginx /
Resource Hash: 1c2f2b4cfbff59beaa2c11167cf8dbe29ba6e55bcd371015e7311521d4bfd4ca

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://orangesport.ro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

Expires: Sat, 15 Apr 2023 10:02:41 GMT
Date: Thu, 16 Mar 2023 14:29:58 GMT
Last-Modified: Thu, 16 Mar 2023 10:02:29 GMT
Server: nginx
ETag: "2d75-5f7018f03e8c6"
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Cache-Control: max-age=2592000
Accept-Ranges: bytes
Content-Length: 11637
X-Proxy-Cache: HIT

GET
H/1.1 200
OK sport.js Show response
www.orange.ro/info/js/ 276 KB
276 KB 592ms
148ms Script
application/javascript 109.166.184.23
ASN-ORANGE-ROMANIA

General

Check archive.org

Show headers Download Go to

Full URL

https://www.orange.ro/info/js/sport.js

Requested by

Host: orangesport.ro
URL: https://orangesport.ro/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

109.166.184.23 Iasi, Romania, ASN8953 (ASN-ORANGE-ROMANIA, RO),

Reverse DNS

web5.orange.ro

Software

Jetty(9.2.11.v20150529) /

Resource Hash

634dd9e1914822d8e40b6fedb75504a878108cb80e45b0b5537d9ad6aefa0534

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests; frame-ancestors 'self' *.orange.ro
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://orangesport.ro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

Date: Thu, 16 Mar 2023 14:29:58 GMT
Content-Security-Policy: upgrade-insecure-requests; frame-ancestors 'self' *.orange.ro
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000
Last-Modified: Fri, 17 Feb 2023 10:41:30 GMT
Server: Jetty(9.2.11.v20150529)
X-Frame-Options: SAMEORIGIN
Content-Type: application/javascript; charset=UTF-8
Content-Length: 282287
X-Xss-Protection: 1; mode=block
X-Request-Id: d228063ba8044a164e89731d34a62644

GET
H/1.1 200
OK program-orange-sport.jpg
i0.1616.ro/media/541/2981/36306/20725119/6/ 42 KB
42 KB 77ms
75ms Image
image/jpeg 195.191.47.140
ZONTERRA-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i0.1616.ro/media/541/2981/36306/20725119/6/program-orange-sport.jpg?width=760&height=428
Requested by: Host: orangesport.ro
URL: https://orangesport.ro/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 195.191.47.140 , Romania, ASN50347 (ZONTERRA-AS, RO),
Reverse DNS: 195.191.47.140.nextvm.net
Software: nginx /
Resource Hash: 887594fce13facd8f91c94fb7292332d3c37add7e7df9e6d763a8308344cb5b5

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://orangesport.ro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

Expires: Wed, 01 Feb 2023 13:17:36 GMT
Date: Thu, 16 Mar 2023 14:29:58 GMT
Last-Modified: Mon, 02 Jan 2023 13:16:15 GMT
Server: nginx
ETag: "a80a-5f147c18f4bc0"
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Cache-Control: max-age=2592000
Accept-Ranges: bytes
Content-Length: 43018
X-Proxy-Cache: HIT

GET
H/1.1 200
OK napoli.jpg
i0.1616.ro/media/541/2981/36226/21060672/1/ 31 KB
31 KB 75ms
75ms Image
image/jpeg 195.191.47.140
ZONTERRA-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i0.1616.ro/media/541/2981/36226/21060672/1/napoli.jpg?width=360&height=203
Requested by: Host: orangesport.ro
URL: https://orangesport.ro/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 195.191.47.140 , Romania, ASN50347 (ZONTERRA-AS, RO),
Reverse DNS: 195.191.47.140.nextvm.net
Software: nginx /
Resource Hash: e21596f8690874ecdc58c699a6350b407afd0f165a46ea90d5c6bc0631d29699

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://orangesport.ro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

Expires: Sat, 15 Apr 2023 14:16:27 GMT
Date: Thu, 16 Mar 2023 14:29:58 GMT
Last-Modified: Thu, 16 Mar 2023 14:16:24 GMT
Server: nginx
ETag: "7adf-5f7051b15806a"
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Cache-Control: max-age=2592000
Accept-Ranges: bytes
Content-Length: 31455
X-Proxy-Cache: HIT

GET
H/1.1 200
OK sepsi-osk-sfantu-gheorghe-u-craiova-1948-superliga-superbet-29-01-2023-2.jpg
i0.1616.ro/media/541/2981/36186/21060496/1/ 97 KB
97 KB 76ms
75ms Image
image/jpeg 195.191.47.140
ZONTERRA-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i0.1616.ro/media/541/2981/36186/21060496/1/sepsi-osk-sfantu-gheorghe-u-craiova-1948-superliga-superbet-29-01-2023-2.jpg?width=360&height=203
Requested by: Host: orangesport.ro
URL: https://orangesport.ro/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 195.191.47.140 , Romania, ASN50347 (ZONTERRA-AS, RO),
Reverse DNS: 195.191.47.140.nextvm.net
Software: nginx /
Resource Hash: a625151d401baa25c1a1665b0bbce607a90aac9873ccfbe768218896b75ec235

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://orangesport.ro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

Expires: Sat, 15 Apr 2023 12:40:05 GMT
Date: Thu, 16 Mar 2023 14:29:58 GMT
Last-Modified: Thu, 16 Mar 2023 12:39:57 GMT
Server: nginx
ETag: "184a3-5f703c21dc354"
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Cache-Control: max-age=2592000
Accept-Ranges: bytes
Content-Length: 99491
X-Proxy-Cache: HIT

GET
H/1.1 200
OK ibrahima-mbaye-cfr-cluj-inter-milan.jpg
i0.1616.ro/media/541/2981/36192/21060135/1/ 57 KB
58 KB 70ms
68ms Image
image/jpeg 195.191.47.140
ZONTERRA-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i0.1616.ro/media/541/2981/36192/21060135/1/ibrahima-mbaye-cfr-cluj-inter-milan.jpg?width=760&height=428
Requested by: Host: orangesport.ro
URL: https://orangesport.ro/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 195.191.47.140 , Romania, ASN50347 (ZONTERRA-AS, RO),
Reverse DNS: 195.191.47.140.nextvm.net
Software: nginx /
Resource Hash: 01fe26694f4e55463d8c00efede89e8dfdbf6b8324ce65b58ede76ba061a699f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://orangesport.ro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

Expires: Sat, 15 Apr 2023 08:46:56 GMT
Date: Thu, 16 Mar 2023 14:29:58 GMT
Last-Modified: Thu, 16 Mar 2023 08:16:28 GMT
Server: nginx
ETag: "e4af-5f70013dec489"
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Cache-Control: max-age=2592000
Accept-Ranges: bytes
Content-Length: 58543
X-Proxy-Cache: HIT

GET
H/1.1 200
OK victor-becali2.jpg
i0.1616.ro/media/541/2981/36275/21060186/1/ 10 KB
10 KB 69ms
69ms Image
image/jpeg 195.191.47.140
ZONTERRA-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i0.1616.ro/media/541/2981/36275/21060186/1/victor-becali2.jpg?width=360&height=203
Requested by: Host: orangesport.ro
URL: https://orangesport.ro/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 195.191.47.140 , Romania, ASN50347 (ZONTERRA-AS, RO),
Reverse DNS: 195.191.47.140.nextvm.net
Software: nginx /
Resource Hash: bebc6157b86aaec77de439187a38a3e8870e15cf77b6e1d23aa68d9b67f9040c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://orangesport.ro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

Expires: Sat, 15 Apr 2023 09:02:18 GMT
Date: Thu, 16 Mar 2023 14:29:58 GMT
Last-Modified: Thu, 16 Mar 2023 09:02:18 GMT
Server: nginx
ETag: W/"2665-5f700b7c58b95"
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Cache-Control: max-age=2592000
Accept-Ranges: bytes
Content-Length: 9829
X-Proxy-Cache: HIT

GET
H/1.1 200
OK ianis-hagi.jpg
i0.1616.ro/media/541/2981/36251/21059981/1/ 17 KB
17 KB 70ms
70ms Image
image/jpeg 195.191.47.140
ZONTERRA-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i0.1616.ro/media/541/2981/36251/21059981/1/ianis-hagi.jpg?width=360&height=203
Requested by: Host: orangesport.ro
URL: https://orangesport.ro/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 195.191.47.140 , Romania, ASN50347 (ZONTERRA-AS, RO),
Reverse DNS: 195.191.47.140.nextvm.net
Software: nginx /
Resource Hash: 12205c4a98e501359bc86efa7d6dffbb310e8b077a96bc1f7afc0bca22d0f3d3

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://orangesport.ro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

Expires: Sat, 15 Apr 2023 07:42:20 GMT
Date: Thu, 16 Mar 2023 14:29:58 GMT
Last-Modified: Thu, 16 Mar 2023 07:42:18 GMT
Server: nginx
ETag: "436e-5f6ff99aac282"
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Cache-Control: max-age=2592000
Accept-Ranges: bytes
Content-Length: 17262
X-Proxy-Cache: HIT

GET
H/1.1 200
OK sepsi-osk-sfantu-gheorghe-u-craiova-1948-superliga-superbet-29-01-2023-1.jpg
i0.1616.ro/media/541/2981/36186/21060085/1/ 340 KB
340 KB 70ms
70ms Image
image/jpeg 195.191.47.140
ZONTERRA-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i0.1616.ro/media/541/2981/36186/21060085/1/sepsi-osk-sfantu-gheorghe-u-craiova-1948-superliga-superbet-29-01-2023-1.jpg?width=760&height=428
Requested by: Host: orangesport.ro
URL: https://orangesport.ro/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 195.191.47.140 , Romania, ASN50347 (ZONTERRA-AS, RO),
Reverse DNS: 195.191.47.140.nextvm.net
Software: nginx /
Resource Hash: 6287e1ceb82308e7675a822f39fc2dd4e8761c6a13bd61fe9ce447223a895186

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://orangesport.ro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

Expires: Sat, 15 Apr 2023 12:08:52 GMT
Date: Thu, 16 Mar 2023 14:29:58 GMT
Last-Modified: Thu, 16 Mar 2023 11:10:06 GMT
Server: nginx
ETag: "5504b-5f70280d4d830"
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Cache-Control: max-age=2592000
Accept-Ranges: bytes
Content-Length: 348235
X-Proxy-Cache: HIT

GET
H/1.1 200
OK trofeu-ucl.jpg
i0.1616.ro/media/541/2981/36226/21060041/2/ 12 KB
13 KB 66ms
66ms Image
image/jpeg 195.191.47.140
ZONTERRA-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i0.1616.ro/media/541/2981/36226/21060041/2/trofeu-ucl.jpg?width=360&height=203
Requested by: Host: orangesport.ro
URL: https://orangesport.ro/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 195.191.47.140 , Romania, ASN50347 (ZONTERRA-AS, RO),
Reverse DNS: 195.191.47.140.nextvm.net
Software: nginx /
Resource Hash: 6f4441b3c0089737bfc9859070b514ece6ce10ac567a6376683e88927138da2b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://orangesport.ro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

Expires: Sat, 15 Apr 2023 07:37:59 GMT
Date: Thu, 16 Mar 2023 14:29:58 GMT
Last-Modified: Thu, 16 Mar 2023 07:37:57 GMT
Server: nginx
ETag: "3117-5f6ff8a1c2544"
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Cache-Control: max-age=2592000
Accept-Ranges: bytes
Content-Length: 12567
X-Proxy-Cache: HIT

GET
H/1.1 200
OK gianni-infantino.jpg
i0.1616.ro/media/541/2981/36186/21060384/1/ 11 KB
11 KB 66ms
65ms Image
image/jpeg 195.191.47.140
ZONTERRA-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i0.1616.ro/media/541/2981/36186/21060384/1/gianni-infantino.jpg?width=360&height=203
Requested by: Host: orangesport.ro
URL: https://orangesport.ro/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 195.191.47.140 , Romania, ASN50347 (ZONTERRA-AS, RO),
Reverse DNS: 195.191.47.140.nextvm.net
Software: nginx /
Resource Hash: e185c06f69d350d0c47795551ca78f981da3b1c98a87640df59faf0f4dfe3af1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://orangesport.ro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

Expires: Sat, 15 Apr 2023 11:14:05 GMT
Date: Thu, 16 Mar 2023 14:29:58 GMT
Last-Modified: Thu, 16 Mar 2023 11:14:05 GMT
Server: nginx
ETag: W/"2b30-5f7028f0a2eaa"
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Cache-Control: max-age=2592000
Accept-Ranges: bytes
Content-Length: 11056
X-Proxy-Cache: HIT

GET
H/1.1 200
OK jurgen-klopp.jpg
i0.1616.ro/media/541/2981/36226/21060239/1/ 55 KB
55 KB 72ms
72ms Image
image/jpeg 195.191.47.140
ZONTERRA-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i0.1616.ro/media/541/2981/36226/21060239/1/jurgen-klopp.jpg?width=760&height=428
Requested by: Host: orangesport.ro
URL: https://orangesport.ro/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 195.191.47.140 , Romania, ASN50347 (ZONTERRA-AS, RO),
Reverse DNS: 195.191.47.140.nextvm.net
Software: nginx /
Resource Hash: d16e35bb59e6a131c4cd5065dcda37527761f35f2d28c1061e12b83a0b3a1b93

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://orangesport.ro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

Expires: Sat, 15 Apr 2023 12:32:27 GMT
Date: Thu, 16 Mar 2023 14:29:58 GMT
Last-Modified: Thu, 16 Mar 2023 12:19:32 GMT
Server: nginx
ETag: "db30-5f7037921d169"
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Cache-Control: max-age=2592000
Accept-Ranges: bytes
Content-Length: 56112
X-Proxy-Cache: HIT

GET
H/1.1 200
OK le-graet-infantino.jpg
i0.1616.ro/media/541/2981/36207/21059247/1/ 27 KB
27 KB 66ms
66ms Image
image/jpeg 195.191.47.140
ZONTERRA-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i0.1616.ro/media/541/2981/36207/21059247/1/le-graet-infantino.jpg?width=360&height=203
Requested by: Host: orangesport.ro
URL: https://orangesport.ro/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 195.191.47.140 , Romania, ASN50347 (ZONTERRA-AS, RO),
Reverse DNS: 195.191.47.140.nextvm.net
Software: nginx /
Resource Hash: e07ebcfd878d7c867b33c328b9d11e75cf4109a0dd020630c627834ecc2bd32f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://orangesport.ro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

Expires: Sat, 15 Apr 2023 06:42:06 GMT
Date: Thu, 16 Mar 2023 14:29:58 GMT
Last-Modified: Thu, 16 Mar 2023 06:42:05 GMT
Server: nginx
ETag: W/"6a6a-5f6fec2507157"
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Cache-Control: max-age=2592000
Accept-Ranges: bytes
Content-Length: 27242
X-Proxy-Cache: HIT

GET
H/1.1 200
OK sabalenka.jpg
i0.1616.ro/media/541/2981/36258/21056518/1/ 16 KB
16 KB 67ms
66ms Image
image/jpeg 195.191.47.140
ZONTERRA-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i0.1616.ro/media/541/2981/36258/21056518/1/sabalenka.jpg?width=360&height=203
Requested by: Host: orangesport.ro
URL: https://orangesport.ro/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 195.191.47.140 , Romania, ASN50347 (ZONTERRA-AS, RO),
Reverse DNS: 195.191.47.140.nextvm.net
Software: nginx /
Resource Hash: fd70173b3f710fa9dc8ba21ad8f3a12030d3cfa48a9283d182ff009436b47db4

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://orangesport.ro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

Expires: Sat, 15 Apr 2023 06:57:16 GMT
Date: Thu, 16 Mar 2023 14:29:58 GMT
Last-Modified: Thu, 16 Mar 2023 06:57:08 GMT
Server: nginx
ETag: "3e8e-5f6fef8229cbb"
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Cache-Control: max-age=2592000
Accept-Ranges: bytes
Content-Length: 16014
X-Proxy-Cache: HIT

GET
H/1.1 200
OK salah.jpg
i0.1616.ro/media/541/2981/36207/21059957/1/ 61 KB
62 KB 66ms
66ms Image
image/jpeg 195.191.47.140
ZONTERRA-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i0.1616.ro/media/541/2981/36207/21059957/1/salah.jpg?width=760&height=428
Requested by: Host: orangesport.ro
URL: https://orangesport.ro/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 195.191.47.140 , Romania, ASN50347 (ZONTERRA-AS, RO),
Reverse DNS: 195.191.47.140.nextvm.net
Software: nginx /
Resource Hash: 160e9244e2f585b0778cf6d6a9b0f7bb4d3f9a84a23e427673c1146d9fab070b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://orangesport.ro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

Expires: Sat, 15 Apr 2023 09:02:16 GMT
Date: Thu, 16 Mar 2023 14:29:58 GMT
Last-Modified: Thu, 16 Mar 2023 08:58:57 GMT
Server: nginx
ETag: "f54d-5f700abc3903b"
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Cache-Control: max-age=2592000
Accept-Ranges: bytes
Content-Length: 62797
X-Proxy-Cache: HIT

GET
H/1.1 200
OK ucl-uefa-champions-league.png
i0.1616.ro/media/541/2981/36226/21057671/2/ 104 KB
105 KB 72ms
72ms Image
image/png 195.191.47.140
ZONTERRA-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i0.1616.ro/media/541/2981/36226/21057671/2/ucl-uefa-champions-league.png?width=360&height=203
Requested by: Host: orangesport.ro
URL: https://orangesport.ro/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 195.191.47.140 , Romania, ASN50347 (ZONTERRA-AS, RO),
Reverse DNS: 195.191.47.140.nextvm.net
Software: nginx /
Resource Hash: 9e48535632fc2614d4eeb5d25bee3e9f3f1b4faec5e5d1628725988532c23d9f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://orangesport.ro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

Expires: Fri, 14 Apr 2023 22:46:40 GMT
Date: Thu, 16 Mar 2023 14:29:58 GMT
Last-Modified: Wed, 15 Mar 2023 22:46:35 GMT
Server: nginx
ETag: "1a153-5f6f81dc85940"
Content-Type: image/png
Access-Control-Allow-Origin: *
Cache-Control: max-age=2592000
Accept-Ranges: bytes
Content-Length: 106835
X-Proxy-Cache: HIT

GET
H/1.1 200
OK napoli-frankfurt-osimhen.jpg
i0.1616.ro/media/541/2981/36226/21058313/9/ 24 KB
24 KB 88ms
88ms Image
image/jpeg 195.191.47.140
ZONTERRA-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i0.1616.ro/media/541/2981/36226/21058313/9/napoli-frankfurt-osimhen.jpg?width=360&height=203
Requested by: Host: orangesport.ro
URL: https://orangesport.ro/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 195.191.47.140 , Romania, ASN50347 (ZONTERRA-AS, RO),
Reverse DNS: 195.191.47.140.nextvm.net
Software: nginx /
Resource Hash: 38918434768fbe94f563b4d082c62d263f9adf598dc2534852892321c46ac115

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://orangesport.ro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

Expires: Fri, 14 Apr 2023 22:06:58 GMT
Date: Thu, 16 Mar 2023 14:29:58 GMT
Last-Modified: Wed, 15 Mar 2023 22:06:54 GMT
Server: nginx
ETag: "5f2c-5f6f78fdd152a"
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Cache-Control: max-age=2592000
Accept-Ranges: bytes
Content-Length: 24364
X-Proxy-Cache: HIT

GET
H/1.1 200
OK ic-play.svg
orangesport.ro/assets/svg/ 862 B
906 B 180ms
69ms Image
image/svg+xml 195.191.47.72
ZONTERRA-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://orangesport.ro/assets/svg/ic-play.svg
Requested by: Host: orangesport.ro
URL: https://orangesport.ro/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 195.191.47.72 , Romania, ASN50347 (ZONTERRA-AS, RO),
Reverse DNS: 195.191.47.72.nextvm.net
Software: Apache/2.4.10 (Debian) /
Resource Hash: a213b591d623e52748a534fb98b326df326b107371f655ac3afd1d9f6c22934a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://orangesport.ro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

Date: Thu, 16 Mar 2023 14:29:58 GMT
Content-Encoding: gzip
Last-Modified: Mon, 21 Mar 2022 17:22:29 GMT
Server: Apache/2.4.10 (Debian)
ETag: "35e-5dabdbda5ff40-gzip"
Vary: Accept-Encoding
Content-Type: image/svg+xml
Access-Control-Allow-Origin: *
Cache-Control: max-age=31536000
Accept-Ranges: bytes
Content-Length: 516
Expires: Fri, 15 Mar 2024 14:29:58 GMT

GET
H/1.1 200
OK fcsb-nicolae-dica-procesul-etapei.jpg
i0.1616.ro/media/541/2981/36189/21059405/2/ 75 KB
75 KB 82ms
82ms Image
image/jpeg 195.191.47.140
ZONTERRA-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i0.1616.ro/media/541/2981/36189/21059405/2/fcsb-nicolae-dica-procesul-etapei.jpg?width=760&height=428
Requested by: Host: orangesport.ro
URL: https://orangesport.ro/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 195.191.47.140 , Romania, ASN50347 (ZONTERRA-AS, RO),
Reverse DNS: 195.191.47.140.nextvm.net
Software: nginx /
Resource Hash: b869f8758c328d168a968213e543e71493f09c4ba09c48015872e8ca1c53298e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://orangesport.ro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

Expires: Fri, 14 Apr 2023 22:01:49 GMT
Date: Thu, 16 Mar 2023 14:29:58 GMT
Last-Modified: Wed, 15 Mar 2023 21:47:41 GMT
Server: nginx
ETag: "12a5f-5f6f74b1f2390"
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Cache-Control: max-age=2592000
Accept-Ranges: bytes
Content-Length: 76383
X-Proxy-Cache: HIT

GET
H/1.1 200
OK benzema-real-madrid.png
i0.1616.ro/media/541/2981/36226/21058550/11/ 163 KB
163 KB 66ms
66ms Image
image/png 195.191.47.140
ZONTERRA-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i0.1616.ro/media/541/2981/36226/21058550/11/benzema-real-madrid.png?width=360&height=203
Requested by: Host: orangesport.ro
URL: https://orangesport.ro/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 195.191.47.140 , Romania, ASN50347 (ZONTERRA-AS, RO),
Reverse DNS: 195.191.47.140.nextvm.net
Software: nginx /
Resource Hash: cd2abac1178b197e7ba4bf2c1c80002dcafb31ce98ac4b2f717456f18acaee0b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://orangesport.ro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

Expires: Fri, 14 Apr 2023 22:00:35 GMT
Date: Thu, 16 Mar 2023 14:29:58 GMT
Last-Modified: Wed, 15 Mar 2023 22:00:13 GMT
Server: nginx
ETag: "28ca7-5f6f777f83f0d"
Content-Type: image/png
Access-Control-Allow-Origin: *
Cache-Control: max-age=2592000
Accept-Ranges: bytes
Content-Length: 167079
X-Proxy-Cache: HIT

GET
H/1.1 200
OK razvan-marin-singura-exceptie-regula.png
i0.1616.ro/media/541/2981/36248/21059591/1/ 187 KB
187 KB 66ms
65ms Image
image/png 195.191.47.140
ZONTERRA-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i0.1616.ro/media/541/2981/36248/21059591/1/razvan-marin-singura-exceptie-regula.png?width=360&height=203
Requested by: Host: orangesport.ro
URL: https://orangesport.ro/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 195.191.47.140 , Romania, ASN50347 (ZONTERRA-AS, RO),
Reverse DNS: 195.191.47.140.nextvm.net
Software: nginx /
Resource Hash: 81a27e090e8c76f22b2bfc1e01dc449c16313349ecec4ff7f492366e3829f80a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://orangesport.ro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

Expires: Fri, 14 Apr 2023 21:08:00 GMT
Date: Thu, 16 Mar 2023 14:29:58 GMT
Last-Modified: Wed, 15 Mar 2023 21:07:47 GMT
Server: nginx
ETag: "2ea57-5f6f6bc77e201"
Content-Type: image/png
Access-Control-Allow-Origin: *
Cache-Control: max-age=2592000
Accept-Ranges: bytes
Content-Length: 191063
X-Proxy-Cache: HIT

GET
H/1.1 200
OK nicolo-napoli-u-craiova-1948-sepsi.jpg
i0.1616.ro/media/541/2981/39006/21059283/1/ 67 KB
67 KB 196ms
196ms Image
image/jpeg 195.191.47.140
ZONTERRA-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i0.1616.ro/media/541/2981/39006/21059283/1/nicolo-napoli-u-craiova-1948-sepsi.jpg?width=760&height=428
Requested by: Host: orangesport.ro
URL: https://orangesport.ro/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 195.191.47.140 , Romania, ASN50347 (ZONTERRA-AS, RO),
Reverse DNS: 195.191.47.140.nextvm.net
Software: nginx /
Resource Hash: c815509712ee913550a1d1cda6bcad9daba15387ed7f8ec87d4d2313c632d2f0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://orangesport.ro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

Expires: Sat, 15 Apr 2023 06:45:13 GMT
Date: Thu, 16 Mar 2023 14:29:58 GMT
Last-Modified: Wed, 15 Mar 2023 18:26:15 GMT
Server: nginx
ETag: "10b0b-5f6f47ac04ec4"
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Cache-Control: max-age=2592000
Accept-Ranges: bytes
Content-Length: 68363
X-Proxy-Cache: HIT

GET
H/1.1 200
OK fcsb-petrolul-ploiesti-superliga-superbet-2-03-2023.jpg
i0.1616.ro/media/541/2981/36189/21059285/1/ 32 KB
33 KB 66ms
65ms Image
image/jpeg 195.191.47.140
ZONTERRA-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i0.1616.ro/media/541/2981/36189/21059285/1/fcsb-petrolul-ploiesti-superliga-superbet-2-03-2023.jpg?width=360&height=203
Requested by: Host: orangesport.ro
URL: https://orangesport.ro/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 195.191.47.140 , Romania, ASN50347 (ZONTERRA-AS, RO),
Reverse DNS: 195.191.47.140.nextvm.net
Software: nginx /
Resource Hash: bb902c927fddefdc85bf40f87b5c43da7c060e68882208f9bea5ccbe5a449a81

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://orangesport.ro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

Expires: Fri, 14 Apr 2023 18:59:08 GMT
Date: Thu, 16 Mar 2023 14:29:58 GMT
Last-Modified: Wed, 15 Mar 2023 18:59:07 GMT
Server: nginx
ETag: W/"80ca-5f6f4f045a3cf"
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Cache-Control: max-age=2592000
Accept-Ranges: bytes
Content-Length: 32970
X-Proxy-Cache: HIT

GET
H/1.1 200
OK varga-cfr.png
i0.1616.ro/media/541/2981/36186/21059422/1/ 154 KB
155 KB 66ms
66ms Image
image/png 195.191.47.140
ZONTERRA-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i0.1616.ro/media/541/2981/36186/21059422/1/varga-cfr.png?width=360&height=203
Requested by: Host: orangesport.ro
URL: https://orangesport.ro/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 195.191.47.140 , Romania, ASN50347 (ZONTERRA-AS, RO),
Reverse DNS: 195.191.47.140.nextvm.net
Software: nginx /
Resource Hash: 5706cfbf88652063423496923e7594f3510f4f2f283a8aabab8f82c91d623b31

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://orangesport.ro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

Expires: Fri, 14 Apr 2023 19:49:55 GMT
Date: Thu, 16 Mar 2023 14:29:58 GMT
Last-Modified: Wed, 15 Mar 2023 19:49:53 GMT
Server: nginx
ETag: "269d9-5f6f5a5db6b4a"
Content-Type: image/png
Access-Control-Allow-Origin: *
Cache-Control: max-age=2592000
Accept-Ranges: bytes
Content-Length: 158169
X-Proxy-Cache: HIT

GET
H/1.1 200
OK rafael-van-der-vaart.jpg
i0.1616.ro/media/541/2981/36275/21027559/1/ 4 KB
5 KB 65ms
65ms Image
image/jpeg 195.191.47.140
ZONTERRA-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i0.1616.ro/media/541/2981/36275/21027559/1/rafael-van-der-vaart.jpg?width=146&height=82
Requested by: Host: orangesport.ro
URL: https://orangesport.ro/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 195.191.47.140 , Romania, ASN50347 (ZONTERRA-AS, RO),
Reverse DNS: 195.191.47.140.nextvm.net
Software: nginx /
Resource Hash: 5fa69cefb728ce9b4c241e87a2ad0b2d7f7e3fa7d8d23b7e2dac91d631c3e40f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://orangesport.ro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

Expires: Fri, 24 Mar 2023 09:59:09 GMT
Date: Thu, 16 Mar 2023 14:29:59 GMT
Last-Modified: Wed, 22 Feb 2023 09:59:08 GMT
Server: nginx
ETag: "1149-5f546f27c7617"
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Cache-Control: max-age=2592000
Accept-Ranges: bytes
Content-Length: 4425
X-Proxy-Cache: HIT

GET
H/1.1 200
OK van-der-vaart-idol-gica-hagi.jpg
i0.1616.ro/media/541/2981/36187/21026556/1/ 6 KB
7 KB 65ms
65ms Image
image/jpeg 195.191.47.140
ZONTERRA-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i0.1616.ro/media/541/2981/36187/21026556/1/van-der-vaart-idol-gica-hagi.jpg?width=146&height=82
Requested by: Host: orangesport.ro
URL: https://orangesport.ro/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 195.191.47.140 , Romania, ASN50347 (ZONTERRA-AS, RO),
Reverse DNS: 195.191.47.140.nextvm.net
Software: nginx /
Resource Hash: 359b73a718356536bf39dbf7e23fe66d556c9675d959f98d6bd95636b89af4d7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://orangesport.ro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

Expires: Thu, 23 Mar 2023 16:43:44 GMT
Date: Thu, 16 Mar 2023 14:29:59 GMT
Last-Modified: Tue, 21 Feb 2023 16:43:44 GMT
Server: nginx
ETag: W/"19f7-5f5387ba0a35c"
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Cache-Control: max-age=2592000
Accept-Ranges: bytes
Content-Length: 6647
X-Proxy-Cache: HIT

GET
H/1.1 200
OK peer-gebauer-atacantul-roman-preferat-ambasadorul-germaniei-fan-vfb-stuttgart.jpg
i0.1616.ro/media/541/2981/36187/21005532/2/ 8 KB
9 KB 66ms
65ms Image
image/jpeg 195.191.47.140
ZONTERRA-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i0.1616.ro/media/541/2981/36187/21005532/2/peer-gebauer-atacantul-roman-preferat-ambasadorul-germaniei-fan-vfb-stuttgart.jpg?width=146&height=82
Requested by: Host: orangesport.ro
URL: https://orangesport.ro/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 195.191.47.140 , Romania, ASN50347 (ZONTERRA-AS, RO),
Reverse DNS: 195.191.47.140.nextvm.net
Software: nginx /
Resource Hash: 18247109fc2ce88ade7b8e0e1bdfc2e247498e15ba762672d7d6490ce3510081

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://orangesport.ro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

Expires: Fri, 24 Mar 2023 10:23:57 GMT
Date: Thu, 16 Mar 2023 14:29:59 GMT
Last-Modified: Sat, 04 Feb 2023 12:08:20 GMT
Server: nginx
ETag: "2178-5f3dea765b8a9"
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Cache-Control: max-age=2592000
Accept-Ranges: bytes
Content-Length: 8568
X-Proxy-Cache: HIT

GET
H/1.1 200
OK cristina-neagu.jpg
i0.1616.ro/media/541/2981/36257/21025395/2/ 5 KB
5 KB 66ms
66ms Image
image/jpeg 195.191.47.140
ZONTERRA-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i0.1616.ro/media/541/2981/36257/21025395/2/cristina-neagu.jpg?width=146&height=82
Requested by: Host: orangesport.ro
URL: https://orangesport.ro/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 195.191.47.140 , Romania, ASN50347 (ZONTERRA-AS, RO),
Reverse DNS: 195.191.47.140.nextvm.net
Software: nginx /
Resource Hash: 7fa72a64b2372737ea79c800bad41337fde1b9cb8d090fec89cced81258b55de

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://orangesport.ro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

Expires: Wed, 22 Mar 2023 19:34:20 GMT
Date: Thu, 16 Mar 2023 14:29:59 GMT
Last-Modified: Mon, 20 Feb 2023 19:34:19 GMT
Server: nginx
ETag: W/"1278-5f526bfd093d7"
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Cache-Control: max-age=2592000
Accept-Ranges: bytes
Content-Length: 4728
X-Proxy-Cache: HIT

GET
H/1.1 200
OK helmut-duckadam-coma.jpg
i0.1616.ro/media/541/2981/36275/20982765/1/ 5 KB
6 KB 65ms
65ms Image
image/jpeg 195.191.47.140
ZONTERRA-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i0.1616.ro/media/541/2981/36275/20982765/1/helmut-duckadam-coma.jpg?width=146&height=82
Requested by: Host: orangesport.ro
URL: https://orangesport.ro/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 195.191.47.140 , Romania, ASN50347 (ZONTERRA-AS, RO),
Reverse DNS: 195.191.47.140.nextvm.net
Software: nginx /
Resource Hash: 23ce4ea0d6b01ce2570269c6387b4a2edf518e7aa225cd1a28160fff381ca8af

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://orangesport.ro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

Expires: Tue, 14 Feb 2023 08:46:33 GMT
Date: Thu, 16 Mar 2023 14:29:59 GMT
Last-Modified: Sun, 15 Jan 2023 08:46:33 GMT
Server: nginx
ETag: W/"14e9-5f24980ed1966"
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Cache-Control: max-age=2592000
Accept-Ranges: bytes
Content-Length: 5353
X-Proxy-Cache: HIT

GET
H/1.1 200
OK napoli.jpg
i0.1616.ro/media/541/2981/36226/21060672/1/ 6 KB
6 KB 65ms
65ms Image
image/jpeg 195.191.47.140
ZONTERRA-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i0.1616.ro/media/541/2981/36226/21060672/1/napoli.jpg?width=146&height=82
Requested by: Host: orangesport.ro
URL: https://orangesport.ro/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 195.191.47.140 , Romania, ASN50347 (ZONTERRA-AS, RO),
Reverse DNS: 195.191.47.140.nextvm.net
Software: nginx /
Resource Hash: 85343a1fb2474e3c107c51e59cca79895aeb2d1b070fd3bc33321d0cd37bf23e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://orangesport.ro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

Expires: Sat, 15 Apr 2023 14:16:22 GMT
Date: Thu, 16 Mar 2023 14:29:59 GMT
Last-Modified: Thu, 16 Mar 2023 14:16:22 GMT
Server: nginx
ETag: W/"188c-5f7051aea49e3"
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Cache-Control: max-age=2592000
Accept-Ranges: bytes
Content-Length: 6284
X-Proxy-Cache: HIT

GET
H/1.1 200
OK gigi-becali.jpg
i0.1616.ro/media/541/2981/36186/21060036/1/ 5 KB
5 KB 65ms
65ms Image
image/jpeg 195.191.47.140
ZONTERRA-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i0.1616.ro/media/541/2981/36186/21060036/1/gigi-becali.jpg?width=146&height=82
Requested by: Host: orangesport.ro
URL: https://orangesport.ro/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 195.191.47.140 , Romania, ASN50347 (ZONTERRA-AS, RO),
Reverse DNS: 195.191.47.140.nextvm.net
Software: nginx /
Resource Hash: 044a20919b144ed871f2e0df99ab181bcdf5f4ad6b2b3ee5b915a989b0479d40

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://orangesport.ro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

Expires: Sat, 15 Apr 2023 07:15:48 GMT
Date: Thu, 16 Mar 2023 14:29:59 GMT
Last-Modified: Thu, 16 Mar 2023 07:15:47 GMT
Server: nginx
ETag: "1393-5f6ff3ace37da"
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Cache-Control: max-age=2592000
Accept-Ranges: bytes
Content-Length: 5011
X-Proxy-Cache: HIT

GET
H/1.1 200
OK fcsb-sepsi-osk-sfantu-gheorghe-superliga-superbet-12-03-2023.jpg
i0.1616.ro/media/541/2981/36186/21060634/1/ 5 KB
6 KB 66ms
66ms Image
image/jpeg 195.191.47.140
ZONTERRA-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i0.1616.ro/media/541/2981/36186/21060634/1/fcsb-sepsi-osk-sfantu-gheorghe-superliga-superbet-12-03-2023.jpg?width=146&height=82
Requested by: Host: orangesport.ro
URL: https://orangesport.ro/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 195.191.47.140 , Romania, ASN50347 (ZONTERRA-AS, RO),
Reverse DNS: 195.191.47.140.nextvm.net
Software: nginx /
Resource Hash: 98f54de0ab856260748ee94073349bb14e228f657aae54d1774dd6abd0d2f951

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://orangesport.ro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

Expires: Sat, 15 Apr 2023 13:52:31 GMT
Date: Thu, 16 Mar 2023 14:29:59 GMT
Last-Modified: Thu, 16 Mar 2023 13:52:30 GMT
Server: nginx
ETag: W/"15b5-5f704c59ad1a3"
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Cache-Control: max-age=2592000
Accept-Ranges: bytes
Content-Length: 5557
X-Proxy-Cache: HIT

GET
H/1.1 200
OK spartak-moscova.jpg
i0.1616.ro/media/541/2981/36258/21060554/1/ 7 KB
7 KB 66ms
66ms Image
image/jpeg 195.191.47.140
ZONTERRA-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i0.1616.ro/media/541/2981/36258/21060554/1/spartak-moscova.jpg?width=146&height=82
Requested by: Host: orangesport.ro
URL: https://orangesport.ro/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 195.191.47.140 , Romania, ASN50347 (ZONTERRA-AS, RO),
Reverse DNS: 195.191.47.140.nextvm.net
Software: nginx /
Resource Hash: eec1a2dbcb07dd64516d71c56bb5a2c6984caf836b460cd43d793e1ef6368fb2

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://orangesport.ro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

Expires: Sat, 15 Apr 2023 13:07:03 GMT
Date: Thu, 16 Mar 2023 14:29:59 GMT
Last-Modified: Thu, 16 Mar 2023 13:07:03 GMT
Server: nginx
ETag: W/"1ca4-5f7042307e0a4"
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Cache-Control: max-age=2592000
Accept-Ranges: bytes
Content-Length: 7332
X-Proxy-Cache: HIT

GET
H/1.1 200
OK moldova-romania-amical-20-11-2022-1.jpg
i0.1616.ro/media/541/2981/36251/21060521/2/ 6 KB
6 KB 66ms
66ms Image
image/jpeg 195.191.47.140
ZONTERRA-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i0.1616.ro/media/541/2981/36251/21060521/2/moldova-romania-amical-20-11-2022-1.jpg?width=146&height=82
Requested by: Host: orangesport.ro
URL: https://orangesport.ro/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 195.191.47.140 , Romania, ASN50347 (ZONTERRA-AS, RO),
Reverse DNS: 195.191.47.140.nextvm.net
Software: nginx /
Resource Hash: 41083d8509d760c92088a353c90c7c1a3b66b0b5d7964eeaf628e770d8a259ff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://orangesport.ro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

Expires: Sat, 15 Apr 2023 13:00:47 GMT
Date: Thu, 16 Mar 2023 14:29:59 GMT
Last-Modified: Thu, 16 Mar 2023 13:00:45 GMT
Server: nginx
ETag: "16d4-5f7040c86e07f"
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Cache-Control: max-age=2592000
Accept-Ranges: bytes
Content-Length: 5844
X-Proxy-Cache: HIT

GET
H/1.1 200
OK gigib-ecali.jpg
i0.1616.ro/media/541/2981/36186/21059279/1/ 4 KB
5 KB 70ms
69ms Image
image/jpeg 195.191.47.140
ZONTERRA-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i0.1616.ro/media/541/2981/36186/21059279/1/gigib-ecali.jpg?width=146&height=82
Requested by: Host: orangesport.ro
URL: https://orangesport.ro/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 195.191.47.140 , Romania, ASN50347 (ZONTERRA-AS, RO),
Reverse DNS: 195.191.47.140.nextvm.net
Software: nginx /
Resource Hash: 21e75d79e7559bbc79262648402d9dd645e40259bbcdf21010332ccd6c4332ce

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://orangesport.ro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

Expires: Fri, 14 Apr 2023 18:24:06 GMT
Date: Thu, 16 Mar 2023 14:29:59 GMT
Last-Modified: Wed, 15 Mar 2023 18:24:06 GMT
Server: nginx
ETag: W/"112a-5f6f473099240"
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Cache-Control: max-age=2592000
Accept-Ranges: bytes
Content-Length: 4394
X-Proxy-Cache: HIT

GET
H/1.1 200
OK dinamo-bucuresti-sepsi-osk-sfantu-gheorghe-cupa-romaniei-8-11-2022.jpg
i0.1616.ro/media/541/2981/36186/21059241/1/ 4 KB
5 KB 75ms
75ms Image
image/jpeg 195.191.47.140
ZONTERRA-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i0.1616.ro/media/541/2981/36186/21059241/1/dinamo-bucuresti-sepsi-osk-sfantu-gheorghe-cupa-romaniei-8-11-2022.jpg?width=146&height=82
Requested by: Host: orangesport.ro
URL: https://orangesport.ro/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 195.191.47.140 , Romania, ASN50347 (ZONTERRA-AS, RO),
Reverse DNS: 195.191.47.140.nextvm.net
Software: nginx /
Resource Hash: 45cfd192322c7f45b6ec2b85769aca7bf8741dc1b46777038f4718837d013338

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://orangesport.ro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

Expires: Fri, 14 Apr 2023 17:48:34 GMT
Date: Thu, 16 Mar 2023 14:29:59 GMT
Last-Modified: Wed, 15 Mar 2023 17:48:33 GMT
Server: nginx
ETag: W/"10fb-5f6f3f3e9c995"
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Cache-Control: max-age=2592000
Accept-Ranges: bytes
Content-Length: 4347
X-Proxy-Cache: HIT

GET
H/1.1 200
OK liviu-antal-golgheter-romania-trofeu.jpg
i0.1616.ro/media/541/2981/36187/21059168/1/ 7 KB
8 KB 72ms
72ms Image
image/jpeg 195.191.47.140
ZONTERRA-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i0.1616.ro/media/541/2981/36187/21059168/1/liviu-antal-golgheter-romania-trofeu.jpg?width=146&height=82
Requested by: Host: orangesport.ro
URL: https://orangesport.ro/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 195.191.47.140 , Romania, ASN50347 (ZONTERRA-AS, RO),
Reverse DNS: 195.191.47.140.nextvm.net
Software: nginx /
Resource Hash: 76c8cb8193f315b81493145ee9bd2984b47b6bec48baec0ca043a96b7553229a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://orangesport.ro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

Expires: Fri, 14 Apr 2023 17:03:33 GMT
Date: Thu, 16 Mar 2023 14:29:59 GMT
Last-Modified: Wed, 15 Mar 2023 17:03:32 GMT
Server: nginx
ETag: W/"1d55-5f6f352edc640"
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Cache-Control: max-age=2592000
Accept-Ranges: bytes
Content-Length: 7509
X-Proxy-Cache: HIT

GET
H/1.1 200
OK jo-alves2.jpg
i0.1616.ro/media/541/2981/36186/21059163/1/ 4 KB
4 KB 76ms
76ms Image
image/jpeg 195.191.47.140
ZONTERRA-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i0.1616.ro/media/541/2981/36186/21059163/1/jo-alves2.jpg?width=146&height=82
Requested by: Host: orangesport.ro
URL: https://orangesport.ro/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 195.191.47.140 , Romania, ASN50347 (ZONTERRA-AS, RO),
Reverse DNS: 195.191.47.140.nextvm.net
Software: nginx /
Resource Hash: 768298b3d962ad990fa2a351624946220559b3dc60a9cc61f4dc73777c4fe423

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://orangesport.ro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

Expires: Fri, 14 Apr 2023 17:00:15 GMT
Date: Thu, 16 Mar 2023 14:29:59 GMT
Last-Modified: Wed, 15 Mar 2023 17:00:12 GMT
Server: nginx
ETag: "f58-5f6f3470405ee"
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Cache-Control: max-age=2592000
Accept-Ranges: bytes
Content-Length: 3928
X-Proxy-Cache: HIT

GET
H/1.1 200
OK universitatea-craiova-uta-arad-superliga-superbet-10-03-2023.jpg
i0.1616.ro/media/541/2981/36186/21059140/1/ 8 KB
9 KB 66ms
66ms Image
image/jpeg 195.191.47.140
ZONTERRA-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i0.1616.ro/media/541/2981/36186/21059140/1/universitatea-craiova-uta-arad-superliga-superbet-10-03-2023.jpg?width=146&height=82
Requested by: Host: orangesport.ro
URL: https://orangesport.ro/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 195.191.47.140 , Romania, ASN50347 (ZONTERRA-AS, RO),
Reverse DNS: 195.191.47.140.nextvm.net
Software: nginx /
Resource Hash: e6893dbc25b5c8d59e77b392250b64f499d72a6f7d3c63c79fd9bb7a37d09c51

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://orangesport.ro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

Expires: Fri, 14 Apr 2023 16:35:13 GMT
Date: Thu, 16 Mar 2023 14:29:59 GMT
Last-Modified: Wed, 15 Mar 2023 16:35:12 GMT
Server: nginx
ETag: W/"2118-5f6f2ed9b6aa0"
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Cache-Control: max-age=2592000
Accept-Ranges: bytes
Content-Length: 8472
X-Proxy-Cache: HIT

GET
H/1.1 200
OK 336640945-171447529074635-1173634142177831468-n.jpg
i0.1616.ro/media/541/2981/36256/21060290/1/ 6 KB
7 KB 66ms
66ms Image
image/jpeg 195.191.47.140
ZONTERRA-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i0.1616.ro/media/541/2981/36256/21060290/1/336640945-171447529074635-1173634142177831468-n.jpg?width=146&height=82
Requested by: Host: orangesport.ro
URL: https://orangesport.ro/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 195.191.47.140 , Romania, ASN50347 (ZONTERRA-AS, RO),
Reverse DNS: 195.191.47.140.nextvm.net
Software: nginx /
Resource Hash: 046effd22f52be6c8bb0f6ee31bcd1159f2bdf93f6ec35c142bf82ebf3fb5e4f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://orangesport.ro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

Expires: Sat, 15 Apr 2023 09:50:24 GMT
Date: Thu, 16 Mar 2023 14:29:59 GMT
Last-Modified: Thu, 16 Mar 2023 09:50:24 GMT
Server: nginx
ETag: W/"18d2-5f70163c2d2e6"
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Cache-Control: max-age=2592000
Accept-Ranges: bytes
Content-Length: 6354
X-Proxy-Cache: HIT

GET
H/1.1 200
OK sorana-cirstea.jpg
i0.1616.ro/media/541/2981/36258/21058283/1/ 5 KB
5 KB 67ms
66ms Image
image/jpeg 195.191.47.140
ZONTERRA-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i0.1616.ro/media/541/2981/36258/21058283/1/sorana-cirstea.jpg?width=146&height=82
Requested by: Host: orangesport.ro
URL: https://orangesport.ro/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 195.191.47.140 , Romania, ASN50347 (ZONTERRA-AS, RO),
Reverse DNS: 195.191.47.140.nextvm.net
Software: nginx /
Resource Hash: 34f7cb40e930ce75cf7efa17c9f4dffb988e11d4dcf55118b4984092d1616a46

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://orangesport.ro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

Expires: Fri, 14 Apr 2023 07:26:21 GMT
Date: Thu, 16 Mar 2023 14:29:59 GMT
Last-Modified: Wed, 15 Mar 2023 07:26:21 GMT
Server: nginx
ETag: W/"1319-5f6eb42c3e43d"
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Cache-Control: max-age=2592000
Accept-Ranges: bytes
Content-Length: 4889
X-Proxy-Cache: HIT

GET
H/1.1 200
OK swiatek.jpg
i0.1616.ro/media/541/2981/36258/21058179/1/ 5 KB
6 KB 66ms
66ms Image
image/jpeg 195.191.47.140
ZONTERRA-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i0.1616.ro/media/541/2981/36258/21058179/1/swiatek.jpg?width=146&height=82
Requested by: Host: orangesport.ro
URL: https://orangesport.ro/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 195.191.47.140 , Romania, ASN50347 (ZONTERRA-AS, RO),
Reverse DNS: 195.191.47.140.nextvm.net
Software: nginx /
Resource Hash: 1838ab24ce44aeef404feea267a6e53a63bd8e86314268d6addf2480f9636411

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://orangesport.ro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

Expires: Fri, 14 Apr 2023 06:07:46 GMT
Date: Thu, 16 Mar 2023 14:29:59 GMT
Last-Modified: Wed, 15 Mar 2023 06:07:44 GMT
Server: nginx
ETag: "1531-5f6ea29a0a8a4"
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Cache-Control: max-age=2592000
Accept-Ranges: bytes
Content-Length: 5425
X-Proxy-Cache: HIT

GET
H/1.1 200
OK csm-bucuresti-scm-ramnicu-valcea-liga-florilor-14-03-2023.jpg
i0.1616.ro/media/541/2981/36257/21057735/1/ 8 KB
8 KB 67ms
66ms Image
image/jpeg 195.191.47.140
ZONTERRA-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i0.1616.ro/media/541/2981/36257/21057735/1/csm-bucuresti-scm-ramnicu-valcea-liga-florilor-14-03-2023.jpg?width=146&height=82
Requested by: Host: orangesport.ro
URL: https://orangesport.ro/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 195.191.47.140 , Romania, ASN50347 (ZONTERRA-AS, RO),
Reverse DNS: 195.191.47.140.nextvm.net
Software: nginx /
Resource Hash: 63d61f5daef35e1d4186c36649308a466eb984c20379125f8ffebaeb66f11659

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://orangesport.ro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

Expires: Thu, 13 Apr 2023 20:15:45 GMT
Date: Thu, 16 Mar 2023 14:29:59 GMT
Last-Modified: Tue, 14 Mar 2023 20:15:44 GMT
Server: nginx
ETag: W/"20aa-5f6e1e476e83e"
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Cache-Control: max-age=2592000
Accept-Ranges: bytes
Content-Length: 8362
X-Proxy-Cache: HIT

GET
H/1.1 200
OK mihai.jpg
i0.1616.ro/media/541/2981/36274/21057611/1/ 4 KB
5 KB 65ms
65ms Image
image/jpeg 195.191.47.140
ZONTERRA-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i0.1616.ro/media/541/2981/36274/21057611/1/mihai.jpg?width=146&height=82
Requested by: Host: orangesport.ro
URL: https://orangesport.ro/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 195.191.47.140 , Romania, ASN50347 (ZONTERRA-AS, RO),
Reverse DNS: 195.191.47.140.nextvm.net
Software: nginx /
Resource Hash: d77d5179cedc5dfd9dcb3b0af25359be65872ca6847da18df9e52d309d21863c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://orangesport.ro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

Expires: Thu, 13 Apr 2023 18:56:11 GMT
Date: Thu, 16 Mar 2023 14:29:59 GMT
Last-Modified: Tue, 14 Mar 2023 18:56:11 GMT
Server: nginx
ETag: W/"1198-5f6e0c7f45058"
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Cache-Control: max-age=2592000
Accept-Ranges: bytes
Content-Length: 4504
X-Proxy-Cache: HIT

GET
H/1.1 200
OK gift-orban.jpg
i0.1616.ro/media/541/2981/38947/21059369/1/ 46 KB
46 KB 66ms
65ms Image
image/jpeg 195.191.47.140
ZONTERRA-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i0.1616.ro/media/541/2981/38947/21059369/1/gift-orban.jpg?width=760&height=428
Requested by: Host: orangesport.ro
URL: https://orangesport.ro/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 195.191.47.140 , Romania, ASN50347 (ZONTERRA-AS, RO),
Reverse DNS: 195.191.47.140.nextvm.net
Software: nginx /
Resource Hash: d52d61de703f0a6592a00f9598248ee5e4fd10b0ea18a171eba5ae42abbebaa1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://orangesport.ro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

Expires: Fri, 14 Apr 2023 19:50:19 GMT
Date: Thu, 16 Mar 2023 14:29:59 GMT
Last-Modified: Wed, 15 Mar 2023 19:50:02 GMT
Server: nginx
ETag: "b871-5f6f5a6666581"
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Cache-Control: max-age=2592000
Accept-Ranges: bytes
Content-Length: 47217
X-Proxy-Cache: HIT

GET
H/1.1 200
OK vlcsnap-error853.jpg
i0.1616.ro/media/541/2981/36189/21059357/2/ 35 KB
36 KB 69ms
69ms Image
image/jpeg 195.191.47.140
ZONTERRA-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i0.1616.ro/media/541/2981/36189/21059357/2/vlcsnap-error853.jpg?width=360&height=203
Requested by: Host: orangesport.ro
URL: https://orangesport.ro/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 195.191.47.140 , Romania, ASN50347 (ZONTERRA-AS, RO),
Reverse DNS: 195.191.47.140.nextvm.net
Software: nginx /
Resource Hash: 0a083eee293844b7d07803a196079f5a42de8f19291884c40a4d3fc96aa7bf9b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://orangesport.ro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

Expires: Fri, 14 Apr 2023 19:17:17 GMT
Date: Thu, 16 Mar 2023 14:29:59 GMT
Last-Modified: Wed, 15 Mar 2023 19:17:06 GMT
Server: nginx
ETag: "8dbf-5f6f5309b972e"
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Cache-Control: max-age=2592000
Accept-Ranges: bytes
Content-Length: 36287
X-Proxy-Cache: HIT

GET
H/1.1 200
OK napoli.jpg
i0.1616.ro/media/541/2981/36226/21059325/2/ 48 KB
48 KB 65ms
65ms Image
image/jpeg 195.191.47.140
ZONTERRA-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i0.1616.ro/media/541/2981/36226/21059325/2/napoli.jpg?width=360&height=203
Requested by: Host: orangesport.ro
URL: https://orangesport.ro/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 195.191.47.140 , Romania, ASN50347 (ZONTERRA-AS, RO),
Reverse DNS: 195.191.47.140.nextvm.net
Software: nginx /
Resource Hash: 95238c83264b7d83952fce1e58ec1d02a47ece6b410b326f68dce5a4b48fb640

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://orangesport.ro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

Expires: Fri, 14 Apr 2023 18:52:39 GMT
Date: Thu, 16 Mar 2023 14:29:59 GMT
Last-Modified: Wed, 15 Mar 2023 18:52:39 GMT
Server: nginx
ETag: W/"bfea-5f6f4d926cdad"
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Cache-Control: max-age=2592000
Accept-Ranges: bytes
Content-Length: 49130
X-Proxy-Cache: HIT

GET
H/1.1 200
OK manchester-united-transfer-record.jpg
i0.1616.ro/media/541/2981/36229/21059254/1/ 40 KB
40 KB 68ms
68ms Image
image/jpeg 195.191.47.140
ZONTERRA-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i0.1616.ro/media/541/2981/36229/21059254/1/manchester-united-transfer-record.jpg?width=360&height=203
Requested by: Host: orangesport.ro
URL: https://orangesport.ro/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 195.191.47.140 , Romania, ASN50347 (ZONTERRA-AS, RO),
Reverse DNS: 195.191.47.140.nextvm.net
Software: nginx /
Resource Hash: a1233a650c4255dc0cc1066f04897ed400c999126954f3540a0b3db8ff12a475

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://orangesport.ro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

Expires: Fri, 14 Apr 2023 18:01:57 GMT
Date: Thu, 16 Mar 2023 14:29:59 GMT
Last-Modified: Wed, 15 Mar 2023 18:01:48 GMT
Server: nginx
ETag: "9f76-5f6f423528988"
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Cache-Control: max-age=2592000
Accept-Ranges: bytes
Content-Length: 40822
X-Proxy-Cache: HIT

GET
H/1.1 200
OK fcsb-cs-mioveni-superliga-superbet-5-12-2022.jpg
i0.1616.ro/media/541/2981/36189/21059086/1/ 78 KB
79 KB 66ms
66ms Image
image/jpeg 195.191.47.140
ZONTERRA-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i0.1616.ro/media/541/2981/36189/21059086/1/fcsb-cs-mioveni-superliga-superbet-5-12-2022.jpg?width=760&height=428
Requested by: Host: orangesport.ro
URL: https://orangesport.ro/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 195.191.47.140 , Romania, ASN50347 (ZONTERRA-AS, RO),
Reverse DNS: 195.191.47.140.nextvm.net
Software: nginx /
Resource Hash: 8acc588efe281abf36b20cd311836469dac598a67906c08146eb78cfa22ab391

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://orangesport.ro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

Expires: Fri, 14 Apr 2023 17:03:32 GMT
Date: Thu, 16 Mar 2023 14:29:59 GMT
Last-Modified: Wed, 15 Mar 2023 16:42:54 GMT
Server: nginx
ETag: "13987-5f6f309203bd9"
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Cache-Control: max-age=2592000
Accept-Ranges: bytes
Content-Length: 80263
X-Proxy-Cache: HIT

GET
H/1.1 200
OK cristiano-ronaldo-schimbat-al-nassr.png
i0.1616.ro/media/541/2981/38067/21059136/1/ 152 KB
152 KB 66ms
65ms Image
image/png 195.191.47.140
ZONTERRA-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i0.1616.ro/media/541/2981/38067/21059136/1/cristiano-ronaldo-schimbat-al-nassr.png?width=360&height=203
Requested by: Host: orangesport.ro
URL: https://orangesport.ro/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 195.191.47.140 , Romania, ASN50347 (ZONTERRA-AS, RO),
Reverse DNS: 195.191.47.140.nextvm.net
Software: nginx /
Resource Hash: ea91d5cb349d107f743df4764bd3abce23b8ed164009104c8ffcc985a89c8bf4

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://orangesport.ro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

Expires: Fri, 14 Apr 2023 16:30:02 GMT
Date: Thu, 16 Mar 2023 14:29:59 GMT
Last-Modified: Wed, 15 Mar 2023 16:29:50 GMT
Server: nginx
ETag: "25f94-5f6f2da715663"
Content-Type: image/png
Access-Control-Allow-Origin: *
Cache-Control: max-age=2592000
Accept-Ranges: bytes
Content-Length: 155540
X-Proxy-Cache: HIT

GET
H/1.1 200
OK zlatan-ibrahimovic.jpg
i0.1616.ro/media/541/2981/36186/21059111/1/ 16 KB
16 KB 68ms
66ms Image
image/jpeg 195.191.47.140
ZONTERRA-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i0.1616.ro/media/541/2981/36186/21059111/1/zlatan-ibrahimovic.jpg?width=360&height=203
Requested by: Host: orangesport.ro
URL: https://orangesport.ro/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 195.191.47.140 , Romania, ASN50347 (ZONTERRA-AS, RO),
Reverse DNS: 195.191.47.140.nextvm.net
Software: nginx /
Resource Hash: 300504a23c57069dcf0f5bde08da9b8af4288b9dc1eb4101820f9198923370ba

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://orangesport.ro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

Expires: Fri, 14 Apr 2023 16:10:02 GMT
Date: Thu, 16 Mar 2023 14:29:59 GMT
Last-Modified: Wed, 15 Mar 2023 16:09:59 GMT
Server: nginx
ETag: "3f0c-5f6f2936a00fc"
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Cache-Control: max-age=2592000
Accept-Ranges: bytes
Content-Length: 16140
X-Proxy-Cache: HIT

GET
H/1.1 200
OK ilie-dumitrescu.jpg
i0.1616.ro/media/541/2981/36251/21059052/1/ 28 KB
29 KB 104ms
103ms Image
image/jpeg 195.191.47.140
ZONTERRA-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i0.1616.ro/media/541/2981/36251/21059052/1/ilie-dumitrescu.jpg?width=360&height=203
Requested by: Host: orangesport.ro
URL: https://orangesport.ro/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 195.191.47.140 , Romania, ASN50347 (ZONTERRA-AS, RO),
Reverse DNS: 195.191.47.140.nextvm.net
Software: nginx /
Resource Hash: 82d76ee8d1b9ee9b01a38e883280563a0c3e43c2b2808b966a15f78fc9a6a55d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://orangesport.ro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

Expires: Fri, 14 Apr 2023 15:54:07 GMT
Date: Thu, 16 Mar 2023 14:29:59 GMT
Last-Modified: Wed, 15 Mar 2023 15:54:06 GMT
Server: nginx
ETag: W/"70d5-5f6f25aa74469"
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Cache-Control: max-age=2592000
Accept-Ranges: bytes
Content-Length: 28885
X-Proxy-Cache: HIT

GET
H/1.1 200
OK vendors.js Show response
orangesport.ro/assets/js/ 208 KB
64 KB 89ms
76ms Script
application/javascript 195.191.47.72
ZONTERRA-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://orangesport.ro/assets/js/vendors.js
Requested by: Host: orangesport.ro
URL: https://orangesport.ro/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 195.191.47.72 , Romania, ASN50347 (ZONTERRA-AS, RO),
Reverse DNS: 195.191.47.72.nextvm.net
Software: Apache/2.4.10 (Debian) /
Resource Hash: de8f2bcc7ae21fc9b5baa7f7a0c29472b72da526c6190d3b618c4014fa3a49ee

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://orangesport.ro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

Date: Thu, 16 Mar 2023 14:29:58 GMT
Content-Encoding: gzip
Last-Modified: Fri, 25 Mar 2022 16:11:07 GMT
Server: Apache/2.4.10 (Debian)
ETag: "34177-5db0d35c95cc0-gzip"
Vary: Accept-Encoding
Transfer-Encoding: chunked
Content-Type: application/javascript
Access-Control-Allow-Origin: *
Cache-Control: max-age=31536000
Accept-Ranges: bytes
Expires: Fri, 15 Mar 2024 14:29:58 GMT

GET
H/1.1 200
OK app.js Show response
orangesport.ro/assets/js/ 9 KB
3 KB 80ms
67ms Script
application/javascript 195.191.47.72
ZONTERRA-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://orangesport.ro/assets/js/app.js
Requested by: Host: orangesport.ro
URL: https://orangesport.ro/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 195.191.47.72 , Romania, ASN50347 (ZONTERRA-AS, RO),
Reverse DNS: 195.191.47.72.nextvm.net
Software: Apache/2.4.10 (Debian) /
Resource Hash: 09c6dca21add8a5a5bce50400d4f189d2fd7270b2f55c3e8ea7ab9ac7174eded

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://orangesport.ro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

Date: Thu, 16 Mar 2023 14:29:58 GMT
Content-Encoding: gzip
Last-Modified: Fri, 25 Mar 2022 16:11:07 GMT
Server: Apache/2.4.10 (Debian)
ETag: "2439-5db0d35c95cc0-gzip"
Vary: Accept-Encoding
Content-Type: application/javascript
Access-Control-Allow-Origin: *
Cache-Control: max-age=31536000
Accept-Ranges: bytes
Content-Length: 3140
Expires: Fri, 15 Mar 2024 14:29:58 GMT

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 173 KB
63 KB 155ms
51ms Script
application/javascript 2a00:1450:4001:813::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-NN5ZXNJ

Requested by

Host: orangesport.ro
URL: https://orangesport.ro/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

c0f2f83dae62fdc8d300e322d984e1349b873a6e1f10a366482ef5768ae39f6e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://orangesport.ro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 14:29:58 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 64215
x-xss-protection: 0
last-modified: Thu, 16 Mar 2023 12:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Thu, 16 Mar 2023 14:29:58 GMT

GET
H2 200 marfeel-sdk.js Show response
sdk.mrf.io/statics/ 98 KB
28 KB 143ms
51ms Script
application/javascript 2606:4700:3033::6815:325a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://sdk.mrf.io/statics/marfeel-sdk.js?id=1597
Requested by: Host: orangesport.ro
URL: https://orangesport.ro/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3033::6815:325a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2bc5ef0d7964a3f601a86f084b8f07cae13819b12275e7f0169d89cdca3c71e9

Request headers

Referer: https://orangesport.ro/
Origin: https://orangesport.ro
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 14:29:58 GMT
content-encoding: gzip
cf-cache-status: HIT
age: 250
x-envoy-upstream-service-time: 5
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 28188
x-response-time: 1ms
last-modified: Thu, 16 Mar 2023 14:25:48 GMT
server: cloudflare
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=1800
accept-ranges: bytes
cf-ray: 7a8db0fdefed2bc9-FRA

POST
H/1.1 204
No Content mktzsave
app.omniconvert.com/ 0
395 B 159ms
54ms Ping
text/html 178.128.139.113
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://app.omniconvert.com/mktzsave?event=view&uid=13261709661972380668&session=sess.2.201948927.1678976998030&id_website=17389&page_url=https%3A%2F%2Forangesport.ro%2F&svo=0&time=2023-03-16T14%3A29%3A58%2B00%3A00&version=tt1.65.2-2-gd58add6&versionTimestamp=1678976997&browser=Chrome+111&resolution=1600x1200&device_type=desktop&referer_type=direct&visitor_type=new&os=Windows
Requested by: Host: cdn.omniconvert.com
URL: https://cdn.omniconvert.com/js/ofab188.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 178.128.139.113 Amsterdam, Netherlands, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx/1.14.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://orangesport.ro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

Date: Thu, 16 Mar 2023 14:29:58 GMT
Server: nginx/1.14.0
Access-Control-Allow-Methods: GET
Content-Type: text/html; charset=UTF-8
Access-Control-Allow-Origin: https://orangesport.ro
Access-Control-Allow-Credentials: true
Connection: keep-alive
X-Machine: Tracking-PROD-1
Access-Control-Allow-Headers: origin,accept,accept-encoding,user-agent,x-requested-with

GET
H2 200 sdk.js Show response
connect.facebook.net/en_US/ 3 KB
2 KB 145ms
41ms Script
application/x-javascript 2a03:2880:f01c:8012:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/sdk.js

Requested by

Host: orangesport.ro
URL: https://orangesport.ro/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:8012:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

a28c761a83a656e086c480adfed5312d21e2a193884e350b2914b4ef17a48c5f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://orangesport.ro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
date: Thu, 16 Mar 2023 14:29:58 GMT
content-md5: CoY3VFa2qJS9e37Qsf2wBw==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 1687
x-fb-rlafr: 0
x-fb-debug: RLVs6kFSGBBGwXJ4+pAtR03jQ4zg19ymh+1T4q1zMhgMAmVy9gRqo/HOcJTHBpoPLpseUwbvmyOBePbmvRPbGQ==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
x-fb-trip-id: 686109401
x-fb-content-md5: a9757e252564ed64dfced7f14c2e4698
cross-origin-opener-policy: same-origin-allow-popups
etag: "2b13519589f7c5aece4f2814f65b76cc"
vary: Accept-Encoding
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
origin-agent-cluster: ?0
access-control-expose-headers: X-FB-Content-MD5
cache-control: public,max-age=1200,stale-while-revalidate=3600
x-frame-options: DENY
timing-allow-origin: *
expires: Thu, 16 Mar 2023 14:43:53 GMT

GET
H/1.1 200
OK icons.svg
orangesport.ro/assets/svg/ 7 KB
3 KB 131ms
68ms Other
image/svg+xml 195.191.47.72
ZONTERRA-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://orangesport.ro/assets/svg/icons.svg
Requested by: Host: orangesport.ro
URL: https://orangesport.ro/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 195.191.47.72 , Romania, ASN50347 (ZONTERRA-AS, RO),
Reverse DNS: 195.191.47.72.nextvm.net
Software: Apache/2.4.10 (Debian) /
Resource Hash: 2a2d24cf8524e034a63d837adcca95f8879cf6195d05aad07dd45b0090b0862f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://orangesport.ro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

Date: Thu, 16 Mar 2023 14:29:58 GMT
Content-Encoding: gzip
Last-Modified: Sun, 27 Mar 2022 20:09:51 GMT
Server: Apache/2.4.10 (Debian)
ETag: "1af0-5db38c73f01c0-gzip"
Vary: Accept-Encoding
Content-Type: image/svg+xml
Access-Control-Allow-Origin: *
Cache-Control: max-age=31536000
Accept-Ranges: bytes
Content-Length: 2876
Expires: Fri, 15 Mar 2024 14:29:58 GMT

GET
H/1.1 200
OK logo-orange.svg
orangesport.ro/assets/svg/ 6 KB
3 KB 206ms
70ms Image
image/svg+xml 195.191.47.72
ZONTERRA-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://orangesport.ro/assets/svg/logo-orange.svg?v=2
Requested by: Host: orangesport.ro
URL: https://orangesport.ro/assets/css/style.css
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 195.191.47.72 , Romania, ASN50347 (ZONTERRA-AS, RO),
Reverse DNS: 195.191.47.72.nextvm.net
Software: Apache/2.4.10 (Debian) /
Resource Hash: 817dad0dd57952b30439ed3fc1e0d8b8645f2aedd70bbd48564d2909649b48d7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://orangesport.ro/assets/css/style.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

Date: Thu, 16 Mar 2023 14:29:58 GMT
Content-Encoding: gzip
Last-Modified: Mon, 21 Mar 2022 17:22:29 GMT
Server: Apache/2.4.10 (Debian)
ETag: "17e1-5dabdbda5ff40-gzip"
Vary: Accept-Encoding
Content-Type: image/svg+xml
Access-Control-Allow-Origin: *
Cache-Control: max-age=31536000
Accept-Ranges: bytes
Content-Length: 2547
Expires: Fri, 15 Mar 2024 14:29:58 GMT

GET
H/1.1 404
Not Found helvneue75_w1g.woff2
orangesport.ro/assets/fonts/ 0
0 152ms
82ms Font
text/html 195.191.47.72
ZONTERRA-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://orangesport.ro/assets/fonts/helvneue75_w1g.woff2
Requested by: Host: orangesport.ro
URL: https://orangesport.ro/assets/css/style.css
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 195.191.47.72 , Romania, ASN50347 (ZONTERRA-AS, RO),
Reverse DNS: 195.191.47.72.nextvm.net
Software: Apache/2.4.10 (Debian) /
Resource Hash

Request headers

Referer: https://orangesport.ro/assets/css/style.css
Origin: https://orangesport.ro
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

Content-Type: text/html; charset=UTF-8
Date: Thu, 16 Mar 2023 14:29:58 GMT
Server: Apache/2.4.10 (Debian)
Transfer-Encoding: chunked
Content-Language: ro

GET
H/1.1 404
Not Found helvneue55_w1g.woff2
orangesport.ro/assets/fonts/ 0
0 210ms
76ms Font
text/html 195.191.47.72
ZONTERRA-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://orangesport.ro/assets/fonts/helvneue55_w1g.woff2
Requested by: Host: orangesport.ro
URL: https://orangesport.ro/assets/css/style.css
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 195.191.47.72 , Romania, ASN50347 (ZONTERRA-AS, RO),
Reverse DNS: 195.191.47.72.nextvm.net
Software: Apache/2.4.10 (Debian) /
Resource Hash

Request headers

Referer: https://orangesport.ro/assets/css/style.css
Origin: https://orangesport.ro
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

Content-Type: text/html; charset=UTF-8
Date: Thu, 16 Mar 2023 14:29:58 GMT
Server: Apache/2.4.10 (Debian)
Transfer-Encoding: chunked
Content-Language: ro

POST
H2 200 ingest.php Show response
events.newsroom.bi/ 50 B
850 B 194ms
33ms XHR
application/json 162.55.144.218
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://events.newsroom.bi/ingest.php
Requested by: Host: sdk.mrf.io
URL: https://sdk.mrf.io/statics/marfeel-sdk.js?id=1597
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 162.55.144.218 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: haproxy04.cl03.het.mrf.io
Software: istio-envoy /
Resource Hash: 29fbf053f6f09e650a54d4e9fd038062d6f2d2367eca4196202e8fe8bc345f63

Request headers

Referer: https://orangesport.ro/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

date: Thu, 16 Mar 2023 14:29:58 GMT
content-encoding: gzip
server: istio-envoy
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/json
access-control-allow-origin: https://orangesport.ro
access-control-expose-headers: Content-Length,Content-Range
cache-control: private,no-store
access-control-allow-credentials: true
x-envoy-upstream-service-time: 2
access-control-allow-headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
content-length: 66

GET
H/1.1 404
Not Found helvneue75_w1g.woff
orangesport.ro/assets/fonts/ 0
0 80ms
74ms Font
text/html 195.191.47.72
ZONTERRA-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://orangesport.ro/assets/fonts/helvneue75_w1g.woff
Requested by: Host: orangesport.ro
URL: https://orangesport.ro/assets/css/style.css
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 195.191.47.72 , Romania, ASN50347 (ZONTERRA-AS, RO),
Reverse DNS: 195.191.47.72.nextvm.net
Software: Apache/2.4.10 (Debian) /
Resource Hash

Request headers

Referer: https://orangesport.ro/assets/css/style.css
Origin: https://orangesport.ro
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

Content-Type: text/html; charset=UTF-8
Date: Thu, 16 Mar 2023 14:29:58 GMT
Server: Apache/2.4.10 (Debian)
Transfer-Encoding: chunked
Content-Language: ro

GET
H2 200 projectagora.min.js Show response
aghtag.tech/libs/ 323 KB
93 KB 189ms
52ms Script
application/javascript 2606:4700:3031::ac43:81b0
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://aghtag.tech/libs/projectagora.min.js
Requested by: Host: paht.tech
URL: https://paht.tech/c/telekomsport.ro.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3031::ac43:81b0 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 207347e1a4ad445b2848e910522f6704f7576458035f7fc4e76eb40843086003

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://orangesport.ro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 14:29:58 GMT
content-encoding: gzip
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-request-id: P6X1KGJZKC9ZK6TP
age: 6695
x-amz-server-side-encryption: AES256
x-amz-meta-version: 2.1.1
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 94813
x-amz-id-2: 1Nnjr37Irxh+FZbeq9fB1RYgrCFlBIFFvxEsL1FEJ/uCfzvaIZkHs8wEJJ8hljRXvVLFk6aZ/ag=
last-modified: Thu, 09 Mar 2023 08:36:12 GMT
server: cloudflare
etag: "928b5ed2ca95daa414301867b8d90bbf"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vAEqefyA0IFUtOz30TWXiOX8ulX%2Fburty4yDxMHCOos%2FcYUIZ%2F%2FE%2BB9df3TQ0tS1y2e0uUV%2Fv%2B%2FWC2t01JluByCO%2BY3UqEx9D8ONvkD%2FuEEEMdYiekIjg65DQ1eZ2ooPdXmZagcDQ8QX9g%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 7a8db1001b239293-FRA

GET
H2 200 pubads_impl_2023030901.js Show response
securepubads.g.doubleclick.net/gpt/ 395 KB
133 KB 56ms
41ms Script
text/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023030901.js

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2940fc3e4be1c44c42429926fd8144235bee8fde8e590386bc0b8900482b82d2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://orangesport.ro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 13:07:00 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 4978
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 136293
x-xss-protection: 0
last-modified: Thu, 09 Mar 2023 09:39:14 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Fri, 15 Mar 2024 13:07:00 GMT

GET
H3 200 ppub_config Show response
securepubads.g.doubleclick.net/pagead/ 1 KB
431 B 179ms
79ms XHR
application/json 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/ppub_config?ippd=orangesport.ro

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

430d7a430dd1469807c0104a5469aef96b3ec039d38ca2af7b3085012d7a614a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://orangesport.ro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 14:29:58 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private, max-age=3600, stale-while-revalidate=3600
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 406
x-xss-protection: 0
expires: Thu, 16 Mar 2023 14:29:58 GMT

GET
H/1.1 200 / Show response
d.agkn.com/iframe/8613/ Frame 5406 482 B
1 KB 191ms
43ms Document
text/html 3.124.137.35
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://d.agkn.com/iframe/8613/?che=957803991&gdpr=0&gdpr_consent=&ref=&bpid=eadromania&c=%7B%22bpid%22%3A%22eadromania%22%2C%22loc%22%3A%22https%3A%2F%2Forangesport.ro%2F%22%2C%22gdpr%22%3A%220%22%2C%22gdpr_consent%22%3A%22%22%2C%22ref%22%3A%22-1%22%2C%22cid%22%3A%22-1%22%2C%22sid%22%3A%22-1%22%2C%22gen%22%3A%22-1%22%2C%22age%22%3A%22-1%22%2C%22cat%22%3A%22Homepage%22%2C%22brd%22%3A%22-1%22%2C%22subcategory%22%3A%22%22%7D
Requested by: Host: js.agkn.com
URL: https://js.agkn.com/prod/v0/tag.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.124.137.35 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-124-137-35.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: 4abb4400e10a6a00a3b1ceca91af352d1ef711d546f0b60207c7f6d5f1dc93f1

Request headers

Referer: https://orangesport.ro/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Cache-Control: no-cache, must-revalidate
Connection: keep-alive
Content-Length: 482
Content-Type: text/html;charset=UTF-8
Date: Thu, 16 Mar 2023 14:29:57 GMT
Expires: Sat, 01 Jan 2000 00:00:00 GMT
P3P: CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Pragma: no-cache

GET
H/1.1 404
Not Found helvneue75_w1g.ttf
orangesport.ro/assets/fonts/ 0
0 80ms
79ms Font
text/html 195.191.47.72
ZONTERRA-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://orangesport.ro/assets/fonts/helvneue75_w1g.ttf
Requested by: Host: orangesport.ro
URL: https://orangesport.ro/assets/css/style.css
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 195.191.47.72 , Romania, ASN50347 (ZONTERRA-AS, RO),
Reverse DNS: 195.191.47.72.nextvm.net
Software: Apache/2.4.10 (Debian) /
Resource Hash

Request headers

Referer: https://orangesport.ro/assets/css/style.css
Origin: https://orangesport.ro
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

Content-Type: text/html; charset=UTF-8
Date: Thu, 16 Mar 2023 14:29:58 GMT
Server: Apache/2.4.10 (Debian)
Transfer-Encoding: chunked
Content-Language: ro

GET
H2 200 show_ads_impl_with_ama_fy2021.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202303060101/ 365 KB
121 KB 98ms
97ms Script
text/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202303060101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-4841000241565878&plah=orangesport.ro&bust=31072914

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c4d39a7999e7b992f162a625dcf938352a7b30353a0cc0e018d21c019f7b834b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://orangesport.ro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 14:29:58 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 123388
x-xss-protection: 0
server: cafe
etag: 16231579986808655878
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Thu, 16 Mar 2023 14:29:58 GMT

GET
H2 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20230314/r20190131/ Frame 55CD 10 KB
5 KB 155ms
40ms Document
text/html 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20230314/r20190131/zrt_lookup.html

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ca070dfc7785775cbf5cce16064029ee534259de42c6d9de10e476e710000e93

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://orangesport.ro/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 11308
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4549
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 16 Mar 2023 11:21:30 GMT
etag: 2378337311435320485
expires: Thu, 30 Mar 2023 11:21:30 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 sdk.js Show response
connect.facebook.net/en_US/ 301 KB
85 KB 91ms
41ms Script
application/x-javascript 2a03:2880:f01c:8012:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/sdk.js?hash=864cfef93605d9aa7c0402293ee2f353

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/sdk.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f01c:8012:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

bd9a37b7523beb354673c51bd301b91f4bf0dac017da453401111b8531b0119c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://orangesport.ro/
Origin: https://orangesport.ro
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
date: Thu, 16 Mar 2023 14:29:58 GMT
content-md5: p9KKSo6m5GKg+RZ5gwi7Kg==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 87124
x-fb-rlafr: 0
x-fb-debug: AnIQxxEZgeq1XWJsGREyShIXxKvUdAqAazI2VKdVDwz/gxmm4dKcl4ZUk8mIw+5hNax3mqHLVibFMj9tszvM/Q==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
x-fb-content-md5: a9024382259c52df76ee8c54ac34774c
cross-origin-opener-policy: same-origin-allow-popups
etag: "b26eb3928c128bdfaeac0848c2a55ac6"
vary: Accept-Encoding
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
origin-agent-cluster: ?0
access-control-expose-headers: X-FB-Content-MD5
cache-control: public,max-age=31536000,stale-while-revalidate=3600,immutable
x-frame-options: DENY
timing-allow-origin: *
priority: u=3,i
expires: Fri, 15 Mar 2024 12:19:50 GMT

GET
H2 200 otSDKStub.js Show response
cookie-cdn.cookiepro.com/scripttemplates/ 25 KB
9 KB 158ms
61ms Script
application/javascript 2606:4700:4400::ac40:936c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cookie-cdn.cookiepro.com/scripttemplates/otSDKStub.js

Requested by

Host: orangesport.ro
URL: https://orangesport.ro/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::ac40:936c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

da9a77e15c8cbf2596563d3bc8020cc9e547d2b99976a0b77f5eeadf1c492feb

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://orangesport.ro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Thu, 16 Mar 2023 14:29:58 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: br
cf-cache-status: HIT
content-md5: Ewgd1d1Vp0nFNYpIMiFTtA==
age: 18588
x-ms-lease-status: unlocked
last-modified: Fri, 24 Feb 2023 02:32:33 GMT
server: cloudflare
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
x-ms-request-id: cf805426-001e-004f-0831-484919000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=86400
x-ms-version: 2009-09-19
cf-ray: 7a8db100cdc22c5e-FRA
expires: Fri, 17 Mar 2023 14:29:58 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 49 KB
20 KB 138ms
40ms Script
text/javascript 2a00:1450:4001:810::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-NN5ZXNJ

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

5971b095cff574a66d35ada016d4c077c86e2dea62e9c0f14cf7c94b258619de

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://orangesport.ro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Thu, 16 Mar 2023 14:14:45 GMT
last-modified: Tue, 10 Jan 2023 21:29:14 GMT
server: Golfe2
age: 913
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20085
expires: Thu, 16 Mar 2023 16:14:45 GMT

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
531 B 167ms
49ms Script
application/javascript 2a00:1450:4001:802::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=orangesport.ro

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023030901.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://orangesport.ro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 14:29:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
456 B 158ms
49ms Script
application/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=orangesport.ro

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023030901.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://orangesport.ro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 14:29:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 164 KB
45 KB 775ms
769ms XHR
text/plain 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=3098948467370611&correlator=817520579522671&output=ldjh&gdfp_req=1&vrg=2023030901&ptt=17&impl=fifs&iu_parts=322250475%2Ctelekomsport%2Crectangle%2Crectangle_1%2Crectangle_2%2Crectangle_3%2Ctop%2Ctop_1%2Ctop_2%2Ctop_3%2Ctop_down%2C640x160_adtext%2C1x1&enc_prev_ius=%2F0%2F1%2F2%2C%2F0%2F1%2F3%2C%2F0%2F1%2F4%2C%2F0%2F1%2F5%2C%2F0%2F1%2F6%2C%2F0%2F1%2F7%2C%2F0%2F1%2F8%2C%2F0%2F1%2F9%2C%2F0%2F1%2F10%2C%2F0%2F1%2F11%2C%2F0%2F1%2F12&prev_iu_szs=300x250%7C300x300%7C300x600%2C300x250%7C300x600%2C300x600%7C300x250%2C300x600%7C300x250%2C728x90%7C1200x120%7C1200x150%7C1200x250%7C1200x600%7C970x250%7C970x90%7C930x250%2C728x90%7C760x530%7C970x250%2C728x90%7C970x250%2C728x90%7C970x250%2C728x90%7C970x250%2C300x250%7C640x160%7C640x300%7C336x280%7C580x400%2C1x1&ifi=2&adks=3615993883%2C412014534%2C2354057400%2C2086169970%2C3036626603%2C2540549916%2C421190216%2C4105481162%2C2609699661%2C1162657321%2C2694295229&sfv=1-0-40&cust_params=pagetype%3Dhomepage&sc=1&cookie_enabled=1&abxe=1&dt=1678976998506&lmt=1678976998&dlt=1678976997744&idt=716&adxs=-9%2C-9%2C-9%2C-9%2C436%2C436%2C-9%2C-9%2C-9%2C-9%2C800&adys=-9%2C-9%2C-9%2C-9%2C623%2C1145%2C-9%2C-9%2C-9%2C-9%2C0&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=-1%7C-1%7C-1%7C-1%7C0%7C0%7C-1%7C-1%7C-1%7C-1%7C0&ucis=1%7C2%7C3%7C4%7C5%7C6%7C7%7C8%7C9%7Ca%7Cb&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&nvt=1&url=https%3A%2F%2Forangesport.ro%2F&frm=20&vis=1&psz=0x-1%7C0x-1%7C0x-1%7C0x-1%7C1200x1137%7C1200x1137%7C0x-1%7C0x-1%7C0x-1%7C0x-1%7C1600x1285&msz=0x-1%7C0x-1%7C0x-1%7C0x-1%7C1160x0%7C1160x0%7C0x-1%7C0x-1%7C0x-1%7C0x-1%7C1x-1&fws=2%2C2%2C2%2C2%2C0%2C0%2C2%2C2%2C2%2C2%2C0&ohw=0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0&ga_vid=115104387.1678976999&ga_sid=1678976999&ga_hid=1609397219&ga_fc=false

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023030901.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

aad4cb33a357010eef34fe25170ac4477ffaa2f45b9dbf27a8760e4dc52e49d7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://orangesport.ro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 14:29:59 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2,-2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 46354
x-xss-protection: 0
google-lineitem-id: -1,-1,-1,-1,-1,-1,-1,-1,-1,5352996366,-2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -1,-1,-1,-1,-1,-1,-1,-1,-1,138309676372,-2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://orangesport.ro
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 160 KB
45 KB 397ms
392ms XHR
text/plain 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=3098948467370611&correlator=817520579522671&output=ldjh&gdfp_req=1&vrg=2023030901&ptt=17&impl=fifs&iu_parts=21849154601%3A22515057364%2CAd.Plus-Mobile-Interstitial&enc_prev_ius=%2F0%2F1&prev_iu_szs=1x1&ifi=13&adks=1821922140&sfv=1-0-40&ists=1&fas=8&cust_params=pagetype%3Dhomepage&sc=1&cookie_enabled=1&abxe=1&dt=1678976998513&lmt=1678976998&dlt=1678976997744&idt=716&adxs=-9&adys=-9&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=-1&ucis=c&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&nvt=1&url=https%3A%2F%2Forangesport.ro%2F&frm=20&vis=1&psz=0x-1&msz=0x-1&fws=2&ohw=0&ga_vid=115104387.1678976999&ga_sid=1678976999&ga_hid=1609397219&ga_fc=false

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023030901.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

27c7a22eecffa32e1dd92fd98d76a0fc78ef498f9d399cdf7326152a79995390

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://orangesport.ro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 14:29:58 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 45794
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://orangesport.ro
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 22 KB
10 KB 792ms
787ms XHR
text/plain 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=3098948467370611&correlator=817520579522671&output=ldjh&gdfp_req=1&vrg=2023030901&ptt=17&impl=fifs&iu_parts=21849154601%3A22515057364%2CAd.Plus-Anchor&enc_prev_ius=%2F0%2F1&prev_iu_szs=970x90%7C728x90%7C960x90%7C750x100%7C950x90%7C468x60&ifi=14&adks=1110188790&sfv=1-0-40&prev_scp=site%3Dtelekomsport.ro&cust_params=pagetype%3Dhomepage&sc=1&cookie_enabled=1&abxe=1&dt=1678976998515&lmt=1678976998&dlt=1678976997744&idt=716&adxs=315&adys=1200&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=1&ucis=d&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&nvt=1&url=https%3A%2F%2Forangesport.ro%2F&frm=20&vis=1&psz=970x-1&msz=970x-1&fws=516&ohw=970&ga_vid=115104387.1678976999&ga_sid=1678976999&ga_hid=1609397219&ga_fc=false

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023030901.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

da841d4807ddf60fb71844ad6c04d5e2e76f70d08ca99ca43333f429bb4324bf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://orangesport.ro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 14:29:59 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 10049
x-xss-protection: 0
google-lineitem-id: 6138813963
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: 138408132544
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://orangesport.ro
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html Show response
a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame F8A7 6 KB
3 KB 179ms
47ms Document
text/html 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023030901.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://orangesport.ro/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Thu, 16 Mar 2023 14:29:58 GMT
expires: Fri, 15 Mar 2024 14:29:58 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 pubads_impl_page_level_ads_2023030901.js Show response
securepubads.g.doubleclick.net/gpt/ 33 KB
12 KB 42ms
40ms Script
text/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_page_level_ads_2023030901.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023030901.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d04a9ebcf5396233d88fbd891e94070d6f9909f177c7f936e87a8022898dafff

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://orangesport.ro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Tue, 14 Mar 2023 16:06:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 166979
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 12340
x-xss-protection: 0
last-modified: Thu, 09 Mar 2023 09:39:14 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Wed, 13 Mar 2024 16:06:59 GMT

GET
H2

200

generic
match.adsrvr.org/track/cmf/ Frame 5406
Redirect Chain

https://aa.agkn.com/adscores/g.pixel?sid=9212293468&gdpr=0&gdpr_consent=
https://match.adsrvr.org/track/cmf/generic?ttd_pid=adadvisor&ttd_tpi=1&gdpr=0&gdpr_consent=

70 B
265 B

178ms
55ms

Image
image/gif

35.71.131.137
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.adsrvr.org/track/cmf/generic?ttd_pid=adadvisor&ttd_tpi=1&gdpr=0&gdpr_consent=
Requested by: Host: d.agkn.com
URL: https://d.agkn.com/iframe/8613/?che=957803991&gdpr=0&gdpr_consent=&ref=&bpid=eadromania&c=%7B%22bpid%22%3A%22eadromania%22%2C%22loc%22%3A%22https%3A%2F%2Forangesport.ro%2F%22%2C%22gdpr%22%3A%220%22%2C%22gdpr_consent%22%3A%22%22%2C%22ref%22%3A%22-1%22%2C%22cid%22%3A%22-1%22%2C%22sid%22%3A%22-1%22%2C%22gen%22%3A%22-1%22%2C%22age%22%3A%22-1%22%2C%22cat%22%3A%22Homepage%22%2C%22brd%22%3A%22-1%22%2C%22subcategory%22%3A%22%22%7D
Protocol: H2
Server: 35.71.131.137 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a6370ebea231e0c9a.awsglobalaccelerator.com
Software: /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://d.agkn.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

content-type: image/gif
pragma: no-cache
date: Thu, 16 Mar 2023 14:29:58 GMT
cache-control: private,no-cache, must-revalidate
x-aspnet-version: 4.0.30319
content-length: 70
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

Redirect headers

pragma: no-cache
date: Thu, 16 Mar 2023 14:29:58 GMT
server: AAWebServer
access-control-allow-methods: GET, POST, OPTIONS
p3p: policyref="https://www.agkn.com/p3p/p3p.xml",CP="NOI NID"
location: https://match.adsrvr.org/track/cmf/generic?ttd_pid=adadvisor&ttd_tpi=1&gdpr=0&gdpr_consent=
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
access-control-allow-headers: accept, cache-control, origin, x-requested-with, x-file-name, content-type
expires: 0

GET
H/1.1

200
OK

/
pixel.mathtag.com/sync/img/ Frame 5406
Redirect Chain

https://aa.agkn.com/adscores/g.pixel?sid=9212293438
https://pixel.mathtag.com/sync/img?redir=https://aa.agkn.com/adscores/g.pixel%3Fsid%3D9312292258%26mt%3D%5BMM_UUID%5D
https://aa.agkn.com/adscores/g.pixel?sid=9312292258&mt=c7e66413-27e6-4e00-9ee1-6c0ed0eca3a1
https://pixel.mathtag.com/sync/img/?mt_exid=10009&mt_exuid=266500604457182048377

43 B
404 B

49ms
49ms

Image
image/gif

104.79.88.164
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.mathtag.com/sync/img/?mt_exid=10009&mt_exuid=266500604457182048377
Requested by: Host: d.agkn.com
URL: https://d.agkn.com/iframe/8613/?che=957803991&gdpr=0&gdpr_consent=&ref=&bpid=eadromania&c=%7B%22bpid%22%3A%22eadromania%22%2C%22loc%22%3A%22https%3A%2F%2Forangesport.ro%2F%22%2C%22gdpr%22%3A%220%22%2C%22gdpr_consent%22%3A%22%22%2C%22ref%22%3A%22-1%22%2C%22cid%22%3A%22-1%22%2C%22sid%22%3A%22-1%22%2C%22gen%22%3A%22-1%22%2C%22age%22%3A%22-1%22%2C%22cat%22%3A%22Homepage%22%2C%22brd%22%3A%22-1%22%2C%22subcategory%22%3A%22%22%7D
Protocol: HTTP/1.1
Server: 104.79.88.164 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-79-88-164.deploy.static.akamaitechnologies.com
Software: MT3 569 46451a0 master cdg-pixel-x31 config:1.0.0 /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://d.agkn.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

Date: Thu, 16 Mar 2023 14:29:59 GMT
Server: MT3 569 46451a0 master cdg-pixel-x31 config:1.0.0
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Access-Control-Allow-Origin: *
Content-Type: image/gif
Cache-Control: no-cache
Connection: keep-alive
Content-Length: 43
Expires: Thu, 16 Mar 2023 14:29:58 GMT

Redirect headers

pragma: no-cache
date: Thu, 16 Mar 2023 14:29:58 GMT
server: AAWebServer
access-control-allow-methods: GET, POST, OPTIONS
p3p: policyref="https://www.agkn.com/p3p/p3p.xml",CP="NOI NID"
location: https://pixel.mathtag.com/sync/img/?mt_exid=10009&mt_exuid=266500604457182048377
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
access-control-allow-headers: accept, cache-control, origin, x-requested-with, x-file-name, content-type
expires: 0

GET
H2 200 loader.js Show response
cdn.taboola.com/libtrc/telekomsportro-p18887068/ 14 B
217 B 236ms
139ms Script
application/javascript 151.101.65.44
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.taboola.com/libtrc/telekomsportro-p18887068/loader.js
Requested by: Host: aghtag.tech
URL: https://aghtag.tech/libs/projectagora.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.65.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: Varnish /
Resource Hash: c0c07d5e1cc6e9994f621fb965165bc0106d1a26a04e70bd13c0778af0b93e37

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://orangesport.ro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

x-served-by: cache-hhn-etou8220076-HHN
date: Thu, 16 Mar 2023 14:29:58 GMT
via: 1.1 varnish
server: Varnish
x-timer: S1678976999.752733,VS0,VE99
x-cache: HIT
content-type: application/javascript
abp: 79
access-control-allow-origin: *
cache-control: private,max-age=14401
accept-ranges: bytes
content-length: 14
retry-after: 0
x-cache-hits: 0

GET
H2 200 cookie.js Show response
partner.googleadservices.com/gampad/ 395 B
606 B 145ms
50ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://partner.googleadservices.com/gampad/cookie.js?domain=orangesport.ro&callback=_gfp_s_&client=ca-pub-4841000241565878

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202303060101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-4841000241565878&plah=orangesport.ro&bust=31072914

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

869689ef7005acad4dfda7986b43066bbffe46318143c1986301022735a228e9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://orangesport.ro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 14:29:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: text/javascript; charset=UTF-8
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 254
x-xss-protection: 0

GET
H2 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 433D 14 KB
2 KB 115ms
113ms Document
text/html 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4841000241565878&output=html&adk=1812271804&adf=3025194257&lmt=1678976998&plat=8%3A64%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C41%3A32%2C42%3A32&plas=188x945_l%7C188x945_r&format=0x0&url=https%3A%2F%2Forangesport.ro%2F&ea=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1678976998346&bpp=3&bdt=602&idt=312&shv=r20230314&mjsv=m202303060101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=8656127045470&frm=20&pv=2&ga_vid=115104387.1678976999&ga_sid=1678976999&ga_hid=1609397219&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759927%2C44777876%2C44759842%2C44759876%2C31072914&oid=2&pvsid=3098948467370611&tmod=2006283706&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=1&uci=a!1&fsb=1&dtd=336

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

914e6a9e909ddf78313c38905b3154d08e8b06c1ae4e1ded4b57b149637600e3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://orangesport.ro/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 2006
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 16 Mar 2023 14:29:58 GMT
expires: Thu, 16 Mar 2023 14:29:58 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 d69f6621-d88c-4848-8e1d-a65ec27e36fb.json Show response
cookie-cdn.cookiepro.com/consent/d69f6621-d88c-4848-8e1d-a65ec27e36fb/ 3 KB
2 KB 144ms
62ms XHR
application/x-javascript 2606:4700:4400::ac40:936c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cookie-cdn.cookiepro.com/consent/d69f6621-d88c-4848-8e1d-a65ec27e36fb/d69f6621-d88c-4848-8e1d-a65ec27e36fb.json

Requested by

Host: cookie-cdn.cookiepro.com
URL: https://cookie-cdn.cookiepro.com/scripttemplates/otSDKStub.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::ac40:936c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0c8d55f1e12240d2587efda85929a50cd8e8f6874f6c5e97df7356916c9fd5da

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://orangesport.ro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Thu, 16 Mar 2023 14:29:58 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: br
cf-cache-status: HIT
content-md5: 6a7U6zHFDuSmnalS4QEoJA==
age: 18031
x-ms-lease-status: unlocked
last-modified: Fri, 08 Apr 2022 11:20:00 GMT
server: cloudflare
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
x-ms-request-id: 58bfe002-901e-0096-3f67-47319c000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
cf-ray: 7a8db10279873679-FRA

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
20 B 74ms
73ms Image
image/gif 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=ama_success&c=0&wpc=ca-pub-4841000241565878&warn=12%2C13&w=1600&h=1200&pp=0&ppp=0&eatf=false&eatfAbg=false&reatf=false&a=1%2C10&apv=20230314_103454&sat=1678887586010&afm=0&as_count=0&d_count=0&ng_count=0&am_count=0&atf_count=0&mdns=0&alldns=0&allp=12&pgh=1306&abl=false&rr=n&su=orangesport.ro&pvc=3098948467370611&r=0.1&eid=44759927%2C44777876%2C44759842%2C44759876%2C31072914

Requested by

Host: orangesport.ro
URL: https://orangesport.ro/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://orangesport.ro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Mar 2023 14:29:58 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
20 B 74ms
74ms Image
image/gif 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=ama_opt&c=0&wpc=ca-pub-4841000241565878&warn=12%2C13&w=1600&h=1200&pp=0&ppp=0&eatf=false&eatfAbg=false&reatf=false&a=1%2C10&apv=20230314_103454&sat=1678887586010&afm=0&as_count=0&d_count=0&ng_count=0&am_count=0&atf_count=0&mdns=0&alldns=0&allp=12&pgh=1306&abl=false&rr=0&su=orangesport.ro&sl=pbr&daaos=1678944200659&ab=0&oab=0&sab=0&ls=0&op=237&fap=94~100~112~123~219&fad=4&fmd=0&vad=0&vmd=0&pad=0&pmd=0&pvc=3098948467370611&r=0.1&eid=44759927%2C44777876%2C44759842%2C44759876%2C31072914

Requested by

Host: orangesport.ro
URL: https://orangesport.ro/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://orangesport.ro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Mar 2023 14:29:58 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 otBannerSdk.js Show response
cookie-cdn.cookiepro.com/scripttemplates/6.33.0/ 336 KB
77 KB 66ms
66ms Script
application/javascript 2606:4700:4400::ac40:936c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cookie-cdn.cookiepro.com/scripttemplates/6.33.0/otBannerSdk.js

Requested by

Host: cookie-cdn.cookiepro.com
URL: https://cookie-cdn.cookiepro.com/scripttemplates/otSDKStub.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::ac40:936c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0152531ece5b19aa743208c31fd9f9284282bc97a2ec666de5cf770a9aeee0fa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://orangesport.ro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Thu, 16 Mar 2023 14:29:58 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: br
cf-cache-status: HIT
content-md5: snqI9a2h7X2bbSiony0guw==
age: 18455
x-ms-lease-status: unlocked
last-modified: Thu, 24 Mar 2022 01:44:39 GMT
server: cloudflare
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
x-ms-request-id: 7b2196ab-f01e-0016-7c67-47ce9a000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=86400
x-ms-version: 2009-09-19
cf-ray: 7a8db102e8d12c5e-FRA
expires: Fri, 17 Mar 2023 14:29:58 GMT

GET
H2 200 encrypted-tag-g.js Show response
invstatic101.creativecdn.com/encrypted-signals/ 1 KB
2 KB 130ms
41ms Script
text/javascript 34.96.70.87
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://invstatic101.creativecdn.com/encrypted-signals/encrypted-tag-g.js
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023030901.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.96.70.87 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 87.70.96.34.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: 23bc1d893ce2d2f30b68e549aa3cb991c2a7b7dd87e3df67d9fbb6a8dd113bf8

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://orangesport.ro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 13:40:27 GMT
via: 1.1 google
age: 2972
x-guploader-uploadid: ADPycdt1LtiV0b-ZgH9f7ZZ9wafwnIix8zMGU9EbssUMT9OyVWGTt0BzZOoS15AiTIaqNs99nNNYaXxrZtXKVvofT6AstR_bEpZZ
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1258
last-modified: Fri, 29 Jul 2022 16:55:09 GMT
server: UploadServer
etag: "f5bc066f146e3dbb049aa6c86c7012e6"
x-goog-generation: 1659113709880056
x-goog-hash: crc32c=6QojvA==, md5=9bwGbxRuPbsEmqbIbHAS5g==
content-type: text/javascript
cache-control: public, max-age=3600
x-goog-stored-content-length: 1258
accept-ranges: bytes
expires: Thu, 16 Mar 2023 14:40:27 GMT

GET
H2 200 sync.min.js Show response
tags.crwdcntrl.net/lt/c/16589/ 37 KB
11 KB 152ms
43ms Script
text/javascript 18.66.97.9
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.crwdcntrl.net/lt/c/16589/sync.min.js
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023030901.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.97.9 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-97-9.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 46dde6dd5afd36e719cfe8c4146eb9608243dfca499da8b5387c02dae3ba2382

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://orangesport.ro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 00:52:11 GMT
content-encoding: gzip
via: 1.1 993c0866e705e48daa4fed5e30627712.cloudfront.net (CloudFront)
last-modified: Wed, 08 Mar 2023 18:15:21 GMT
server: AmazonS3
x-amz-cf-pop: FRA56-P2
age: 49069
x-amz-server-side-encryption: AES256
etag: W/"6efe327d19f3ed2460254f4c8a1faf92"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/javascript
cache-control: max-age: 86400
x-amz-cf-id: LFCJkKU1y4QNYvUoBkuULnf2QW4EuHT0smU0gYn_XwLSS4RYDVsYUQ==

GET
H/1.1 200
OK uid2SecureSignal.js Show response
cdn.prod.uidapi.com/ 2 KB
2 KB 178ms
40ms Script
text/javascript 2600:9000:2250:a800:a:e047:752:b361
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.prod.uidapi.com/uid2SecureSignal.js
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023030901.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2250:a800:a:e047:752:b361 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 71fc1599035adc6bc34df2117b8631285905f97737ba730af28644ee6a0d8dde

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://orangesport.ro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

Date: Thu, 16 Mar 2023 05:18:35 GMT
Via: 1.1 4b07e670df891a80bcae1d5be052af3c.cloudfront.net (CloudFront)
Last-Modified: Mon, 23 Jan 2023 04:07:36 GMT
Server: AmazonS3
X-Amz-Cf-Pop: FRA60-P2
Age: 33085
x-amz-server-side-encryption: AES256
ETag: "aded621b17723f487b3c9d0e43cf2f94"
X-Cache: Hit from cloudfront
Content-Type: text/javascript
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 1859
X-Amz-Cf-Id: FGHE6QL-RAeTs0BE0tU68FH07kUxX8ISFpFaO0s6d6t3rRVy8mkmlQ==

GET
H2 200 esp.js Show response
cdn.id5-sync.com/api/1.0/ 58 KB
17 KB 146ms
51ms Script
text/javascript 2606:4700:10::6816:3556
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.id5-sync.com/api/1.0/esp.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023030901.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:3556 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5b1546ae8f493de03b1ca99f9f955a20785679be18625354b363f2f8311f421b

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://orangesport.ro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 14:29:59 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-encoding: gzip
cf-cache-status: HIT
last-modified: Mon, 13 Feb 2023 11:21:55 GMT
server: cloudflare
x-amz-request-id: 72SJ98BPH5NRBYNS
age: 2260
etag: W/"b988c8d91b8a22dcd50f129d3a9d67f1"
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
content-type: text/javascript;charset=utf-8
cache-control: public, max-age=3600
cf-ray: 7a8db1043a003633-FRA
x-amz-id-2: sAdRQ23IcjMGFRCw1s7cZgLVr5ssar/2oaucXbzSysShilKIgGbMkRfz2MS2nLoou7fM1VcEZhk=

GET
H2 200 pubcid.min.js Show response
cdn.jsdelivr.net/gh/prebid/shared-id/pubcid.js/docs/ 732 B
1 KB 133ms
47ms Script
application/javascript 2606:4700::6810:5814
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/gh/prebid/shared-id/pubcid.js/docs/pubcid.min.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023030901.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:5814 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a5230196df9a4e9f6382c504668862efc8e25c1ec093c7dc997fbedb4b3ec54e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://orangesport.ro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 14:29:59 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 21338
x-jsd-version: master
content-encoding: br
x-cache: HIT, HIT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-served-by: cache-fra-eddf8230037-FRA, cache-yyz4557-YYZ
x-jsd-version-type: branch
server: cloudflare
etag: W/"2dc-IrZxm/sP4aqtIfs1EfEw6Dg5q1Y"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Ge%2BSncje5fXlDMjZYuK7X7Vt0u2FJORYRRSpxAJrYDpxXdP%2F46KKae3g66C%2FAFeKmLbrVYAbUenuc7pxGoOCgToQUhnZJg9GXlA8zjiCx7IhFP0TZeWJ076S%2BZJP1AuL257X66fTnEo6%2BonJDfA%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=604800, s-maxage=43200
timing-allow-origin: *
cf-ray: 7a8db104fdf5bbf7-FRA

GET
H2 200 publishertag.ids.js Show response
static.criteo.net/js/ld/ 39 KB
13 KB 184ms
89ms Script
text/javascript 2a02:2638:3::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/js/ld/publishertag.ids.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023030901.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

c7fc8dae04703101d705fac5268f8900d96149d6b2d3fdd6c1fac249ed16cf1b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://orangesport.ro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 14:29:59 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Fri, 24 Feb 2023 07:57:32 GMT
server: nginx
etag: W/"63f86dec-9c21"
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=86400, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Fri, 17 Mar 2023 14:29:59 GMT

GET
H2 200 esp.js Show response
oa.openxcdn.net/ 24 KB
8 KB 137ms
49ms Script
application/javascript 34.102.146.192
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://oa.openxcdn.net/esp.js
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023030901.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.102.146.192 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 192.146.102.34.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: 544c55ca9f05d425f3beb90f287308d7a408b1f60d17728eff5c605a494bc1b9

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://orangesport.ro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Tue, 14 Feb 2023 14:52:45 GMT
content-encoding: gzip
age: 2590634
x-guploader-uploadid: ADPycdsRdNetRtDsJgQiW3jYUzNf--RNUpFn-nwKEqicmnAPK9Kxkrw33U8-Nf4bE3OVkYOkM3hRKPoN1ickSNTXQUfbEEpP_Dou
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: gzip
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 7927
last-modified: Thu, 27 May 2021 18:30:51 GMT
server: UploadServer
etag: "df5542b88bc0e368c6999754a5b9e2ba"
x-goog-generation: 1622140251693895
x-goog-hash: crc32c=f21hYg==, md5=31VCuIvA42jGmZdUpbniug==
content-type: application/javascript
cache-control: no-transform
x-goog-stored-content-length: 7927
accept-ranges: bytes
expires: Wed, 14 Feb 2024 14:52:45 GMT

GET
H2 200 container.html Show response
a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 1BAE 6 KB
3 KB 42ms
42ms Document
text/html 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023030901.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://orangesport.ro/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Thu, 16 Mar 2023 14:29:58 GMT
expires: Fri, 15 Mar 2024 14:29:58 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 ro.json Show response
cookie-cdn.cookiepro.com/consent/d69f6621-d88c-4848-8e1d-a65ec27e36fb/ff604035-9333-40fb-89c0-edcb65c06b69/ 39 KB
10 KB 59ms
59ms Fetch
application/x-javascript 2606:4700:4400::ac40:936c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cookie-cdn.cookiepro.com/consent/d69f6621-d88c-4848-8e1d-a65ec27e36fb/ff604035-9333-40fb-89c0-edcb65c06b69/ro.json

Requested by

Host: cookie-cdn.cookiepro.com
URL: https://cookie-cdn.cookiepro.com/scripttemplates/6.33.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::ac40:936c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d03f3b7b859c5ab0314bc5600278ce96fedfb2a431b5adf103fb836900cc9fe1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://orangesport.ro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Thu, 16 Mar 2023 14:29:59 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: br
cf-cache-status: HIT
content-md5: sKJVSWPOQxWMkCKNcFUKlA==
age: 18214
x-ms-lease-status: unlocked
last-modified: Fri, 08 Apr 2022 11:20:01 GMT
server: cloudflare
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
x-ms-request-id: 18867592-801e-001c-2467-476a2d000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
cf-ray: 7a8db1041ba43679-FRA

GET
H2 200 css2
fonts.googleapis.com/ Frame 1BAE 4 KB
709 B 138ms
48ms Stylesheet
text/css 2a00:1450:4001:812::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Roboto:wght@400;700&display=swap

Requested by

Host: a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com
URL: https://a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

c2777526a216d9692dd29697ebee7836fe8ae65f3a290faa20b75b64c0625205

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Thu, 16 Mar 2023 14:29:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Thu, 16 Mar 2023 13:41:06 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 16 Mar 2023 14:29:59 GMT

GET
H2 200 css
fonts.googleapis.com/ Frame 895C 8 KB
1 KB 122ms
47ms Stylesheet
text/css 2a00:1450:4001:812::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Requested by

Host: orangesport.ro
URL: https://orangesport.ro/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

a84fb0803620acdf77c0f41d652eb5538002ed610424bd0be051203ee50cf940

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Thu, 16 Mar 2023 14:29:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Thu, 16 Mar 2023 13:48:24 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 16 Mar 2023 14:29:59 GMT

GET
H2 200 load_preloaded_resource_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230314/r20110914/client/ Frame 895C 2 KB
846 B 187ms
81ms Script
text/javascript 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230314/r20110914/client/load_preloaded_resource_fy2021.js

Requested by

Host: orangesport.ro
URL: https://orangesport.ro/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f50e59fa7a264b1674e5f94591375a26e9aea318036b2a629e5ba182df01b54f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Wed, 15 Mar 2023 18:16:29 GMT
content-encoding: br
x-content-type-options: nosniff
age: 72810
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 738
x-xss-protection: 0
server: cafe
etag: 1394486882873449110
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 29 Mar 2023 18:16:29 GMT

GET
H2 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230314/r20110914/ Frame 895C 22 KB
9 KB 150ms
48ms Script
text/javascript 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230314/r20110914/abg_lite_fy2021.js

Requested by

Host: orangesport.ro
URL: https://orangesport.ro/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

41f2d67bc7d54d1fc7714c567d05bc33b34173e8088bd52d521d3e8f3b506c9e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 10:24:20 GMT
content-encoding: br
x-content-type-options: nosniff
age: 14739
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9097
x-xss-protection: 0
server: cafe
etag: 6133207136504656605
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 30 Mar 2023 10:24:20 GMT

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230314/r20110914/client/ Frame 895C 3 KB
1 KB 184ms
82ms Script
text/javascript 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230314/r20110914/client/window_focus_fy2021.js

Requested by

Host: orangesport.ro
URL: https://orangesport.ro/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 12:37:08 GMT
content-encoding: br
x-content-type-options: nosniff
age: 6771
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 30 Mar 2023 12:37:08 GMT

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230314/r20110914/client/ Frame 895C 20 KB
8 KB 151ms
49ms Script
text/javascript 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230314/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: orangesport.ro
URL: https://orangesport.ro/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a9161954861bb1fd7d5044d99f9ce04137b3836979ce8c5c75d224642f57c3f9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Wed, 15 Mar 2023 18:13:16 GMT
content-encoding: br
x-content-type-options: nosniff
age: 73003
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8559
x-xss-protection: 0
server: cafe
etag: 11326455550778179109
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 29 Mar 2023 18:13:16 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 895C 158 KB
49 KB 57ms
56ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: orangesport.ro
URL: https://orangesport.ro/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3456dcd3eb25196e68e2822cca66a20c2f123bedf5986f159be674e4c40a05cb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 14:29:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 49519
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1678880156327103"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 16 Mar 2023 14:29:59 GMT

GET
H2 200 cbfababd91166e5076a7e33bfb78f317.js Show response
www.gstatic.com/mysidia/ Frame 895C 34 KB
15 KB 132ms
42ms Script
text/javascript 2a00:1450:4001:830::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/cbfababd91166e5076a7e33bfb78f317.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Host: orangesport.ro
URL: https://orangesport.ro/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4d9e50379350abb45769a5049fc416a2ad6455c413756833d1e1249b617e6550

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Tue, 14 Mar 2023 17:29:49 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 162010
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14337
x-xss-protection: 0
last-modified: Mon, 13 Mar 2023 21:07:13 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Mon, 12 Jun 2023 17:29:49 GMT

GET
H2 200 interstitial_ad_frame_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230314/r20110914/elements/html/ Frame 1BAE 20 KB
8 KB 149ms
52ms Script
text/javascript 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230314/r20110914/elements/html/interstitial_ad_frame_fy2021.js

Requested by

Host: a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com
URL: https://a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

317f149045d69a8bf445de8bbd3ff61b2cc95da746998e97f4381dfe3326c7f7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Wed, 15 Mar 2023 18:16:35 GMT
content-encoding: br
x-content-type-options: nosniff
age: 72804
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8549
x-xss-protection: 0
server: cafe
etag: 16448057571289220057
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 29 Mar 2023 18:16:35 GMT

GET
H2 200 feedback_grey600_24dp.png
www.gstatic.com/images/icons/material/system/2x/ Frame 1BAE 205 B
518 B 139ms
55ms Image
image/png 2a00:1450:4001:830::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/images/icons/material/system/2x/feedback_grey600_24dp.png

Requested by

Host: a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com
URL: https://a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4d45982f2dc34f36c9045ee46a75a1943666bb7fd64e103cac8c7429e7012840

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 14:06:57 GMT
x-content-type-options: nosniff
age: 1382
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 205
x-xss-protection: 0
last-modified: Tue, 22 Oct 2019 18:15:00 GMT
server: sffe
vary: Origin
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
expires: Fri, 15 Mar 2024 14:06:57 GMT

GET
H2 200 settings_grey600_24dp.png
www.gstatic.com/images/icons/material/system/2x/ Frame 1BAE 604 B
694 B 140ms
55ms Image
image/png 2a00:1450:4001:830::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/images/icons/material/system/2x/settings_grey600_24dp.png

Requested by

Host: a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com
URL: https://a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5c4a713ee4250851232be9f9f68d41586be39b299528cfc7266e0b0e7e582e1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 13:07:02 GMT
x-content-type-options: nosniff
age: 4977
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 604
x-xss-protection: 0
last-modified: Tue, 22 Oct 2019 18:15:00 GMT
server: sffe
vary: Origin
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
expires: Fri, 15 Mar 2024 13:07:02 GMT

GET
H2 200 test-cookie.html Show response
ro.adocean.pl/files/html/ Frame 2863 1 KB
903 B 63ms
63ms Document
text/html 128.140.224.229
GTS-BACKBONE GTS ...

General

Check archive.org

Show headers Download Go to

Full URL: https://ro.adocean.pl/files/html/test-cookie.html
Requested by: Host: ro.adocean.pl
URL: https://ro.adocean.pl/files/js/ado.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 128.140.224.229 , Romania, ASN5606 (GTS-BACKBONE GTS Telecom, RO),
Reverse DNS
Software: GAD /
Resource Hash: c8381ba1fcbd2a8fba31a4cc849a54f6824825cdc2443cd9fcdb5752f4bfe634

Request headers

Referer: https://orangesport.ro/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
accept-ranges: bytes
cache-control: public, must-revalidate, max-age=172800
content-encoding: gzip
content-length: 756
content-type: text/html;charset=utf-8
cross-origin-resource-policy: cross-origin
date: Thu, 16 Mar 2023 14:29:59 GMT
etag: "000005049AF70A0F"
expires: Sat, 18 Mar 2023 14:29:59 GMT
last-modified: Mon, 13 Mar 2023 10:56:20 GMT
p3p: CP="NOI DSP COR NID PSAo OUR IND"
server: GAD
vary: Accept-Encoding,Origin

POST
H2 200 encrypt Show response
esp.rtbhouse.com/ 221 B
315 B 58ms
57ms Fetch
application/json 35.190.39.111
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://esp.rtbhouse.com/encrypt
Requested by: Host: invstatic101.creativecdn.com
URL: https://invstatic101.creativecdn.com/encrypted-signals/encrypted-tag-g.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.190.39.111 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 111.39.190.35.bc.googleusercontent.com
Software: Google Frontend /
Resource Hash: 950152b7619f13382e63585efb096c67c5206d3bbd9b96550d54b8c185f70d17

Request headers

Referer: https://orangesport.ro/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
Content-Type: application/json

Response headers

date: Thu, 16 Mar 2023 14:29:59 GMT
via: 1.1 google
server: Google Frontend
content-type: application/json
access-control-allow-origin: *
x-cloud-trace-context: 99a1e5b4734345aec9f242c7bb7f627a
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 221

OPTIONS
H2 200 encrypt
esp.rtbhouse.com/ Frame 0
0 160ms
57ms Preflight
text/plain 35.190.39.111
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://esp.rtbhouse.com/encrypt
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.190.39.111 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 111.39.190.35.bc.googleusercontent.com
Software: Google Frontend /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://orangesport.ro
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: content-type
access-control-allow-methods: POST, GET
access-control-allow-origin: https://orangesport.ro
access-control-max-age: 600
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2
content-type: text/plain; charset=utf-8
date: Thu, 16 Mar 2023 14:29:59 GMT
server: Google Frontend
vary: Origin
via: 1.1 google
x-cloud-trace-context: 23b0f3c4f1abab845e4aed2990b3f4ec

GET
H2 200 otFlat.json Show response
cookie-cdn.cookiepro.com/scripttemplates/6.33.0/assets/ 13 KB
3 KB 51ms
50ms Fetch
application/json 2606:4700:4400::ac40:936c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cookie-cdn.cookiepro.com/scripttemplates/6.33.0/assets/otFlat.json

Requested by

Host: cookie-cdn.cookiepro.com
URL: https://cookie-cdn.cookiepro.com/scripttemplates/6.33.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::ac40:936c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8ae30f6f2162279a812bf9e00efd0c985e20e76efece9444125b410f3a6822a6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://orangesport.ro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Thu, 16 Mar 2023 14:29:59 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: br
cf-cache-status: HIT
content-md5: sKd74iX+eTxIn9FxDVtzyw==
age: 18213
x-ms-lease-status: unlocked
last-modified: Thu, 24 Mar 2022 01:44:22 GMT
server: cloudflare
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
x-ms-request-id: 83596ced-901e-00b9-0c67-473c57000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=86400
x-ms-version: 2009-09-19
cf-ray: 7a8db104ecc03679-FRA
expires: Fri, 17 Mar 2023 14:29:59 GMT

GET
H2 200 otPcTab.json Show response
cookie-cdn.cookiepro.com/scripttemplates/6.33.0/assets/v2/ 47 KB
12 KB 60ms
59ms Fetch
application/json 2606:4700:4400::ac40:936c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cookie-cdn.cookiepro.com/scripttemplates/6.33.0/assets/v2/otPcTab.json

Requested by

Host: cookie-cdn.cookiepro.com
URL: https://cookie-cdn.cookiepro.com/scripttemplates/6.33.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::ac40:936c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6736760a1c0c624190fee65234d5013a261ded35d345e6f278a3739719fac230

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://orangesport.ro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Thu, 16 Mar 2023 14:29:59 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: br
cf-cache-status: HIT
content-md5: h/rpieqq8V1m1+jdGLnyuQ==
age: 18213
x-ms-lease-status: unlocked
last-modified: Thu, 24 Mar 2022 01:44:25 GMT
server: cloudflare
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
x-ms-request-id: 318d3b7b-e01e-0035-5767-475459000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=86400
x-ms-version: 2009-09-19
cf-ray: 7a8db104ecc13679-FRA
expires: Fri, 17 Mar 2023 14:29:59 GMT

GET
H2 200 otCommonStyles.css Show response
cookie-cdn.cookiepro.com/scripttemplates/6.33.0/assets/ 21 KB
4 KB 62ms
61ms Fetch
text/css 2606:4700:4400::ac40:936c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cookie-cdn.cookiepro.com/scripttemplates/6.33.0/assets/otCommonStyles.css

Requested by

Host: cookie-cdn.cookiepro.com
URL: https://cookie-cdn.cookiepro.com/scripttemplates/6.33.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::ac40:936c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8edbd08b9bb87f815ad871e44aae03af609fc44b1961d608e94eff3f4e010375

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://orangesport.ro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Thu, 16 Mar 2023 14:29:59 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: br
cf-cache-status: HIT
content-md5: SHFDtZO2nDZuiPDW83p1IQ==
age: 18213
x-ms-lease-status: unlocked
last-modified: Thu, 24 Mar 2022 01:44:46 GMT
server: cloudflare
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
x-ms-request-id: 747b8fa3-a01e-000b-2367-47c326000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=86400
x-ms-version: 2009-09-19
cf-ray: 7a8db104ecc33679-FRA
expires: Fri, 17 Mar 2023 14:29:59 GMT

GET
H/1.1 204 increment Show response
id5-sync.com/api/esp/ 0
323 B 135ms
44ms XHR
text/plain 162.19.138.118
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://id5-sync.com/api/esp/increment?counter=no-config

Requested by

Host: cdn.id5-sync.com
URL: https://cdn.id5-sync.com/api/1.0/esp.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

162.19.138.118 , France, ASN16276 (OVH, FR),

Reverse DNS

ns31533569.ip-162-19-138.eu

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

Referer: https://orangesport.ro/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://orangesport.ro
date: Thu, 16 Mar 2023 14:29:58 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
access-control-allow-credentials: true
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Origin

POST
H2 200 map Show response
bcp.crwdcntrl.net/6/ 60 B
333 B 184ms
55ms XHR
application/json 52.31.114.167
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://bcp.crwdcntrl.net/6/map
Requested by: Host: tags.crwdcntrl.net
URL: https://tags.crwdcntrl.net/lt/c/16589/sync.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.31.114.167 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-31-114-167.eu-west-1.compute.amazonaws.com
Software: Jetty(9.4.38.v20210224) /
Resource Hash: b77927bd53591e765793749f03962a8cfcda9e311f29efe60de70b120c7cc42c

Request headers

Referer: https://orangesport.ro/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Thu, 16 Mar 2023 14:29:59 GMT
server: Jetty(9.4.38.v20210224)
content-type: application/json;charset=utf-8
p3p: CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
access-control-allow-origin: https://orangesport.ro
cache-control: no-cache
x-server: 10.45.14.76
access-control-allow-credentials: true
content-length: 60
expires: 0

GET
H2 200 poweredBy_cp_logo.svg
cookie-cdn.cookiepro.com/logos/static/ 5 KB
2 KB 54ms
52ms Image
image/svg+xml 2606:4700:4400::ac40:936c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cookie-cdn.cookiepro.com/logos/static/poweredBy_cp_logo.svg

Requested by

Host: orangesport.ro
URL: https://orangesport.ro/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::ac40:936c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8df4e2508308452516a8972eb7d993d970eefeea6705487b0e100c0fa7b4b447

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://orangesport.ro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Thu, 16 Mar 2023 14:29:59 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: br
cf-cache-status: HIT
content-md5: uInNdQwuuw8s7lYl3cE7eQ==
age: 18588
x-ms-lease-status: unlocked
last-modified: Fri, 24 Feb 2023 02:32:36 GMT
server: cloudflare
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
x-ms-request-id: c88f7ab8-401e-0085-6531-481590000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=86400
x-ms-version: 2009-09-19
cf-ray: 7a8db105bd6d2c5e-FRA
expires: Fri, 17 Mar 2023 14:29:59 GMT

GET
H3 200 container.html Show response
a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 24F9 6 KB
3 KB 42ms
40ms Document
text/html 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023030901.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://orangesport.ro/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Thu, 16 Mar 2023 14:29:58 GMT
expires: Fri, 15 Mar 2024 14:29:58 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 container.html Show response
a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 184F 6 KB
3 KB 40ms
39ms Document
text/html 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023030901.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://orangesport.ro/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Thu, 16 Mar 2023 14:29:58 GMT
expires: Fri, 15 Mar 2024 14:29:58 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 container.html Show response
a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 6201 6 KB
3 KB 41ms
40ms Document
text/html 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023030901.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://orangesport.ro/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Thu, 16 Mar 2023 14:29:58 GMT
expires: Fri, 15 Mar 2024 14:29:58 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 container.html Show response
a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame F0A9 6 KB
3 KB 40ms
40ms Document
text/html 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023030901.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://orangesport.ro/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Thu, 16 Mar 2023 14:29:58 GMT
expires: Fri, 15 Mar 2024 14:29:58 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 container.html Show response
a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 5C64 6 KB
3 KB 41ms
40ms Document
text/html 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023030901.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://orangesport.ro/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Thu, 16 Mar 2023 14:29:58 GMT
expires: Fri, 15 Mar 2024 14:29:58 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 container.html Show response
a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 738F 6 KB
3 KB 40ms
39ms Document
text/html 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023030901.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://orangesport.ro/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Thu, 16 Mar 2023 14:29:58 GMT
expires: Fri, 15 Mar 2024 14:29:58 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 container.html Show response
a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 7AE0 6 KB
3 KB 40ms
39ms Document
text/html 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023030901.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://orangesport.ro/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Thu, 16 Mar 2023 14:29:58 GMT
expires: Fri, 15 Mar 2024 14:29:58 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 container.html Show response
a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 73E7 6 KB
3 KB 44ms
43ms Document
text/html 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023030901.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://orangesport.ro/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Thu, 16 Mar 2023 14:29:58 GMT
expires: Fri, 15 Mar 2024 14:29:58 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 container.html Show response
a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 3218 6 KB
3 KB 41ms
41ms Document
text/html 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023030901.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://orangesport.ro/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Thu, 16 Mar 2023 14:29:58 GMT
expires: Fri, 15 Mar 2024 14:29:58 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame BC55 0
0 78ms
76ms Fetch
image/gif 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsuLM7eiwvVjPwOniW5tvYIwQLwZJgAJtqc7_7qpAbpgSmRBVTfgLkbkguz6xpiaSoNRmfdquLyzbzTwrxyPGJo04xp6kGWC8AZVaWHCJnBExwa4Vh-wIZ6XdBZ0GEaJX4e9VVibJvY7fGL4SUEv8xP-Prqb6Sp6zV3dCG9hex6BXwrTQPSr4n5WJg121oau99b5jt7fq80WF9BsoEWvCqMGRYnCJ75G1152K8wD9DjqZI8NnWvbo2fzEjYEWdHoL9ws2ZjBwpnh_s4QGknEMzVwzPmq6PQiASKKaDVU9Nq5RDSMjaxOTD8WSRQVO7hwEp-67wF49BU&sai=AMfl-YTf70NP2VFNIKZrmw4gqbiIAVoNO-0VFDppdmj5YbjfUkgC51BEAL_pFyid2VS45re3wb6xMEzts4TxNxAdEFD2nlGWvtxr4H77gK_GbBuJAhUlz7yz2qKrg7DYrdOpT9NdRHfk_RdqONB-tiE&sig=Cg0ArKJSzBn_ksA0F98REAE&uach_m=[UACH]&urlfix=1&adurl=

Requested by

Host: orangesport.ro
URL: https://orangesport.ro/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://orangesport.ro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 14:29:59 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Thu, 16 Mar 2023 14:29:59 GMT

GET
H2 200 delivery.js Show response
assets.revcontent.com/master/ Frame BC55 158 KB
50 KB 141ms
42ms Script
application/x-javascript 151.139.128.10
STACKPATH-CDN

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.revcontent.com/master/delivery.js
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023030901.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.139.128.10 , United States, ASN20446 (STACKPATH-CDN, US),
Reverse DNS: map3.hwcdn.net
Software: AmazonS3 /
Resource Hash: 0ff16e20b5ab684fce57aa32522d8b75ff38da3b6428d9e735f09b230f2a5c20

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://orangesport.ro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 14:29:59 GMT
content-encoding: gzip
last-modified: Fri, 10 Mar 2023 19:39:19 GMT
server: AmazonS3
x-amz-request-id: Q5SA6Z6W475Z85H0
etag: "d455312f33a6b9958dfd82c0dbc1b6a4"
x-amz-server-side-encryption: AES256
x-hw: 1678976999.cds143.fr8.hn,1678976999.cds146.fr8.c
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public,max-age=600
accept-ranges: bytes
content-length: 51207
x-amz-id-2: idcyOdxN+YaRARBlX9MYx6GhYbk9QPbl86oXsqtkzW8AwdSOcumDeTwDj5bGalp1DJOubLEggdY=

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame BC55 158 KB
48 KB 58ms
56ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023030901.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3456dcd3eb25196e68e2822cca66a20c2f123bedf5986f159be674e4c40a05cb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://orangesport.ro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 14:29:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 49519
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1678880156327103"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 16 Mar 2023 14:29:59 GMT

GET
H2

200

esp Show response
oajs.openx.net/
Redirect Chain

https://oajs.openx.net/esp?url=https%3A%2F%2Forangesport.ro%2F&rid=esp
https://oajs.openx.net/esp?url=https%3A%2F%2Forangesport.ro%2F&rid=esp&cc=1

85 B
202 B

151ms
151ms

Fetch
application/json

34.120.135.53
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://oajs.openx.net/esp?url=https%3A%2F%2Forangesport.ro%2F&rid=esp&cc=1
Requested by: Host: orangesport.ro
URL: https://orangesport.ro/
Protocol: H2
Server: 34.120.135.53 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 53.135.120.34.bc.googleusercontent.com
Software: / Express
Resource Hash: 6da7b331725d5ef1a6fec7257b61c49046348347069dec883ce6c9717aac60a7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://orangesport.ro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 14:29:59 GMT
via: 1.1 google
x-powered-by: Express
etag: W/"55-9Tt0APwflBXl8exCbhG2kXmrIBY"
vary: Origin
content-type: application/json; charset=utf-8
access-control-allow-origin: https://orangesport.ro
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 85

Redirect headers

date: Thu, 16 Mar 2023 14:29:59 GMT
via: 1.1 google
x-powered-by: Express
vary: Origin
access-control-allow-origin: https://orangesport.ro
location: /esp?url=https%3A%2F%2Forangesport.ro%2F&rid=esp&cc=1
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 958C 624 B
242 B 88ms
87ms Document
text/html 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CNKOMxDkyTkY8NiZyAEwAQ&v=APEucNXxRqGRqQfgSuRVGAAbJ48nG0BlBh_ahP6Fh8ajPFUJZk4Zx_YtVC2QlRKxafFnb-Li5D7d4ZPslO78WjvWp0LY4vjiybXseyAP4-5rSYtg-fYHsSs4V8HGnngMutwb_RATKTTDSiP6Z4Q9BmA8sJjcpmxD4_Pz4FoYeXlfXxV_tJY2Uoo

Requested by

Host: a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com
URL: https://a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: br
content-length: 222
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 16 Mar 2023 14:29:59 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 dv3.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame 24F9 78 KB
27 KB 154ms
154ms Script
text/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/dv3.js

Requested by

Host: a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com
URL: https://a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

16b432ac8f43a6b2d8aa358f41ee60e2ef5923b2645bf2c37f3a06f8334b1557

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 14:29:59 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 27790
x-xss-protection: 0
server: cafe
etag: 3677590245327912432
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=600
timing-allow-origin: *
expires: Thu, 16 Mar 2023 14:29:59 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 24F9 42 B
63 B 75ms
74ms Image
image/gif 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-CJQjxJv8cyJm1UxP-0ztAer0J_s5AINajLmEhcIDlvEjcz89MVvAwgzD7JKF3KAkLakIoXu-M_oVG9IXR_wZxB0n8Rmk1lLnzeiRA740WyJN0BL_I

Requested by

Host: a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com
URL: https://a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Mar 2023 14:29:59 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 24F9 0
20 B 78ms
77ms Image
image/gif 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=fetch&cor=15143331492421622857&x=1&ct=76

Requested by

Host: a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com
URL: https://a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Mar 2023 14:29:59 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230314/r20110914/client/ Frame 24F9 3 KB
1 KB 45ms
43ms Script
text/javascript 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230314/r20110914/client/window_focus_fy2021.js

Requested by

Host: a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com
URL: https://a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 12:37:08 GMT
content-encoding: br
x-content-type-options: nosniff
age: 6771
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 30 Mar 2023 12:37:08 GMT

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230314/r20110914/client/ Frame 24F9 20 KB
8 KB 40ms
39ms Script
text/javascript 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230314/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com
URL: https://a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a9161954861bb1fd7d5044d99f9ce04137b3836979ce8c5c75d224642f57c3f9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Wed, 15 Mar 2023 18:13:16 GMT
content-encoding: br
x-content-type-options: nosniff
age: 73003
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8559
x-xss-protection: 0
server: cafe
etag: 11326455550778179109
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 29 Mar 2023 18:13:16 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 24F9 158 KB
48 KB 53ms
52ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com
URL: https://a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3456dcd3eb25196e68e2822cca66a20c2f123bedf5986f159be674e4c40a05cb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 14:29:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 49519
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1678880156327103"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 16 Mar 2023 14:29:59 GMT

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 7085 624 B
242 B 85ms
84ms Document
text/html 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CNKOMxDkyTkY8NiZyAEwAQ&v=APEucNUm-9KSLP5FmUzfbqIG6fF19e9Y8hIVH-uA2Pv4P1LU3a1Q3UTJQXlc_2uXoV__0Fds1OzhNzbscNuZPpYLIhguXoDaxL2dwGuaT2MC66uNhHzHVCtImWl0uYvjbTsAkd9N7fc27rRZk6zwRyKPtIxHDHPgxZ3GOlixo3-ZAL03B5OY95k

Requested by

Host: a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com
URL: https://a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: br
content-length: 222
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 16 Mar 2023 14:29:59 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 dv3.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame 184F 78 KB
27 KB 269ms
268ms Script
text/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/dv3.js

Requested by

Host: a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com
URL: https://a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

16b432ac8f43a6b2d8aa358f41ee60e2ef5923b2645bf2c37f3a06f8334b1557

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 14:29:59 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 27790
x-xss-protection: 0
server: cafe
etag: 3677590245327912432
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=600
timing-allow-origin: *
expires: Thu, 16 Mar 2023 14:29:59 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 184F 42 B
63 B 76ms
75ms Image
image/gif 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-ASgKDOK6INr5J3eQtdu3bq8uj5MuY1mvFpeYIMZeZKo0hn7g0an7o2mRDAm8_f21P6necm4M1bOkVwHd4GpHc9pYk7bNB1lX2jJemolK-PWUBtuw8

Requested by

Host: a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com
URL: https://a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Mar 2023 14:29:59 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 184F 0
20 B 76ms
75ms Image
image/gif 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=fetch&cor=11407736492356498564&x=1&ct=76

Requested by

Host: a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com
URL: https://a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Mar 2023 14:29:59 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230314/r20110914/client/ Frame 184F 3 KB
1 KB 47ms
46ms Script
text/javascript 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230314/r20110914/client/window_focus_fy2021.js

Requested by

Host: a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com
URL: https://a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 12:37:08 GMT
content-encoding: br
x-content-type-options: nosniff
age: 6771
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 30 Mar 2023 12:37:08 GMT

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230314/r20110914/client/ Frame 184F 20 KB
8 KB 42ms
41ms Script
text/javascript 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230314/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com
URL: https://a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a9161954861bb1fd7d5044d99f9ce04137b3836979ce8c5c75d224642f57c3f9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Wed, 15 Mar 2023 18:13:16 GMT
content-encoding: br
x-content-type-options: nosniff
age: 73003
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8559
x-xss-protection: 0
server: cafe
etag: 11326455550778179109
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 29 Mar 2023 18:13:16 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 184F 158 KB
48 KB 88ms
87ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com
URL: https://a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3456dcd3eb25196e68e2822cca66a20c2f123bedf5986f159be674e4c40a05cb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 14:29:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 49519
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1678880156327103"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 16 Mar 2023 14:29:59 GMT

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 0AB9 640 B
262 B 92ms
90ms Document
text/html 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CNKo89UCEOuOtqEDGNyNnOEBMAE&v=APEucNX_4AevaFoEJRDPNLpAMbXW7ebINEfXWimYVNdthA-Wu7vUcf0OwZjhejRzb2cQtgpQemhM3G6hYJdMNn3606u5xy3gOkDQpOVsbFpwEfxcFhWCw59xfPoEDrd_O3_6rwZQfsYkswGkHoptYH5Gyf5SmLPMeOILXEOp3Tsdbf63dJJ6u1s

Requested by

Host: orangesport.ro
URL: https://orangesport.ro/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d0e8821e889280c3b745b859e6b3971924723a4562bac65ba8aa0fe44bfc83b2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: br
content-length: 242
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 16 Mar 2023 14:29:59 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 dv3.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame 267F 78 KB
27 KB 246ms
245ms Script
text/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/dv3.js

Requested by

Host: orangesport.ro
URL: https://orangesport.ro/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

16b432ac8f43a6b2d8aa358f41ee60e2ef5923b2645bf2c37f3a06f8334b1557

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 14:29:59 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 27790
x-xss-protection: 0
server: cafe
etag: 3677590245327912432
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=600
timing-allow-origin: *
expires: Thu, 16 Mar 2023 14:29:59 GMT

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230314/r20110914/client/ Frame 267F 3 KB
1 KB 46ms
43ms Script
text/javascript 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230314/r20110914/client/window_focus_fy2021.js

Requested by

Host: orangesport.ro
URL: https://orangesport.ro/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 12:37:08 GMT
content-encoding: br
x-content-type-options: nosniff
age: 6771
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 30 Mar 2023 12:37:08 GMT

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230314/r20110914/client/ Frame 267F 20 KB
8 KB 42ms
39ms Script
text/javascript 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230314/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: orangesport.ro
URL: https://orangesport.ro/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a9161954861bb1fd7d5044d99f9ce04137b3836979ce8c5c75d224642f57c3f9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Wed, 15 Mar 2023 18:13:16 GMT
content-encoding: br
x-content-type-options: nosniff
age: 73003
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8559
x-xss-protection: 0
server: cafe
etag: 11326455550778179109
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 29 Mar 2023 18:13:16 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 267F 158 KB
48 KB 110ms
108ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: orangesport.ro
URL: https://orangesport.ro/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3456dcd3eb25196e68e2822cca66a20c2f123bedf5986f159be674e4c40a05cb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 14:29:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 49519
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1678880156327103"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 16 Mar 2023 14:29:59 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 267F 42 B
63 B 75ms
74ms Image
image/gif 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-CYWFH-ptZ8bQB-3jBz28YxSyP1v2sOfqNf1aItz0OFXURV5audZBODF7ywCUibjS-IsvOaZKZT0pzN-2DQceDGqATDBoJKRlSZS4kB3Cuw3sTOBuU

Requested by

Host: orangesport.ro
URL: https://orangesport.ro/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Mar 2023 14:29:59 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 267F 0
20 B 76ms
75ms Image
image/gif 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=fetch&cor=17156096254712402720&x=1&ct=76

Requested by

Host: orangesport.ro
URL: https://orangesport.ro/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Mar 2023 14:29:59 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 7494 466 B
235 B 85ms
83ms Document
text/html 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CNKo89UCEOuOtqEDGNyNnOEBMAE&v=APEucNWKceS5rwiNxHNwevw4HGnA7YS5dIFc8iw1-TSt7yZHemvBP6KjFmYYNRRJrKvEJoGAgl23Yd_yOEQCdETdsdLE7--Czi2jKJBLnflH-2Ww2hDevfqGngI6lpUMO9rBvnQHGz23b4WPyXobRiq5WUnL54vtHHFhqP91jn0MUa2cYrN8zv4

Requested by

Host: orangesport.ro
URL: https://orangesport.ro/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

37ab5c060ae53ccda75b8bd212d874a17650f7954b11c4e31f568990ab40196b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: br
content-length: 215
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 16 Mar 2023 14:29:59 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 dv3.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame 3E35 78 KB
27 KB 279ms
278ms Script
text/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/dv3.js

Requested by

Host: orangesport.ro
URL: https://orangesport.ro/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

16b432ac8f43a6b2d8aa358f41ee60e2ef5923b2645bf2c37f3a06f8334b1557

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 14:29:59 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 27790
x-xss-protection: 0
server: cafe
etag: 3677590245327912432
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=600
timing-allow-origin: *
expires: Thu, 16 Mar 2023 14:29:59 GMT

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230314/r20110914/client/ Frame 3E35 3 KB
1 KB 46ms
43ms Script
text/javascript 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230314/r20110914/client/window_focus_fy2021.js

Requested by

Host: orangesport.ro
URL: https://orangesport.ro/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 12:37:08 GMT
content-encoding: br
x-content-type-options: nosniff
age: 6771
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 30 Mar 2023 12:37:08 GMT

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230314/r20110914/client/ Frame 3E35 20 KB
8 KB 41ms
39ms Script
text/javascript 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230314/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: orangesport.ro
URL: https://orangesport.ro/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a9161954861bb1fd7d5044d99f9ce04137b3836979ce8c5c75d224642f57c3f9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Wed, 15 Mar 2023 18:13:16 GMT
content-encoding: br
x-content-type-options: nosniff
age: 73003
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8559
x-xss-protection: 0
server: cafe
etag: 11326455550778179109
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 29 Mar 2023 18:13:16 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 3E35 158 KB
48 KB 141ms
140ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: orangesport.ro
URL: https://orangesport.ro/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3456dcd3eb25196e68e2822cca66a20c2f123bedf5986f159be674e4c40a05cb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 14:29:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 49519
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1678880156327103"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 16 Mar 2023 14:29:59 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 3E35 42 B
63 B 82ms
80ms Image
image/gif 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-DonKkVXtfsEStvimAQRiir9x7wH_4wI6YgxraV3AKkdQ8du_G1iLhRRlc2H5S9aXvkUSuf2CxPWlCYRgGzYgmAVG2o_Q3RIFdmY7jRnq7rB_3TkfI

Requested by

Host: orangesport.ro
URL: https://orangesport.ro/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Mar 2023 14:29:59 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 3E35 0
20 B 82ms
81ms Image
image/gif 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=fetch&cor=3318827580576409885&x=1&ct=76

Requested by

Host: orangesport.ro
URL: https://orangesport.ro/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Mar 2023 14:29:59 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 6597 466 B
235 B 83ms
81ms Document
text/html 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CNKOMxDkyTkYmeGZyAEwAQ&v=APEucNWvdinmx3Qvam6MU9VxoXyBBtE-zBZLNXyGE7VntpKBCK22EQFfu7bni0htrG_rk-a2M8RSpfj7xXV7JTCZRX1acLJno4Lmft5lA4ZNktQxamQ7kWwbuCN1rLPkYe2wdFkr-A-2LGJNX33uSq3jOMUOg9IfJQKwApmc5LzkE47uLemFpLo

Requested by

Host: a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com
URL: https://a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

37ab5c060ae53ccda75b8bd212d874a17650f7954b11c4e31f568990ab40196b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: br
content-length: 215
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 16 Mar 2023 14:29:59 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 dv3.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame 5C64 78 KB
27 KB 243ms
243ms Script
text/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/dv3.js

Requested by

Host: a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com
URL: https://a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

16b432ac8f43a6b2d8aa358f41ee60e2ef5923b2645bf2c37f3a06f8334b1557

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 14:29:59 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 27790
x-xss-protection: 0
server: cafe
etag: 3677590245327912432
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=600
timing-allow-origin: *
expires: Thu, 16 Mar 2023 14:29:59 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 5C64 42 B
63 B 80ms
79ms Image
image/gif 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-D2JM7dK3XUNZS3D9-hMyqqoK245UDCSFjldTrVXJdVZZLyy6jAbitqwgGmXA_rkPavT4aL4vKneHVqn7FTNY7_fnKsHoBZC-kup05U4D9Cw2-b9wI

Requested by

Host: a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com
URL: https://a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Mar 2023 14:29:59 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 5C64 0
20 B 80ms
78ms Image
image/gif 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=fetch&cor=4034464783009076552&x=1&ct=76

Requested by

Host: a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com
URL: https://a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Mar 2023 14:29:59 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230314/r20110914/client/ Frame 5C64 3 KB
1 KB 49ms
48ms Script
text/javascript 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230314/r20110914/client/window_focus_fy2021.js

Requested by

Host: a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com
URL: https://a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 12:37:08 GMT
content-encoding: br
x-content-type-options: nosniff
age: 6771
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 30 Mar 2023 12:37:08 GMT

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230314/r20110914/client/ Frame 5C64 20 KB
8 KB 42ms
41ms Script
text/javascript 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230314/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com
URL: https://a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a9161954861bb1fd7d5044d99f9ce04137b3836979ce8c5c75d224642f57c3f9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Wed, 15 Mar 2023 18:13:16 GMT
content-encoding: br
x-content-type-options: nosniff
age: 73003
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8559
x-xss-protection: 0
server: cafe
etag: 11326455550778179109
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 29 Mar 2023 18:13:16 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 5C64 158 KB
48 KB 120ms
120ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com
URL: https://a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3456dcd3eb25196e68e2822cca66a20c2f123bedf5986f159be674e4c40a05cb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 14:29:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 49519
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1678880156327103"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 16 Mar 2023 14:29:59 GMT

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 72A0 466 B
235 B 97ms
90ms Document
text/html 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=COGKFRCp6RsYvN7jwAEwAQ&v=APEucNXzwn3rg9dxYQ0B1e1yhKiZNeqtL9ImwwRCVa8-tX3FmHRRivj5FhycGShwXgfzp_XLBjuViKo7P06QbFiaVHCoGC1VK2LIWmSasBNc4TyLkN9XqOtXIqR8DxLMT_gzcbFdtDEwKE7rTHOSbmPixpbJBBUJJrzRUKc8j6VA9QyqFL5pxPg

Requested by

Host: a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com
URL: https://a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

37ab5c060ae53ccda75b8bd212d874a17650f7954b11c4e31f568990ab40196b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: br
content-length: 215
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 16 Mar 2023 14:29:59 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 dv3.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame 738F 78 KB
27 KB 262ms
261ms Script
text/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/dv3.js

Requested by

Host: a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com
URL: https://a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

16b432ac8f43a6b2d8aa358f41ee60e2ef5923b2645bf2c37f3a06f8334b1557

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 14:29:59 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 27790
x-xss-protection: 0
server: cafe
etag: 3677590245327912432
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=600
timing-allow-origin: *
expires: Thu, 16 Mar 2023 14:29:59 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 738F 42 B
63 B 95ms
89ms Image
image/gif 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-AhTd-awmq0eXOsaZbp2BjCR_M5lFbQlaGuNXdo2QcrsmA1u8VOSIAtt9NMjpl3PUi8tkzt_YlJKwFn8RjTrbFFGmEqflYRWi998uOYzUKxaQMfeaA

Requested by

Host: a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com
URL: https://a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Mar 2023 14:29:59 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 738F 0
20 B 96ms
90ms Image
image/gif 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=fetch&cor=1454132998387860179&x=1&ct=76

Requested by

Host: a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com
URL: https://a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Mar 2023 14:29:59 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230314/r20110914/client/ Frame 738F 3 KB
1 KB 51ms
41ms Script
text/javascript 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230314/r20110914/client/window_focus_fy2021.js

Requested by

Host: a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com
URL: https://a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 12:37:08 GMT
content-encoding: br
x-content-type-options: nosniff
age: 6771
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 30 Mar 2023 12:37:08 GMT

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230314/r20110914/client/ Frame 738F 20 KB
8 KB 47ms
38ms Script
text/javascript 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230314/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com
URL: https://a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a9161954861bb1fd7d5044d99f9ce04137b3836979ce8c5c75d224642f57c3f9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Wed, 15 Mar 2023 18:13:16 GMT
content-encoding: br
x-content-type-options: nosniff
age: 73003
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8559
x-xss-protection: 0
server: cafe
etag: 11326455550778179109
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 29 Mar 2023 18:13:16 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 738F 158 KB
48 KB 103ms
96ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com
URL: https://a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3456dcd3eb25196e68e2822cca66a20c2f123bedf5986f159be674e4c40a05cb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 14:29:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 49519
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1678880156327103"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 16 Mar 2023 14:29:59 GMT

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 6F60 466 B
235 B 95ms
89ms Document
text/html 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=COGKFRCp6RsYvN7jwAEwAQ&v=APEucNVxyZlIE8ZLrubUdS-OYUQW28ieJwjqTovGSBt-g4Zi-q9tkDIrgSwr5pdt5q1_-OI8YHAijsUWpYmoBQfemSLzIQL7-mjy-T6O_yvVBIu7UfHe7HtPrwzouXryGStcVMT236jo8dUQcVIXFu7UbsNiRbCH-MmCa832Lzjis1Rk_F3-6DQ

Requested by

Host: a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com
URL: https://a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

37ab5c060ae53ccda75b8bd212d874a17650f7954b11c4e31f568990ab40196b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: br
content-length: 215
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 16 Mar 2023 14:29:59 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 dv3.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame 7AE0 78 KB
27 KB 215ms
210ms Script
text/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/dv3.js

Requested by

Host: a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com
URL: https://a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

16b432ac8f43a6b2d8aa358f41ee60e2ef5923b2645bf2c37f3a06f8334b1557

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 14:29:59 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 27790
x-xss-protection: 0
server: cafe
etag: 3677590245327912432
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=600
timing-allow-origin: *
expires: Thu, 16 Mar 2023 14:29:59 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 7AE0 42 B
63 B 92ms
88ms Image
image/gif 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-AV33-SWFeMxTBOFgSDftUKpmidXgWFxjO_TubYDaJq24BajK8cVVN6wwRZLotbUn0DiSN1uRXzs5G0vy4Cj_m8Dxkn1ZXoCSC99G-pBppAIH3aKvc

Requested by

Host: a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com
URL: https://a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Mar 2023 14:29:59 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 7AE0 0
20 B 93ms
89ms Image
image/gif 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=fetch&cor=18343781589991836530&x=1&ct=76

Requested by

Host: a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com
URL: https://a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Mar 2023 14:29:59 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230314/r20110914/client/ Frame 7AE0 3 KB
1 KB 57ms
50ms Script
text/javascript 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230314/r20110914/client/window_focus_fy2021.js

Requested by

Host: a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com
URL: https://a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 12:37:08 GMT
content-encoding: br
x-content-type-options: nosniff
age: 6771
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 30 Mar 2023 12:37:08 GMT

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230314/r20110914/client/ Frame 7AE0 20 KB
8 KB 49ms
42ms Script
text/javascript 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230314/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com
URL: https://a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a9161954861bb1fd7d5044d99f9ce04137b3836979ce8c5c75d224642f57c3f9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Wed, 15 Mar 2023 18:13:16 GMT
content-encoding: br
x-content-type-options: nosniff
age: 73003
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8559
x-xss-protection: 0
server: cafe
etag: 11326455550778179109
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 29 Mar 2023 18:13:16 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 7AE0 158 KB
48 KB 109ms
104ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com
URL: https://a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3456dcd3eb25196e68e2822cca66a20c2f123bedf5986f159be674e4c40a05cb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 14:29:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 49519
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1678880156327103"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 16 Mar 2023 14:29:59 GMT

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 46B0 398 B
222 B 94ms
90ms Document
text/html 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=COGKFRCp6RsYvN7jwAEwAQ&v=APEucNV6C0gXtHfJ-jDqZCL1aosei2-pZs1g8oZzFgNMG1YFL3uJR1TuVRYv-unCdE1G1DPoQu_aXz77MV8AgHyBQe7VPuQaYf60N_-oJR6BgJhKoyKdWzzjPcrocOlGNjpRJZNklPBDpp0Mh9oaHNWOZhpI3Xog5tqXBpNxx2QZ4puoPhVzsUA

Requested by

Host: a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com
URL: https://a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

dc00d2dc19a9dd32d5f89ec3d68bfed90dd775a5fa638855b7fe00d6415f379b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: br
content-length: 202
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 16 Mar 2023 14:29:59 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 dv3.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame 73E7 78 KB
27 KB 210ms
207ms Script
text/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/dv3.js

Requested by

Host: a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com
URL: https://a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

16b432ac8f43a6b2d8aa358f41ee60e2ef5923b2645bf2c37f3a06f8334b1557

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 14:29:59 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 27790
x-xss-protection: 0
server: cafe
etag: 3677590245327912432
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=600
timing-allow-origin: *
expires: Thu, 16 Mar 2023 14:29:59 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 73E7 42 B
63 B 90ms
88ms Image
image/gif 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-BOUbiEzNiR-U7hy49cLP6Bh87oYGlYklE4nWnc3wvFYHo6VJsthRs3ujLSUAPuZUiT_SZz10vQKnf6kd_9FHwn0x3Z-8cYEO6qyhuArhdtkf5vFAQ

Requested by

Host: a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com
URL: https://a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Mar 2023 14:29:59 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 73E7 0
20 B 90ms
88ms Image
image/gif 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=fetch&cor=3059102117803988245&x=1&ct=76

Requested by

Host: a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com
URL: https://a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Mar 2023 14:29:59 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230314/r20110914/client/ Frame 73E7 3 KB
1 KB 56ms
54ms Script
text/javascript 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230314/r20110914/client/window_focus_fy2021.js

Requested by

Host: a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com
URL: https://a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 12:37:08 GMT
content-encoding: br
x-content-type-options: nosniff
age: 6771
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 30 Mar 2023 12:37:08 GMT

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230314/r20110914/client/ Frame 73E7 20 KB
8 KB 47ms
46ms Script
text/javascript 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230314/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com
URL: https://a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a9161954861bb1fd7d5044d99f9ce04137b3836979ce8c5c75d224642f57c3f9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Wed, 15 Mar 2023 18:13:16 GMT
content-encoding: br
x-content-type-options: nosniff
age: 73003
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8559
x-xss-protection: 0
server: cafe
etag: 11326455550778179109
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 29 Mar 2023 18:13:16 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 73E7 158 KB
48 KB 119ms
117ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com
URL: https://a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3456dcd3eb25196e68e2822cca66a20c2f123bedf5986f159be674e4c40a05cb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 14:29:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 49519
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1678880156327103"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 16 Mar 2023 14:29:59 GMT

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 9A28 0
16 B 93ms
89ms Document
text/html 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=COGKFRCp6RsYvN7jwAEwAQ&v=APEucNU25xGyuJb69_0iE4-oPFDi_V2rKlMIv3D2voWCilbgeqKfJP8ES9FrDE4qjYEMI-SmL8Y_tZmu7ZME1ER_GUTdkFQcNHttfEcS-3Yac1ZFyFAsmuQk5kdpTdbZdi36YXq-nANPiqvjtOlnD2PY9NfeO9G21DqiukS8P8ibIk2mkRH4xQ0

Requested by

Host: a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com
URL: https://a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 16 Mar 2023 14:29:59 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 dv3.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame 3218 78 KB
27 KB 250ms
249ms Script
text/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/dv3.js

Requested by

Host: a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com
URL: https://a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

16b432ac8f43a6b2d8aa358f41ee60e2ef5923b2645bf2c37f3a06f8334b1557

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 14:29:59 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 27790
x-xss-protection: 0
server: cafe
etag: 3677590245327912432
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=600
timing-allow-origin: *
expires: Thu, 16 Mar 2023 14:29:59 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 3218 42 B
63 B 88ms
84ms Image
image/gif 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-CgocbphOB7Eq_Z-5_gEj01YxawSI5DSqB5SOIJn2r7Nkdq6p9cPjfHWwaUVaroJvNfbs6k_P_4pDqokeuWKlhbQISws9LwFwBPMtRSW3qta4Po4Nk

Requested by

Host: a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com
URL: https://a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Mar 2023 14:29:59 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 3218 0
20 B 87ms
83ms Image
image/gif 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=fetch&cor=10645229588543790716&x=1&ct=76

Requested by

Host: a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com
URL: https://a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Mar 2023 14:29:59 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230314/r20110914/client/ Frame 3218 3 KB
1 KB 54ms
49ms Script
text/javascript 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230314/r20110914/client/window_focus_fy2021.js

Requested by

Host: a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com
URL: https://a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 12:37:08 GMT
content-encoding: br
x-content-type-options: nosniff
age: 6771
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 30 Mar 2023 12:37:08 GMT

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230314/r20110914/client/ Frame 3218 20 KB
8 KB 51ms
47ms Script
text/javascript 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230314/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com
URL: https://a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a9161954861bb1fd7d5044d99f9ce04137b3836979ce8c5c75d224642f57c3f9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Wed, 15 Mar 2023 18:13:16 GMT
content-encoding: br
x-content-type-options: nosniff
age: 73003
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8559
x-xss-protection: 0
server: cafe
etag: 11326455550778179109
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 29 Mar 2023 18:13:16 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 3218 158 KB
48 KB 95ms
91ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com
URL: https://a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3456dcd3eb25196e68e2822cca66a20c2f123bedf5986f159be674e4c40a05cb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 14:29:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 49519
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1678880156327103"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 16 Mar 2023 14:29:59 GMT

GET
H2 200 syncframe Show response
gum.criteo.com/ Frame C94E 15 KB
6 KB 188ms
46ms Document
text/html 2a02:2638:3::c
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://gum.criteo.com/syncframe?origin=publishertagids&topUrl=orangesport.ro

Requested by

Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.ids.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::c , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

97d67f8c2575e19d30ae28a32bad7610849e0e56c81ca66e51178124a5c5eed2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://orangesport.ro/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: private, max-age=3600
content-encoding: gzip
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Thu, 16 Mar 2023 14:29:58 GMT
server: Kestrel
server-processing-duration-in-ticks: 377865
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding

GET
H3 200 haezTdMeijvNpzpe-iMvzf0waJjhxHRsaf2aRdVkA3o.js Show response
pagead2.googlesyndication.com/bg/ Frame 48DE 36 KB
14 KB 49ms
48ms Script
text/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/haezTdMeijvNpzpe-iMvzf0waJjhxHRsaf2aRdVkA3o.js

Requested by

Host: orangesport.ro
URL: https://orangesport.ro/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

85a7b34dd31e8a3bcda73a5efa232fcdfd306898e1c4746c69fd9a45d564037a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Wed, 15 Mar 2023 13:18:39 GMT
content-encoding: br
x-content-type-options: nosniff
age: 90680
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14212
x-xss-protection: 0
last-modified: Mon, 06 Mar 2023 11:38:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 14 Mar 2024 13:18:39 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 958C
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEIv0JSDc7a1CAcnptgijER8&google_cver=1

43 B
766 B

85ms
42ms

Image
image/gif

185.80.39.216
CASALE-MEDIA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEIv0JSDc7a1CAcnptgijER8&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CNKOMxDkyTkY8NiZyAEwAQ&v=APEucNXxRqGRqQfgSuRVGAAbJ48nG0BlBh_ahP6Fh8ajPFUJZk4Zx_YtVC2QlRKxafFnb-Li5D7d4ZPslO78WjvWp0LY4vjiybXseyAP4-5rSYtg-fYHsSs4V8HGnngMutwb_RATKTTDSiP6Z4Q9BmA8sJjcpmxD4_Pz4FoYeXlfXxV_tJY2Uoo
Protocol: HTTP/1.1
Server: 185.80.39.216 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 16 Mar 2023 14:29:59 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: image/gif
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=498
Content-Length: 43
Expires: 0

Redirect headers

pragma: no-cache
date: Thu, 16 Mar 2023 14:29:59 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEIv0JSDc7a1CAcnptgijER8&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 958C
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZBMn5w.i1uo6rvuE5ijhTgAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEIv0JSDc7a1CAcnptgijER8&google_cver=1&google_hm=2

43 B
766 B

44ms
43ms

Image
image/gif

185.80.39.216
CASALE-MEDIA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEIv0JSDc7a1CAcnptgijER8&google_cver=1&google_hm=2
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CNKOMxDkyTkY8NiZyAEwAQ&v=APEucNXxRqGRqQfgSuRVGAAbJ48nG0BlBh_ahP6Fh8ajPFUJZk4Zx_YtVC2QlRKxafFnb-Li5D7d4ZPslO78WjvWp0LY4vjiybXseyAP4-5rSYtg-fYHsSs4V8HGnngMutwb_RATKTTDSiP6Z4Q9BmA8sJjcpmxD4_Pz4FoYeXlfXxV_tJY2Uoo
Protocol: HTTP/1.1
Server: 185.80.39.216 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 16 Mar 2023 14:30:00 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: image/gif
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=497
Content-Length: 43
Expires: 0

Redirect headers

pragma: no-cache
date: Thu, 16 Mar 2023 14:29:59 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEIv0JSDc7a1CAcnptgijER8&google_cver=1&google_hm=2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 329
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

setuid
ib.adnxs.com/ Frame 958C
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEJF55DRF8tAZXsxoLvQTZW4&google_cver=1

43 B
1 KB

52ms
45ms

Image
image/gif

185.89.210.212
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=101&code=CAESEJF55DRF8tAZXsxoLvQTZW4&google_cver=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CNKOMxDkyTkY8NiZyAEwAQ&v=APEucNXxRqGRqQfgSuRVGAAbJ48nG0BlBh_ahP6Fh8ajPFUJZk4Zx_YtVC2QlRKxafFnb-Li5D7d4ZPslO78WjvWp0LY4vjiybXseyAP4-5rSYtg-fYHsSs4V8HGnngMutwb_RATKTTDSiP6Z4Q9BmA8sJjcpmxD4_Pz4FoYeXlfXxV_tJY2Uoo

Protocol

HTTP/1.1

Server

185.89.210.212 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

942.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 16 Mar 2023 14:29:59 GMT
AN-X-Request-Uuid: 1f9d0ea0-40ec-4b91-85ef-980c9b008e55
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: image/gif
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
X-Proxy-Origin: 80.255.7.106; 80.255.7.106; 942.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 16 Mar 2023 14:29:59 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://ib.adnxs.com/setuid?entity=101&code=CAESEJF55DRF8tAZXsxoLvQTZW4&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 290
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

pixel
cm.g.doubleclick.net/ Frame 958C
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=Njg2OTkwOTA0MDc5NDk0NzQ5Nw%3D%3D

170 B
232 B

51ms
51ms

Image
image/png

142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=Njg2OTkwOTA0MDc5NDk0NzQ5Nw%3D%3D

Requested by

Protocol

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Mar 2023 14:30:00 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date: Thu, 16 Mar 2023 14:29:59 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Connection: keep-alive
X-Proxy-Origin: 80.255.7.106; 80.255.7.106; 942.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
Content-Length: 0
X-XSS-Protection: 0
Pragma: no-cache
AN-X-Request-Uuid: 76a728b3-4d85-4913-a488-9ee323ae28ca
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: text/html; charset=utf-8
Access-Control-Allow-Origin: *
Location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=Njg2OTkwOTA0MDc5NDk0NzQ5Nw%3D%3D
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 7085
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEIv0JSDc7a1CAcnptgijER8&google_cver=1

43 B
632 B

84ms
41ms

Image
image/gif

185.80.39.216
CASALE-MEDIA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEIv0JSDc7a1CAcnptgijER8&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CNKOMxDkyTkY8NiZyAEwAQ&v=APEucNUm-9KSLP5FmUzfbqIG6fF19e9Y8hIVH-uA2Pv4P1LU3a1Q3UTJQXlc_2uXoV__0Fds1OzhNzbscNuZPpYLIhguXoDaxL2dwGuaT2MC66uNhHzHVCtImWl0uYvjbTsAkd9N7fc27rRZk6zwRyKPtIxHDHPgxZ3GOlixo3-ZAL03B5OY95k
Protocol: HTTP/1.1
Server: 185.80.39.216 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 16 Mar 2023 14:29:59 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: image/gif
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=498
Content-Length: 43
Expires: 0

Redirect headers

pragma: no-cache
date: Thu, 16 Mar 2023 14:29:59 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEIv0JSDc7a1CAcnptgijER8&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 7085
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZBMn5w.i1uo6rvuE5ijhTgAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEIv0JSDc7a1CAcnptgijER8&google_cver=1&google_hm=2

43 B
632 B

43ms
42ms

Image
image/gif

185.80.39.216
CASALE-MEDIA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEIv0JSDc7a1CAcnptgijER8&google_cver=1&google_hm=2
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CNKOMxDkyTkY8NiZyAEwAQ&v=APEucNUm-9KSLP5FmUzfbqIG6fF19e9Y8hIVH-uA2Pv4P1LU3a1Q3UTJQXlc_2uXoV__0Fds1OzhNzbscNuZPpYLIhguXoDaxL2dwGuaT2MC66uNhHzHVCtImWl0uYvjbTsAkd9N7fc27rRZk6zwRyKPtIxHDHPgxZ3GOlixo3-ZAL03B5OY95k
Protocol: HTTP/1.1
Server: 185.80.39.216 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 16 Mar 2023 14:30:00 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: image/gif
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=497
Content-Length: 43
Expires: 0

Redirect headers

pragma: no-cache
date: Thu, 16 Mar 2023 14:29:59 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEIv0JSDc7a1CAcnptgijER8&google_cver=1&google_hm=2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 329
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

setuid
ib.adnxs.com/ Frame 7085
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEJF55DRF8tAZXsxoLvQTZW4&google_cver=1

43 B
1 KB

48ms
45ms

Image
image/gif

185.89.210.212
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=101&code=CAESEJF55DRF8tAZXsxoLvQTZW4&google_cver=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CNKOMxDkyTkY8NiZyAEwAQ&v=APEucNUm-9KSLP5FmUzfbqIG6fF19e9Y8hIVH-uA2Pv4P1LU3a1Q3UTJQXlc_2uXoV__0Fds1OzhNzbscNuZPpYLIhguXoDaxL2dwGuaT2MC66uNhHzHVCtImWl0uYvjbTsAkd9N7fc27rRZk6zwRyKPtIxHDHPgxZ3GOlixo3-ZAL03B5OY95k

Protocol

HTTP/1.1

Server

185.89.210.212 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

942.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 16 Mar 2023 14:29:59 GMT
AN-X-Request-Uuid: 05045ece-e7db-4275-933b-a0e57f9de820
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: image/gif
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
X-Proxy-Origin: 80.255.7.106; 80.255.7.106; 942.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 16 Mar 2023 14:29:59 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://ib.adnxs.com/setuid?entity=101&code=CAESEJF55DRF8tAZXsxoLvQTZW4&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 290
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

pixel
cm.g.doubleclick.net/ Frame 7085
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=Njg2OTkwOTA0MDc5NDk0NzQ5Nw%3D%3D

170 B
243 B

50ms
49ms

Image
image/png

142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=Njg2OTkwOTA0MDc5NDk0NzQ5Nw%3D%3D

Requested by

Protocol

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Mar 2023 14:29:59 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date: Thu, 16 Mar 2023 14:29:59 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Connection: keep-alive
X-Proxy-Origin: 80.255.7.106; 80.255.7.106; 942.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
Content-Length: 0
X-XSS-Protection: 0
Pragma: no-cache
AN-X-Request-Uuid: 82292752-7dab-4752-baf4-5e3645d027ec
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: text/html; charset=utf-8
Access-Control-Allow-Origin: *
Location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=Njg2OTkwOTA0MDc5NDk0NzQ5Nw%3D%3D
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2

200

sd
us-u.openx.net/w/1.0/ Frame 0AB9
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_dbm
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEA7iG_YlWGPmIrQJGt_MAX4&google_cver=1

43 B
114 B

50ms
49ms

Image
image/gif

35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEA7iG_YlWGPmIrQJGt_MAX4&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CNKo89UCEOuOtqEDGNyNnOEBMAE&v=APEucNX_4AevaFoEJRDPNLpAMbXW7ebINEfXWimYVNdthA-Wu7vUcf0OwZjhejRzb2cQtgpQemhM3G6hYJdMNn3606u5xy3gOkDQpOVsbFpwEfxcFhWCw59xfPoEDrd_O3_6rwZQfsYkswGkHoptYH5Gyf5SmLPMeOILXEOp3Tsdbf63dJJ6u1s
Protocol: H2
Server: 35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/0.0.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Mar 2023 14:29:59 GMT
via: 1.1 google
server: OXGW/0.0.0
vary: Accept
content-type: image/gif
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 16 Mar 2023 14:29:59 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEA7iG_YlWGPmIrQJGt_MAX4&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 295
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 cm
us-u.openx.net/w/1.0/ Frame 0AB9 43 B
304 B 160ms
48ms Image
image/gif 35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/cm?id=9ca165a9-d9fe-2ff6-d83d-d145a80b0d37&r=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dopenx%26google_hm%3D%7Bopenx_uuid_base64%7D
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CNKo89UCEOuOtqEDGNyNnOEBMAE&v=APEucNX_4AevaFoEJRDPNLpAMbXW7ebINEfXWimYVNdthA-Wu7vUcf0OwZjhejRzb2cQtgpQemhM3G6hYJdMNn3606u5xy3gOkDQpOVsbFpwEfxcFhWCw59xfPoEDrd_O3_6rwZQfsYkswGkHoptYH5Gyf5SmLPMeOILXEOp3Tsdbf63dJJ6u1s
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/0.0.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Mar 2023 14:29:59 GMT
content-encoding: gzip
via: 1.1 google
server: OXGW/0.0.0
vary: Accept, Accept-Encoding
content-type: image/gif
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 56
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H2

200

um
sync.teads.tv/ Frame 0AB9
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=teadstv_dbm&google_cm&google_dbm
https://sync.teads.tv/um?eid=3&uid=CAESEDuUW2G4MRWAVqwMJvXwbjw&google_cver=1

23 B
172 B

67ms
65ms

Image
image/gif

104.111.217.42
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.teads.tv/um?eid=3&uid=CAESEDuUW2G4MRWAVqwMJvXwbjw&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CNKo89UCEOuOtqEDGNyNnOEBMAE&v=APEucNX_4AevaFoEJRDPNLpAMbXW7ebINEfXWimYVNdthA-Wu7vUcf0OwZjhejRzb2cQtgpQemhM3G6hYJdMNn3606u5xy3gOkDQpOVsbFpwEfxcFhWCw59xfPoEDrd_O3_6rwZQfsYkswGkHoptYH5Gyf5SmLPMeOILXEOp3Tsdbf63dJJ6u1s
Protocol: H2
Server: 104.111.217.42 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-111-217-42.deploy.static.akamaitechnologies.com
Software: akka-http/10.2.10 /
Resource Hash: 328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

expires: Thu, 16 Mar 2023 14:29:59 GMT
pragma: no-cache
date: Thu, 16 Mar 2023 14:29:59 GMT
cache-control: max-age=0, no-cache, no-store
server: akka-http/10.2.10
content-length: 23
content-type: image/gif

Redirect headers

pragma: no-cache
date: Thu, 16 Mar 2023 14:29:59 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://sync.teads.tv/um?eid=3&uid=CAESEDuUW2G4MRWAVqwMJvXwbjw&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 281
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 um
sync.teads.tv/ Frame 0AB9 23 B
172 B 219ms
66ms Image
image/gif 104.111.217.42
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.teads.tv/um?eid=3&uid=&fb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dteadstv_dbm%26google_hm%3D%5BVID_B64%5D
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CNKo89UCEOuOtqEDGNyNnOEBMAE&v=APEucNX_4AevaFoEJRDPNLpAMbXW7ebINEfXWimYVNdthA-Wu7vUcf0OwZjhejRzb2cQtgpQemhM3G6hYJdMNn3606u5xy3gOkDQpOVsbFpwEfxcFhWCw59xfPoEDrd_O3_6rwZQfsYkswGkHoptYH5Gyf5SmLPMeOILXEOp3Tsdbf63dJJ6u1s
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.111.217.42 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-111-217-42.deploy.static.akamaitechnologies.com
Software: akka-http/10.2.10 /
Resource Hash: 328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

expires: Thu, 16 Mar 2023 14:29:59 GMT
pragma: no-cache
date: Thu, 16 Mar 2023 14:29:59 GMT
cache-control: max-age=0, no-cache, no-store
server: akka-http/10.2.10
content-length: 23
content-type: image/gif

GET
DATA 200
OK truncated
/ Frame BC55 213 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e77796cceff8754cfcde438e4cf808f78e6b06a6c3aaa08e2de7a412447da672

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

Content-Type: image/png

GET
H/1.1

200

partner
sync.search.spotxchange.com/ Frame 7494
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=spotxchange_dbm&google_cm&google_dbm
https://sync.search.spotxchange.com/partner?adv_id=7025&uid=CAESEJzbCppGcLmDb2sF9BB45N4&google_cver=1
https://sync.search.spotxchange.com/partner?adv_id=7025&uid=CAESEJzbCppGcLmDb2sF9BB45N4&google_cver=1&__user_check__=1&sync_id=082dec9e-c407-11ed-b56c-1ce730eb0206

43 B
549 B

47ms
44ms

Image
image/gif

185.94.180.126
SPOTX-AMS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.search.spotxchange.com/partner?adv_id=7025&uid=CAESEJzbCppGcLmDb2sF9BB45N4&google_cver=1&__user_check__=1&sync_id=082dec9e-c407-11ed-b56c-1ce730eb0206
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CNKo89UCEOuOtqEDGNyNnOEBMAE&v=APEucNWKceS5rwiNxHNwevw4HGnA7YS5dIFc8iw1-TSt7yZHemvBP6KjFmYYNRRJrKvEJoGAgl23Yd_yOEQCdETdsdLE7--Czi2jKJBLnflH-2Ww2hDevfqGngI6lpUMO9rBvnQHGz23b4WPyXobRiq5WUnL54vtHHFhqP91jn0MUa2cYrN8zv4
Protocol: HTTP/1.1
Server: 185.94.180.126 Amsterdam, Netherlands, ASN35220 (SPOTX-AMS, US),
Reverse DNS
Software: nginx /
Resource Hash: e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

Date: Thu, 16 Mar 2023 14:30:00 GMT
Server: nginx
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: image/gif
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
Access-Control-Allow-Credentials: false
X-fe: 127
Connection: keep-alive
Content-Length: 43

Redirect headers

Date: Thu, 16 Mar 2023 14:29:59 GMT
Server: nginx
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: text/plain
Location: /partner?adv_id=7025&uid=CAESEJzbCppGcLmDb2sF9BB45N4&google_cver=1&__user_check__=1&sync_id=082dec9e-c407-11ed-b56c-1ce730eb0206
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
Access-Control-Allow-Credentials: false
X-fe: 140
Connection: keep-alive
Content-Length: 0

GET
H2

200

pixel
cm.g.doubleclick.net/ Frame 7494
Redirect Chain

https://sync.search.spotxchange.com/partner?adv_id=7025&redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dspotxchange_dbm%26google_hm%3D%24SPOTX_BASE64_USER_ID
https://sync.search.spotxchange.com/partner?adv_id=7025&redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dspotxchange_dbm%26google_hm%3D%24SPOTX_BASE64_USER_ID&__user_check__=1&sync_i...
https://cm.g.doubleclick.net/pixel?google_nid=spotxchange_dbm&google_hm=MDgyMzk4NDQtYzQwNy0xMWVkLWE1OTktMWFjMDU0NDIwNTA2

170 B
232 B

50ms
50ms

Image
image/png

142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=spotxchange_dbm&google_hm=MDgyMzk4NDQtYzQwNy0xMWVkLWE1OTktMWFjMDU0NDIwNTA2

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CNKo89UCEOuOtqEDGNyNnOEBMAE&v=APEucNWKceS5rwiNxHNwevw4HGnA7YS5dIFc8iw1-TSt7yZHemvBP6KjFmYYNRRJrKvEJoGAgl23Yd_yOEQCdETdsdLE7--Czi2jKJBLnflH-2Ww2hDevfqGngI6lpUMO9rBvnQHGz23b4WPyXobRiq5WUnL54vtHHFhqP91jn0MUa2cYrN8zv4

Protocol

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Mar 2023 14:30:00 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date: Thu, 16 Mar 2023 14:29:59 GMT
Server: nginx
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: text/plain
Location: https://cm.g.doubleclick.net/pixel?google_nid=spotxchange_dbm&google_hm=MDgyMzk4NDQtYzQwNy0xMWVkLWE1OTktMWFjMDU0NDIwNTA2
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
Access-Control-Allow-Credentials: false
X-fe: 142
Connection: keep-alive
Content-Length: 0

GET
H2

200

pixel
cm.g.doubleclick.net/ Frame 7494
Redirect Chain

https://ups.analytics.yahoo.com/ups/58269/sync?_origin=1&redir=true
https://ups.analytics.yahoo.com/ups/58269/sync?_origin=1&redir=true&verify=true
https://cm.g.doubleclick.net/pixel?google_nid=oath_dbm&google_hm=eS1qZXZpZ0JSRTJ1RVRVUVNsRUUyRzhxcThXNDZiR2NsX35B

170 B
232 B

51ms
49ms

Image
image/png

142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=oath_dbm&google_hm=eS1qZXZpZ0JSRTJ1RVRVUVNsRUUyRzhxcThXNDZiR2NsX35B

Requested by

Protocol

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Mar 2023 14:30:00 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=oath_dbm&google_hm=eS1qZXZpZ0JSRTJ1RVRVUVNsRUUyRzhxcThXNDZiR2NsX35B
date: Thu, 16 Mar 2023 14:29:59 GMT
strict-transport-security: max-age=31536000
server: ATS/9.1.10.25
age: 0
content-length: 0
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

GET
H/1.1

200

partner
sync.search.spotxchange.com/ Frame 6597
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=spotxchange_dbm&google_cm&google_dbm
https://sync.search.spotxchange.com/partner?adv_id=7025&uid=CAESEJzbCppGcLmDb2sF9BB45N4&google_cver=1
https://sync.search.spotxchange.com/partner?adv_id=7025&uid=CAESEJzbCppGcLmDb2sF9BB45N4&google_cver=1&__user_check__=1&sync_id=082ded96-c407-11ed-9ca6-14f0ef8b0306

43 B
549 B

61ms
45ms

Image
image/gif

185.94.180.126
SPOTX-AMS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.search.spotxchange.com/partner?adv_id=7025&uid=CAESEJzbCppGcLmDb2sF9BB45N4&google_cver=1&__user_check__=1&sync_id=082ded96-c407-11ed-9ca6-14f0ef8b0306
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CNKOMxDkyTkYmeGZyAEwAQ&v=APEucNWvdinmx3Qvam6MU9VxoXyBBtE-zBZLNXyGE7VntpKBCK22EQFfu7bni0htrG_rk-a2M8RSpfj7xXV7JTCZRX1acLJno4Lmft5lA4ZNktQxamQ7kWwbuCN1rLPkYe2wdFkr-A-2LGJNX33uSq3jOMUOg9IfJQKwApmc5LzkE47uLemFpLo
Protocol: HTTP/1.1
Server: 185.94.180.126 Amsterdam, Netherlands, ASN35220 (SPOTX-AMS, US),
Reverse DNS
Software: nginx /
Resource Hash: e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

Date: Thu, 16 Mar 2023 14:30:00 GMT
Server: nginx
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: image/gif
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
Access-Control-Allow-Credentials: false
X-fe: 143
Connection: keep-alive
Content-Length: 43

Redirect headers

Date: Thu, 16 Mar 2023 14:29:59 GMT
Server: nginx
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: text/plain
Location: /partner?adv_id=7025&uid=CAESEJzbCppGcLmDb2sF9BB45N4&google_cver=1&__user_check__=1&sync_id=082ded96-c407-11ed-9ca6-14f0ef8b0306
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
Access-Control-Allow-Credentials: false
X-fe: 101
Connection: keep-alive
Content-Length: 0

GET
H2

200

pixel
cm.g.doubleclick.net/ Frame 6597
Redirect Chain

https://sync.search.spotxchange.com/partner?adv_id=7025&redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dspotxchange_dbm%26google_hm%3D%24SPOTX_BASE64_USER_ID
https://sync.search.spotxchange.com/partner?adv_id=7025&redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dspotxchange_dbm%26google_hm%3D%24SPOTX_BASE64_USER_ID&__user_check__=1&sync_i...
https://cm.g.doubleclick.net/pixel?google_nid=spotxchange_dbm&google_hm=MDgyMzk4NDQtYzQwNy0xMWVkLWE1OTktMWFjMDU0NDIwNTA2

170 B
232 B

51ms
50ms

Image
image/png

142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=spotxchange_dbm&google_hm=MDgyMzk4NDQtYzQwNy0xMWVkLWE1OTktMWFjMDU0NDIwNTA2

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CNKOMxDkyTkYmeGZyAEwAQ&v=APEucNWvdinmx3Qvam6MU9VxoXyBBtE-zBZLNXyGE7VntpKBCK22EQFfu7bni0htrG_rk-a2M8RSpfj7xXV7JTCZRX1acLJno4Lmft5lA4ZNktQxamQ7kWwbuCN1rLPkYe2wdFkr-A-2LGJNX33uSq3jOMUOg9IfJQKwApmc5LzkE47uLemFpLo

Protocol

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Mar 2023 14:30:00 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date: Thu, 16 Mar 2023 14:29:59 GMT
Server: nginx
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: text/plain
Location: https://cm.g.doubleclick.net/pixel?google_nid=spotxchange_dbm&google_hm=MDgyMzk4NDQtYzQwNy0xMWVkLWE1OTktMWFjMDU0NDIwNTA2
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
Access-Control-Allow-Credentials: false
X-fe: 102
Connection: keep-alive
Content-Length: 0

GET
H2

200

pixel
cm.g.doubleclick.net/ Frame 6597
Redirect Chain

https://ups.analytics.yahoo.com/ups/58269/sync?_origin=1&redir=true
https://ups.analytics.yahoo.com/ups/58269/sync?_origin=1&redir=true&verify=true
https://cm.g.doubleclick.net/pixel?google_nid=oath_dbm&google_hm=eS1qZXZpZ0JSRTJ1RVRVUVNsRUUyRzhxcThXNDZiR2NsX35B

170 B
232 B

54ms
51ms

Image
image/png

142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=oath_dbm&google_hm=eS1qZXZpZ0JSRTJ1RVRVUVNsRUUyRzhxcThXNDZiR2NsX35B

Requested by

Protocol

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Mar 2023 14:30:00 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=oath_dbm&google_hm=eS1qZXZpZ0JSRTJ1RVRVUVNsRUUyRzhxcThXNDZiR2NsX35B
date: Thu, 16 Mar 2023 14:29:59 GMT
strict-transport-security: max-age=31536000
server: ATS/9.1.10.25
age: 0
content-length: 0
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

GET
H2 200 pwt.js Show response
ads.pubmatic.com/AdServer/js/pwt/160835/4933/ Frame BC55 210 KB
65 KB 133ms
41ms Script
application/javascript 23.35.236.201
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/pwt/160835/4933/pwt.js
Requested by: Host: assets.revcontent.com
URL: https://assets.revcontent.com/master/delivery.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.35.236.201 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-35-236-201.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 223fc8122a307637f83efd6b57fb96e0daf8795aaa98e431e83064efa65b4da3

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://orangesport.ro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 14:29:59 GMT
content-encoding: gzip
last-modified: Mon, 28 Nov 2022 20:34:20 GMT
server: Apache
vary: Accept-Encoding
content-type: application/javascript
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
cache-control: max-age=27188
accept-ranges: bytes
content-length: 65523
expires: Thu, 16 Mar 2023 22:03:07 GMT

GET
H/1.1

200

partner
sync.search.spotxchange.com/ Frame 72A0
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=spotxchange_dbm&google_cm&google_dbm
https://sync.search.spotxchange.com/partner?adv_id=7025&uid=CAESEJzbCppGcLmDb2sF9BB45N4&google_cver=1
https://sync.search.spotxchange.com/partner?adv_id=7025&uid=CAESEJzbCppGcLmDb2sF9BB45N4&google_cver=1&__user_check__=1&sync_id=082d892a-c407-11ed-b567-14684a3a0406

43 B
547 B

48ms
45ms

Image
image/gif

185.94.180.126
SPOTX-AMS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.search.spotxchange.com/partner?adv_id=7025&uid=CAESEJzbCppGcLmDb2sF9BB45N4&google_cver=1&__user_check__=1&sync_id=082d892a-c407-11ed-b567-14684a3a0406
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=COGKFRCp6RsYvN7jwAEwAQ&v=APEucNXzwn3rg9dxYQ0B1e1yhKiZNeqtL9ImwwRCVa8-tX3FmHRRivj5FhycGShwXgfzp_XLBjuViKo7P06QbFiaVHCoGC1VK2LIWmSasBNc4TyLkN9XqOtXIqR8DxLMT_gzcbFdtDEwKE7rTHOSbmPixpbJBBUJJrzRUKc8j6VA9QyqFL5pxPg
Protocol: HTTP/1.1
Server: 185.94.180.126 Amsterdam, Netherlands, ASN35220 (SPOTX-AMS, US),
Reverse DNS
Software: nginx /
Resource Hash: e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

Date: Thu, 16 Mar 2023 14:30:00 GMT
Server: nginx
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: image/gif
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
Access-Control-Allow-Credentials: false
X-fe: 4
Connection: keep-alive
Content-Length: 43

Redirect headers

Date: Thu, 16 Mar 2023 14:29:59 GMT
Server: nginx
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: text/plain
Location: /partner?adv_id=7025&uid=CAESEJzbCppGcLmDb2sF9BB45N4&google_cver=1&__user_check__=1&sync_id=082d892a-c407-11ed-b567-14684a3a0406
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
Access-Control-Allow-Credentials: false
X-fe: 117
Connection: keep-alive
Content-Length: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 72A0
Redirect Chain

https://sync.search.spotxchange.com/partner?adv_id=7025&redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dspotxchange_dbm%26google_hm%3D%24SPOTX_BASE64_USER_ID
https://sync.search.spotxchange.com/partner?adv_id=7025&redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dspotxchange_dbm%26google_hm%3D%24SPOTX_BASE64_USER_ID&__user_check__=1&sync_i...
https://cm.g.doubleclick.net/pixel?google_nid=spotxchange_dbm&google_hm=MDgyMzk4NDQtYzQwNy0xMWVkLWE1OTktMWFjMDU0NDIwNTA2

170 B
188 B

54ms
53ms

Image
image/png

142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=spotxchange_dbm&google_hm=MDgyMzk4NDQtYzQwNy0xMWVkLWE1OTktMWFjMDU0NDIwNTA2

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=COGKFRCp6RsYvN7jwAEwAQ&v=APEucNXzwn3rg9dxYQ0B1e1yhKiZNeqtL9ImwwRCVa8-tX3FmHRRivj5FhycGShwXgfzp_XLBjuViKo7P06QbFiaVHCoGC1VK2LIWmSasBNc4TyLkN9XqOtXIqR8DxLMT_gzcbFdtDEwKE7rTHOSbmPixpbJBBUJJrzRUKc8j6VA9QyqFL5pxPg

Protocol

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Mar 2023 14:30:00 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date: Thu, 16 Mar 2023 14:30:00 GMT
Server: nginx
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: text/plain
Location: https://cm.g.doubleclick.net/pixel?google_nid=spotxchange_dbm&google_hm=MDgyMzk4NDQtYzQwNy0xMWVkLWE1OTktMWFjMDU0NDIwNTA2
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
Access-Control-Allow-Credentials: false
X-fe: 26
Connection: keep-alive
Content-Length: 0

GET
H2

200

pixel
cm.g.doubleclick.net/ Frame 72A0
Redirect Chain

https://ups.analytics.yahoo.com/ups/58269/sync?_origin=1&redir=true
https://ups.analytics.yahoo.com/ups/58269/sync?_origin=1&redir=true&verify=true
https://cm.g.doubleclick.net/pixel?google_nid=oath_dbm&google_hm=eS1qZXZpZ0JSRTJ1RVRVUVNsRUUyRzhxcThXNDZiR2NsX35B

170 B
232 B

52ms
50ms

Image
image/png

142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=oath_dbm&google_hm=eS1qZXZpZ0JSRTJ1RVRVUVNsRUUyRzhxcThXNDZiR2NsX35B

Requested by

Protocol

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Mar 2023 14:30:00 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=oath_dbm&google_hm=eS1qZXZpZ0JSRTJ1RVRVUVNsRUUyRzhxcThXNDZiR2NsX35B
date: Thu, 16 Mar 2023 14:29:59 GMT
strict-transport-security: max-age=31536000
server: ATS/9.1.10.25
age: 0
content-length: 0
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

GET
H/1.1

200

partner
sync.search.spotxchange.com/ Frame 6F60
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=spotxchange_dbm&google_cm&google_dbm
https://sync.search.spotxchange.com/partner?adv_id=7025&uid=CAESEJzbCppGcLmDb2sF9BB45N4&google_cver=1
https://sync.search.spotxchange.com/partner?adv_id=7025&uid=CAESEJzbCppGcLmDb2sF9BB45N4&google_cver=1&__user_check__=1&sync_id=082dce26-c407-11ed-9efd-1093d7b30106

43 B
549 B

59ms
44ms

Image
image/gif

185.94.180.126
SPOTX-AMS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.search.spotxchange.com/partner?adv_id=7025&uid=CAESEJzbCppGcLmDb2sF9BB45N4&google_cver=1&__user_check__=1&sync_id=082dce26-c407-11ed-9efd-1093d7b30106
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=COGKFRCp6RsYvN7jwAEwAQ&v=APEucNVxyZlIE8ZLrubUdS-OYUQW28ieJwjqTovGSBt-g4Zi-q9tkDIrgSwr5pdt5q1_-OI8YHAijsUWpYmoBQfemSLzIQL7-mjy-T6O_yvVBIu7UfHe7HtPrwzouXryGStcVMT236jo8dUQcVIXFu7UbsNiRbCH-MmCa832Lzjis1Rk_F3-6DQ
Protocol: HTTP/1.1
Server: 185.94.180.126 Amsterdam, Netherlands, ASN35220 (SPOTX-AMS, US),
Reverse DNS
Software: nginx /
Resource Hash: e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

Date: Thu, 16 Mar 2023 14:30:00 GMT
Server: nginx
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: image/gif
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
Access-Control-Allow-Credentials: false
X-fe: 100
Connection: keep-alive
Content-Length: 43

Redirect headers

Date: Thu, 16 Mar 2023 14:29:59 GMT
Server: nginx
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: text/plain
Location: /partner?adv_id=7025&uid=CAESEJzbCppGcLmDb2sF9BB45N4&google_cver=1&__user_check__=1&sync_id=082dce26-c407-11ed-9efd-1093d7b30106
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
Access-Control-Allow-Credentials: false
X-fe: 7
Connection: keep-alive
Content-Length: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 6F60
Redirect Chain

https://sync.search.spotxchange.com/partner?adv_id=7025&redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dspotxchange_dbm%26google_hm%3D%24SPOTX_BASE64_USER_ID
https://sync.search.spotxchange.com/partner?adv_id=7025&redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dspotxchange_dbm%26google_hm%3D%24SPOTX_BASE64_USER_ID&__user_check__=1&sync_i...
https://cm.g.doubleclick.net/pixel?google_nid=spotxchange_dbm&google_hm=MDgyMzk4NDQtYzQwNy0xMWVkLWE1OTktMWFjMDU0NDIwNTA2

170 B
188 B

52ms
51ms

Image
image/png

142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=spotxchange_dbm&google_hm=MDgyMzk4NDQtYzQwNy0xMWVkLWE1OTktMWFjMDU0NDIwNTA2

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=COGKFRCp6RsYvN7jwAEwAQ&v=APEucNVxyZlIE8ZLrubUdS-OYUQW28ieJwjqTovGSBt-g4Zi-q9tkDIrgSwr5pdt5q1_-OI8YHAijsUWpYmoBQfemSLzIQL7-mjy-T6O_yvVBIu7UfHe7HtPrwzouXryGStcVMT236jo8dUQcVIXFu7UbsNiRbCH-MmCa832Lzjis1Rk_F3-6DQ

Protocol

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Mar 2023 14:30:00 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date: Thu, 16 Mar 2023 14:30:00 GMT
Server: nginx
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: text/plain
Location: https://cm.g.doubleclick.net/pixel?google_nid=spotxchange_dbm&google_hm=MDgyMzk4NDQtYzQwNy0xMWVkLWE1OTktMWFjMDU0NDIwNTA2
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
Access-Control-Allow-Credentials: false
X-fe: 20
Connection: keep-alive
Content-Length: 0

GET
H2

200

pixel
cm.g.doubleclick.net/ Frame 6F60
Redirect Chain

https://ups.analytics.yahoo.com/ups/58269/sync?_origin=1&redir=true
https://ups.analytics.yahoo.com/ups/58269/sync?_origin=1&redir=true&verify=true
https://cm.g.doubleclick.net/pixel?google_nid=oath_dbm&google_hm=eS1qZXZpZ0JSRTJ1RVRVUVNsRUUyRzhxcThXNDZiR2NsX35B

170 B
232 B

60ms
57ms

Image
image/png

142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=oath_dbm&google_hm=eS1qZXZpZ0JSRTJ1RVRVUVNsRUUyRzhxcThXNDZiR2NsX35B

Requested by

Protocol

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Mar 2023 14:30:00 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=oath_dbm&google_hm=eS1qZXZpZ0JSRTJ1RVRVUVNsRUUyRzhxcThXNDZiR2NsX35B
date: Thu, 16 Mar 2023 14:29:59 GMT
strict-transport-security: max-age=31536000
server: ATS/9.1.10.25
age: 0
content-length: 0
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

GET
H2

200

/
rtb-csync.smartadserver.com/redir/ Frame 46B0
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=smartrtb_dbm&google_cm&google_dbm
https://rtb-csync.smartadserver.com/redir/?partnerid=76&partneruserid=CAESEG1_1aOwChv6Iq5K8gyQJII&google_cver=1

43 B
113 B

156ms
50ms

Image
image/gif

185.86.139.102
SMARTADSERVER

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb-csync.smartadserver.com/redir/?partnerid=76&partneruserid=CAESEG1_1aOwChv6Iq5K8gyQJII&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=COGKFRCp6RsYvN7jwAEwAQ&v=APEucNV6C0gXtHfJ-jDqZCL1aosei2-pZs1g8oZzFgNMG1YFL3uJR1TuVRYv-unCdE1G1DPoQu_aXz77MV8AgHyBQe7VPuQaYf60N_-oJR6BgJhKoyKdWzzjPcrocOlGNjpRJZNklPBDpp0Mh9oaHNWOZhpI3Xog5tqXBpNxx2QZ4puoPhVzsUA
Protocol: H2
Server: 185.86.139.102 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software: /
Resource Hash: 89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 14:29:59 GMT
content-type: image/gif

Redirect headers

pragma: no-cache
date: Thu, 16 Mar 2023 14:29:59 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://rtb-csync.smartadserver.com/redir/?partnerid=76&partneruserid=CAESEG1_1aOwChv6Iq5K8gyQJII&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 316
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
rtb-csync.smartadserver.com/redir/ Frame 46B0 43 B
114 B 340ms
50ms Image
image/gif 185.86.139.102
SMARTADSERVER

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb-csync.smartadserver.com/redir/?partnerid=76&partneruserid=GOOGLE_HOSTED_PI&redirurl=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dsmartrtb_dbm%26google_cm%26google_hm%3DSMART_USER_ID_B64
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=COGKFRCp6RsYvN7jwAEwAQ&v=APEucNV6C0gXtHfJ-jDqZCL1aosei2-pZs1g8oZzFgNMG1YFL3uJR1TuVRYv-unCdE1G1DPoQu_aXz77MV8AgHyBQe7VPuQaYf60N_-oJR6BgJhKoyKdWzzjPcrocOlGNjpRJZNklPBDpp0Mh9oaHNWOZhpI3Xog5tqXBpNxx2QZ4puoPhVzsUA
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 185.86.139.102 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software: /
Resource Hash: 89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 14:29:59 GMT
content-type: image/gif

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 24F9 0
20 B 92ms
90ms Ping
image/gif 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=running&ord=4295734855024&version=m202301230201

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Mar 2023 14:29:59 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 24F9 0
20 B 93ms
92ms Ping
image/gif 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tlbr&ord=4295734855024&version=m202301230201&ct=76&x=1&cor=15143331492421624000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Mar 2023 14:29:59 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 24F9 104 KB
39 KB 105ms
104ms Script
text/javascript 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-BRGNKTcihsgrLJ6NB9dwozeQr-SDdmLaqoUyPrsgzbOmwZPe0VX89hdYLye4_c0J125YklMyhgquhbQF8_ixcH_ttEQONrkuUTXYkczYls0S1yy3pl68H10rjWANvU-jcs1Ay7fNcIg2s_c1Col0wbcWHZ4OUQVARSWV2komcM0GHrAI8&dbm_d=AKAmf-DWF8gK5NUCpOt9Ur2ibfS63m6u87SrpW5vvdmQMNW9NoAh2dACitsAv5aw2QAAE0p7YDJtTPugAzRtTxr35IIGGkoAgd2Fb853l6sTprVUGax2ucNUwqvQntj2TAp5-UXFu9CNPatOygkEiYDJeGQR26JwxKTLW_tSHgHwGyIXpfZn9wGHjU0RkoSoBbzgTE8dT080bqp7f3WyQBtyU_biqQDaDQdw8L_LKlmggmKx8X4rqTd2H3gSrW9RB-2IpDa-wg20yIkDIEoiTO7O4Msf2ncDBK3NmLAA4ifzfgdNVe7v2-0Qsn2TgOckYVXh_8RbDAXBFC1zN4zoLLpDJmqmyaLtbBoRiOf8mh_gGCfhsLfo7sf2ziq2l1f5gFXxEHqDil0gyIBHjLtyenCJ878IzJK19tvl7FQ_J1sYhM2XPdaBE4L3bfAqu-AQAas3CgCMQPB4zM5NgPC4410xjhvFFBUBgkdnYYiDjOhDRbzXt1QLD348n22M40UENVrxm5bmvF3dtkco-0rT6y-YkHKO48iYUVgFnmZjJVW5oNy8P6_jQSGmmsFP4cSXt3aQKvo-P6I7n3buDK7vnPbBJQYGGWv0TRXPJPjGd06vxQ52Arx6jT9TlStjuRAxnzATAKRJucFpnOK5HCwRnYc0esNvOXb5l8Fee9Liclro8xHNP6peSn9_AE0gdzpOEZRJbbtCzIBk4wjABj5xz-E6QikqalQjI6L0jKzbzDx4Hm0J-8vH13UEvgO9u_AFcTfrOxqUeylDYckPMYKL3XO28UuL_yvIxiSqeeax7P-tfWJrrE-86Qy6qajcCp7CpUcagO6e1c7BPaTgw5PXMHjoDUXTnmMGL6kh1P5HtHp1irDq0eutzOJuwKdT7jlKYRLPgXxGE9IuqKk9o8KeiZd1-zJaVt6Ouku7bCBH0Z31NdRC0rrdx3GJrh2BcKdvsieyDO2FORU5jgj1P16tP1jCdU2GMMOfqyTMUyNshMWh9amrJE13pKjVdl3tyfMB1gXRVSrnIWfEHe6RAWyV5cez-PK2HYbBncoaUx96AUupNBLUM0b27HP1x8NXHVeXb0ep0YPdgqUhCZPgboYsRUe-50dgegqrp08owDDCeXkzk-RzNLab_VQoRGedG8U6p7mKZHrnn-lAs6y2eIOAt_jd5_LJZugMyYalb-W_lNhMJ44OuO92FANDaOcD-WALTzJ6L9efJ-EvVBbfyAcrvpF1OCZhno75HPPtKCHaW0tuNfNZIC7QAz07hu-bx5SLidW04mhLRzNIU3cLqtfAVUpEjo0urV4o56G1c4BaSy6fKu-Hx5665rA51prMww0cyM-W35u-UfdAd3KP4glxi_cULqpRGdhSAFqw-uKl9bmHFuSyBfa1aaQ7YcKOMdj6ts0TiCjTCNhyP8xMG9edQ6Onnubwi-UbI5YoIlN_xhmGEaVpxwYJGh7jhZDlQAigELOGOEUrmpIeuUwSRko91_2c87QG4s1giiskXEuaxApdjZkm2J6zJiHUWvmu6Mzjps2HkE6m-qmAasDv63W2TwTa8irPxNy_nGfdk7pxmq2U8lhDYo330eKvnCDwdv4j7gIpWi-RQRrxHONkXvQoEnlfIUiD-w21ZL0YX3wRuZ-K1apNE-5ygFxcgvrHJHquE2yeEgPYlI85eheUNwU1vwZgtd92uY6casS74_olAxaVQ-cMl6xvsy_lJRwgPHnkA81q1f0ZatBy6i9O8HxCqFBsJ9i094jvcGzWFrwatiHSRvZ74Iqpc2mDMWO22g2itGsg8d0UOsbNHk5uB1Aw7exrI4a-aUX1RBUT81cwwc85p6SnPYcIAqIYrZTUDfT0-r10xUFCfchbWLHbDLknyE5ZpImRLTGqdZw5JrEk4E6OPMKOCUh9v1rjx2e32eCdKCoFgix6OJ3zm8sHH-GblOSpt24OT37bsMqodZwjjLQ0hAlG36zr8OoCmf6yWTLlefEhbCNrO1fne56hl2m1kXgY8RuKcjbIxdCjcloOSjFivX79vwQc4OJ5jet3d6qq2NKew12FRJj3jmg11Icc2-xr6_FEoz9bm4r1_ekblTtJADjigZQBcKaGZWeUZmPM3UZjr88JnFHK79PWR1pa-PYAMzXpi9TZv_XdVdRKO4jR4SXPfE-9bQQK9-wAoFgQiGlqY4hi_Emigm_LbVFXIoZ7JI-O2LME5S-WSapTj76wwyOKVVZ0uj4Ez7STDE9xdtanKHR0GmDf1bseboJDsKzeC_eyoQ2GL6rGomOe3TWTcslbQkHturl1fHfC6iBrm8F3JvMUrlSzS_WXZND1JmJSBZcQZyuo08fb-r2ROzOpbhRLkEqRMs95W4zytHOoB8UzxswccEz__GFQhOVFOUH4McnzJw63n7f834CY8GvU2Zayc9W23a1Ufspwaq0eogAIEbBYDHuJZzm2m4L-EF5skIkasdG1XpR1dbse6RK5rRGEgDRFkmqcY-ApgDexdRzhoX3P9KTOhH-t6Pg61_czb2-vso0mn5Ql1P9YpdS2pUilEpV6kIlLPLIj-qF36CUxmzFlT2O43c4Z8RavrNxbj2WLFJ1dDojfQOW60LLTFEDt6QQs7kqQK-kb6R_5MrFnzwCcz5-_m_nqzwu50baU25dcV6znWzzw8tbK1-is6eulho1ScAFn4qlTIxdd_bdddaa3S4Tyny9k9G-YDxLcrzruiTRwyJLzuTTgGZWVGW01-pG3bMVnLmmt-Hu-rYp166KxMU9t7XV9XZN_hZc-WTxRG7_IB8QzoUtKBKB28Zquw8rGirbhoLDgGdiD94luXd89xU23IEwexuC0sYP3AqsNNphMVMkn3xzCdWIOfRfrdWCanj5e8sOXCD3j04PuapvteoEwyVFYCSeKICM1O4jQPsYKso0H32Yrb9jvpzl1zTcDuUCfP1WibkfHZ_0PnrJgHX375fSdHvCDa6jOwxh2FjLyDaobJhtqNx1GwMoNeY7aJJ9jlpLTK2MBzHYTF49f9GWtAHoq9vRTjjlCryShhbMvQfa-MW7PHTXpVLmxAEZCFXb1P8wcFxNJzsgXq7JuJqdKQQry8F62A3Rv9bjd_p__HfyiACMWufBCnFETHkFeWa5rImnRJ1DZW2HlYJGI2ENIYUJoRYnDqitxsF8VEU2RadfJvrekNxgHS4oX4fdKpANzej-doaSBDvtdiG4CCw24459s-q7VnQ9k2TP3uSMKtASKoFQfKgrkpGHWLArK3c7LEJMRJs7PY8-3QE9zNLX1RYcT4ewvzztGKPDEuVdzqZXCspaNetD8gqVE_wNmWagot9ybY8Vmf4Oqcv_-XNWW_K198o-_xI7LmaRwVsWq5ii2FbPJ-g_QPw_i7DVOFi4_19iOMPJSBfJKJvNBgKzxfvreD62Y9v4-aGjSCD4_lw&cid=CAQSTADUE5ymhglG2dMD-sPmC8mCDI0u5KoE_5q8J5NHkATB1V2Tq2g5sqUdj7zWA0sjZyLAAxs1a9KBqtF1u5TeC8CpxvltVTEEfDPfHUYYAQ&dv3_ver=m202301230201&rfl=https%3A%2F%2Forangesport.ro%2F&ds=l&xdt=1&iif=1&cor=15143331492421624000&adk=2857193498&idt=180&cac=0&dtd=9

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d9808d4a2cd1f1d68bbaa2046938cc3633003595baa466eca74d86a602002d52

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Mar 2023 14:29:59 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 39969
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

sid Show response
mug.criteo.com/ Frame C94E
Redirect Chain

https://gum.criteo.com/sid/json?origin=publishertagids&domain=orangesport.ro&sn=ChromeSyncframe&so=0&topUrl=orangesport.ro&cw=1&lsw=1&topicsavail=0&fledgeavail=0
https://mug.criteo.com/sid?cpp=bIpst3xHOGUrbkFJczd1a010a0NscVVUbitSLzhqWE5USlJiamZqTkdLRHo5SmNOWG45RWNMZ2p0bTRacnFuT2t6REtaVHlORVl4OTRuNTB0NVpLL25sQjBDTThNTURLb2pDcTZvTWRENE1mQ3RtWnNUTEJsMzlXVWtKb1...

422 B
649 B

306ms
50ms

Fetch
application/json

178.250.0.157
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://mug.criteo.com/sid?cpp=bIpst3xHOGUrbkFJczd1a010a0NscVVUbitSLzhqWE5USlJiamZqTkdLRHo5SmNOWG45RWNMZ2p0bTRacnFuT2t6REtaVHlORVl4OTRuNTB0NVpLL25sQjBDTThNTURLb2pDcTZvTWRENE1mQ3RtWnNUTEJsMzlXVWtKb1FiOGY4MVhrQjVVR01jcHA5V1gyQmVUMVF3Z28zSkQ5UFdxSWRSZVU5QTRtTXBWOXlncEd4dncxUFRnL0hYMnpoZmloeUZEeXM0OENjZlNKUlhsYkJSVnA0TGxJcEVsYlh6M1JuWk9XU3Zsb3ZvMGlJUTZJWUJ6aGVFYWcvZktFZCszcVFJbzFUWlI2clF6ajhaQ3J4NGpvUmtybk1YUT09fA&cppv=2

Requested by

Host: orangesport.ro
URL: https://orangesport.ro/

Protocol

Server

178.250.0.157 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

f784c25beff83b54f56dcd8b6e4a3f9a5292f62dcd170a9e76332a506bbc910a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://gum.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Mar 2023 14:29:59 GMT
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
server: Kestrel
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/json; charset=utf-8
access-control-allow-origin: https://gum.criteo.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
server-processing-duration-in-ticks: 1616815
expires: 0

Redirect headers

pragma: no-cache
date: Thu, 16 Mar 2023 14:29:59 GMT
strict-transport-security: max-age=31536000; preload;
server: Kestrel
location: https://mug.criteo.com/sid?cpp=bIpst3xHOGUrbkFJczd1a010a0NscVVUbitSLzhqWE5USlJiamZqTkdLRHo5SmNOWG45RWNMZ2p0bTRacnFuT2t6REtaVHlORVl4OTRuNTB0NVpLL25sQjBDTThNTURLb2pDcTZvTWRENE1mQ3RtWnNUTEJsMzlXVWtKb1FiOGY4MVhrQjVVR01jcHA5V1gyQmVUMVF3Z28zSkQ5UFdxSWRSZVU5QTRtTXBWOXlncEd4dncxUFRnL0hYMnpoZmloeUZEeXM0OENjZlNKUlhsYkJSVnA0TGxJcEVsYlh6M1JuWk9XU3Zsb3ZvMGlJUTZJWUJ6aGVFYWcvZktFZCszcVFJbzFUWlI2clF6ajhaQ3J4NGpvUmtybk1YUT09fA&cppv=2
cache-control: no-cache, no-store, must-revalidate
server-processing-duration-in-ticks: 333733
content-length: 0
expires: 0

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 73E7 0
20 B 73ms
73ms Ping
image/gif 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=running&ord=3754934177409&version=m202301230201

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Mar 2023 14:29:59 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 73E7 0
20 B 73ms
72ms Ping
image/gif 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tlbr&ord=3754934177409&version=m202301230201&ct=76&x=1&cor=3059102117803988500

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Mar 2023 14:29:59 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 73E7 86 KB
36 KB 119ms
116ms Script
text/javascript 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-CKT6q9Y2XYXQTQjW7qVLDma6hU1K05rPu6LfgYZlsuC730CPG_z4XDoT659f2vskR8TN8MIkQI3tmoYmScyzEqhCdW7s8YuYiv3AijF0_FnJq6SZLV7iTQyTK9X61ed0PpH_6ROVzISiW-LMBZG5zkpGwEkLYCMD6G99gecBfKpqNNJwc&dbm_d=AKAmf-Du9tw85O5V4_6nWscIFpPbE-NxpKd5MxyKyu1NGhtCj9BGvZUP0AzzIFwrSvvHUPWKrjlhvTHMIG3hEd85h07jdrk9tlzkQzAgbaWVL5A5wyTa8UA4alc0OCOxkhlW95SZOECKUzYhgpuFy6AKqSX4c2SlxvAVot6diJRfndlllSD8rmvj2QQjjwS-3ihyr8QyIjDe4xAm3KpKqEd-nelVvlvsv7wXIxMmUbqYOHEiGm9R2g-cFcMiNWu2JRCmMSG1Miper1sLChz6m8UAsh9oyfmXxmIJ037VxYvgrD7O8uOGiVT3ZnR02B5QCnoqNZwyr2hLGsGy19dltaq_m2Ty-HmtUSJSIHzLC2IAF4Nk83KB6bCFVa6P5RmucA3i2-jdPGSwmQD8L70g36-WgHGSCgXKiCe87_7yjxYCAtqKauixRmhkYnGExc_Qsf9E8FkonJJ7ANbzmmnpDJBFmMQPFYWDAY21YTUZIX0hmGtWRA9vzXaHnI_oIXJTzY4gmINw4f1woWgWE7EqbrmfdJ6WSrKchKWQD4pIWNxkSmgccR_Bsu18KqR4kqCK2o-_vu8hgCVqfyXIC-zu1oHLPhr4PjT0d8rJdvgWp_5bLOsT_-tFFK7RWXKNwjsHtPgotVoUFs04PbuAZM_bytjx1lz3H1hh0CXa6C-y_xfwhR2vDqS9xJJfMroO-Y0jnPNCTsPsraygM9sKnIJb6DpGojs9S6vByGT7GALyJL7KYwwJww8Wfbfni67oLb_jbdXOI-dYQ1LMsNs3Y4Ht82URfIAijYxvN7IKnLxC_Tqp7AAgEL7dPk3M6tdBQOVG5oon_Q1zCqBSSpJjYk_tHsfEVjJWIcXyh88aF-8mfHRBV2TXdPHNHioRvOOIOTKJX-74XHcw7x8wVR5w5nnQa1ukQl64s69jEaHph85BpApwPc-aKXNhofyBHZTyGmCEwIz8ammOzgOVCOA5o8EaulLCQEom8e7JGCzhd-3JD6i8rWSNjQx78sEOAmier2b0mX0LSqVuPTfTm-ewrNMMP5hCLthAeEqKizAef5IQiJNu8TlEQ4WpyEX3IESlOTIGsqFgZVFzXUdO3FLX6NIwViOQAbNabNjbX5jqCRrTVm5u8h1WK1tHpLT_78AbvzvC55vn-KxZ9-TkRj9d1b8dUMKbBxv6ap1obX_bKpU3eqq3ONr_AuQqpFmEJniUcdTpsnHRrHXFj2tLwXF6ajQAuqbxqP2hZ4HnibpP6MOSbKi4_GcPm6ozo9ipn2ZRD0KKrykE-KD_j1sVWFOeq7DcJYAbZ4l9CB-jOUlwYH0kKu_3A8dSN-bbXkl2PzC2iHnowt-NUZTxmC74rerXe3yY7Kuf-hqUsO2X9HkjWSL6ExpHQ9e2iqHXYKiVkyCuY4EV7hbe5RnxIRGNp4X32kj0hM_nB049GH7Qm9aKBAyXTDZN0vP4ss5494OYyjcythPf_FqIUdMpVgJDH0IYMsnPK0e0XVJCp7nxrlxC4pFz9djTVSJAv_Hf9-7L4fsTjs_m42fTNY82Wr6cPpm0fbe_yqNzfKCNwQsI8r-1uoRol5E4rmmool_8_O0L9g96XTsiBJjgIF0ATfD2hcVL4X-dXWskyS2b799w0ObhZCN2HhHSsqIBui6KwsM7g1B6YnKOSnBFSiBAPq5XZToUNU-6VbT2JMFaFTQsvfe2uiEpILStz0OIeWgLBh76OdpSRzvHxvz3mcij0IToIYCqsZoCLCj5HkhHwkKEjevzFAAptqZ1_c9Ore0vW5GSFDOlQzniZojl2VkK9oM9R2mXoNIrW9krilpmpSiWInJrtKg2WwhVgEaPFVwk4xbREm3r_gH0bUxSAPvFPCkUEzzrEDsjD57tCy77tITxSPjw9kC1irBxwgn4HDE7pul7mUMVEG2cuUpUuRFY9x3GYMVXe0ciZ0BnjbPfYCpXOI1fdqidDIdX5Hk_-gPENP8-NcyOhytSGyB5Yur0ewmk61BJ8QKMyGwRer-KoUbI6AcVUyVPhWPt0V6wABl0PfVh_F_2mhcgL6D3aMprT1mFLZoYPgHtoaJJZIP6Ly2FHiQi3PUU1OGdjEH317LfG_puaBsEDNtjnK_-UunxRXprRZZxTV0pOZ_7593Got2j2zPayyBb2wM-YY8N861rxWUMFjPT83eS1jBMKT8UFnn1IyPsGYWrWTHxQtEErDSk19liOUDauxQhK60NlMIWnlv251soJXSV66fzwjutSEx8Z3l9Jvg5LHBguRGdGSZhiFsZoptVPxqv1359QdI5Gq9xjb9Zm7vs0yYiozQ-Fz6BY09sp1YbWJjJM24u_WMD1g44LFh-DYUd4i4QoZQVTYfGLW1qT4LMnn4AmTsJKJgtiJ0O9WZxnva8XeMZpekrCnniWO0kNpu9ZxBEb31gt60GTr2k_k-ZF_4O_XW6yM9iO7FJ0G0d64UCsLs9-SIk3cKSGDZ5KOZnDxmhPaCSSGcZQgpvogDi1LvTl4RLGL6KWr33cx-oVHIIbT5la33BPJhFetYdYc-7VlTzGpx6O_Kz9--1-59ECKjYPzUGNWycXaX2MvvFo9ojFrR8WzPyAo7MYMYkLEB9gzCIludqTBG9KOkqUBPGmJ9wTuiZLNND-zkc-pmwqDxVdVhi7w_JhXW8S8opE4xd0j0KqCWhBhzG_XoI3-hEFlLglsxkdL6OKpujGTmdZKHB84cZ6SOouAIPcvMeoGt1hxWUcQDvIuOlGlXL8A7rPNjzbhPPY6Cf8Die0Shq_Tp1GfdCEuSjK7EnKDqBxEYA0YPyxdlJGScYMz_EzaTHCOXcZbU9pXECwWp-BAehEWKKF8BYUghX1y32stymbSlkT3XlRmq6qMJf4R6aF8u_kdyCf0YAlx75ZSEOF7eD73KaQ3L-JjuyP7wNqAoI4z_uuNP7GW_imIdY-4nSGxAbld2rvVu2sMm1RRgk-JJE4CaqU1HBjRYElFsYv-xEn1ImJFEae91qg0p3JQScfxAK6Hwie4a3IRdMYFOSaoviZrENMJYBoRk3zLMlIBHolCn_5K_JGdk57vTCJpb33q6XioUaC_hMj1rpA4nZdGzvRXyCq6ZU6_QvglBr2f0b9pH2Wx0NwsNE95KKQOpIiPJNn2SVWTXnMVK5j9TZiAS8mqpvo2VFKB7TNFvRi_lMRivSa1Bkux6alKulSZH6fYYjnQcPNYIkplrpjARXXFcEZCn6_O-WH17ZYEGjXJIuGP8uedR3mOkBt84-49BsPUcsrjzUiXUXrWlSlKs7wRw8rd_BZg2JL59KCE3J2i8guNqMTaehj4pWxZf2fCy4Ln5ChpP4MAilBQhH7FDHXWiS69GjvN4q946-0bOGngAkAAWxkUpD4zPXA1sFqfekAryBf0ByVcc7DMio&cid=CAQSTADUE5ymhglG2dMD-sPmC8mCDI0u5KoE_5q8J5NHkATB1V2Tq2g5sqUdj7zWA0sjZyLAAxs1a9KBqtF1u5TeC8CpxvltVTEEfDPfHUYYAQ&dv3_ver=m202301230201&rfl=https%3A%2F%2Forangesport.ro%2F&ds=l&xdt=1&iif=1&cor=3059102117803988500&adk=3037181500&idt=277&cac=0&dtd=3

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0fbd5dd39d0390ff16e94a27328b55c9dec898b369289d1f70b350e5d138ec5c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Mar 2023 14:29:59 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 36639
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 7AE0 0
20 B 75ms
73ms Ping
image/gif 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=running&ord=4128145810353&version=m202301230201

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Mar 2023 14:29:59 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 7AE0 0
20 B 74ms
73ms Ping
image/gif 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tlbr&ord=4128145810353&version=m202301230201&ct=76&x=1&cor=18343781589991836000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Mar 2023 14:29:59 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 7AE0 86 KB
36 KB 105ms
105ms Script
text/javascript 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-AJBxgcp8LgaD3FSLY1tU3cM8DNuaOc4Fabn3Gfw1AP0Jx0xllfLsHqvxH-kx-SXsQ4hxKKyR6enlVk97K7T_vApX3Jtw8v-EjOxfo2pjPQZQAqu81zWgqxRG-l40xB0yZJF8N223jRKMpJPFx1R9PKyu0hiVfdSFcsCCEKXAWDDSw_Sw8&dbm_d=AKAmf-BNvxu4NH3l5bQUpcvHdi4_SQcyFx9eX3YS6Cyn9hl3vhvUzmFzkzeGuGDNUniBhzLbmPFxp0kthp0y6o8Lf0dijeuel5xYYBm_pTqllivPrOkB7UpZJ8Zs9F9Hd-bNye2PQYcSsTtih8tsHOkeSd5ZYUM7VWMbnEVZXO3mGc0GWPXiz4bdTmj6nlkeQ4SwE3-LrkpAuWPauD6ShLzMqp_EPEtBJ1Ehrvm41GdVYhDXt7MFrOuMUEobUZekGDmybji8CmjEmIRmPFlyknaJ1ZnLZ0cq8mKG03tYWnJRcpBytr9cKxkggcyF2NNvxaw2QClpyrt93ZFfFubNoQOhp3iQmafPNT9SbZspZgOvN3l68AzG5iQ9870bYX90eBNiJ9_t0ru7LHClXTvBne3C2r3IEBLnCPaEeI8rqjS5nxb98TpxlRsTHt8N2jJe5cdXNrd181UwaShDGbe92yblkNw-74QMqndTEEDNSiEEY40iZqS6bNAXszDmTidDDzCzf80E_er5WVlOulEFivZFEIQHZU7AIcwpfmcWYAML83O-3NmnUPF0ccH49R7q_I_Y9FrDeC8-aIfCtrxzRA5hfyMomGem1QH2ordcKbZ2P1lxtOdTwfzE0FsLJZj-XuzXKE0-aUcHha8iOaYLpBvL8E3uZz8TM3Y-oS4dY8yFIASrT9mVF5Q06cDjVsdDt_AobnT2Z_v1nuyMqWYyngriQWzxAUR2NUj5jV5CmtYbNQdrnDklAoLdZ9xfJgRqG6hPbAjt_JHHEEXXHZROCdWqDgDi0bIBBsUbNDzSGdT4H5XKljehg-uYp078sD7dzs2D3AIH2XfdE6tnw-bYT-Yrx-uKY98q1g9S-I1a6bayQRM17Hun_-F1jNRVun2WjG9O9qD6YqBI7VtdfuNzmPVPRNmFQ_60isQnvbFgnhviI_4p1WVlu23Z_y6aKKEIFqahh6Mkw3BmYj3yFKTy-2BySVFMQuLRpANtyo_8Mgeu9dffgJl0lcdzZf7reW7LVr1K_bV_WIZJu3cAqdl7rCyE-joQvMIS2EhbbE4bI_9u7QwmcYzXyaNXx0vAgiSEqyHMgzaeT6dUu4N4aHjb4QNcERwe8aop93dOlyvDJ9n9gybBsYmSINk5GIy9AaGyvqDQi9cQ1MAdd4xKzjktvZvC3lITsWMJifW7fwQVlLoKtR_zaI7zNWtCfdRi-KBVcegr-fbvqV2rPaQy2hmD9snwxGXyQ8n8jH60mO1u6BiYisdz3YGbpQEz3bt1Z9IR4TGz9OaM-6XGtp1LkkVqIfbcZMHko_PFnWH3O_K1t_yi0IXitEAxZcY3B_s9hfJ2YpG-UHL1hZvifK7Z52s4-mHDTFFZxFEsA0kdfaYFGDzUKoMWb2lF2R5lSsPgyVmF4fkEnwhr55TX_2Fx3zdWrhPyOjm8V7Fg9oNJgf89uq_otarMMgjCJDy4P-bVOrEjIFz62gA5zgo5wSVv9UQeesuPvNovVQqISN6URQL2HEQyMQa7DL49c6dXlF5a8jEl1qyFA-zG3WORDKjJF94R6J2R7Ond9i4rcddBCaZtZ3gAIBsY2fYnwwKC6Ppo_k8h48hO8GhDai0H5PYrw6pHnl2X7HWgZKUbvFQCJpDMqBZTqq9dPQQxW1lVNKf0Sa8bbKNVvsh6zbl8LPOQ7gvdBM0Zv4qoP6Pfa5SOpumeVr7o4pAozltlUehTyYqt1miocLgDGjJD23zFBDfwVt72JoFySXKmkZoWJuRSP9O4n90proDk62VYizW3PvslRB8FQiZeR4Do4bN-32F0cJG9fD9y76ICFYcA9boPcDAEC2GCyr3iVwAim2Ffie8c3A3su1PymTDfMZMjuHLGSLoLs2K4KtilOhCExKSJAOUilIJj0FxzSbPtic0gD09R1lPpJa6WgnPHGjStJn4MTEeKC1VpVAmcsup8RkYjVIrBvjM-VAaT8BXdu5fmw3je4_ssxWwK6BNPsFkgsRn5hz-YxZ_xRtgDJD1KDxTOBPmjHGvD5xrAk50RNqR7bUE9ea36w7YpLrOUEZUqyyvAJjHtvc9voC8b-uvujpsC7V3nlvmK5kMEL2bLzi7HC8iP7LeinyzZl2aiGQvnBWPdxACVgiIujednhkIVMOq-5Bm9KiDOTCi0CuqsS6dEXGgCAbtU7xutUocuOk48S3F_G92tEN-uykVz8_csTHha3Jb4w3y-sB5qGZChFwxoFeduzz9pTjmjNt9JcGjqb0RLB4dy55bnNfLQTsWcJAFlthAyBWImd_uGwxvLxq1LhbZmUdi-AJFoX90ALnfPkaArJsXNH_mgKRyI6DwCGs1vrtY3Hz-VAuzFrJv8HW1hO970zGca0vBgZHPcGO0MOIBaDdOXJ-MxTJmePTJUaw9TH4MBq-WquJqL9F9tzGQ7Hjs_1BHlmEVBvl4_WvzDJzfrDDbxh2GJVSpnO-Gm6iF8VD8hCxoDC3FwaRH982R8f-wDfqkicIDlpNx3q-DG_2GTK_TwmYekQmcRVillEpR3iNpSTKAO4pz1nJbgruswmRGs94155jkcarp1y8j8l_yrGEO4FdRtT9oQv_jgBAFGG8ozOzjTyAJ2D_w3rXBETDlM8KKTm7zasVISkaWYcoXROrt0zdALa-kS4OulQx25KzkhidddJgWx4EOR1QDEx5iyD2vDeiK5RlUMuyp8vyZ78y4eYGz3Da_BVENr8KTeChIr7h5iblevMWHWZhgbCZEc5Go0K2ITpf-L_Ya2Q9DMYxnOHWZdpu9RxXmP_yJ_4s2OOp6aFHoLN1T9vgb3I6Dq9WJp-IlGqpUdLXv1VUWFPa3SPCpwwwQelKeqGgDVmqRxon1W6bopp_VcO532k_XrWkoIf-wAC5ulir29PoYdzxAM1PAEsApihRlZw3VBCiC2JFUVmeDkcXsHXhT17EEHAyjreMwWhR00U2P154FkNNhYt9mrZ_eS1WoIWULliq-ygafCBuH3yJhGCCDX6lQ9PqkNTtisrIVL55W2mVbKmlXMRsaQNFbuA2Au4I8Ky-6c42yBiuETLWxuhJSyfxURivXQbPwgEDvXG8mmin8lsCLcH9eM4ZKaXlA-5LA65g_WGs0F9BooyHm1nKZA0ksoCRviX_TnDw8PVdLW_gc59hkuL6DATb2G6D1phiUknZzMx6UYjAP1HDrkiLqhvqW4GM_z2SppyymK_QdB_7ezvz9x9pT9xDG_536M0P5PLlVKDxss2n5e4ZklUCzapKD68b6y1wRp3EprUqa86gFlNSZoDUw6Nso1rETC9fCJ779Ibf439Z0h8xcrVfIcV75AxxVTpIFirHTLxhCfyil4qv6eIxzpCNbQx5UlcoA_OILT2QXvoKNUUdbBvrxtEfFaSY6Its-ptdwVr7XW&cid=CAQSTADUE5ymhglG2dMD-sPmC8mCDI0u5KoE_5q8J5NHkATB1V2Tq2g5sqUdj7zWA0sjZyLAAxs1a9KBqtF1u5TeC8CpxvltVTEEfDPfHUYYAQ&dv3_ver=m202301230201&rfl=https%3A%2F%2Forangesport.ro%2F&ds=l&xdt=1&iif=1&cor=18343781589991836000&adk=4188270525&idt=284&cac=0&dtd=3

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

df2ad48fb1271d575585ec3b950c9c13d7446435113dfb0477834d21d84a7154

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Mar 2023 14:29:59 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 36534
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 267F 0
20 B 74ms
74ms Ping
image/gif 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=running&ord=7706302923775&version=m202301230201

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Mar 2023 14:29:59 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 267F 0
20 B 74ms
74ms Ping
image/gif 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tlbr&ord=7706302923775&version=m202301230201&ct=76&x=1&cor=17156096254712402000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Mar 2023 14:29:59 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 267F 96 KB
38 KB 77ms
77ms Script
text/javascript 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-CMnDPlbEIK2n6UlwBE2hai9JiwyIgAgosX35ibwh1kXV7p_xi0TP1yEbQ4U5qjhcWVpU8ufvhYuQyMnISK7Xxu6gpFV4KoMBI97m3b6OEc3_dgfLypKclKYueUN-0zJJWXqbmZprwLtEoQgFmHD_svUmPD6QK0oDQ3qtWFFwX7QLrIqc8&dbm_d=AKAmf-Cm4_DpIJeZqdv2mDGQ4wcnFbecjkiYhhl9cb6RHEs6SFrmDp6UBrGVrjT81HrEnmWKlcJGnlG5vZoZfwnXyrmiW9qU48xCHVKfaghpodxmLQcSliVStZucLBkXHM1D9KhduSVj3GNLPqLUiVxDOC_hWTIxzg6jS9nX2t8zZYP_TFyv8A_65RzN6omFCUMbynohBRKRNHkXj3FkDTHtyOSPbYgScmrwaykmUDHQkgPlccjoHab0XP7zbGAhULC7nLJmX0lPUK-7BE2qZow-rRTXbIx-ehG3RvkNw-EFTr36JM3v9lYSDH64WCCDgOLNtYOpsr1HjqnlSigdu3zJm0wGSn18IzlGhTLhC1cjk2YC8z5gRm_aH11vuABoEiDAOU9nmPdzXnYjhdx5h1rhLinZXKesLB_XtgBbj-XWlLGrfEKWXM34iQoY67FMnu4XPzguX-V_E7q5ZHCcS0rB4fgowrGKgKiszqwNPLc9_VsZb9TlRSTKwxzmUwA_Jo07gTF3QpqpwKbcjjlJ4LjJGvWskb2dnmJQTpWucIaC8FoAnFEH-g74m6a3G7eHU73twFF6WsSF8pZNU7RKLb5uQkZiW_-NT3iErS1EpJ0YXlqr07x6wrJgBeLmn6LH9vPAVDCXbi833_DJEHGywVpJdjyRB2t2JpeWLacuI2TkTi3l_MQzRu1YNwcIkehkwgmPPWS5mHSx_ScnLNcbmCVJM0RPvE4iWgAD7aP7jjQXkq_RcAbBInayE6JKhzv3xLrmEwoFvVWaJ6SVRgR2NaIreiUC7VwEgNe3STb5QkeFHi_msjGkBLDFR8_iWAGYQt1x5L2qd8ZuWwubxLX4HXXM3LOCor7W62R93RIPtQfHlWPl2giFjvv43NxdQw_kSY7YwRcKEEOUlJP_bHd5F_lxawIeJb8YT1ctRXT28VMYLP7aFU8xiEyQjqZ5RIFyf99BcboAkZk6SuXEh6mxneOnmNbV3aJE8q4aWh_Dc7_tgyZWgxdQc-4XetT7CuDINHlQiRzrZVORYSLqjugdAStcae_6Aijq3CrMnlNu4h4hDZxzsPsOBvvoXSiUJgiWhFarbtCol2YXEyuPZC9e9G_LdXMIalhu19YXkPTEqkzijKcGC_flIrGYqCLwpMlizIRajPlZT124BCmJ4PAke-EZofbNAnejf0RZEihgzB-pHWzF3WgaeXox1_ewnPypnOXtktSyUBg-Nswc1uWlUG_2Fge8c8IKK0ZjSa-3HIpAzKLJnnMzsoDyjBxYsdndPwBzTpJtZfG6KWP8a-9sodFEBklGp1RVBAM6cyJtgkWKKLmcUvyQkZor2qPAKCZdQhOMcKgqWxkvwd5xcXfrgO4JGGE1jJOXm26IirdDmjpB-HCI942qEiZOar2kdf6LTk5sWdTLzHPTmp86V9InmMn-U5eqw5oD14ZJtgMUsc9DwPw_AvA_Wc4Fuzf8ECmKSmRKKi3KlaEchctPq2yXMJ1zpDDpLKoiG25ZQ3Eht-nxv7pdP2P2OkJasYVDHF7R0XejuMRqIpZY-NM-y4Enr-qWcRqtwaP6-dVhlaW0ycOGlbzSZglQ5FtZ37Z3KhQBEJXZ14Kdn_zUvSpWKLe-ADOk1om09HqwlvkzMJ9Yf97CmvXA4wqKqiTKLzmIpXjVokq79pEvlFnvaDmeSwEJjnvLXjF3FRl96uRmmjA5C4LVQEMBFRm2VeFReXlQfoOSxQ4Er04enFbzXN7emrCkOfCW7cTiOW07jP6GkYIduwkM0FJmmF2rnEjLuCKX7C1iCwbYHp72R741loDrXaly3-vZf1M-go_6QZ7_qaboSRRXciYAc-q8XtFwsuAyG5Wq5gzpXYR7hKLra7BDfdpd837Z99kZRmN_cYe6aBQh5XIsq_EtsvILG7TGgPnW-t7qvy5qtA2fPIMXSdHbY90Rb4vwYkV5Wyj4rr9oIV10-LzemNdk7tkNFWewTrl8H6DSq5XRW2ecNr4j_SbpDvGFp9t2_xvphOTOeu1aJbVbLCyVVH6Cu-KX3WTEwcsjET7WK7KSDCg-7xzcvhRhCP3pEJli3zly99SDafexSbShf12t0YaYmLviYNilXd6exnuwLdZuzpx7Yuy-Dyybpgjb_kaVFfuaZhL622Xt3tcjuWcvMm-wV2Hckp17QDRMuFSATQo1vZWQueZn1EZbGSJcmBkbGYoa8HbsJBAAuv1xMwF1d4ZL_4bK_VW96Oc5aL5m9_dy3PA12ceHKW1_15NMkT9wOE9BlMGwkW3KpRrmV-zkF0H9Msae2MImK3La82VqL9vGdd-tzD_0ItD1CucIajiNvNHRwBSr0dXBMFapQodQ2GTM6Uq8z2ntwO-OR-AXbF6D412SZ45WcJowDFiUAJQ-OPKJ58cf_PYl3BgnGmOzyLRfk4FCGts_5A62ziOx7jYXgXl25B0NjeC8MDuojH2t01pAA6Ix8wRJjzIis_eYCn18b4OYCVlUpS-7-6F9bbLdCMoGJzPRf5G58Ixqa956RdhQm_Fve0pQUBotrMiB_EPzESMUX-iOoITLHbxLkmMlbFlGHWizptMKVCNyWUJEubIn-O50U7ncmujRzLZtSzdtE2CvYjFPMbcdbPICGXcteCYFrhIV7Wa5nYLbriNbJRFDUBONof9GjgzCT442sv0wzxiVdUwXmstURzd4CWgFi-TcX-TC1njTxkdb50i_kUuODX8Q9whqVWoFa0OiWBS5g7lqlMSnmXsboO8NvcjYag1_gl6PkGtcbPLdgLAHlpu7PzBhiskJNBI3JFHjTFg3_ELDGe6vm8ysxhmhdYb1P8nvhWc3pPE-GnUOiscJSTIAF27ucZxPoM600jm4sDnnJ-O_anvW_4lxz6XauPtSrv14Hk5McTRERnit3rvbFFvcXgsZ7-75d4Csf6IZiu5y2OTG5GjjGuvEg78LVolMKHYeEl-Ws4751JxrkMdvHNLWW_uMAJq75SVjO_t6sys3vhQnakQNab0QLsoI86jTujXeV163Qx6ZJ1qdQY7GLlqazb1kyU7O7TJvEkSYOqpllsGFv1wK2Xd8As_CASmuF2CQG_RmhU0NjyQSo0-B7wpx5aLpTGYKZyR94WkjXpubHQns2skMuFrJmvx796sxxs5K2NML_ZkM3mAkii1PwXdbIIHntm8MzAO4SFeXbirc5B-YZVeIYcJ5dkPFejdTFdtiUY-BgVKKN5pUvEMlaIePreiEdFkb8lt6k9tnBUgNINXQV4Le-b7yi2Pzvldxd4W9WI8kA9tnT8JPHyS3bqT1WGw_Kw&cid=CAQSTADUE5ymhglG2dMD-sPmC8mCDI0u5KoE_5q8J5NHkATB1V2Tq2g5sqUdj7zWA0sjZyLAAxs1a9KBqtF1u5TeC8CpxvltVTEEfDPfHUYYAQ&dv3_ver=m202301230201&rfl=https%3A%2F%2Forangesport.ro%2F&ds=l&xdt=1&iif=1&cor=17156096254712402000&adk=2988274607&idt=320&cac=0&dtd=2

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

448de1b66a8e77c446afcb472053eb0ef4a38fdc576da7def8ee92db900f4b44

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Mar 2023 14:29:59 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 38809
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 184F 0
20 B 74ms
73ms Ping
image/gif 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=running&ord=3489221692080&version=m202301230201

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Mar 2023 14:29:59 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 184F 0
20 B 75ms
74ms Ping
image/gif 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tlbr&ord=3489221692080&version=m202301230201&ct=76&x=1&cor=11407736492356500000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Mar 2023 14:29:59 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 184F 104 KB
39 KB 118ms
116ms Script
text/javascript 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-BreSNU97-fZJQ-aImvqNQa7Db6wXMnHFzUPun6ZTSY-p04d2z9T9VnvbucmdfmKPhJY38AaaGjHwJn2MltPmX1Z8c7Z3IKptvvczk47MqBI20rc_O_3WHp41PmU96wiYeOcSBkncFEj-BKGWkKrhw1EJbu2yZGnussoTUiZy1imytorIY&dbm_d=AKAmf-AGBbipBR66h7BhwfEaNmo1cyE4Ut-nYxSj_lABe2R8-cVClymVJTmT2K46GFqvbP_y8vgZ2EmJPiwK5g6iTsIUReLNnxtnxjGtuV4XrGZjVEWWBk6lHvoxfSdENskTitl2G8u_YUPhL4A81brGSyCuF_F4FkMdAfm9VQ9ZVJEBK4o3P0IVQDHH4TRZhoNf_kUNou1cY9nF6OwpGSlT5Of-sP9cvX5sdqKaKn7SlbFLoduAhbLcKPzut7l9H1eB9LBe58y1sTi2WgRaudzsYhOzjXSL2UBbu9u-sWa1u-uOHxlQTkr_oyuDgiOwMGHbDQd8tSZOVRu04FbDjg1tMs1XiSdsgygXu8TdptJRluGw3TTKy5vYPydO1GutE_NFv-qvOxQfl-P30Rf0vc6g6rEnC8zfUwxJW4cU_qkgWgoY2Ef6PP6FFE3T6uurIi0RCAYSrYuZicJOyooe0uF48OhpyHHXx6SvPExIyRD1LxqYRmi_zHYVvxTY3oVEWPHZRtIzR5DzLB2BsVdCrxY4Ja62NgWoppXuuy7vzCpEkT33Mi_J9DNt--KS9D7rWV6tkCCZe6tz4g8w42WtHxOwDjNrJGAQzMc_WIbxfOgrk8L_t0KkxRCggVudGXOS9_mtPPeSBFKyXev_VfRHhnCqcMRR67LFLwNRf_nD7a-Xu8OrOELeI6bxz7FHItUPmFs08fs9tjkRy6xVQKCYmcstfXSHn5hciXXSz2CC8nRxWxpelcmsL6f0-otPE8eL6845Y6fovncylANzfuUw2bmVO8t0UVZsO8vwzWuY-5-c05mucvsq4fkFyBFKVwcBjChzihfEsuiG6qQ9EHcCJLo0d_AZkciFYfkC91LiAXV5kbcQFGPqPbhmoNaI1LklhmIEnmxNAj8gDTFnAGneKitDx_31zcIs4kC-sN4yfnKY9prwuKTGCVwwKvw6jxo6IN4muc0zm2OW06U78D6j7x7dOKsNV10NLPXtf4g7mN0QUiH5bySSPQERonbKMPhNaYy69PcfGZRLR3QLyytpwuE2VyxKWb24IqNrTCbIQrSwQJXq27l15ATElEOxlIyZBAH1O6TEVjtv8be-tVh1Ru-LRH0ylJwPSLI2_djywpyElFKhHl95yLLQR5h-oo526c3qSQ9JFRIaxIwvOIZdwAQeiJGr_fVAesHi6HBOstCPvjXQWRMtg8b4sZBGDtnDO4znXvImJrxRJTfUGkgJeLex77C1h-dGJ53LfZURFSBL2SRrKo5CxMKUGdGn-RCoR_rsikdVnjSygToPFd6_MCkRGYc5vegzwoG_QK1CZpwRRLAtQyt8gaXEF3rdVyf_LugrxjJw5yt0iFiSiYeVaMdb_SsWJwkHksuVBhNzIu_ECYkZGSr6aKAwekn6hPqger21V2nDKdWq8RKh0pFC4fWwhP-zTPkXbj9Ntln2n8cv8v0isDGUwBsoDyFy9wUFvvvvBPZh_YN8A-6x9gQ7w8dcLN0MAVWmdHMa6oEk4NCaf2od1TZhpS0Mr54R824LSVKpy7hclQYZaqoNpBoGQrMAZIFje_xqaKBcqrtRNXM1ZaodPflgt8JBa8c0bx7fwr8tZ0K_LxltQ-vP7cO-7i_EOyFZiVDaqOo5i3xCIpkpxAL5YPL2_TeCeDW71xVZMhs0p_dqmn1JhQCUxaKnNTLXUvTQR65JkkIWFMzN0L06HR6Hu3ER_vnDF260TnwRZRnvzmQYUglB5gW-X_kL9F4_b70yqA4l35pu2rkOoFnTHZYuNCX8xnSdSX8NlPAmMIFQMWNvs8r1DHaumWWv4ZDcrS1J5wH3jbazc-CmlTNsLUQT3jTQpP6tEblkw4Ytpo_IzaS423NmILPlONa-K_Y-hEMX6mAFO5TggAIR3liiE9sicYNCk-akgHZNj7Ej10oygi0kjYx47PnZNbS3qn7o6rxQvhB-tyyKwDTlV2ZZM5HTKN7onix2EagNuwfHnCNXoKsflFIFqmtKFML1ELg39GxIxN0aEOIG_PoQJTQ7pQqINKjESy7ib2Ok_FCOV9CaV-j61AU-MgAB-J7TlX9IKK7qiNfWgKjrW3wvk30mQ_6Dxu8j_OFzFKz8dHf-0qsmyaCXC-OeME_tfZpbEMgMlxx9_R2IvBnpjn5jrhFlvtf8QhASgPJrxgRbnlCHTnBd04asVnU3e1H2eukTaXDMZE2Kfk_K-nPH7ZkgGlqRxEMM5Ac0gSFO5tVtkv3E53pWtSGQGPS-VrUxQ1XNxG_TsE7VFV996Sn0sjwdwIwLDKHosA9SRbN70Em7kQuT0yjkerpq3wYBd8mU6oCzhISbkGJT9hul41EsmZXe12USe3e9YSgnaXEXZ10TTnxv4WMCmxOItqdyk2YzV4Dq2Qwqsub2jHtAwtTm34oFxHWPOKJg54GwXJZjLU9iw4KpR0XEWkkCaCfnbl7ZsYSGJj-g6rKzZQQQVzozgyW63Lx1nNO0_sgOYljS9NiENlj5NEfXYbw85EtT6YoyhBVQhHDaWpYhRQiTmorUTjAy8H_NgpzACXkxraEk5Hg55UwwjdkasVtPxV53ddKsf5jCumYFJHTVcghvr0nzrLai7E4t5rBNxKqWxDrFr1iNg0-Ysk-okxbtB6_JSFSHrQz6XlNlAk3e4gZBkNlllvNfG8-leUsFY0fOXxIzW5J5CnNWE7p--GhW-Lku4ZDkG0_6H-SSvZ0fB6Fwwu5I2tR4hNQli2Rx6E49uBlpDSwVtQkzsrIeRA-dsrnkMJ6FAp-bJVWBTqVT7KhcP4MkjcATvxKse_hlRGZrqtCjk2-FE0eG22jD8l_leEUZa68l3CdUfP69h9X4u9mMcj2uigHS1WfY8rkMfwaKjAagZ53ft337QM0Zvk194qWHaNyb7tzEzk5xioC2BO34ukIU4OI0ztMrc-LZvTzSuaG9eAXz9WDxt7ogDL5nxrfTY-LyGukFkaRh15_li_xgsXGxhMdaNOeKjcmJk-Ri8gqUcoer_fj8FF5rHzhiRQ15BhdMydz_tbBBaOXkHoLWd6aPKGAxpStVDB-5o20Fn0v4oKSTvSi9hlirxk7JtUWSZ6jTKvWNhClRw0POLxUGMpQtpA-ppO9SEjSiyGyeDuIHrBfsn4NT3vGy8OnXyfmj2f0-AF3iCzPFfRTEvDVgG5iHjlBHjLR-vysqxJn_xj7HUDqCvD0JhvzG5pdcGr695Kvj43RoI9vfo5fCBkJxDPSHAvldGgw4uGSNAvn2f2pGCyVEmIPLWoag3HZDk4N75uVJ3QnCNuONTa0-6l1kpoHRDbDLUU1qw0n7WgA0HX7Irp6aq88_SZ7CDULBWuqWuHYJxBoFp3W66OGl349iRjHWkqiTWLSff1MsJlLqADrx1pPRSoZTs-wWuaOgQUbZA4b11peIqbcA_PIPsp_tzQ&cid=CAQSTADUE5ymhglG2dMD-sPmC8mCDI0u5KoE_5q8J5NHkATB1V2Tq2g5sqUdj7zWA0sjZyLAAxs1a9KBqtF1u5TeC8CpxvltVTEEfDPfHUYYAQ&dv3_ver=m202301230201&rfl=https%3A%2F%2Forangesport.ro%2F&ds=l&xdt=1&iif=1&cor=11407736492356500000&adk=2086295851&idt=336&cac=0&dtd=2

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

cee4cb143daa20c4cab9463bb268fec679ae4e60c7184e422588a05872421ba6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Mar 2023 14:29:59 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 39912
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 5C64 0
20 B 76ms
75ms Ping
image/gif 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=running&ord=1946524524407&version=m202301230201

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Mar 2023 14:29:59 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 5C64 0
20 B 77ms
75ms Ping
image/gif 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tlbr&ord=1946524524407&version=m202301230201&ct=76&x=1&cor=4034464783009076700

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Mar 2023 14:29:59 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 5C64 104 KB
39 KB 146ms
145ms Script
text/javascript 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-B8lUIGCZ-kbncKGCDBneqGP-c1kE4YDEe5CsdSg895Bl9DA8LHzp8Wx9ZqChWMDUJL8p646SxqtJOctybhrG5RlaHhfew1ubExw7hYiU5AtzyJxF0YXxyfO5G4x8dOyjLQkc8ew7p56b3N9wCPRa8EHoNoiA82xS0Z5rbFtzb8v8zQBDI&dbm_d=AKAmf-DeJ210EBU__0PzNShINjZG64iGV_RUjelkPtdPr2QTZkHMD65MP_UHK3zOYn6N6EJRn0uFThrgcO-3x5X0S3hh7dPnypQAnSCdivsIn9nO46cBi0VW9Wsg8_ZAO6H7UGNjT2lfgUVcxfzAaUk6bsq0mt-DrErW1Sq_Tj7lMwYBCYFMETMm_Hl0jAR3PePEZyuiHB_S32JJQCSN3ZtJKOWRyVg8jgIe9E_9MWpfw-6Hk-Lu4mZqpE21MDQAHpGOslZPIrQgkUYurHVOZWYeh7XCT6MlJR8xKM6pvPXethos7tX96NyDMP2TAUmUTAPbuVP5pL7N5kQxAWdfpWAdCZNPCy59wQc5aMuXjIVNABe775WK__iLggMEDRs10st2LnlvSHTakbbbkPsILiDJirmVu7M1crSRVl3_vtZcg7xVbTRsutmz8U-iwiSUI-S9_KSM9Pc-JZJ_5mtpmbpHa4ii6X0TnH2DJA8RIX7vZv-OHS6x61Qsvq2-QofgVQScQv8b5kvpb01OblgOiwY8GAo0ehusHGyKC4FT7TVT4R_f0VKFg1CXDFRy2XBOj6dUa8JcG1rz77KiWGJijScQ-DWPEuYC7DpPT4_Qd3kij0tASkOxnyehzn5lZcbOyu0pigCN2RkDr-RJodT5cso2CWTv_qTvusXJjEPcIdr7rMmcPctmnwV_cr4nXVMjqmN_TaJM42ft78z9wiVGen83oP6pCKVwZJT9YQ98J7EGLmA51MrOB71D6EeFb_Lxp2loaDicUkQbETO398ySOcFKYDf0ecF_rcbsEE15t30auV0Q963DD_B5BzWZLSqmST0tVU05JEZaMDOkwS0AtFEOTi-xGsZ48mcXZLk6D8Gl3aIxIfS5H-zk94iy8TnHm1hijgVANagdBUhMiwd4tqHJlEemJojRlzG2nDMOgiPpgl7hCUaa77ZXegy9_VfnYHoYt9LHQEmZpXCOJxAF5HPKeSTY69xd-4sVA4VaZYwQJDUP9G-5-ZmxF0F6Xws-xr2yfBpu0tU8SPMczK4LUNLkA8bs6a-bKBJQq-v-YeZIbP4nq5FNXWuqw3Cs-wzD-T46-_WscUjybtp6SkBMeH-aauM1EUGMwiZU6Try51z-toZu3R0EpTd_nrBwSlnR_LBAflytERE4CkHDjf23asqikE0-xc5Se8KKrynRKDzq_Lt9E9F2GsBFgFdSyIQbpIdFLNK_cHOyccceCsyIFggr3Z33mJCS_0d19ZMk9uBjbO1oWeQ3O-zTPTA5JZriw8CuLd-L8rgrwIDUZGpTchYNNYGEcEheWDwnzO0dhE8WOJf4io7SBfgJoocAB8j0b71tFvrgGmeBU5vfVZICQKTfEj8ReteoLbP-SVm8yfNDeXsreI0ED64lJAwSoTmpoQ30BoM-7igByRm_wxg0zlr8xO0aiobYVmroobDAqiH7UEZhIk6KeIWqR6cKeKQy4QKYdz_1ByvP453YCLl4lNDfVlE7Uv2cZO9XttzbMX6QWJP5yaMV8SIDaJhPP8zz1RYifW3j84EHI1623wbQS3LEEc7atV8ivc3-57v1LRkebsD6LZddavh7vGjm7CujwsEOCehaI2Pn77ku-qJQR4t_H1PpBJ6t40UNCHd5qBm4ekz9m9zEBr5_VWnZjPlAj7dR2r7KAV_GgK8Kn1q02MVf7L8T2Tyn5yt5ewq0WTxoijgaiRw6z-12bFTnrEk-ohOKJfowoznlQWCjkMWJ5M_mbo_8DhMYlSY728e-MapFRDuBEOFZo9QSQpv3ieg0_NA0wCtZxi8Knxa_ST5kdTf-f4I8Doixq-NiQZ0aiXiGn7K-vM0sYdPGjxMQm8Ng7VkeTcI1Kh6RSwyr53p07tntLMi2gWFBs9ibquWNu4kAEQxU3__DgrMbSBCHG3ykQF9pH4bdv5GpXi2IkYKjKTWiIlsfxaXQjgrBF5v8tcrcuCv3z5WapRANpnQrBtNaQ1MFsUpgJJEYHlaLcDg1jyvqpaa3tzLJCGxaW9dvSUHIgJAfAH6biA94nYOMd3ql_0ATY9U1yAFM9MPevUnC72NbFjlwiPIdPeRKcipUGeW2I0QjQiQvZuxXez9hANTpO_6_VJJvwBtQhWHnaNIP-6C1FKTs-s8C4LvNVJlZ9czl10N3w966dpGMvER67c27yUada9_u1C9HhrtT9Pu3DOSQIOeQYbkj_fWKDvRECnyjkmcyduTuf_BdQFZZ6rNjlOE1-09xjwz-RyRwV-aM5dN3iiiUv0KiyvA5MKGhz_wnrF4BfuaiHpPDH653Bh0GyWhdEiLX9G8OkuiSp01Db565fPmIfTIWJNf_FHK7hReRslDftPzf41xwQiwe9fpL1469M8ucHgIdE-HYOiOBKDw7AHBuoLqmPY3eHrcAtQb3IZW05TjmTH6kbntMUsobYL41TbsOSv9-Bek1xJq3upRVXU3mbVk4kL8SLyQ8MNU14qz2C7AHAZVHvRXLEgy3Z1mZDf4SZsVsuNxO_Y-zegeAgAkaqCfL9MBJ-NXeCkA5x9qYE3pQkUqUhlkA9MyxJEVW3324PCNlFnzacVnFxMWZs06w9d2MoFm9NiIRy9PIKrsNA1VRaMx9oDfcALgE5RbJ8HfxBequl1kw_ehJLlsLmlXVRX99dl_rGMyfiOqkGRT5cQXbHzWErcCxj6H9ueEUxON7G6aW1mxWEivFWIKi_2_LPvuzujmQfUFWMc_KdMZnQci3pSB5UFjwAQzUsauiF8GvAfxizvNvrKR-tMBlk9lFnARY7sdYgKqt620IAthcV_TlPZLcHDWyHnGGEjJOnaWeBrmAcgMDELOmNuGkIqPj7YGE0VOJyj-ToeBxvzqMpkPoocl9yzygkFf3WDGcqHiqCzBpL4WV_JjFKxdwsv3zysL0KB9QzJGuu8MxF4GTbHsxOL0_arURCx_ArTEswTFXm9jujclU_rEuHCeskhTxD9e3DxBCeVK6KMgSDOhBkEBeKMRNTCvTs1fAgJuA8kpAg0eD0SapSyDmkhTpHdfp9QfMTJyQ6sL5lVgZUYoyMKb1v2rjePQHdjL32PKPgcrd9ppXatiNyeeBHPwSzIYtR4Nf5E7KMStgZg-dlasGz3nt3HVBiR7tW1xUQmowTGxb809XtUhyluHfVIMkGMfyA-SEwkA0Jq0yzGzmpE-g7fz1srJ4COmcavucNf3ev0UtPrc6251NoEshsmAgAs79NidfNi8fTTIJkgfLewopxHmKtBlF7sQxtV4an5kSU_wzWsg1vLAF9tPsNt0TAeNvLjFLgJaQiEYahB2CXE2HifSil2ZOdBK8zoBy6cscclTYJZPNGauaq34nbVIn7YbXfmNSVL9fkwv6Sno2-tkVA36BUSmSKP3VYU97uUFP39Pozin1&cid=CAQSTADUE5ymhglG2dMD-sPmC8mCDI0u5KoE_5q8J5NHkATB1V2Tq2g5sqUdj7zWA0sjZyLAAxs1a9KBqtF1u5TeC8CpxvltVTEEfDPfHUYYAQ&dv3_ver=m202301230201&rfl=https%3A%2F%2Forangesport.ro%2F&ds=l&xdt=1&iif=1&cor=4034464783009076700&adk=3690638929&idt=306&cac=0&dtd=3

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

97e3f2f61049ebb9fba0964998a2eaa00b821a8def7a1b10bb084283d57a8a18

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Mar 2023 14:29:59 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 39937
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 738F 0
20 B 74ms
74ms Ping
image/gif 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=running&ord=6425504492768&version=m202301230201

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Mar 2023 14:29:59 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 738F 0
20 B 74ms
74ms Ping
image/gif 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tlbr&ord=6425504492768&version=m202301230201&ct=76&x=1&cor=1454132998387860200

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Mar 2023 14:29:59 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 738F 86 KB
36 KB 120ms
120ms Script
text/javascript 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-AFBfACcP0mM2VdhHD_9ZVP-EPHqldWNQzgOJc_OwlOC3W-YdgU7dS2IAOSjUsnbzpCUleTyDVvM3hOcU4yKQdnQwD31hEGy0FML3wvaxPpTb-qh5k91m1mEE7FNUcKOdt-Ez01jF2-YBMUZ2lrZc5mej23XN4qkuZuboVy-gnbxHjNPw4&dbm_d=AKAmf-AjUr12tBk5bNqV4waqWaZI93TnIid31RL8kbPKLtitaeXkRZbHRL1l9GbXNrB269Y6e0OfhRFJ6U1IbiR-Iw3GuzvCtZEYyAty4BQUPtKcB3-lgriiz1bnkUusNBX327VDocWnT9ql0nWoDJY3ySrYValvtA8-5qWpXlIOXcChPm20AzLSxE-85veZ8CcC6t6YkycTemQeKuRnHNEMrpyYptJAvGob2J7wS8-uvG-oy0PZhg_yV-AN7q69FAI8unHcsRunC5c3druXcG8D_99NHKlht4bX3wpgWCNQiT9k5GbVses96I9AIpOi-F_exXhyyZUFRezhl6J918QEoisEiHtiBQlDmZgf6MmQjtAf7jcd786scuSUaJ7RUemZ117DLGsfYFN_LuHZ__wKA6LJ7q-alOYVvb4a6nhhmpsu3Nwkke0j2W8050hoysvOIhW8gJY5Os0FkiLlilY7xcN__T7aovSIBle5OCK0M797YUtAgA6nh05CzQtm8Z7Kg3JN9DSwsQT9L8JQ0P0VZTisF2moqH-beIXRxGqgyuOn-T60jxm-XegxI9sPqekPm-oWrv2AW4B2KVGqT_qN-KgjGNs_2GK4Fg8oCaw1DbpNetKV42eownfr2kmMdelYeqRPYde6Dl7JcZJSJppN6c-uktOEawqYkzZlX6OqQy_rfDhjRbFRDAPy9awQDx0yLqClW4Yk7xOqAd2qkWtI7Jb4mnLvrxsbGT1gYeTpHc0ey-pMgOVHUINJ9Du82C0CpunmxeCjXVa8CO8Y_tDXP0xbIbWSXxKBHTVHo08MBO85nOZlUGu7URh4-Hf3-EFPfvQVjxK6nLJYdxz6fhjgbUrNgxtW5nI-mgSrcK7BtN5tSlIf77jbKXj5lqqXI9R8ETlJMx8XDJcySlaylystTVq0zcyj6RTlLfTvuQDokRu99m3DnFCO6p8CL6YdkiDdGA2V3-JpX0k5EyLVroPvfxIIo31e6cn-Q0-PnTqFNmGQq2jFBzHIGCuOBNdokNRfVWxyYxNfdDzzdmwUWZH-Nx0JtpEDBL9Ytt2IRLzeQdE-ve5NW8FhMcjDPR8nRH4A5_Ap15txsyZLa0ogijmN3KAFWEhqVdZ0yJONN1jS7d3uN_KaCMQi8FBMnfNoWJVBrDmVqtz3Fh2cB4_lzjoX6h6K6awB2dAnTDAupSEU08xFOfFiaWFGu8Mc4YPOr4xP62rf32K7eFbqZFhykwfe9rO43oaRvMJfYiSI611ybKbQkg8C32HFMWx83l0iULIjsRT7mgiH1SDhs0kep0nBlN4emUrHYmHFoXKsDLJD43m9E5nTFNTEM9ArjQWCxy77uO9ebJ1eTFnLhvepSZQwM828k2oKDlQCFnCsOl9o5BGLYmJ5EN7dCiRh_g9kxdoFWz2KfiflZhqi6dI6c-CP4lKdaVzVYXSt60LettJoqOjPK1id9bVE6NDW0JAdwUVWLWLmJeHz7RkthHoARq8udZb8D19A-6kbQ_aWZqoLSsHxZv5JnU-K4_arCXEfYIXuDPSsJeyU-r0Z5wXFhtmE9vutDemVQ8cgqpksqRkM6hvEOItISHRU227GZeexaI5YGakTdigu1KmvqgR3G7M1MGeabaD3pnbRsivwD5eM3e4ogFKxScMXS0Xj5XFykymmQaWgWSFz6Jm0ReGgX6IMswLmfxPVyjhkjnbC2r1W0PKwchOHArbq9brnOgrKL9dXaXq9Hr7yhIQGI8VgAiMl8N1O-MdYO_8VyKxa4H9DXlyI4f6TNFdKR5pG2ucTvTFRVlZ1O2JwBMFTs_xYQo3wKHv_yJ-XCSTkdLTZR8baP3ZSbm4W6mK5yZ6laQgk_ITm3CGJepE2FrC6E1LNE7Zg-zeIUMfTsJD4IMLEIlRFbczq0chH8z-nqb2PgVywGFIjHkxHG0onYlvgR8ghmAGs5DJX3j3PpP1z9dIDp4cUbdh3cu6FMaCS7kA_o5LGmpqnc1JXLQoF0iz9uAwFxT9vvjtnjHjuTW9CSskUiK7Mm-0R9BXBdNROI2Cib6kGoRTp8dbRJDz125C3Ew_jjRIArOIKpuJ6O869BiH0yC6cKmmQ2kB4n90bKwC6mYXye_0UZICYGnU5313gdVgSfCvxmtuyDA_R3ax-0il6nBBqT9dQCfm3-E0gNtbBu2Xzex-tr_qNlpQswqiROEjn8gMmrPyp8an90CjncdaVSdvaSbqotRTEfv5O3l5oy_2eMzFCJ81zbeNLKXFeQ15vz5Myqqv7bQRyS8GZggmtMo836-0H3OARF-j5Qs9aS8Zr_6iHZsmID3GYcRv_jCuNzBf_ZpUFJElJcWtFzYfsrtMzb7DNeyjWw5abx-1jUUvqUR8VEghluYBmkwDO8UYqhmfEeLvvPHKTOl2oWZQF5JH1s1As-QfpQ0bxe5NuVLLO9qLcEZe6KyY44dkMzzkuVVVgou-RQ0-96s7Hm5h2O--7gqHwaXpRI0kHj0b-CWEAGH3BgTSuUA1xd3WrIByueP9DMhcY9jV7ckgT7hcfJk0Rq_aT4W2AxrN5mFANIn-GHUW45qAFxyLaMdBPKV9Ep724q9ghfeNXT4ur7dlVoyQKdnFC5cwrknHz07qO1yjJDjt-AGgHAqaEcClQ7qdkJSMin8JrZmTAQcK7uJLjwIwLGdFr1mpXkTCTffNkEhrV1bGqQcGUPXgxduho-W1OaaBAzCqmdnRBnxhnjXd1j-aBe9mPfPsEzCJXvwnkq83ThZkDC-sUyn3ASrDa8xOnRGkPqV977I-u1c2sHYoYxbrz049ZGyFmGk6ZL4LymLK1elXw-TrVtgWZxFlVSwWgN8-OBDRf7igh4XuTU9zHtfUkth-fLjEzKKox4fi8Kfp3UJZ9Nh-5tMXJRltRBreWD8x97U08DbHlDxlHe60MFmouU9omft7OZSbfeqxWJQU1CHzfqbLNV-cY8TpY9R3bbGwUCN56u9QDAEQ-D9Jndsxkz9Yal2bKtggjnotMEg2ZMEbXTYnWNVcfRPyCfqITdQ8mu0uvH308oAeikW04x_XEHWpyWBo-BM6b_yFxWgo3C-30V85b_YC5rLATle1ygkoChkOH6OjyJvxhp-gwAH7qto0juE_2zDaKIJazXiHbAb8qK7xjtl1pRm9xVZ-RwIyq0xVW2QVT2jtTnDBMNxSxtCrSSULOy_A95uLr2_jraSULNbP0gEA9hvS44tdkKoNp0g0-jdkLBSUZCoM-RE0XVkO9f7ONyunDpSo3AR2r9E9Z5ntkAH0M-YFNKWUsMKwOAa6Kgrz-ZPXjBE4upEjVURcimfo2k3LfFDJkwTrHI6Qd2Qabc9N_xYCXmd2dhlOxL9Q3N1o4_ZfwyLtVx7NjSZaWZkFXmUSI6hV4aWkPbjw3ZfYeNVDd&cid=CAQSTADUE5ymhglG2dMD-sPmC8mCDI0u5KoE_5q8J5NHkATB1V2Tq2g5sqUdj7zWA0sjZyLAAxs1a9KBqtF1u5TeC8CpxvltVTEEfDPfHUYYAQ&dv3_ver=m202301230201&rfl=https%3A%2F%2Forangesport.ro%2F&ds=l&xdt=1&iif=1&cor=1454132998387860200&adk=1033480531&idt=306&cac=0&dtd=3

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

95aab837c5c50d19e2ce6eebd57bacf6eb9975be990beef90c08c061191b3bc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Mar 2023 14:29:59 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 36658
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 3218 0
20 B 73ms
72ms Ping
image/gif 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=running&ord=4723911474547&version=m202301230201

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Mar 2023 14:29:59 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 3218 0
20 B 74ms
74ms Ping
image/gif 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tlbr&ord=4723911474547&version=m202301230201&ct=76&x=1&cor=10645229588543791000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Mar 2023 14:29:59 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 3218 86 KB
36 KB 144ms
143ms Script
text/javascript 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-B35ONR9E_glVsMDDGjCq4Ks2Ys68ZmwcguBdXPUy7P4X2lGu1TdFKynPguaDB5y_Ampzuau7_oBl6_Yt-RveR4tW-tsKlxUk_OjMfxGEP4VWM4OYB57iAIlBpFJLwPB8Nkj8VSopschJ3xUdb51DRn-nrmNoLfbVtr9coRjxpP33C32vg&dbm_d=AKAmf-DOSIELDL1fFbriQu19AcGENImNGNCcb0Uiz1jUL8rdOZTnaX5Yf1ejgbZDggYF9uH8d8YsvTDtk7BfcIHa92h2lDiXKzp2zJLGRz-I5A1sxZ4Ho_uUnYglAcHf9c_s5DjRFLZLSt9l8hsSvslWShzvuKWaHL7chV3vwru1TIn7g_wxU2uEA4CLB2uJwU_90E24ETMa6wGuU6fvL3oxR-xRlP6q9OZUpN55cJf6K1dYCdFUXNKgP1FN0U_EjtT2XtJfjDZkxDCeMXR8GPnFsGyCTInRMlr3jpItNZg7CGl3yZs0-PtMJ3rlypsSGgBlCjKkYrzkRefVmDFrz0bvFORhmFni_yjT1J9nmdW5TmQ6mxLmi98Ftn3NaGzonLfiyqUEfLwwlih143E5aLlNMjdotOUks_duKo8Wsu6bse-qDbKQdPdQvidFF9JOaFlXSoKhkPa9iDoz6lHHLne3EUBTv4XRGtzxDXMujwD8-0bUWQ063K3jbGDpFeYNxMH0M1_hYbshqC21i22XEPR8_DDNjpwXPHonXMM28r7kWUYBnqr3mAYQCtcoJonOchnWWjKPFSxAg_yWi-IwUOVFLVp9QJPgNrAQaDhL_gR42LMxe_mX42QSzZmqE22xxUnNvtymapN0vXKa8XtL504Nbt_HLR64HYSgHL6cuxkVcz7mHN_LAAj_l71jUYS3HsTO25drYPvnYxj_e5HMBOHuJvsGFslhQSAwRFFHkLg4QLdZPjhFh01KhOOxK3CRUCIpwnkxnENGPKeytQiBpkub_6z9k2WwNs3rTh7FP2d57Ajor6P9OMy1zx23mb64vJPjx0z0lYLI91x_hy9GzdrDkDlHoHJwFEouhbLbUyQFmD7jdt4zOnPjHhyTe0GZOjU3oCo2FOF-ur7YMKzCt1Si2G21Ph7BBCma8LGTYZt6XxRKI03K9Ojdi51eQnXfukK1HvSZXh5cRINwNoWXD7enQwVNp5AjCkN4Cc2aGEk55SCkJWwDtdaoenbLLcOVaYhLMwkwUglA-QFbz9flrfwP_wverCYtNFLXmpGTbQSvaDuOUfZTbqSW2SmgP9hDkpkTYu3fc44gY8haP5KZQgSeasL87l0gSF2rZ2QUtDyY-8e9hutXIIfCvm4Zh8irzSKkBRq_j5tv_Y3fm-fzqiY0P0PbEc8iKrroh5mDqv0suI_R7_BvMVFh1rt-Lkvy6UMwvhVMUzZzmU5LbAL8XZmUpdkmYabZMh7Jnsp5bV751MjD1P-bZlCtkk7TDW8lKOMhkxlbp1IknH33GqqgxN0_9SoJhHBVOv9rE7a1LTPqUM5cm7kRUs7m9MaxtJpuGfwKxYHPY-vMamWLibt6UmEfQtORUQ722zQmsqAIjOYeJKdA4OWoPSN4LJfPgWYOv1T_OgmdxcJ-4IiiXRfs5RNZ_-cQEgh2p6xRlOKznSYzMJrROkj6c7JQnn5pgupSfMCNIyTaoHYOIn9DdKcRr7VGNeIoXmkem-GES_pjApPPUx5yHTY71J31uKG2VSe4YdQfjZ6qQXPgpIsKrZnRZ3sZWhnBcNeURuN_HXE3KONnHjhgycwX9Uk3_EnwG4GnDduN63PHZSdvpij9-ZINBXlP9woBwMGjD6j25Y1ut0ACW_vHRUJCOW3AltpDyJFCwLGUcuKEaaDvqAe2-oBF94vDn76xEaeMwfwsYlpc1ojiNHCdefRobUvPlq5cnCtWbaotUZMpyQWUUEOZeO6oddrUViNSRdy7YShJgGd-OSbJCFS952yOsr5uuWLnKnuPhpryB9ctRWFb2DYRLh9WdTr7vc1nwVaDbIM2rI_O173Ds7kjy5q_om5Jf2Ko1YkEhjw4_bQKsDF3GPQ4XkKBpRuwOoL9vDQya3ROVxWv1jsLZcvJIv1NxqALhizt4Rn7xDHprpIRkYhWh5LHQmHBEAY4WK6Og_YlRBejhoFlo1S43B2TQvqBTjdMa8ajIAupxAQyDl-1pGV-iutpQ1wz3B9XWhG4iYM7Z216H9nHwzdXMs5FX3wKMhYA4eNd4VaGU9Y60hlhWP7rAyr_WeJwwl9rCX-0fceHZCNXSzA3LIXoOWwcTz60W7EIR7I98qYnnZONZxZF3vIXMJwmz_zeUhYg2yed-rQmZ5wI8vVpdWZn6iyhKOzrplftDxQf514UHBjjfD9TklFV29w9-KsgQtSBL5iLW6x1eZORMHi16KdfEH1ghjLE1xmyVRqcwMkL1XJlq6a7gVDnmokUBh_N6dbt9w_wahODMrdW86p3ZYvZ8XtB75Gii9CylnbkRMpAfsZfmFxyrKmbfsIsOIvgCWWhe4eHFuqBGNAW1R26BDJ25ddVN9llbZTW8RFoi5JwBPIM203wdqiYwuWYHSk8oUtf4ILg4qTUhxsrTbQJeF-mVdx8XZ0xKYJhRqoQ1az5pg0TmWx2o15knxgw9oC90RLRJ5ljbUt2i0RDVWzTc1HLV7sNjBCYtNZ6P8QdhA_TAj_1yeI_wSti2i0dSBdIUDMo3CAGlE1wzcdIIwjTG__qM_i1V-hT4g6OhGFgAxV2fvQwsVEAulfOW62SigffSBzPfnlRy_Fcscw74z-SXWkoegpXPgnLlgiIuDnQO76n3uJDZr8DS3I_pdg8ShGufU_YtDbWWQE7YbCkrIAVX1rma23FuQ_ZRYQvv4O8A5ckF1YGLydy7n2XWe-3U3F-dZsAQdyvbMWxjP28BYj2Jxe1NEDitlrWUnu25bxnMlKWnaj4f63ggzI6fymdbN9SQHiInYfRVep2A78mkUTIEJOQ5rZsMgHvVHqPpjQy_ER3oQRW3BmmSFT7C8xNS_vQpT0M5x6xMrRN6jbx2w0DAYFFUff6lqfJLYnSVd-Z4pGsf2MQMBfKx0TAGEB2nbvWY3nsR2SGDeyk7dutlfqk8pSwZjbUNio3PITt3CAK42Ck3LXJaLk6LZAWDO2gweEBDD2NWzP3IflQ-CGbnOC3jRnhmObAZM9gt0nKSdO4o3vssZX5ZQA14Sk0EHlqliOnpwtbfqobvs0sUanT8i391WpZFUjfKmawMeBC-ztGBxGMXl4evhseFUT4nlie81czm7k3j7jEW9HDdhrH21aTsd3XU2prbrcL0BjSh55d0wVPL5xbhdkON9-ThYIskBGKQcBaFFKXR3pd8RpluRfePlK8bAL5ARMnpxeVIR2xLRz8mElQ12XZ2jwQ58VDUqfq5PLZkrwiED5aZxjAzn1xgURSP5YgnSHxkeU1F0N-ZnP2QvVQdaQx8jeOD51VikUWATt7SZ6__26aIcWI9NLZ3RpJFHY6JOxpQQGbZIDjgu-aAkAni59LyOPmYBDNcHcqLD3u2uboHVB2DCpuAxUCKv5LOJyde8g8-VuXLHe9Zt3knsGWWvMgZJzb&cid=CAQSTADUE5ymhglG2dMD-sPmC8mCDI0u5KoE_5q8J5NHkATB1V2Tq2g5sqUdj7zWA0sjZyLAAxs1a9KBqtF1u5TeC8CpxvltVTEEfDPfHUYYAQ&dv3_ver=m202301230201&rfl=https%3A%2F%2Forangesport.ro%2F&ds=l&xdt=1&iif=1&cor=10645229588543791000&adk=2004672170&idt=292&cac=0&dtd=2

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

03340c9ef9335f73493ddeda6d04c5d4f1b8238ce570a8173ac6ae17caf0f2f1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Mar 2023 14:29:59 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 36591
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 3E35 0
20 B 73ms
73ms Ping
image/gif 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=running&ord=3996462559776&version=m202301230201

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Mar 2023 14:29:59 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 3E35 0
20 B 74ms
74ms Ping
image/gif 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tlbr&ord=3996462559776&version=m202301230201&ct=76&x=1&cor=3318827580576410000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Mar 2023 14:29:59 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 3E35 96 KB
38 KB 123ms
123ms Script
text/javascript 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-AqReh0wM_Bhn02kVG43PTP5J6FdC_ybvGadsHeP6f3jA3nGgVrcJeXbdS8CwuRWy8B0Lgz0yWJzDcs0gRdWA7u9BxYsx_Fy7pM6vm_wPyZcqT_v5INMlB-wttUtRxrENqlG_1N_E_ICzgtwrIBbjq-gLUFGYWAk_z_Hs00cNb6u9Y29pI&dbm_d=AKAmf-CMBEmwx8rtaIr7TngD49246wL5oHTetwQ1Ygd9dhGsqCu5wQ7f1ygUuxdaeNbUw5kDPjJMSgyf33jWc8y7qTBl6YOgNxm-QsmQy7nXFlcWQGMBldxdcFd47lU3fPPK-tDrEIXmfBBftYjeXFVrUNmLHpRflWsMH_C8E3cBVLYHYQrYUv-m_79dxYDxVrn-L4bPZRPmfDK5V5MrrNF5hPEtHp5cb_XFg_eiWzoXsZLYGP9c4bti0bmvjXoQ62JLoSFrriqag0Fb-RK5njljDGbOChuPmNLh7hdBXj7TWjBNbSTMm8rgN_A_ZXsa26R7MfJscfdlmJrm8atCIb1nL_FhUijLNbQ5hbNWa2Cs7nwr1qhLH4WS-_iBY2CwKAC2UH3ynGnNFbmMJofDCGSRAWlPmeYP1jPQJlEuH_NCTkvByEfnokZMUQ9TysQnpFvWBYkFdOc1J8ocAArb4q52He0sl4WYdUXbvcn1213hOW4O98FvKCtOl5I-xFpoKjldaB4aJHIymBYiJTyXQbTWcQTDY_ATQFgzTu706KUci_EC8mbN9muEm-4prfAVfNYQ0mXHxSZLrIOC5zl-yge8DDqUS9ctzzEnvukAuUeZtKgx_4mI9k_0kjSqU1uTsL3ToqM2F1OR_wtbLp8a7kskcQbSANfkovl9laTQXaQNR-boL7t9w1hxRC2QWQ0wIjkBQ5rYdY-Bn9xzcNZ_5NnfZO5v-iB1Pd_nK6rA5R5i2uNKMStjxWviI58dbnTwBzx4aOIw_vank0Ug6PNCSZRTibgV-c_XrGFEI5f56QkU9h3X_bmf4Zxuo1MfT76KeIpmOSTas8VWo2eAPV1d7luYYhTrHynXX11DvH25JeUoPUFji9fTfNfJl8kE0xGmNw7KoyiZNl7bKXsMlx4VcfXZ3KyT0SQPYlQgkQ1YSSk6jbNbG1J4v3gqnl5SunhdHZPfnPQk2aKKB0eP4t320rqXgMeLUIyg0LPxsNGYP6oyK3kNhLK331yrdQ5LH9GOeL2Gse-dUe36GwRP1zH6pOuoZcBgfRnR_u_yLDLbiHB0r9t7A9Up6xBrQH4ixkljfRgArgkBOKnYze8mQuJi6I5vlXBV3h0-1kYaRs_DA1jt69YZ-jTY5PncJ5xJftuBpHDLzY5Ao2uW57u3iYaNbMRl5eTGiPYrnDjs4dHAFq1DH4_C-Kk1LDvjtF7lP3K9_SbXe2vBRoA2sG0LPcMEveqvomFE26vnzSiKZFkowpHr_CNKIIeo6J8rLP1TY3IK-XNLpVFX4KNmIrln4y4nGwg28Pi001OVyQSkG0Uf3OeFOEPiNoitxjxNGxR8kG-9Td_bSyj5nJqbct9FIV9Q5rJ_jXh5iekMrqwG_UhGeAAQALmZbuCA0Wo--tCMfaYiGq6k8SBgD5evD4JMWC0I6nyutUIiT3dXiqvr2RMHvvtGB0PHVO6Jak8LexPc_L8-n-CxD-9TPEm7IOFWjgi33QHKAWz0QbpbCHu_q4cy0cnwbw9Dk5e6xA-pOYVtnPu4Ecz1Umj4nS-ojkG0LEgs0toJiKRvmZI3GlHkZx8z-VhtplGHjGnGDwuOiDgmXQ9eEJHQUkoPH5xqJwRNVtR2UPHYuTEY4znApArF_9IHkHxv7S64iO5UsQpu3slQwDlj5jyJ5e7Wl45_m6991hhUG4qiqXPBuAiZGrzKt5I967fuvz_oIjZKh4ROzyrde8lI70x3ikh4YHgbI2NvpI_BiSZc7RIVXts8cQcVSItanV06LBiT-bWBf-el8u_q5dLJtKWi8wy__Z9vgycA4HREtCLDcRgSIVLXplxZnsgqPIpwFqS6qD9zX7v9J_rxDyfd4bYHISnqW4qJli3z75YOSCoeGHmH8i_LMd3TB1KzkRNA7k3KpOgOWNIIO5QsqSc4OMA6vbWkX0xIO-1ayOPNN_lH4r8TYy0HddpUgnVBf7QLAzAPvsViEG003NfcT67GNPMrA3IPtUUb0ZnajgkP0gEnGQKyIt2FzAKFSTW90mp7C_13NyTEFv6G7KsrtXPJJA8BeHwXxUXptgp-Woi663nW3Q_Pu4y8UYvx3oL1dwi4HyxySQyDs6eYF5_BHqjWzgu6uQA5ZPx_B5UYmB7dAnh24MGLqecc3e9C3ykk2WwF_qr7PD88mX2jW-F7G2QhJ7bS35uM98aySJl0wGw3mSLPrWSsPeaQLQieUzolAF4xwdSh_5l5ym7KCjt5XR-6aBBxfs8K8Psl6gzQ1QeIrcOkIwW-eYKBdjS4yb2uVyTW6Ry7AFnxGi0rBi2Bgu7SHMJNfU9DxaP4ht2SfUnpXP2Fsi_E92bKg4dTj76KLcwZax8t-cvM0BokyXZ8ZXnZkRwFbkHMbA9rNCgbaYuSoXODjjDyTrkPhrMrXZORcNRjBpfGzaRa_1c7tC3voIiSveCgmuuAdLuAj8v81F0CADpkeBXEfYzsj-oz83tIzlZixn6g0DxALzP8-6k2Fnghz8Vh4AUu2PonN8grzqemcl355p8NO-dob_nF4c_7Xj2D1XjaDkP8SWhpRZOJvXQM6oJgBpTL-5zzqayHDbX0ls4Q2HKaSorWeuRTz1Fl9EF0wq1TPlhGJHJZaX28XQd-skPbbQEWF7FY1iRVY0INjTfpfsqpKNRJgWNi6kuuN_N7McRiu9pzROrALpSGEiwSL84fCwlu49waIKOqQRD0mOu2lE00O_8-iop8YwkcH_6EOQWuSyOhnIBeBRL9Giz4e5CtkPH5D38L7kQg-aZ7XFTt0aujV_IdeDTRiGtGbOA-nNKYvaCSADrSDPCIlRubRshYELCLCLHgwDWdwWOlSCCG5CSyjp-GixMTMfqfEgirWv85-XYrHIlxz9akbQFcuxjGFQFQEySImNsciVc3Pm-p6OnZdI-AwYF59CgawyggWYsnKDTMeaxgdpFYQENhvKzNzYcGFY_1rJbsIS0FYjaPU_mLdwIu8j-jq5KZ8ELhF6ASvpLVYpSSsnmNGFfveI9NREXXitSekK_kYjfZ9Fy9JnoF18CNontjeVMd5uLr55TWA_7YKpc64eJ1TWuPpcAH0UH7n6mrU6z5N_z0qnJlHqVqiEcK_fWydIJs22Evj7PD_qaHbv1ByjBzD3ZlhcryrfkyBJpoxg7N0vvRqPBZk982tGqY5tFCHGJnmAHM5fKo25Z8CTiWkTjLeglXbki9WqR5Wxztgsk4KmlxdlRllTZdHVz25GmVlRkgoxfXFcJg6cwT1XlzaigAc-CSwhfD6aU7jrbEYueXHg8RfwI_ySFODF1bZQ&cid=CAQSTADUE5ymhglG2dMD-sPmC8mCDI0u5KoE_5q8J5NHkATB1V2Tq2g5sqUdj7zWA0sjZyLAAxs1a9KBqtF1u5TeC8CpxvltVTEEfDPfHUYYAQ&dv3_ver=m202301230201&rfl=https%3A%2F%2Forangesport.ro%2F&ds=l&xdt=1&iif=1&cor=3318827580576410000&adk=2935317967&idt=316&cac=0&dtd=3

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

98226821dd15cc321c7e12a25b7ea6d25fdeeaa910eef5a1f92eb63cf9103584

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Mar 2023 14:29:59 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 38806
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 skeleton.js Show response
fw.adsafeprotected.com/rjss/st/886862/62195780/ Frame 24F9 243 KB
73 KB 205ms
55ms Script
application/javascript 52.30.84.16
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://fw.adsafeprotected.com/rjss/st/886862/62195780/skeleton.js?ias_dspID=&ias_campId=&ias_pubId=&ias_chanId=&ias_placementId=&bidurl=&ias_dealId=&adsafe_par&ias_impId=
Requested by: Host: orangesport.ro
URL: https://orangesport.ro/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.30.84.16 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-30-84-16.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: cefe7f1658eb1e3b2da2039c1c0f1feca4efb97d2ab15a828740ec4f31388975

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Mar 2023 14:30:00 GMT
content-encoding: gzip
vary: accept-encoding
content-type: application/javascript;charset=utf-8
access-control-allow-origin: fw.adsafeprotected.com
cache-control: no-cache
access-control-allow-credentials: true
expires: Wed, 31 Dec 1969 23:59:59 GMT

GET
H2 200 html_inpage_rendering_lib_200_276.js Show response
s0.2mdn.net/879366/ Frame 24F9 170 KB
59 KB 154ms
41ms Script
text/javascript 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_276.js

Requested by

Host: orangesport.ro
URL: https://orangesport.ro/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

96da839661d63f7cab3dc3e43613fee97166a472555cc91df21777d6d83e58d9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com/
Origin: https://a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 07:15:46 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 26054
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 60311
x-xss-protection: 0
last-modified: Wed, 02 Mar 2022 23:07:25 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 17 Mar 2023 07:15:46 GMT

GET
H3 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20230314/r20110914/elements/html/ Frame 24F9 11 KB
4 KB 41ms
41ms Script
text/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20230314/r20110914/elements/html/omrhp.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-BRGNKTcihsgrLJ6NB9dwozeQr-SDdmLaqoUyPrsgzbOmwZPe0VX89hdYLye4_c0J125YklMyhgquhbQF8_ixcH_ttEQONrkuUTXYkczYls0S1yy3pl68H10rjWANvU-jcs1Ay7fNcIg2s_c1Col0wbcWHZ4OUQVARSWV2komcM0GHrAI8&dbm_d=AKAmf-DWF8gK5NUCpOt9Ur2ibfS63m6u87SrpW5vvdmQMNW9NoAh2dACitsAv5aw2QAAE0p7YDJtTPugAzRtTxr35IIGGkoAgd2Fb853l6sTprVUGax2ucNUwqvQntj2TAp5-UXFu9CNPatOygkEiYDJeGQR26JwxKTLW_tSHgHwGyIXpfZn9wGHjU0RkoSoBbzgTE8dT080bqp7f3WyQBtyU_biqQDaDQdw8L_LKlmggmKx8X4rqTd2H3gSrW9RB-2IpDa-wg20yIkDIEoiTO7O4Msf2ncDBK3NmLAA4ifzfgdNVe7v2-0Qsn2TgOckYVXh_8RbDAXBFC1zN4zoLLpDJmqmyaLtbBoRiOf8mh_gGCfhsLfo7sf2ziq2l1f5gFXxEHqDil0gyIBHjLtyenCJ878IzJK19tvl7FQ_J1sYhM2XPdaBE4L3bfAqu-AQAas3CgCMQPB4zM5NgPC4410xjhvFFBUBgkdnYYiDjOhDRbzXt1QLD348n22M40UENVrxm5bmvF3dtkco-0rT6y-YkHKO48iYUVgFnmZjJVW5oNy8P6_jQSGmmsFP4cSXt3aQKvo-P6I7n3buDK7vnPbBJQYGGWv0TRXPJPjGd06vxQ52Arx6jT9TlStjuRAxnzATAKRJucFpnOK5HCwRnYc0esNvOXb5l8Fee9Liclro8xHNP6peSn9_AE0gdzpOEZRJbbtCzIBk4wjABj5xz-E6QikqalQjI6L0jKzbzDx4Hm0J-8vH13UEvgO9u_AFcTfrOxqUeylDYckPMYKL3XO28UuL_yvIxiSqeeax7P-tfWJrrE-86Qy6qajcCp7CpUcagO6e1c7BPaTgw5PXMHjoDUXTnmMGL6kh1P5HtHp1irDq0eutzOJuwKdT7jlKYRLPgXxGE9IuqKk9o8KeiZd1-zJaVt6Ouku7bCBH0Z31NdRC0rrdx3GJrh2BcKdvsieyDO2FORU5jgj1P16tP1jCdU2GMMOfqyTMUyNshMWh9amrJE13pKjVdl3tyfMB1gXRVSrnIWfEHe6RAWyV5cez-PK2HYbBncoaUx96AUupNBLUM0b27HP1x8NXHVeXb0ep0YPdgqUhCZPgboYsRUe-50dgegqrp08owDDCeXkzk-RzNLab_VQoRGedG8U6p7mKZHrnn-lAs6y2eIOAt_jd5_LJZugMyYalb-W_lNhMJ44OuO92FANDaOcD-WALTzJ6L9efJ-EvVBbfyAcrvpF1OCZhno75HPPtKCHaW0tuNfNZIC7QAz07hu-bx5SLidW04mhLRzNIU3cLqtfAVUpEjo0urV4o56G1c4BaSy6fKu-Hx5665rA51prMww0cyM-W35u-UfdAd3KP4glxi_cULqpRGdhSAFqw-uKl9bmHFuSyBfa1aaQ7YcKOMdj6ts0TiCjTCNhyP8xMG9edQ6Onnubwi-UbI5YoIlN_xhmGEaVpxwYJGh7jhZDlQAigELOGOEUrmpIeuUwSRko91_2c87QG4s1giiskXEuaxApdjZkm2J6zJiHUWvmu6Mzjps2HkE6m-qmAasDv63W2TwTa8irPxNy_nGfdk7pxmq2U8lhDYo330eKvnCDwdv4j7gIpWi-RQRrxHONkXvQoEnlfIUiD-w21ZL0YX3wRuZ-K1apNE-5ygFxcgvrHJHquE2yeEgPYlI85eheUNwU1vwZgtd92uY6casS74_olAxaVQ-cMl6xvsy_lJRwgPHnkA81q1f0ZatBy6i9O8HxCqFBsJ9i094jvcGzWFrwatiHSRvZ74Iqpc2mDMWO22g2itGsg8d0UOsbNHk5uB1Aw7exrI4a-aUX1RBUT81cwwc85p6SnPYcIAqIYrZTUDfT0-r10xUFCfchbWLHbDLknyE5ZpImRLTGqdZw5JrEk4E6OPMKOCUh9v1rjx2e32eCdKCoFgix6OJ3zm8sHH-GblOSpt24OT37bsMqodZwjjLQ0hAlG36zr8OoCmf6yWTLlefEhbCNrO1fne56hl2m1kXgY8RuKcjbIxdCjcloOSjFivX79vwQc4OJ5jet3d6qq2NKew12FRJj3jmg11Icc2-xr6_FEoz9bm4r1_ekblTtJADjigZQBcKaGZWeUZmPM3UZjr88JnFHK79PWR1pa-PYAMzXpi9TZv_XdVdRKO4jR4SXPfE-9bQQK9-wAoFgQiGlqY4hi_Emigm_LbVFXIoZ7JI-O2LME5S-WSapTj76wwyOKVVZ0uj4Ez7STDE9xdtanKHR0GmDf1bseboJDsKzeC_eyoQ2GL6rGomOe3TWTcslbQkHturl1fHfC6iBrm8F3JvMUrlSzS_WXZND1JmJSBZcQZyuo08fb-r2ROzOpbhRLkEqRMs95W4zytHOoB8UzxswccEz__GFQhOVFOUH4McnzJw63n7f834CY8GvU2Zayc9W23a1Ufspwaq0eogAIEbBYDHuJZzm2m4L-EF5skIkasdG1XpR1dbse6RK5rRGEgDRFkmqcY-ApgDexdRzhoX3P9KTOhH-t6Pg61_czb2-vso0mn5Ql1P9YpdS2pUilEpV6kIlLPLIj-qF36CUxmzFlT2O43c4Z8RavrNxbj2WLFJ1dDojfQOW60LLTFEDt6QQs7kqQK-kb6R_5MrFnzwCcz5-_m_nqzwu50baU25dcV6znWzzw8tbK1-is6eulho1ScAFn4qlTIxdd_bdddaa3S4Tyny9k9G-YDxLcrzruiTRwyJLzuTTgGZWVGW01-pG3bMVnLmmt-Hu-rYp166KxMU9t7XV9XZN_hZc-WTxRG7_IB8QzoUtKBKB28Zquw8rGirbhoLDgGdiD94luXd89xU23IEwexuC0sYP3AqsNNphMVMkn3xzCdWIOfRfrdWCanj5e8sOXCD3j04PuapvteoEwyVFYCSeKICM1O4jQPsYKso0H32Yrb9jvpzl1zTcDuUCfP1WibkfHZ_0PnrJgHX375fSdHvCDa6jOwxh2FjLyDaobJhtqNx1GwMoNeY7aJJ9jlpLTK2MBzHYTF49f9GWtAHoq9vRTjjlCryShhbMvQfa-MW7PHTXpVLmxAEZCFXb1P8wcFxNJzsgXq7JuJqdKQQry8F62A3Rv9bjd_p__HfyiACMWufBCnFETHkFeWa5rImnRJ1DZW2HlYJGI2ENIYUJoRYnDqitxsF8VEU2RadfJvrekNxgHS4oX4fdKpANzej-doaSBDvtdiG4CCw24459s-q7VnQ9k2TP3uSMKtASKoFQfKgrkpGHWLArK3c7LEJMRJs7PY8-3QE9zNLX1RYcT4ewvzztGKPDEuVdzqZXCspaNetD8gqVE_wNmWagot9ybY8Vmf4Oqcv_-XNWW_K198o-_xI7LmaRwVsWq5ii2FbPJ-g_QPw_i7DVOFi4_19iOMPJSBfJKJvNBgKzxfvreD62Y9v4-aGjSCD4_lw&cid=CAQSTADUE5ymhglG2dMD-sPmC8mCDI0u5KoE_5q8J5NHkATB1V2Tq2g5sqUdj7zWA0sjZyLAAxs1a9KBqtF1u5TeC8CpxvltVTEEfDPfHUYYAQ&dv3_ver=m202301230201&rfl=https%3A%2F%2Forangesport.ro%2F&ds=l&xdt=1&iif=1&cor=15143331492421624000&adk=2857193498&idt=180&cac=0&dtd=9

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

4144ebe7750ce431762e797618a6b8c57cf6b173987519641fed9dfba7c56359

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Wed, 15 Mar 2023 18:13:15 GMT
content-encoding: br
x-content-type-options: nosniff
age: 73004
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4092
x-xss-protection: 0
server: cafe
etag: 18105782571274344576
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 29 Mar 2023 18:13:15 GMT

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20230314/r20110914/ Frame 24F9 28 KB
11 KB 41ms
41ms Script
text/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20230314/r20110914/abg_lite.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3727bbba645c1b78bd9a4c551b680ba853bc89dfc1b452cc41b75b9ec3c112b7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Wed, 15 Mar 2023 18:16:30 GMT
content-encoding: br
x-content-type-options: nosniff
age: 72809
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 10957
x-xss-protection: 0
server: cafe
etag: 8900138052650900789
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 29 Mar 2023 18:16:30 GMT

GET
H/1.1 200
OK / Show response
trends.revcontent.com/api/demand/ Frame BC55 52 B
394 B 247ms
64ms Fetch
text/html 99.81.25.188
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://trends.revcontent.com/api/demand/?w=272943

Requested by

Host: assets.revcontent.com
URL: https://assets.revcontent.com/master/delivery.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

99.81.25.188 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-99-81-25-188.eu-west-1.compute.amazonaws.com

Software

openresty /

Resource Hash

8b4b43fd2629a9ae29c5220a852bbc8ff169c571cdf77798633efec65c934df7

Security Headers

Name	Value
Strict-Transport-Security	max-age=931536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://orangesport.ro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

X-RC-Region: eu-west-1c
Date: Thu, 16 Mar 2023 14:30:00 GMT
Strict-Transport-Security: max-age=931536000; includeSubDomains
Server: openresty
Content-Type: text/html; charset=UTF-8
access-control-allow-origin: https://orangesport.ro
access-control-allow-credentials: true
Connection: keep-alive
Content-Length: 52

GET sync
trends.revcontent.com/ Frame BC55 0
0

GET
H2 200 pd Show response
google-bidout-d.openx.net/w/1.0/ Frame B7D1 0
91 B 94ms
49ms Document
text/html 35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://google-bidout-d.openx.net/w/1.0/pd?plm=5
Requested by: Host: oa.openxcdn.net
URL: https://oa.openxcdn.net/esp.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/0.0.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://orangesport.ro/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: gzip
content-length: 20
content-type: text/html
date: Thu, 16 Mar 2023 14:30:00 GMT
server: OXGW/0.0.0
vary: Accept, Accept-Encoding
via: 1.1 google

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame BC55 0
0 76ms
75ms Fetch
image/gif 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjssMzSfPLesGyP5QNDud45ZdaHdxEhUyyCtTXnURUHtAqb41CR-ZuBWPy40eRgqOA2dwhSuxDD7CdZLwTIZA1ZsrPmMZzKmzqP9SAqI6-TyvcAE2VtG6fTNSk6aeU2JdZUWfsKPXzksDgFnM24q5_GRr5RKNLX2JrjlbomcRJ2_CJldKYAOQ3njrYAfLZeqCEqQqsvCqqFYkWYHnOFoy48qhEQ_bR5eWEy0fOx1fWEPCe3fJ4-SjyU-eut3FKVlJ_1RatT6_yMz-eOFCP8eC3_Bz3n1EO-bLQHbjWyegLOivaplO0b2wYxqDb6HvnL0DsTZ5LAZh7LVRqg&sai=AMfl-YS9niuRJO2KRx_yrqUZRwn2dbBjT3I7w_LT-dWU2dwd7zZGhx7QtgxHjqQdjpdUxZq6nB3jMaQgNOZT4s_SxHNv2YOihmm10idp4oBWWz-LZIgaNMlca2FI-gCS_mklfi7yA-bPGrEFX_xldGM&sig=Cg0ArKJSzIwqO3THgORiEAE&uach_m=[UACH]&urlfix=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&adurl=

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://orangesport.ro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 14:30:00 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Thu, 16 Mar 2023 14:30:00 GMT

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame 24F9 41 KB
15 KB 42ms
42ms Script
text/javascript 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com
URL: https://a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Wed, 15 Mar 2023 12:23:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 94001
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 14 Mar 2024 12:23:19 GMT

GET
DATA 200
OK truncated
/ Frame 24F9 214 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b11c100213437edcddeb2f241627633f653e78676de7eb854b7ab2a5c9b6f34c

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 skeleton.js Show response
fw.adsafeprotected.com/rjss/st/1272511/69505651/ Frame 267F 243 KB
73 KB 99ms
55ms Script
application/javascript 52.30.84.16
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://fw.adsafeprotected.com/rjss/st/1272511/69505651/skeleton.js?bundleId=${BUNDLE_ID}&ias_dspID=3&ias_campId=1010256565&ias_pubId=pub-4841000241565878&ias_chanId=1&ias_placementId=19312088295&bidurl=https://orangesport.ro/&ias_dealId=&adsafe_par&ias_impId=v4~~ABAjH0iWoBbuItX0curgUpEDvQ3b
Requested by: Host: orangesport.ro
URL: https://orangesport.ro/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.30.84.16 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-30-84-16.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: a927badf3eea95f7e26e99d91505772e291aab2a27fc350bde7dc533c4d452fd

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Mar 2023 14:30:00 GMT
content-encoding: gzip
vary: accept-encoding
content-type: application/javascript;charset=utf-8
access-control-allow-origin: fw.adsafeprotected.com
cache-control: no-cache
access-control-allow-credentials: true
expires: Wed, 31 Dec 1969 23:59:59 GMT

GET
H2 200 express_html_inpage_rendering_lib_200_276.js Show response
s0.2mdn.net/879366/ Frame 267F 106 KB
37 KB 112ms
106ms Script
text/javascript 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_276.js

Requested by

Host: orangesport.ro
URL: https://orangesport.ro/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e41d1ae45acbf836b8dcc29544c7e41cced4211214df601d5284a7e9c7134c73

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com/
Origin: https://a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 07:16:12 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 26028
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 37872
x-xss-protection: 0
last-modified: Wed, 02 Mar 2022 23:07:26 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 17 Mar 2023 07:16:12 GMT

GET
H3 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20230314/r20110914/elements/html/ Frame 267F 11 KB
4 KB 48ms
44ms Script
text/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20230314/r20110914/elements/html/omrhp.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-CMnDPlbEIK2n6UlwBE2hai9JiwyIgAgosX35ibwh1kXV7p_xi0TP1yEbQ4U5qjhcWVpU8ufvhYuQyMnISK7Xxu6gpFV4KoMBI97m3b6OEc3_dgfLypKclKYueUN-0zJJWXqbmZprwLtEoQgFmHD_svUmPD6QK0oDQ3qtWFFwX7QLrIqc8&dbm_d=AKAmf-Cm4_DpIJeZqdv2mDGQ4wcnFbecjkiYhhl9cb6RHEs6SFrmDp6UBrGVrjT81HrEnmWKlcJGnlG5vZoZfwnXyrmiW9qU48xCHVKfaghpodxmLQcSliVStZucLBkXHM1D9KhduSVj3GNLPqLUiVxDOC_hWTIxzg6jS9nX2t8zZYP_TFyv8A_65RzN6omFCUMbynohBRKRNHkXj3FkDTHtyOSPbYgScmrwaykmUDHQkgPlccjoHab0XP7zbGAhULC7nLJmX0lPUK-7BE2qZow-rRTXbIx-ehG3RvkNw-EFTr36JM3v9lYSDH64WCCDgOLNtYOpsr1HjqnlSigdu3zJm0wGSn18IzlGhTLhC1cjk2YC8z5gRm_aH11vuABoEiDAOU9nmPdzXnYjhdx5h1rhLinZXKesLB_XtgBbj-XWlLGrfEKWXM34iQoY67FMnu4XPzguX-V_E7q5ZHCcS0rB4fgowrGKgKiszqwNPLc9_VsZb9TlRSTKwxzmUwA_Jo07gTF3QpqpwKbcjjlJ4LjJGvWskb2dnmJQTpWucIaC8FoAnFEH-g74m6a3G7eHU73twFF6WsSF8pZNU7RKLb5uQkZiW_-NT3iErS1EpJ0YXlqr07x6wrJgBeLmn6LH9vPAVDCXbi833_DJEHGywVpJdjyRB2t2JpeWLacuI2TkTi3l_MQzRu1YNwcIkehkwgmPPWS5mHSx_ScnLNcbmCVJM0RPvE4iWgAD7aP7jjQXkq_RcAbBInayE6JKhzv3xLrmEwoFvVWaJ6SVRgR2NaIreiUC7VwEgNe3STb5QkeFHi_msjGkBLDFR8_iWAGYQt1x5L2qd8ZuWwubxLX4HXXM3LOCor7W62R93RIPtQfHlWPl2giFjvv43NxdQw_kSY7YwRcKEEOUlJP_bHd5F_lxawIeJb8YT1ctRXT28VMYLP7aFU8xiEyQjqZ5RIFyf99BcboAkZk6SuXEh6mxneOnmNbV3aJE8q4aWh_Dc7_tgyZWgxdQc-4XetT7CuDINHlQiRzrZVORYSLqjugdAStcae_6Aijq3CrMnlNu4h4hDZxzsPsOBvvoXSiUJgiWhFarbtCol2YXEyuPZC9e9G_LdXMIalhu19YXkPTEqkzijKcGC_flIrGYqCLwpMlizIRajPlZT124BCmJ4PAke-EZofbNAnejf0RZEihgzB-pHWzF3WgaeXox1_ewnPypnOXtktSyUBg-Nswc1uWlUG_2Fge8c8IKK0ZjSa-3HIpAzKLJnnMzsoDyjBxYsdndPwBzTpJtZfG6KWP8a-9sodFEBklGp1RVBAM6cyJtgkWKKLmcUvyQkZor2qPAKCZdQhOMcKgqWxkvwd5xcXfrgO4JGGE1jJOXm26IirdDmjpB-HCI942qEiZOar2kdf6LTk5sWdTLzHPTmp86V9InmMn-U5eqw5oD14ZJtgMUsc9DwPw_AvA_Wc4Fuzf8ECmKSmRKKi3KlaEchctPq2yXMJ1zpDDpLKoiG25ZQ3Eht-nxv7pdP2P2OkJasYVDHF7R0XejuMRqIpZY-NM-y4Enr-qWcRqtwaP6-dVhlaW0ycOGlbzSZglQ5FtZ37Z3KhQBEJXZ14Kdn_zUvSpWKLe-ADOk1om09HqwlvkzMJ9Yf97CmvXA4wqKqiTKLzmIpXjVokq79pEvlFnvaDmeSwEJjnvLXjF3FRl96uRmmjA5C4LVQEMBFRm2VeFReXlQfoOSxQ4Er04enFbzXN7emrCkOfCW7cTiOW07jP6GkYIduwkM0FJmmF2rnEjLuCKX7C1iCwbYHp72R741loDrXaly3-vZf1M-go_6QZ7_qaboSRRXciYAc-q8XtFwsuAyG5Wq5gzpXYR7hKLra7BDfdpd837Z99kZRmN_cYe6aBQh5XIsq_EtsvILG7TGgPnW-t7qvy5qtA2fPIMXSdHbY90Rb4vwYkV5Wyj4rr9oIV10-LzemNdk7tkNFWewTrl8H6DSq5XRW2ecNr4j_SbpDvGFp9t2_xvphOTOeu1aJbVbLCyVVH6Cu-KX3WTEwcsjET7WK7KSDCg-7xzcvhRhCP3pEJli3zly99SDafexSbShf12t0YaYmLviYNilXd6exnuwLdZuzpx7Yuy-Dyybpgjb_kaVFfuaZhL622Xt3tcjuWcvMm-wV2Hckp17QDRMuFSATQo1vZWQueZn1EZbGSJcmBkbGYoa8HbsJBAAuv1xMwF1d4ZL_4bK_VW96Oc5aL5m9_dy3PA12ceHKW1_15NMkT9wOE9BlMGwkW3KpRrmV-zkF0H9Msae2MImK3La82VqL9vGdd-tzD_0ItD1CucIajiNvNHRwBSr0dXBMFapQodQ2GTM6Uq8z2ntwO-OR-AXbF6D412SZ45WcJowDFiUAJQ-OPKJ58cf_PYl3BgnGmOzyLRfk4FCGts_5A62ziOx7jYXgXl25B0NjeC8MDuojH2t01pAA6Ix8wRJjzIis_eYCn18b4OYCVlUpS-7-6F9bbLdCMoGJzPRf5G58Ixqa956RdhQm_Fve0pQUBotrMiB_EPzESMUX-iOoITLHbxLkmMlbFlGHWizptMKVCNyWUJEubIn-O50U7ncmujRzLZtSzdtE2CvYjFPMbcdbPICGXcteCYFrhIV7Wa5nYLbriNbJRFDUBONof9GjgzCT442sv0wzxiVdUwXmstURzd4CWgFi-TcX-TC1njTxkdb50i_kUuODX8Q9whqVWoFa0OiWBS5g7lqlMSnmXsboO8NvcjYag1_gl6PkGtcbPLdgLAHlpu7PzBhiskJNBI3JFHjTFg3_ELDGe6vm8ysxhmhdYb1P8nvhWc3pPE-GnUOiscJSTIAF27ucZxPoM600jm4sDnnJ-O_anvW_4lxz6XauPtSrv14Hk5McTRERnit3rvbFFvcXgsZ7-75d4Csf6IZiu5y2OTG5GjjGuvEg78LVolMKHYeEl-Ws4751JxrkMdvHNLWW_uMAJq75SVjO_t6sys3vhQnakQNab0QLsoI86jTujXeV163Qx6ZJ1qdQY7GLlqazb1kyU7O7TJvEkSYOqpllsGFv1wK2Xd8As_CASmuF2CQG_RmhU0NjyQSo0-B7wpx5aLpTGYKZyR94WkjXpubHQns2skMuFrJmvx796sxxs5K2NML_ZkM3mAkii1PwXdbIIHntm8MzAO4SFeXbirc5B-YZVeIYcJ5dkPFejdTFdtiUY-BgVKKN5pUvEMlaIePreiEdFkb8lt6k9tnBUgNINXQV4Le-b7yi2Pzvldxd4W9WI8kA9tnT8JPHyS3bqT1WGw_Kw&cid=CAQSTADUE5ymhglG2dMD-sPmC8mCDI0u5KoE_5q8J5NHkATB1V2Tq2g5sqUdj7zWA0sjZyLAAxs1a9KBqtF1u5TeC8CpxvltVTEEfDPfHUYYAQ&dv3_ver=m202301230201&rfl=https%3A%2F%2Forangesport.ro%2F&ds=l&xdt=1&iif=1&cor=17156096254712402000&adk=2988274607&idt=320&cac=0&dtd=2

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

4144ebe7750ce431762e797618a6b8c57cf6b173987519641fed9dfba7c56359

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Wed, 15 Mar 2023 18:13:15 GMT
content-encoding: br
x-content-type-options: nosniff
age: 73005
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4092
x-xss-protection: 0
server: cafe
etag: 18105782571274344576
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 29 Mar 2023 18:13:15 GMT

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20230314/r20110914/ Frame 267F 28 KB
11 KB 45ms
45ms Script
text/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20230314/r20110914/abg_lite.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3727bbba645c1b78bd9a4c551b680ba853bc89dfc1b452cc41b75b9ec3c112b7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Wed, 15 Mar 2023 18:16:30 GMT
content-encoding: br
x-content-type-options: nosniff
age: 72810
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 10957
x-xss-protection: 0
server: cafe
etag: 8900138052650900789
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 29 Mar 2023 18:16:30 GMT

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 97CB 22 KB
8 KB 43ms
40ms Document
text/html 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 430458
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 8395
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Sat, 11 Mar 2023 14:55:42 GMT
expires: Sun, 10 Mar 2024 14:55:42 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 html_inpage_rendering_lib_200_276.js Show response
s0.2mdn.net/879366/ Frame 7AE0 170 KB
59 KB 97ms
96ms Script
text/javascript 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_276.js

Requested by

Host: orangesport.ro
URL: https://orangesport.ro/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

96da839661d63f7cab3dc3e43613fee97166a472555cc91df21777d6d83e58d9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com/
Origin: https://a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 07:15:46 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 26054
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 60311
x-xss-protection: 0
last-modified: Wed, 02 Mar 2022 23:07:25 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 17 Mar 2023 07:15:46 GMT

GET
H3 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20230314/r20110914/elements/html/ Frame 7AE0 11 KB
4 KB 40ms
39ms Script
text/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20230314/r20110914/elements/html/omrhp.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-AJBxgcp8LgaD3FSLY1tU3cM8DNuaOc4Fabn3Gfw1AP0Jx0xllfLsHqvxH-kx-SXsQ4hxKKyR6enlVk97K7T_vApX3Jtw8v-EjOxfo2pjPQZQAqu81zWgqxRG-l40xB0yZJF8N223jRKMpJPFx1R9PKyu0hiVfdSFcsCCEKXAWDDSw_Sw8&dbm_d=AKAmf-BNvxu4NH3l5bQUpcvHdi4_SQcyFx9eX3YS6Cyn9hl3vhvUzmFzkzeGuGDNUniBhzLbmPFxp0kthp0y6o8Lf0dijeuel5xYYBm_pTqllivPrOkB7UpZJ8Zs9F9Hd-bNye2PQYcSsTtih8tsHOkeSd5ZYUM7VWMbnEVZXO3mGc0GWPXiz4bdTmj6nlkeQ4SwE3-LrkpAuWPauD6ShLzMqp_EPEtBJ1Ehrvm41GdVYhDXt7MFrOuMUEobUZekGDmybji8CmjEmIRmPFlyknaJ1ZnLZ0cq8mKG03tYWnJRcpBytr9cKxkggcyF2NNvxaw2QClpyrt93ZFfFubNoQOhp3iQmafPNT9SbZspZgOvN3l68AzG5iQ9870bYX90eBNiJ9_t0ru7LHClXTvBne3C2r3IEBLnCPaEeI8rqjS5nxb98TpxlRsTHt8N2jJe5cdXNrd181UwaShDGbe92yblkNw-74QMqndTEEDNSiEEY40iZqS6bNAXszDmTidDDzCzf80E_er5WVlOulEFivZFEIQHZU7AIcwpfmcWYAML83O-3NmnUPF0ccH49R7q_I_Y9FrDeC8-aIfCtrxzRA5hfyMomGem1QH2ordcKbZ2P1lxtOdTwfzE0FsLJZj-XuzXKE0-aUcHha8iOaYLpBvL8E3uZz8TM3Y-oS4dY8yFIASrT9mVF5Q06cDjVsdDt_AobnT2Z_v1nuyMqWYyngriQWzxAUR2NUj5jV5CmtYbNQdrnDklAoLdZ9xfJgRqG6hPbAjt_JHHEEXXHZROCdWqDgDi0bIBBsUbNDzSGdT4H5XKljehg-uYp078sD7dzs2D3AIH2XfdE6tnw-bYT-Yrx-uKY98q1g9S-I1a6bayQRM17Hun_-F1jNRVun2WjG9O9qD6YqBI7VtdfuNzmPVPRNmFQ_60isQnvbFgnhviI_4p1WVlu23Z_y6aKKEIFqahh6Mkw3BmYj3yFKTy-2BySVFMQuLRpANtyo_8Mgeu9dffgJl0lcdzZf7reW7LVr1K_bV_WIZJu3cAqdl7rCyE-joQvMIS2EhbbE4bI_9u7QwmcYzXyaNXx0vAgiSEqyHMgzaeT6dUu4N4aHjb4QNcERwe8aop93dOlyvDJ9n9gybBsYmSINk5GIy9AaGyvqDQi9cQ1MAdd4xKzjktvZvC3lITsWMJifW7fwQVlLoKtR_zaI7zNWtCfdRi-KBVcegr-fbvqV2rPaQy2hmD9snwxGXyQ8n8jH60mO1u6BiYisdz3YGbpQEz3bt1Z9IR4TGz9OaM-6XGtp1LkkVqIfbcZMHko_PFnWH3O_K1t_yi0IXitEAxZcY3B_s9hfJ2YpG-UHL1hZvifK7Z52s4-mHDTFFZxFEsA0kdfaYFGDzUKoMWb2lF2R5lSsPgyVmF4fkEnwhr55TX_2Fx3zdWrhPyOjm8V7Fg9oNJgf89uq_otarMMgjCJDy4P-bVOrEjIFz62gA5zgo5wSVv9UQeesuPvNovVQqISN6URQL2HEQyMQa7DL49c6dXlF5a8jEl1qyFA-zG3WORDKjJF94R6J2R7Ond9i4rcddBCaZtZ3gAIBsY2fYnwwKC6Ppo_k8h48hO8GhDai0H5PYrw6pHnl2X7HWgZKUbvFQCJpDMqBZTqq9dPQQxW1lVNKf0Sa8bbKNVvsh6zbl8LPOQ7gvdBM0Zv4qoP6Pfa5SOpumeVr7o4pAozltlUehTyYqt1miocLgDGjJD23zFBDfwVt72JoFySXKmkZoWJuRSP9O4n90proDk62VYizW3PvslRB8FQiZeR4Do4bN-32F0cJG9fD9y76ICFYcA9boPcDAEC2GCyr3iVwAim2Ffie8c3A3su1PymTDfMZMjuHLGSLoLs2K4KtilOhCExKSJAOUilIJj0FxzSbPtic0gD09R1lPpJa6WgnPHGjStJn4MTEeKC1VpVAmcsup8RkYjVIrBvjM-VAaT8BXdu5fmw3je4_ssxWwK6BNPsFkgsRn5hz-YxZ_xRtgDJD1KDxTOBPmjHGvD5xrAk50RNqR7bUE9ea36w7YpLrOUEZUqyyvAJjHtvc9voC8b-uvujpsC7V3nlvmK5kMEL2bLzi7HC8iP7LeinyzZl2aiGQvnBWPdxACVgiIujednhkIVMOq-5Bm9KiDOTCi0CuqsS6dEXGgCAbtU7xutUocuOk48S3F_G92tEN-uykVz8_csTHha3Jb4w3y-sB5qGZChFwxoFeduzz9pTjmjNt9JcGjqb0RLB4dy55bnNfLQTsWcJAFlthAyBWImd_uGwxvLxq1LhbZmUdi-AJFoX90ALnfPkaArJsXNH_mgKRyI6DwCGs1vrtY3Hz-VAuzFrJv8HW1hO970zGca0vBgZHPcGO0MOIBaDdOXJ-MxTJmePTJUaw9TH4MBq-WquJqL9F9tzGQ7Hjs_1BHlmEVBvl4_WvzDJzfrDDbxh2GJVSpnO-Gm6iF8VD8hCxoDC3FwaRH982R8f-wDfqkicIDlpNx3q-DG_2GTK_TwmYekQmcRVillEpR3iNpSTKAO4pz1nJbgruswmRGs94155jkcarp1y8j8l_yrGEO4FdRtT9oQv_jgBAFGG8ozOzjTyAJ2D_w3rXBETDlM8KKTm7zasVISkaWYcoXROrt0zdALa-kS4OulQx25KzkhidddJgWx4EOR1QDEx5iyD2vDeiK5RlUMuyp8vyZ78y4eYGz3Da_BVENr8KTeChIr7h5iblevMWHWZhgbCZEc5Go0K2ITpf-L_Ya2Q9DMYxnOHWZdpu9RxXmP_yJ_4s2OOp6aFHoLN1T9vgb3I6Dq9WJp-IlGqpUdLXv1VUWFPa3SPCpwwwQelKeqGgDVmqRxon1W6bopp_VcO532k_XrWkoIf-wAC5ulir29PoYdzxAM1PAEsApihRlZw3VBCiC2JFUVmeDkcXsHXhT17EEHAyjreMwWhR00U2P154FkNNhYt9mrZ_eS1WoIWULliq-ygafCBuH3yJhGCCDX6lQ9PqkNTtisrIVL55W2mVbKmlXMRsaQNFbuA2Au4I8Ky-6c42yBiuETLWxuhJSyfxURivXQbPwgEDvXG8mmin8lsCLcH9eM4ZKaXlA-5LA65g_WGs0F9BooyHm1nKZA0ksoCRviX_TnDw8PVdLW_gc59hkuL6DATb2G6D1phiUknZzMx6UYjAP1HDrkiLqhvqW4GM_z2SppyymK_QdB_7ezvz9x9pT9xDG_536M0P5PLlVKDxss2n5e4ZklUCzapKD68b6y1wRp3EprUqa86gFlNSZoDUw6Nso1rETC9fCJ779Ibf439Z0h8xcrVfIcV75AxxVTpIFirHTLxhCfyil4qv6eIxzpCNbQx5UlcoA_OILT2QXvoKNUUdbBvrxtEfFaSY6Its-ptdwVr7XW&cid=CAQSTADUE5ymhglG2dMD-sPmC8mCDI0u5KoE_5q8J5NHkATB1V2Tq2g5sqUdj7zWA0sjZyLAAxs1a9KBqtF1u5TeC8CpxvltVTEEfDPfHUYYAQ&dv3_ver=m202301230201&rfl=https%3A%2F%2Forangesport.ro%2F&ds=l&xdt=1&iif=1&cor=18343781589991836000&adk=4188270525&idt=284&cac=0&dtd=3

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

4144ebe7750ce431762e797618a6b8c57cf6b173987519641fed9dfba7c56359

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Wed, 15 Mar 2023 18:13:15 GMT
content-encoding: br
x-content-type-options: nosniff
age: 73005
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4092
x-xss-protection: 0
server: cafe
etag: 18105782571274344576
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 29 Mar 2023 18:13:15 GMT

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20230314/r20110914/ Frame 7AE0 28 KB
11 KB 40ms
39ms Script
text/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20230314/r20110914/abg_lite.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3727bbba645c1b78bd9a4c551b680ba853bc89dfc1b452cc41b75b9ec3c112b7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Wed, 15 Mar 2023 18:16:30 GMT
content-encoding: br
x-content-type-options: nosniff
age: 72810
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 10957
x-xss-protection: 0
server: cafe
etag: 8900138052650900789
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 29 Mar 2023 18:16:30 GMT

GET
H2 200 html_inpage_rendering_lib_200_276.js Show response
s0.2mdn.net/879366/ Frame 73E7 170 KB
59 KB 115ms
107ms Script
text/javascript 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_276.js

Requested by

Host: orangesport.ro
URL: https://orangesport.ro/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

96da839661d63f7cab3dc3e43613fee97166a472555cc91df21777d6d83e58d9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com/
Origin: https://a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 07:15:46 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 26054
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 60311
x-xss-protection: 0
last-modified: Wed, 02 Mar 2022 23:07:25 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 17 Mar 2023 07:15:46 GMT

GET
H3 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20230314/r20110914/elements/html/ Frame 73E7 11 KB
4 KB 44ms
39ms Script
text/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20230314/r20110914/elements/html/omrhp.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-CKT6q9Y2XYXQTQjW7qVLDma6hU1K05rPu6LfgYZlsuC730CPG_z4XDoT659f2vskR8TN8MIkQI3tmoYmScyzEqhCdW7s8YuYiv3AijF0_FnJq6SZLV7iTQyTK9X61ed0PpH_6ROVzISiW-LMBZG5zkpGwEkLYCMD6G99gecBfKpqNNJwc&dbm_d=AKAmf-Du9tw85O5V4_6nWscIFpPbE-NxpKd5MxyKyu1NGhtCj9BGvZUP0AzzIFwrSvvHUPWKrjlhvTHMIG3hEd85h07jdrk9tlzkQzAgbaWVL5A5wyTa8UA4alc0OCOxkhlW95SZOECKUzYhgpuFy6AKqSX4c2SlxvAVot6diJRfndlllSD8rmvj2QQjjwS-3ihyr8QyIjDe4xAm3KpKqEd-nelVvlvsv7wXIxMmUbqYOHEiGm9R2g-cFcMiNWu2JRCmMSG1Miper1sLChz6m8UAsh9oyfmXxmIJ037VxYvgrD7O8uOGiVT3ZnR02B5QCnoqNZwyr2hLGsGy19dltaq_m2Ty-HmtUSJSIHzLC2IAF4Nk83KB6bCFVa6P5RmucA3i2-jdPGSwmQD8L70g36-WgHGSCgXKiCe87_7yjxYCAtqKauixRmhkYnGExc_Qsf9E8FkonJJ7ANbzmmnpDJBFmMQPFYWDAY21YTUZIX0hmGtWRA9vzXaHnI_oIXJTzY4gmINw4f1woWgWE7EqbrmfdJ6WSrKchKWQD4pIWNxkSmgccR_Bsu18KqR4kqCK2o-_vu8hgCVqfyXIC-zu1oHLPhr4PjT0d8rJdvgWp_5bLOsT_-tFFK7RWXKNwjsHtPgotVoUFs04PbuAZM_bytjx1lz3H1hh0CXa6C-y_xfwhR2vDqS9xJJfMroO-Y0jnPNCTsPsraygM9sKnIJb6DpGojs9S6vByGT7GALyJL7KYwwJww8Wfbfni67oLb_jbdXOI-dYQ1LMsNs3Y4Ht82URfIAijYxvN7IKnLxC_Tqp7AAgEL7dPk3M6tdBQOVG5oon_Q1zCqBSSpJjYk_tHsfEVjJWIcXyh88aF-8mfHRBV2TXdPHNHioRvOOIOTKJX-74XHcw7x8wVR5w5nnQa1ukQl64s69jEaHph85BpApwPc-aKXNhofyBHZTyGmCEwIz8ammOzgOVCOA5o8EaulLCQEom8e7JGCzhd-3JD6i8rWSNjQx78sEOAmier2b0mX0LSqVuPTfTm-ewrNMMP5hCLthAeEqKizAef5IQiJNu8TlEQ4WpyEX3IESlOTIGsqFgZVFzXUdO3FLX6NIwViOQAbNabNjbX5jqCRrTVm5u8h1WK1tHpLT_78AbvzvC55vn-KxZ9-TkRj9d1b8dUMKbBxv6ap1obX_bKpU3eqq3ONr_AuQqpFmEJniUcdTpsnHRrHXFj2tLwXF6ajQAuqbxqP2hZ4HnibpP6MOSbKi4_GcPm6ozo9ipn2ZRD0KKrykE-KD_j1sVWFOeq7DcJYAbZ4l9CB-jOUlwYH0kKu_3A8dSN-bbXkl2PzC2iHnowt-NUZTxmC74rerXe3yY7Kuf-hqUsO2X9HkjWSL6ExpHQ9e2iqHXYKiVkyCuY4EV7hbe5RnxIRGNp4X32kj0hM_nB049GH7Qm9aKBAyXTDZN0vP4ss5494OYyjcythPf_FqIUdMpVgJDH0IYMsnPK0e0XVJCp7nxrlxC4pFz9djTVSJAv_Hf9-7L4fsTjs_m42fTNY82Wr6cPpm0fbe_yqNzfKCNwQsI8r-1uoRol5E4rmmool_8_O0L9g96XTsiBJjgIF0ATfD2hcVL4X-dXWskyS2b799w0ObhZCN2HhHSsqIBui6KwsM7g1B6YnKOSnBFSiBAPq5XZToUNU-6VbT2JMFaFTQsvfe2uiEpILStz0OIeWgLBh76OdpSRzvHxvz3mcij0IToIYCqsZoCLCj5HkhHwkKEjevzFAAptqZ1_c9Ore0vW5GSFDOlQzniZojl2VkK9oM9R2mXoNIrW9krilpmpSiWInJrtKg2WwhVgEaPFVwk4xbREm3r_gH0bUxSAPvFPCkUEzzrEDsjD57tCy77tITxSPjw9kC1irBxwgn4HDE7pul7mUMVEG2cuUpUuRFY9x3GYMVXe0ciZ0BnjbPfYCpXOI1fdqidDIdX5Hk_-gPENP8-NcyOhytSGyB5Yur0ewmk61BJ8QKMyGwRer-KoUbI6AcVUyVPhWPt0V6wABl0PfVh_F_2mhcgL6D3aMprT1mFLZoYPgHtoaJJZIP6Ly2FHiQi3PUU1OGdjEH317LfG_puaBsEDNtjnK_-UunxRXprRZZxTV0pOZ_7593Got2j2zPayyBb2wM-YY8N861rxWUMFjPT83eS1jBMKT8UFnn1IyPsGYWrWTHxQtEErDSk19liOUDauxQhK60NlMIWnlv251soJXSV66fzwjutSEx8Z3l9Jvg5LHBguRGdGSZhiFsZoptVPxqv1359QdI5Gq9xjb9Zm7vs0yYiozQ-Fz6BY09sp1YbWJjJM24u_WMD1g44LFh-DYUd4i4QoZQVTYfGLW1qT4LMnn4AmTsJKJgtiJ0O9WZxnva8XeMZpekrCnniWO0kNpu9ZxBEb31gt60GTr2k_k-ZF_4O_XW6yM9iO7FJ0G0d64UCsLs9-SIk3cKSGDZ5KOZnDxmhPaCSSGcZQgpvogDi1LvTl4RLGL6KWr33cx-oVHIIbT5la33BPJhFetYdYc-7VlTzGpx6O_Kz9--1-59ECKjYPzUGNWycXaX2MvvFo9ojFrR8WzPyAo7MYMYkLEB9gzCIludqTBG9KOkqUBPGmJ9wTuiZLNND-zkc-pmwqDxVdVhi7w_JhXW8S8opE4xd0j0KqCWhBhzG_XoI3-hEFlLglsxkdL6OKpujGTmdZKHB84cZ6SOouAIPcvMeoGt1hxWUcQDvIuOlGlXL8A7rPNjzbhPPY6Cf8Die0Shq_Tp1GfdCEuSjK7EnKDqBxEYA0YPyxdlJGScYMz_EzaTHCOXcZbU9pXECwWp-BAehEWKKF8BYUghX1y32stymbSlkT3XlRmq6qMJf4R6aF8u_kdyCf0YAlx75ZSEOF7eD73KaQ3L-JjuyP7wNqAoI4z_uuNP7GW_imIdY-4nSGxAbld2rvVu2sMm1RRgk-JJE4CaqU1HBjRYElFsYv-xEn1ImJFEae91qg0p3JQScfxAK6Hwie4a3IRdMYFOSaoviZrENMJYBoRk3zLMlIBHolCn_5K_JGdk57vTCJpb33q6XioUaC_hMj1rpA4nZdGzvRXyCq6ZU6_QvglBr2f0b9pH2Wx0NwsNE95KKQOpIiPJNn2SVWTXnMVK5j9TZiAS8mqpvo2VFKB7TNFvRi_lMRivSa1Bkux6alKulSZH6fYYjnQcPNYIkplrpjARXXFcEZCn6_O-WH17ZYEGjXJIuGP8uedR3mOkBt84-49BsPUcsrjzUiXUXrWlSlKs7wRw8rd_BZg2JL59KCE3J2i8guNqMTaehj4pWxZf2fCy4Ln5ChpP4MAilBQhH7FDHXWiS69GjvN4q946-0bOGngAkAAWxkUpD4zPXA1sFqfekAryBf0ByVcc7DMio&cid=CAQSTADUE5ymhglG2dMD-sPmC8mCDI0u5KoE_5q8J5NHkATB1V2Tq2g5sqUdj7zWA0sjZyLAAxs1a9KBqtF1u5TeC8CpxvltVTEEfDPfHUYYAQ&dv3_ver=m202301230201&rfl=https%3A%2F%2Forangesport.ro%2F&ds=l&xdt=1&iif=1&cor=3059102117803988500&adk=3037181500&idt=277&cac=0&dtd=3

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

4144ebe7750ce431762e797618a6b8c57cf6b173987519641fed9dfba7c56359

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Wed, 15 Mar 2023 18:13:15 GMT
content-encoding: br
x-content-type-options: nosniff
age: 73005
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4092
x-xss-protection: 0
server: cafe
etag: 18105782571274344576
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 29 Mar 2023 18:13:15 GMT

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20230314/r20110914/ Frame 73E7 28 KB
11 KB 43ms
40ms Script
text/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20230314/r20110914/abg_lite.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3727bbba645c1b78bd9a4c551b680ba853bc89dfc1b452cc41b75b9ec3c112b7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Wed, 15 Mar 2023 18:16:30 GMT
content-encoding: br
x-content-type-options: nosniff
age: 72810
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 10957
x-xss-protection: 0
server: cafe
etag: 8900138052650900789
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 29 Mar 2023 18:16:30 GMT

GET
H2 200 html_inpage_rendering_lib_200_276.js Show response
s0.2mdn.net/879366/ Frame 738F 170 KB
59 KB 112ms
112ms Script
text/javascript 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_276.js

Requested by

Host: orangesport.ro
URL: https://orangesport.ro/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

96da839661d63f7cab3dc3e43613fee97166a472555cc91df21777d6d83e58d9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com/
Origin: https://a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 07:15:46 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 26054
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 60311
x-xss-protection: 0
last-modified: Wed, 02 Mar 2022 23:07:25 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 17 Mar 2023 07:15:46 GMT

GET
H3 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20230314/r20110914/elements/html/ Frame 738F 11 KB
4 KB 39ms
39ms Script
text/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20230314/r20110914/elements/html/omrhp.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-AFBfACcP0mM2VdhHD_9ZVP-EPHqldWNQzgOJc_OwlOC3W-YdgU7dS2IAOSjUsnbzpCUleTyDVvM3hOcU4yKQdnQwD31hEGy0FML3wvaxPpTb-qh5k91m1mEE7FNUcKOdt-Ez01jF2-YBMUZ2lrZc5mej23XN4qkuZuboVy-gnbxHjNPw4&dbm_d=AKAmf-AjUr12tBk5bNqV4waqWaZI93TnIid31RL8kbPKLtitaeXkRZbHRL1l9GbXNrB269Y6e0OfhRFJ6U1IbiR-Iw3GuzvCtZEYyAty4BQUPtKcB3-lgriiz1bnkUusNBX327VDocWnT9ql0nWoDJY3ySrYValvtA8-5qWpXlIOXcChPm20AzLSxE-85veZ8CcC6t6YkycTemQeKuRnHNEMrpyYptJAvGob2J7wS8-uvG-oy0PZhg_yV-AN7q69FAI8unHcsRunC5c3druXcG8D_99NHKlht4bX3wpgWCNQiT9k5GbVses96I9AIpOi-F_exXhyyZUFRezhl6J918QEoisEiHtiBQlDmZgf6MmQjtAf7jcd786scuSUaJ7RUemZ117DLGsfYFN_LuHZ__wKA6LJ7q-alOYVvb4a6nhhmpsu3Nwkke0j2W8050hoysvOIhW8gJY5Os0FkiLlilY7xcN__T7aovSIBle5OCK0M797YUtAgA6nh05CzQtm8Z7Kg3JN9DSwsQT9L8JQ0P0VZTisF2moqH-beIXRxGqgyuOn-T60jxm-XegxI9sPqekPm-oWrv2AW4B2KVGqT_qN-KgjGNs_2GK4Fg8oCaw1DbpNetKV42eownfr2kmMdelYeqRPYde6Dl7JcZJSJppN6c-uktOEawqYkzZlX6OqQy_rfDhjRbFRDAPy9awQDx0yLqClW4Yk7xOqAd2qkWtI7Jb4mnLvrxsbGT1gYeTpHc0ey-pMgOVHUINJ9Du82C0CpunmxeCjXVa8CO8Y_tDXP0xbIbWSXxKBHTVHo08MBO85nOZlUGu7URh4-Hf3-EFPfvQVjxK6nLJYdxz6fhjgbUrNgxtW5nI-mgSrcK7BtN5tSlIf77jbKXj5lqqXI9R8ETlJMx8XDJcySlaylystTVq0zcyj6RTlLfTvuQDokRu99m3DnFCO6p8CL6YdkiDdGA2V3-JpX0k5EyLVroPvfxIIo31e6cn-Q0-PnTqFNmGQq2jFBzHIGCuOBNdokNRfVWxyYxNfdDzzdmwUWZH-Nx0JtpEDBL9Ytt2IRLzeQdE-ve5NW8FhMcjDPR8nRH4A5_Ap15txsyZLa0ogijmN3KAFWEhqVdZ0yJONN1jS7d3uN_KaCMQi8FBMnfNoWJVBrDmVqtz3Fh2cB4_lzjoX6h6K6awB2dAnTDAupSEU08xFOfFiaWFGu8Mc4YPOr4xP62rf32K7eFbqZFhykwfe9rO43oaRvMJfYiSI611ybKbQkg8C32HFMWx83l0iULIjsRT7mgiH1SDhs0kep0nBlN4emUrHYmHFoXKsDLJD43m9E5nTFNTEM9ArjQWCxy77uO9ebJ1eTFnLhvepSZQwM828k2oKDlQCFnCsOl9o5BGLYmJ5EN7dCiRh_g9kxdoFWz2KfiflZhqi6dI6c-CP4lKdaVzVYXSt60LettJoqOjPK1id9bVE6NDW0JAdwUVWLWLmJeHz7RkthHoARq8udZb8D19A-6kbQ_aWZqoLSsHxZv5JnU-K4_arCXEfYIXuDPSsJeyU-r0Z5wXFhtmE9vutDemVQ8cgqpksqRkM6hvEOItISHRU227GZeexaI5YGakTdigu1KmvqgR3G7M1MGeabaD3pnbRsivwD5eM3e4ogFKxScMXS0Xj5XFykymmQaWgWSFz6Jm0ReGgX6IMswLmfxPVyjhkjnbC2r1W0PKwchOHArbq9brnOgrKL9dXaXq9Hr7yhIQGI8VgAiMl8N1O-MdYO_8VyKxa4H9DXlyI4f6TNFdKR5pG2ucTvTFRVlZ1O2JwBMFTs_xYQo3wKHv_yJ-XCSTkdLTZR8baP3ZSbm4W6mK5yZ6laQgk_ITm3CGJepE2FrC6E1LNE7Zg-zeIUMfTsJD4IMLEIlRFbczq0chH8z-nqb2PgVywGFIjHkxHG0onYlvgR8ghmAGs5DJX3j3PpP1z9dIDp4cUbdh3cu6FMaCS7kA_o5LGmpqnc1JXLQoF0iz9uAwFxT9vvjtnjHjuTW9CSskUiK7Mm-0R9BXBdNROI2Cib6kGoRTp8dbRJDz125C3Ew_jjRIArOIKpuJ6O869BiH0yC6cKmmQ2kB4n90bKwC6mYXye_0UZICYGnU5313gdVgSfCvxmtuyDA_R3ax-0il6nBBqT9dQCfm3-E0gNtbBu2Xzex-tr_qNlpQswqiROEjn8gMmrPyp8an90CjncdaVSdvaSbqotRTEfv5O3l5oy_2eMzFCJ81zbeNLKXFeQ15vz5Myqqv7bQRyS8GZggmtMo836-0H3OARF-j5Qs9aS8Zr_6iHZsmID3GYcRv_jCuNzBf_ZpUFJElJcWtFzYfsrtMzb7DNeyjWw5abx-1jUUvqUR8VEghluYBmkwDO8UYqhmfEeLvvPHKTOl2oWZQF5JH1s1As-QfpQ0bxe5NuVLLO9qLcEZe6KyY44dkMzzkuVVVgou-RQ0-96s7Hm5h2O--7gqHwaXpRI0kHj0b-CWEAGH3BgTSuUA1xd3WrIByueP9DMhcY9jV7ckgT7hcfJk0Rq_aT4W2AxrN5mFANIn-GHUW45qAFxyLaMdBPKV9Ep724q9ghfeNXT4ur7dlVoyQKdnFC5cwrknHz07qO1yjJDjt-AGgHAqaEcClQ7qdkJSMin8JrZmTAQcK7uJLjwIwLGdFr1mpXkTCTffNkEhrV1bGqQcGUPXgxduho-W1OaaBAzCqmdnRBnxhnjXd1j-aBe9mPfPsEzCJXvwnkq83ThZkDC-sUyn3ASrDa8xOnRGkPqV977I-u1c2sHYoYxbrz049ZGyFmGk6ZL4LymLK1elXw-TrVtgWZxFlVSwWgN8-OBDRf7igh4XuTU9zHtfUkth-fLjEzKKox4fi8Kfp3UJZ9Nh-5tMXJRltRBreWD8x97U08DbHlDxlHe60MFmouU9omft7OZSbfeqxWJQU1CHzfqbLNV-cY8TpY9R3bbGwUCN56u9QDAEQ-D9Jndsxkz9Yal2bKtggjnotMEg2ZMEbXTYnWNVcfRPyCfqITdQ8mu0uvH308oAeikW04x_XEHWpyWBo-BM6b_yFxWgo3C-30V85b_YC5rLATle1ygkoChkOH6OjyJvxhp-gwAH7qto0juE_2zDaKIJazXiHbAb8qK7xjtl1pRm9xVZ-RwIyq0xVW2QVT2jtTnDBMNxSxtCrSSULOy_A95uLr2_jraSULNbP0gEA9hvS44tdkKoNp0g0-jdkLBSUZCoM-RE0XVkO9f7ONyunDpSo3AR2r9E9Z5ntkAH0M-YFNKWUsMKwOAa6Kgrz-ZPXjBE4upEjVURcimfo2k3LfFDJkwTrHI6Qd2Qabc9N_xYCXmd2dhlOxL9Q3N1o4_ZfwyLtVx7NjSZaWZkFXmUSI6hV4aWkPbjw3ZfYeNVDd&cid=CAQSTADUE5ymhglG2dMD-sPmC8mCDI0u5KoE_5q8J5NHkATB1V2Tq2g5sqUdj7zWA0sjZyLAAxs1a9KBqtF1u5TeC8CpxvltVTEEfDPfHUYYAQ&dv3_ver=m202301230201&rfl=https%3A%2F%2Forangesport.ro%2F&ds=l&xdt=1&iif=1&cor=1454132998387860200&adk=1033480531&idt=306&cac=0&dtd=3

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

4144ebe7750ce431762e797618a6b8c57cf6b173987519641fed9dfba7c56359

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Wed, 15 Mar 2023 18:13:15 GMT
content-encoding: br
x-content-type-options: nosniff
age: 73005
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4092
x-xss-protection: 0
server: cafe
etag: 18105782571274344576
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 29 Mar 2023 18:13:15 GMT

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20230314/r20110914/ Frame 738F 28 KB
11 KB 40ms
39ms Script
text/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20230314/r20110914/abg_lite.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3727bbba645c1b78bd9a4c551b680ba853bc89dfc1b452cc41b75b9ec3c112b7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Wed, 15 Mar 2023 18:16:30 GMT
content-encoding: br
x-content-type-options: nosniff
age: 72810
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 10957
x-xss-protection: 0
server: cafe
etag: 8900138052650900789
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 29 Mar 2023 18:16:30 GMT

GET
H2 200 skeleton.js Show response
fw.adsafeprotected.com/rjss/st/1272511/69505651/ Frame 3E35 243 KB
73 KB 131ms
131ms Script
application/javascript 52.30.84.16
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://fw.adsafeprotected.com/rjss/st/1272511/69505651/skeleton.js?bundleId=${BUNDLE_ID}&ias_dspID=3&ias_campId=1010256565&ias_pubId=pub-4841000241565878&ias_chanId=1&ias_placementId=19312088295&bidurl=https://orangesport.ro/&ias_dealId=&adsafe_par&ias_impId=v4~~ABAjH0iM1XhWJov7M_mNBJ03K5cE
Requested by: Host: orangesport.ro
URL: https://orangesport.ro/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.30.84.16 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-30-84-16.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: 28db0991ca6026420ddafcfd3afb831ecfea1cb64921ae2e37ef8af14635ae2d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Mar 2023 14:30:00 GMT
content-encoding: gzip
vary: accept-encoding
content-type: application/javascript;charset=utf-8
access-control-allow-origin: fw.adsafeprotected.com
cache-control: no-cache
access-control-allow-credentials: true
expires: Wed, 31 Dec 1969 23:59:59 GMT

GET
H2 200 express_html_inpage_rendering_lib_200_276.js Show response
s0.2mdn.net/879366/ Frame 3E35 106 KB
37 KB 115ms
115ms Script
text/javascript 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_276.js

Requested by

Host: orangesport.ro
URL: https://orangesport.ro/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e41d1ae45acbf836b8dcc29544c7e41cced4211214df601d5284a7e9c7134c73

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com/
Origin: https://a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 07:16:12 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 26028
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 37872
x-xss-protection: 0
last-modified: Wed, 02 Mar 2022 23:07:26 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 17 Mar 2023 07:16:12 GMT

GET
H3 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20230314/r20110914/elements/html/ Frame 3E35 11 KB
4 KB 41ms
40ms Script
text/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20230314/r20110914/elements/html/omrhp.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-AqReh0wM_Bhn02kVG43PTP5J6FdC_ybvGadsHeP6f3jA3nGgVrcJeXbdS8CwuRWy8B0Lgz0yWJzDcs0gRdWA7u9BxYsx_Fy7pM6vm_wPyZcqT_v5INMlB-wttUtRxrENqlG_1N_E_ICzgtwrIBbjq-gLUFGYWAk_z_Hs00cNb6u9Y29pI&dbm_d=AKAmf-CMBEmwx8rtaIr7TngD49246wL5oHTetwQ1Ygd9dhGsqCu5wQ7f1ygUuxdaeNbUw5kDPjJMSgyf33jWc8y7qTBl6YOgNxm-QsmQy7nXFlcWQGMBldxdcFd47lU3fPPK-tDrEIXmfBBftYjeXFVrUNmLHpRflWsMH_C8E3cBVLYHYQrYUv-m_79dxYDxVrn-L4bPZRPmfDK5V5MrrNF5hPEtHp5cb_XFg_eiWzoXsZLYGP9c4bti0bmvjXoQ62JLoSFrriqag0Fb-RK5njljDGbOChuPmNLh7hdBXj7TWjBNbSTMm8rgN_A_ZXsa26R7MfJscfdlmJrm8atCIb1nL_FhUijLNbQ5hbNWa2Cs7nwr1qhLH4WS-_iBY2CwKAC2UH3ynGnNFbmMJofDCGSRAWlPmeYP1jPQJlEuH_NCTkvByEfnokZMUQ9TysQnpFvWBYkFdOc1J8ocAArb4q52He0sl4WYdUXbvcn1213hOW4O98FvKCtOl5I-xFpoKjldaB4aJHIymBYiJTyXQbTWcQTDY_ATQFgzTu706KUci_EC8mbN9muEm-4prfAVfNYQ0mXHxSZLrIOC5zl-yge8DDqUS9ctzzEnvukAuUeZtKgx_4mI9k_0kjSqU1uTsL3ToqM2F1OR_wtbLp8a7kskcQbSANfkovl9laTQXaQNR-boL7t9w1hxRC2QWQ0wIjkBQ5rYdY-Bn9xzcNZ_5NnfZO5v-iB1Pd_nK6rA5R5i2uNKMStjxWviI58dbnTwBzx4aOIw_vank0Ug6PNCSZRTibgV-c_XrGFEI5f56QkU9h3X_bmf4Zxuo1MfT76KeIpmOSTas8VWo2eAPV1d7luYYhTrHynXX11DvH25JeUoPUFji9fTfNfJl8kE0xGmNw7KoyiZNl7bKXsMlx4VcfXZ3KyT0SQPYlQgkQ1YSSk6jbNbG1J4v3gqnl5SunhdHZPfnPQk2aKKB0eP4t320rqXgMeLUIyg0LPxsNGYP6oyK3kNhLK331yrdQ5LH9GOeL2Gse-dUe36GwRP1zH6pOuoZcBgfRnR_u_yLDLbiHB0r9t7A9Up6xBrQH4ixkljfRgArgkBOKnYze8mQuJi6I5vlXBV3h0-1kYaRs_DA1jt69YZ-jTY5PncJ5xJftuBpHDLzY5Ao2uW57u3iYaNbMRl5eTGiPYrnDjs4dHAFq1DH4_C-Kk1LDvjtF7lP3K9_SbXe2vBRoA2sG0LPcMEveqvomFE26vnzSiKZFkowpHr_CNKIIeo6J8rLP1TY3IK-XNLpVFX4KNmIrln4y4nGwg28Pi001OVyQSkG0Uf3OeFOEPiNoitxjxNGxR8kG-9Td_bSyj5nJqbct9FIV9Q5rJ_jXh5iekMrqwG_UhGeAAQALmZbuCA0Wo--tCMfaYiGq6k8SBgD5evD4JMWC0I6nyutUIiT3dXiqvr2RMHvvtGB0PHVO6Jak8LexPc_L8-n-CxD-9TPEm7IOFWjgi33QHKAWz0QbpbCHu_q4cy0cnwbw9Dk5e6xA-pOYVtnPu4Ecz1Umj4nS-ojkG0LEgs0toJiKRvmZI3GlHkZx8z-VhtplGHjGnGDwuOiDgmXQ9eEJHQUkoPH5xqJwRNVtR2UPHYuTEY4znApArF_9IHkHxv7S64iO5UsQpu3slQwDlj5jyJ5e7Wl45_m6991hhUG4qiqXPBuAiZGrzKt5I967fuvz_oIjZKh4ROzyrde8lI70x3ikh4YHgbI2NvpI_BiSZc7RIVXts8cQcVSItanV06LBiT-bWBf-el8u_q5dLJtKWi8wy__Z9vgycA4HREtCLDcRgSIVLXplxZnsgqPIpwFqS6qD9zX7v9J_rxDyfd4bYHISnqW4qJli3z75YOSCoeGHmH8i_LMd3TB1KzkRNA7k3KpOgOWNIIO5QsqSc4OMA6vbWkX0xIO-1ayOPNN_lH4r8TYy0HddpUgnVBf7QLAzAPvsViEG003NfcT67GNPMrA3IPtUUb0ZnajgkP0gEnGQKyIt2FzAKFSTW90mp7C_13NyTEFv6G7KsrtXPJJA8BeHwXxUXptgp-Woi663nW3Q_Pu4y8UYvx3oL1dwi4HyxySQyDs6eYF5_BHqjWzgu6uQA5ZPx_B5UYmB7dAnh24MGLqecc3e9C3ykk2WwF_qr7PD88mX2jW-F7G2QhJ7bS35uM98aySJl0wGw3mSLPrWSsPeaQLQieUzolAF4xwdSh_5l5ym7KCjt5XR-6aBBxfs8K8Psl6gzQ1QeIrcOkIwW-eYKBdjS4yb2uVyTW6Ry7AFnxGi0rBi2Bgu7SHMJNfU9DxaP4ht2SfUnpXP2Fsi_E92bKg4dTj76KLcwZax8t-cvM0BokyXZ8ZXnZkRwFbkHMbA9rNCgbaYuSoXODjjDyTrkPhrMrXZORcNRjBpfGzaRa_1c7tC3voIiSveCgmuuAdLuAj8v81F0CADpkeBXEfYzsj-oz83tIzlZixn6g0DxALzP8-6k2Fnghz8Vh4AUu2PonN8grzqemcl355p8NO-dob_nF4c_7Xj2D1XjaDkP8SWhpRZOJvXQM6oJgBpTL-5zzqayHDbX0ls4Q2HKaSorWeuRTz1Fl9EF0wq1TPlhGJHJZaX28XQd-skPbbQEWF7FY1iRVY0INjTfpfsqpKNRJgWNi6kuuN_N7McRiu9pzROrALpSGEiwSL84fCwlu49waIKOqQRD0mOu2lE00O_8-iop8YwkcH_6EOQWuSyOhnIBeBRL9Giz4e5CtkPH5D38L7kQg-aZ7XFTt0aujV_IdeDTRiGtGbOA-nNKYvaCSADrSDPCIlRubRshYELCLCLHgwDWdwWOlSCCG5CSyjp-GixMTMfqfEgirWv85-XYrHIlxz9akbQFcuxjGFQFQEySImNsciVc3Pm-p6OnZdI-AwYF59CgawyggWYsnKDTMeaxgdpFYQENhvKzNzYcGFY_1rJbsIS0FYjaPU_mLdwIu8j-jq5KZ8ELhF6ASvpLVYpSSsnmNGFfveI9NREXXitSekK_kYjfZ9Fy9JnoF18CNontjeVMd5uLr55TWA_7YKpc64eJ1TWuPpcAH0UH7n6mrU6z5N_z0qnJlHqVqiEcK_fWydIJs22Evj7PD_qaHbv1ByjBzD3ZlhcryrfkyBJpoxg7N0vvRqPBZk982tGqY5tFCHGJnmAHM5fKo25Z8CTiWkTjLeglXbki9WqR5Wxztgsk4KmlxdlRllTZdHVz25GmVlRkgoxfXFcJg6cwT1XlzaigAc-CSwhfD6aU7jrbEYueXHg8RfwI_ySFODF1bZQ&cid=CAQSTADUE5ymhglG2dMD-sPmC8mCDI0u5KoE_5q8J5NHkATB1V2Tq2g5sqUdj7zWA0sjZyLAAxs1a9KBqtF1u5TeC8CpxvltVTEEfDPfHUYYAQ&dv3_ver=m202301230201&rfl=https%3A%2F%2Forangesport.ro%2F&ds=l&xdt=1&iif=1&cor=3318827580576410000&adk=2935317967&idt=316&cac=0&dtd=3

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

4144ebe7750ce431762e797618a6b8c57cf6b173987519641fed9dfba7c56359

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Wed, 15 Mar 2023 18:13:15 GMT
content-encoding: br
x-content-type-options: nosniff
age: 73005
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4092
x-xss-protection: 0
server: cafe
etag: 18105782571274344576
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 29 Mar 2023 18:13:15 GMT

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20230314/r20110914/ Frame 3E35 28 KB
11 KB 39ms
39ms Script
text/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20230314/r20110914/abg_lite.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3727bbba645c1b78bd9a4c551b680ba853bc89dfc1b452cc41b75b9ec3c112b7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Wed, 15 Mar 2023 18:16:30 GMT
content-encoding: br
x-content-type-options: nosniff
age: 72810
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 10957
x-xss-protection: 0
server: cafe
etag: 8900138052650900789
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 29 Mar 2023 18:16:30 GMT

GET
H2 200 html_inpage_rendering_lib_200_276.js Show response
s0.2mdn.net/879366/ Frame 3218 170 KB
59 KB 106ms
105ms Script
text/javascript 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_276.js

Requested by

Host: orangesport.ro
URL: https://orangesport.ro/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

96da839661d63f7cab3dc3e43613fee97166a472555cc91df21777d6d83e58d9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com/
Origin: https://a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 07:15:46 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 26054
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 60311
x-xss-protection: 0
last-modified: Wed, 02 Mar 2022 23:07:25 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 17 Mar 2023 07:15:46 GMT

GET
H3 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20230314/r20110914/elements/html/ Frame 3218 11 KB
4 KB 44ms
44ms Script
text/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20230314/r20110914/elements/html/omrhp.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-B35ONR9E_glVsMDDGjCq4Ks2Ys68ZmwcguBdXPUy7P4X2lGu1TdFKynPguaDB5y_Ampzuau7_oBl6_Yt-RveR4tW-tsKlxUk_OjMfxGEP4VWM4OYB57iAIlBpFJLwPB8Nkj8VSopschJ3xUdb51DRn-nrmNoLfbVtr9coRjxpP33C32vg&dbm_d=AKAmf-DOSIELDL1fFbriQu19AcGENImNGNCcb0Uiz1jUL8rdOZTnaX5Yf1ejgbZDggYF9uH8d8YsvTDtk7BfcIHa92h2lDiXKzp2zJLGRz-I5A1sxZ4Ho_uUnYglAcHf9c_s5DjRFLZLSt9l8hsSvslWShzvuKWaHL7chV3vwru1TIn7g_wxU2uEA4CLB2uJwU_90E24ETMa6wGuU6fvL3oxR-xRlP6q9OZUpN55cJf6K1dYCdFUXNKgP1FN0U_EjtT2XtJfjDZkxDCeMXR8GPnFsGyCTInRMlr3jpItNZg7CGl3yZs0-PtMJ3rlypsSGgBlCjKkYrzkRefVmDFrz0bvFORhmFni_yjT1J9nmdW5TmQ6mxLmi98Ftn3NaGzonLfiyqUEfLwwlih143E5aLlNMjdotOUks_duKo8Wsu6bse-qDbKQdPdQvidFF9JOaFlXSoKhkPa9iDoz6lHHLne3EUBTv4XRGtzxDXMujwD8-0bUWQ063K3jbGDpFeYNxMH0M1_hYbshqC21i22XEPR8_DDNjpwXPHonXMM28r7kWUYBnqr3mAYQCtcoJonOchnWWjKPFSxAg_yWi-IwUOVFLVp9QJPgNrAQaDhL_gR42LMxe_mX42QSzZmqE22xxUnNvtymapN0vXKa8XtL504Nbt_HLR64HYSgHL6cuxkVcz7mHN_LAAj_l71jUYS3HsTO25drYPvnYxj_e5HMBOHuJvsGFslhQSAwRFFHkLg4QLdZPjhFh01KhOOxK3CRUCIpwnkxnENGPKeytQiBpkub_6z9k2WwNs3rTh7FP2d57Ajor6P9OMy1zx23mb64vJPjx0z0lYLI91x_hy9GzdrDkDlHoHJwFEouhbLbUyQFmD7jdt4zOnPjHhyTe0GZOjU3oCo2FOF-ur7YMKzCt1Si2G21Ph7BBCma8LGTYZt6XxRKI03K9Ojdi51eQnXfukK1HvSZXh5cRINwNoWXD7enQwVNp5AjCkN4Cc2aGEk55SCkJWwDtdaoenbLLcOVaYhLMwkwUglA-QFbz9flrfwP_wverCYtNFLXmpGTbQSvaDuOUfZTbqSW2SmgP9hDkpkTYu3fc44gY8haP5KZQgSeasL87l0gSF2rZ2QUtDyY-8e9hutXIIfCvm4Zh8irzSKkBRq_j5tv_Y3fm-fzqiY0P0PbEc8iKrroh5mDqv0suI_R7_BvMVFh1rt-Lkvy6UMwvhVMUzZzmU5LbAL8XZmUpdkmYabZMh7Jnsp5bV751MjD1P-bZlCtkk7TDW8lKOMhkxlbp1IknH33GqqgxN0_9SoJhHBVOv9rE7a1LTPqUM5cm7kRUs7m9MaxtJpuGfwKxYHPY-vMamWLibt6UmEfQtORUQ722zQmsqAIjOYeJKdA4OWoPSN4LJfPgWYOv1T_OgmdxcJ-4IiiXRfs5RNZ_-cQEgh2p6xRlOKznSYzMJrROkj6c7JQnn5pgupSfMCNIyTaoHYOIn9DdKcRr7VGNeIoXmkem-GES_pjApPPUx5yHTY71J31uKG2VSe4YdQfjZ6qQXPgpIsKrZnRZ3sZWhnBcNeURuN_HXE3KONnHjhgycwX9Uk3_EnwG4GnDduN63PHZSdvpij9-ZINBXlP9woBwMGjD6j25Y1ut0ACW_vHRUJCOW3AltpDyJFCwLGUcuKEaaDvqAe2-oBF94vDn76xEaeMwfwsYlpc1ojiNHCdefRobUvPlq5cnCtWbaotUZMpyQWUUEOZeO6oddrUViNSRdy7YShJgGd-OSbJCFS952yOsr5uuWLnKnuPhpryB9ctRWFb2DYRLh9WdTr7vc1nwVaDbIM2rI_O173Ds7kjy5q_om5Jf2Ko1YkEhjw4_bQKsDF3GPQ4XkKBpRuwOoL9vDQya3ROVxWv1jsLZcvJIv1NxqALhizt4Rn7xDHprpIRkYhWh5LHQmHBEAY4WK6Og_YlRBejhoFlo1S43B2TQvqBTjdMa8ajIAupxAQyDl-1pGV-iutpQ1wz3B9XWhG4iYM7Z216H9nHwzdXMs5FX3wKMhYA4eNd4VaGU9Y60hlhWP7rAyr_WeJwwl9rCX-0fceHZCNXSzA3LIXoOWwcTz60W7EIR7I98qYnnZONZxZF3vIXMJwmz_zeUhYg2yed-rQmZ5wI8vVpdWZn6iyhKOzrplftDxQf514UHBjjfD9TklFV29w9-KsgQtSBL5iLW6x1eZORMHi16KdfEH1ghjLE1xmyVRqcwMkL1XJlq6a7gVDnmokUBh_N6dbt9w_wahODMrdW86p3ZYvZ8XtB75Gii9CylnbkRMpAfsZfmFxyrKmbfsIsOIvgCWWhe4eHFuqBGNAW1R26BDJ25ddVN9llbZTW8RFoi5JwBPIM203wdqiYwuWYHSk8oUtf4ILg4qTUhxsrTbQJeF-mVdx8XZ0xKYJhRqoQ1az5pg0TmWx2o15knxgw9oC90RLRJ5ljbUt2i0RDVWzTc1HLV7sNjBCYtNZ6P8QdhA_TAj_1yeI_wSti2i0dSBdIUDMo3CAGlE1wzcdIIwjTG__qM_i1V-hT4g6OhGFgAxV2fvQwsVEAulfOW62SigffSBzPfnlRy_Fcscw74z-SXWkoegpXPgnLlgiIuDnQO76n3uJDZr8DS3I_pdg8ShGufU_YtDbWWQE7YbCkrIAVX1rma23FuQ_ZRYQvv4O8A5ckF1YGLydy7n2XWe-3U3F-dZsAQdyvbMWxjP28BYj2Jxe1NEDitlrWUnu25bxnMlKWnaj4f63ggzI6fymdbN9SQHiInYfRVep2A78mkUTIEJOQ5rZsMgHvVHqPpjQy_ER3oQRW3BmmSFT7C8xNS_vQpT0M5x6xMrRN6jbx2w0DAYFFUff6lqfJLYnSVd-Z4pGsf2MQMBfKx0TAGEB2nbvWY3nsR2SGDeyk7dutlfqk8pSwZjbUNio3PITt3CAK42Ck3LXJaLk6LZAWDO2gweEBDD2NWzP3IflQ-CGbnOC3jRnhmObAZM9gt0nKSdO4o3vssZX5ZQA14Sk0EHlqliOnpwtbfqobvs0sUanT8i391WpZFUjfKmawMeBC-ztGBxGMXl4evhseFUT4nlie81czm7k3j7jEW9HDdhrH21aTsd3XU2prbrcL0BjSh55d0wVPL5xbhdkON9-ThYIskBGKQcBaFFKXR3pd8RpluRfePlK8bAL5ARMnpxeVIR2xLRz8mElQ12XZ2jwQ58VDUqfq5PLZkrwiED5aZxjAzn1xgURSP5YgnSHxkeU1F0N-ZnP2QvVQdaQx8jeOD51VikUWATt7SZ6__26aIcWI9NLZ3RpJFHY6JOxpQQGbZIDjgu-aAkAni59LyOPmYBDNcHcqLD3u2uboHVB2DCpuAxUCKv5LOJyde8g8-VuXLHe9Zt3knsGWWvMgZJzb&cid=CAQSTADUE5ymhglG2dMD-sPmC8mCDI0u5KoE_5q8J5NHkATB1V2Tq2g5sqUdj7zWA0sjZyLAAxs1a9KBqtF1u5TeC8CpxvltVTEEfDPfHUYYAQ&dv3_ver=m202301230201&rfl=https%3A%2F%2Forangesport.ro%2F&ds=l&xdt=1&iif=1&cor=10645229588543791000&adk=2004672170&idt=292&cac=0&dtd=2

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

4144ebe7750ce431762e797618a6b8c57cf6b173987519641fed9dfba7c56359

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Wed, 15 Mar 2023 18:13:15 GMT
content-encoding: br
x-content-type-options: nosniff
age: 73005
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4092
x-xss-protection: 0
server: cafe
etag: 18105782571274344576
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 29 Mar 2023 18:13:15 GMT

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20230314/r20110914/ Frame 3218 28 KB
11 KB 42ms
41ms Script
text/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20230314/r20110914/abg_lite.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3727bbba645c1b78bd9a4c551b680ba853bc89dfc1b452cc41b75b9ec3c112b7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Wed, 15 Mar 2023 18:16:30 GMT
content-encoding: br
x-content-type-options: nosniff
age: 72810
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 10957
x-xss-protection: 0
server: cafe
etag: 8900138052650900789
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 29 Mar 2023 18:16:30 GMT

GET
H2 200 skeleton.js Show response
fw.adsafeprotected.com/rjss/st/886862/62195780/ Frame 184F 243 KB
73 KB 160ms
160ms Script
application/javascript 52.30.84.16
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://fw.adsafeprotected.com/rjss/st/886862/62195780/skeleton.js?ias_dspID=&ias_campId=&ias_pubId=&ias_chanId=&ias_placementId=&bidurl=&ias_dealId=&adsafe_par&ias_impId=
Requested by: Host: orangesport.ro
URL: https://orangesport.ro/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.30.84.16 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-30-84-16.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: 15eaf840936a8d7f6896456d9a7c01e1915102c596b2d3df14f4b23e8dd0e18d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Mar 2023 14:30:00 GMT
content-encoding: gzip
vary: accept-encoding
content-type: application/javascript;charset=utf-8
access-control-allow-origin: fw.adsafeprotected.com
cache-control: no-cache
access-control-allow-credentials: true
expires: Wed, 31 Dec 1969 23:59:59 GMT

GET
H2 200 html_inpage_rendering_lib_200_276.js Show response
s0.2mdn.net/879366/ Frame 184F 170 KB
59 KB 108ms
107ms Script
text/javascript 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_276.js

Requested by

Host: orangesport.ro
URL: https://orangesport.ro/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

96da839661d63f7cab3dc3e43613fee97166a472555cc91df21777d6d83e58d9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com/
Origin: https://a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 07:15:46 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 26054
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 60311
x-xss-protection: 0
last-modified: Wed, 02 Mar 2022 23:07:25 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 17 Mar 2023 07:15:46 GMT

GET
H3 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20230314/r20110914/elements/html/ Frame 184F 11 KB
4 KB 40ms
39ms Script
text/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20230314/r20110914/elements/html/omrhp.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-BreSNU97-fZJQ-aImvqNQa7Db6wXMnHFzUPun6ZTSY-p04d2z9T9VnvbucmdfmKPhJY38AaaGjHwJn2MltPmX1Z8c7Z3IKptvvczk47MqBI20rc_O_3WHp41PmU96wiYeOcSBkncFEj-BKGWkKrhw1EJbu2yZGnussoTUiZy1imytorIY&dbm_d=AKAmf-AGBbipBR66h7BhwfEaNmo1cyE4Ut-nYxSj_lABe2R8-cVClymVJTmT2K46GFqvbP_y8vgZ2EmJPiwK5g6iTsIUReLNnxtnxjGtuV4XrGZjVEWWBk6lHvoxfSdENskTitl2G8u_YUPhL4A81brGSyCuF_F4FkMdAfm9VQ9ZVJEBK4o3P0IVQDHH4TRZhoNf_kUNou1cY9nF6OwpGSlT5Of-sP9cvX5sdqKaKn7SlbFLoduAhbLcKPzut7l9H1eB9LBe58y1sTi2WgRaudzsYhOzjXSL2UBbu9u-sWa1u-uOHxlQTkr_oyuDgiOwMGHbDQd8tSZOVRu04FbDjg1tMs1XiSdsgygXu8TdptJRluGw3TTKy5vYPydO1GutE_NFv-qvOxQfl-P30Rf0vc6g6rEnC8zfUwxJW4cU_qkgWgoY2Ef6PP6FFE3T6uurIi0RCAYSrYuZicJOyooe0uF48OhpyHHXx6SvPExIyRD1LxqYRmi_zHYVvxTY3oVEWPHZRtIzR5DzLB2BsVdCrxY4Ja62NgWoppXuuy7vzCpEkT33Mi_J9DNt--KS9D7rWV6tkCCZe6tz4g8w42WtHxOwDjNrJGAQzMc_WIbxfOgrk8L_t0KkxRCggVudGXOS9_mtPPeSBFKyXev_VfRHhnCqcMRR67LFLwNRf_nD7a-Xu8OrOELeI6bxz7FHItUPmFs08fs9tjkRy6xVQKCYmcstfXSHn5hciXXSz2CC8nRxWxpelcmsL6f0-otPE8eL6845Y6fovncylANzfuUw2bmVO8t0UVZsO8vwzWuY-5-c05mucvsq4fkFyBFKVwcBjChzihfEsuiG6qQ9EHcCJLo0d_AZkciFYfkC91LiAXV5kbcQFGPqPbhmoNaI1LklhmIEnmxNAj8gDTFnAGneKitDx_31zcIs4kC-sN4yfnKY9prwuKTGCVwwKvw6jxo6IN4muc0zm2OW06U78D6j7x7dOKsNV10NLPXtf4g7mN0QUiH5bySSPQERonbKMPhNaYy69PcfGZRLR3QLyytpwuE2VyxKWb24IqNrTCbIQrSwQJXq27l15ATElEOxlIyZBAH1O6TEVjtv8be-tVh1Ru-LRH0ylJwPSLI2_djywpyElFKhHl95yLLQR5h-oo526c3qSQ9JFRIaxIwvOIZdwAQeiJGr_fVAesHi6HBOstCPvjXQWRMtg8b4sZBGDtnDO4znXvImJrxRJTfUGkgJeLex77C1h-dGJ53LfZURFSBL2SRrKo5CxMKUGdGn-RCoR_rsikdVnjSygToPFd6_MCkRGYc5vegzwoG_QK1CZpwRRLAtQyt8gaXEF3rdVyf_LugrxjJw5yt0iFiSiYeVaMdb_SsWJwkHksuVBhNzIu_ECYkZGSr6aKAwekn6hPqger21V2nDKdWq8RKh0pFC4fWwhP-zTPkXbj9Ntln2n8cv8v0isDGUwBsoDyFy9wUFvvvvBPZh_YN8A-6x9gQ7w8dcLN0MAVWmdHMa6oEk4NCaf2od1TZhpS0Mr54R824LSVKpy7hclQYZaqoNpBoGQrMAZIFje_xqaKBcqrtRNXM1ZaodPflgt8JBa8c0bx7fwr8tZ0K_LxltQ-vP7cO-7i_EOyFZiVDaqOo5i3xCIpkpxAL5YPL2_TeCeDW71xVZMhs0p_dqmn1JhQCUxaKnNTLXUvTQR65JkkIWFMzN0L06HR6Hu3ER_vnDF260TnwRZRnvzmQYUglB5gW-X_kL9F4_b70yqA4l35pu2rkOoFnTHZYuNCX8xnSdSX8NlPAmMIFQMWNvs8r1DHaumWWv4ZDcrS1J5wH3jbazc-CmlTNsLUQT3jTQpP6tEblkw4Ytpo_IzaS423NmILPlONa-K_Y-hEMX6mAFO5TggAIR3liiE9sicYNCk-akgHZNj7Ej10oygi0kjYx47PnZNbS3qn7o6rxQvhB-tyyKwDTlV2ZZM5HTKN7onix2EagNuwfHnCNXoKsflFIFqmtKFML1ELg39GxIxN0aEOIG_PoQJTQ7pQqINKjESy7ib2Ok_FCOV9CaV-j61AU-MgAB-J7TlX9IKK7qiNfWgKjrW3wvk30mQ_6Dxu8j_OFzFKz8dHf-0qsmyaCXC-OeME_tfZpbEMgMlxx9_R2IvBnpjn5jrhFlvtf8QhASgPJrxgRbnlCHTnBd04asVnU3e1H2eukTaXDMZE2Kfk_K-nPH7ZkgGlqRxEMM5Ac0gSFO5tVtkv3E53pWtSGQGPS-VrUxQ1XNxG_TsE7VFV996Sn0sjwdwIwLDKHosA9SRbN70Em7kQuT0yjkerpq3wYBd8mU6oCzhISbkGJT9hul41EsmZXe12USe3e9YSgnaXEXZ10TTnxv4WMCmxOItqdyk2YzV4Dq2Qwqsub2jHtAwtTm34oFxHWPOKJg54GwXJZjLU9iw4KpR0XEWkkCaCfnbl7ZsYSGJj-g6rKzZQQQVzozgyW63Lx1nNO0_sgOYljS9NiENlj5NEfXYbw85EtT6YoyhBVQhHDaWpYhRQiTmorUTjAy8H_NgpzACXkxraEk5Hg55UwwjdkasVtPxV53ddKsf5jCumYFJHTVcghvr0nzrLai7E4t5rBNxKqWxDrFr1iNg0-Ysk-okxbtB6_JSFSHrQz6XlNlAk3e4gZBkNlllvNfG8-leUsFY0fOXxIzW5J5CnNWE7p--GhW-Lku4ZDkG0_6H-SSvZ0fB6Fwwu5I2tR4hNQli2Rx6E49uBlpDSwVtQkzsrIeRA-dsrnkMJ6FAp-bJVWBTqVT7KhcP4MkjcATvxKse_hlRGZrqtCjk2-FE0eG22jD8l_leEUZa68l3CdUfP69h9X4u9mMcj2uigHS1WfY8rkMfwaKjAagZ53ft337QM0Zvk194qWHaNyb7tzEzk5xioC2BO34ukIU4OI0ztMrc-LZvTzSuaG9eAXz9WDxt7ogDL5nxrfTY-LyGukFkaRh15_li_xgsXGxhMdaNOeKjcmJk-Ri8gqUcoer_fj8FF5rHzhiRQ15BhdMydz_tbBBaOXkHoLWd6aPKGAxpStVDB-5o20Fn0v4oKSTvSi9hlirxk7JtUWSZ6jTKvWNhClRw0POLxUGMpQtpA-ppO9SEjSiyGyeDuIHrBfsn4NT3vGy8OnXyfmj2f0-AF3iCzPFfRTEvDVgG5iHjlBHjLR-vysqxJn_xj7HUDqCvD0JhvzG5pdcGr695Kvj43RoI9vfo5fCBkJxDPSHAvldGgw4uGSNAvn2f2pGCyVEmIPLWoag3HZDk4N75uVJ3QnCNuONTa0-6l1kpoHRDbDLUU1qw0n7WgA0HX7Irp6aq88_SZ7CDULBWuqWuHYJxBoFp3W66OGl349iRjHWkqiTWLSff1MsJlLqADrx1pPRSoZTs-wWuaOgQUbZA4b11peIqbcA_PIPsp_tzQ&cid=CAQSTADUE5ymhglG2dMD-sPmC8mCDI0u5KoE_5q8J5NHkATB1V2Tq2g5sqUdj7zWA0sjZyLAAxs1a9KBqtF1u5TeC8CpxvltVTEEfDPfHUYYAQ&dv3_ver=m202301230201&rfl=https%3A%2F%2Forangesport.ro%2F&ds=l&xdt=1&iif=1&cor=11407736492356500000&adk=2086295851&idt=336&cac=0&dtd=2

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

4144ebe7750ce431762e797618a6b8c57cf6b173987519641fed9dfba7c56359

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Wed, 15 Mar 2023 18:13:15 GMT
content-encoding: br
x-content-type-options: nosniff
age: 73005
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4092
x-xss-protection: 0
server: cafe
etag: 18105782571274344576
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 29 Mar 2023 18:13:15 GMT

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20230314/r20110914/ Frame 184F 28 KB
11 KB 40ms
40ms Script
text/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20230314/r20110914/abg_lite.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3727bbba645c1b78bd9a4c551b680ba853bc89dfc1b452cc41b75b9ec3c112b7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Wed, 15 Mar 2023 18:16:30 GMT
content-encoding: br
x-content-type-options: nosniff
age: 72810
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 10957
x-xss-protection: 0
server: cafe
etag: 8900138052650900789
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 29 Mar 2023 18:16:30 GMT

GET
H2 200 skeleton.js Show response
fw.adsafeprotected.com/rjss/st/886862/62195778/ Frame 5C64 243 KB
73 KB 151ms
151ms Script
application/javascript 52.30.84.16
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://fw.adsafeprotected.com/rjss/st/886862/62195778/skeleton.js?ias_dspID=&ias_campId=&ias_pubId=&ias_chanId=&ias_placementId=&bidurl=&ias_dealId=&adsafe_par&ias_impId=
Requested by: Host: orangesport.ro
URL: https://orangesport.ro/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.30.84.16 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-30-84-16.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: 7029d63023c037146a2d9195123d0789148f95e0f07e670a9ac0705bcb9baf24

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Mar 2023 14:30:00 GMT
content-encoding: gzip
vary: accept-encoding
content-type: application/javascript;charset=utf-8
access-control-allow-origin: fw.adsafeprotected.com
cache-control: no-cache
access-control-allow-credentials: true
expires: Wed, 31 Dec 1969 23:59:59 GMT

GET
H2 200 html_inpage_rendering_lib_200_276.js Show response
s0.2mdn.net/879366/ Frame 5C64 170 KB
59 KB 107ms
105ms Script
text/javascript 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_276.js

Requested by

Host: orangesport.ro
URL: https://orangesport.ro/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

96da839661d63f7cab3dc3e43613fee97166a472555cc91df21777d6d83e58d9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com/
Origin: https://a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 07:15:46 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 26054
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 60311
x-xss-protection: 0
last-modified: Wed, 02 Mar 2022 23:07:25 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 17 Mar 2023 07:15:46 GMT

GET
H3 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20230314/r20110914/elements/html/ Frame 5C64 11 KB
4 KB 40ms
39ms Script
text/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20230314/r20110914/elements/html/omrhp.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-B8lUIGCZ-kbncKGCDBneqGP-c1kE4YDEe5CsdSg895Bl9DA8LHzp8Wx9ZqChWMDUJL8p646SxqtJOctybhrG5RlaHhfew1ubExw7hYiU5AtzyJxF0YXxyfO5G4x8dOyjLQkc8ew7p56b3N9wCPRa8EHoNoiA82xS0Z5rbFtzb8v8zQBDI&dbm_d=AKAmf-DeJ210EBU__0PzNShINjZG64iGV_RUjelkPtdPr2QTZkHMD65MP_UHK3zOYn6N6EJRn0uFThrgcO-3x5X0S3hh7dPnypQAnSCdivsIn9nO46cBi0VW9Wsg8_ZAO6H7UGNjT2lfgUVcxfzAaUk6bsq0mt-DrErW1Sq_Tj7lMwYBCYFMETMm_Hl0jAR3PePEZyuiHB_S32JJQCSN3ZtJKOWRyVg8jgIe9E_9MWpfw-6Hk-Lu4mZqpE21MDQAHpGOslZPIrQgkUYurHVOZWYeh7XCT6MlJR8xKM6pvPXethos7tX96NyDMP2TAUmUTAPbuVP5pL7N5kQxAWdfpWAdCZNPCy59wQc5aMuXjIVNABe775WK__iLggMEDRs10st2LnlvSHTakbbbkPsILiDJirmVu7M1crSRVl3_vtZcg7xVbTRsutmz8U-iwiSUI-S9_KSM9Pc-JZJ_5mtpmbpHa4ii6X0TnH2DJA8RIX7vZv-OHS6x61Qsvq2-QofgVQScQv8b5kvpb01OblgOiwY8GAo0ehusHGyKC4FT7TVT4R_f0VKFg1CXDFRy2XBOj6dUa8JcG1rz77KiWGJijScQ-DWPEuYC7DpPT4_Qd3kij0tASkOxnyehzn5lZcbOyu0pigCN2RkDr-RJodT5cso2CWTv_qTvusXJjEPcIdr7rMmcPctmnwV_cr4nXVMjqmN_TaJM42ft78z9wiVGen83oP6pCKVwZJT9YQ98J7EGLmA51MrOB71D6EeFb_Lxp2loaDicUkQbETO398ySOcFKYDf0ecF_rcbsEE15t30auV0Q963DD_B5BzWZLSqmST0tVU05JEZaMDOkwS0AtFEOTi-xGsZ48mcXZLk6D8Gl3aIxIfS5H-zk94iy8TnHm1hijgVANagdBUhMiwd4tqHJlEemJojRlzG2nDMOgiPpgl7hCUaa77ZXegy9_VfnYHoYt9LHQEmZpXCOJxAF5HPKeSTY69xd-4sVA4VaZYwQJDUP9G-5-ZmxF0F6Xws-xr2yfBpu0tU8SPMczK4LUNLkA8bs6a-bKBJQq-v-YeZIbP4nq5FNXWuqw3Cs-wzD-T46-_WscUjybtp6SkBMeH-aauM1EUGMwiZU6Try51z-toZu3R0EpTd_nrBwSlnR_LBAflytERE4CkHDjf23asqikE0-xc5Se8KKrynRKDzq_Lt9E9F2GsBFgFdSyIQbpIdFLNK_cHOyccceCsyIFggr3Z33mJCS_0d19ZMk9uBjbO1oWeQ3O-zTPTA5JZriw8CuLd-L8rgrwIDUZGpTchYNNYGEcEheWDwnzO0dhE8WOJf4io7SBfgJoocAB8j0b71tFvrgGmeBU5vfVZICQKTfEj8ReteoLbP-SVm8yfNDeXsreI0ED64lJAwSoTmpoQ30BoM-7igByRm_wxg0zlr8xO0aiobYVmroobDAqiH7UEZhIk6KeIWqR6cKeKQy4QKYdz_1ByvP453YCLl4lNDfVlE7Uv2cZO9XttzbMX6QWJP5yaMV8SIDaJhPP8zz1RYifW3j84EHI1623wbQS3LEEc7atV8ivc3-57v1LRkebsD6LZddavh7vGjm7CujwsEOCehaI2Pn77ku-qJQR4t_H1PpBJ6t40UNCHd5qBm4ekz9m9zEBr5_VWnZjPlAj7dR2r7KAV_GgK8Kn1q02MVf7L8T2Tyn5yt5ewq0WTxoijgaiRw6z-12bFTnrEk-ohOKJfowoznlQWCjkMWJ5M_mbo_8DhMYlSY728e-MapFRDuBEOFZo9QSQpv3ieg0_NA0wCtZxi8Knxa_ST5kdTf-f4I8Doixq-NiQZ0aiXiGn7K-vM0sYdPGjxMQm8Ng7VkeTcI1Kh6RSwyr53p07tntLMi2gWFBs9ibquWNu4kAEQxU3__DgrMbSBCHG3ykQF9pH4bdv5GpXi2IkYKjKTWiIlsfxaXQjgrBF5v8tcrcuCv3z5WapRANpnQrBtNaQ1MFsUpgJJEYHlaLcDg1jyvqpaa3tzLJCGxaW9dvSUHIgJAfAH6biA94nYOMd3ql_0ATY9U1yAFM9MPevUnC72NbFjlwiPIdPeRKcipUGeW2I0QjQiQvZuxXez9hANTpO_6_VJJvwBtQhWHnaNIP-6C1FKTs-s8C4LvNVJlZ9czl10N3w966dpGMvER67c27yUada9_u1C9HhrtT9Pu3DOSQIOeQYbkj_fWKDvRECnyjkmcyduTuf_BdQFZZ6rNjlOE1-09xjwz-RyRwV-aM5dN3iiiUv0KiyvA5MKGhz_wnrF4BfuaiHpPDH653Bh0GyWhdEiLX9G8OkuiSp01Db565fPmIfTIWJNf_FHK7hReRslDftPzf41xwQiwe9fpL1469M8ucHgIdE-HYOiOBKDw7AHBuoLqmPY3eHrcAtQb3IZW05TjmTH6kbntMUsobYL41TbsOSv9-Bek1xJq3upRVXU3mbVk4kL8SLyQ8MNU14qz2C7AHAZVHvRXLEgy3Z1mZDf4SZsVsuNxO_Y-zegeAgAkaqCfL9MBJ-NXeCkA5x9qYE3pQkUqUhlkA9MyxJEVW3324PCNlFnzacVnFxMWZs06w9d2MoFm9NiIRy9PIKrsNA1VRaMx9oDfcALgE5RbJ8HfxBequl1kw_ehJLlsLmlXVRX99dl_rGMyfiOqkGRT5cQXbHzWErcCxj6H9ueEUxON7G6aW1mxWEivFWIKi_2_LPvuzujmQfUFWMc_KdMZnQci3pSB5UFjwAQzUsauiF8GvAfxizvNvrKR-tMBlk9lFnARY7sdYgKqt620IAthcV_TlPZLcHDWyHnGGEjJOnaWeBrmAcgMDELOmNuGkIqPj7YGE0VOJyj-ToeBxvzqMpkPoocl9yzygkFf3WDGcqHiqCzBpL4WV_JjFKxdwsv3zysL0KB9QzJGuu8MxF4GTbHsxOL0_arURCx_ArTEswTFXm9jujclU_rEuHCeskhTxD9e3DxBCeVK6KMgSDOhBkEBeKMRNTCvTs1fAgJuA8kpAg0eD0SapSyDmkhTpHdfp9QfMTJyQ6sL5lVgZUYoyMKb1v2rjePQHdjL32PKPgcrd9ppXatiNyeeBHPwSzIYtR4Nf5E7KMStgZg-dlasGz3nt3HVBiR7tW1xUQmowTGxb809XtUhyluHfVIMkGMfyA-SEwkA0Jq0yzGzmpE-g7fz1srJ4COmcavucNf3ev0UtPrc6251NoEshsmAgAs79NidfNi8fTTIJkgfLewopxHmKtBlF7sQxtV4an5kSU_wzWsg1vLAF9tPsNt0TAeNvLjFLgJaQiEYahB2CXE2HifSil2ZOdBK8zoBy6cscclTYJZPNGauaq34nbVIn7YbXfmNSVL9fkwv6Sno2-tkVA36BUSmSKP3VYU97uUFP39Pozin1&cid=CAQSTADUE5ymhglG2dMD-sPmC8mCDI0u5KoE_5q8J5NHkATB1V2Tq2g5sqUdj7zWA0sjZyLAAxs1a9KBqtF1u5TeC8CpxvltVTEEfDPfHUYYAQ&dv3_ver=m202301230201&rfl=https%3A%2F%2Forangesport.ro%2F&ds=l&xdt=1&iif=1&cor=4034464783009076700&adk=3690638929&idt=306&cac=0&dtd=3

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

4144ebe7750ce431762e797618a6b8c57cf6b173987519641fed9dfba7c56359

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Wed, 15 Mar 2023 18:13:15 GMT
content-encoding: br
x-content-type-options: nosniff
age: 73005
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4092
x-xss-protection: 0
server: cafe
etag: 18105782571274344576
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 29 Mar 2023 18:13:15 GMT

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20230314/r20110914/ Frame 5C64 28 KB
11 KB 42ms
41ms Script
text/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20230314/r20110914/abg_lite.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3727bbba645c1b78bd9a4c551b680ba853bc89dfc1b452cc41b75b9ec3c112b7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Wed, 15 Mar 2023 18:16:30 GMT
content-encoding: br
x-content-type-options: nosniff
age: 72810
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 10957
x-xss-protection: 0
server: cafe
etag: 8900138052650900789
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 29 Mar 2023 18:16:30 GMT

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame 267F 41 KB
15 KB 41ms
40ms Script
text/javascript 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com
URL: https://a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Wed, 15 Mar 2023 12:23:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 94001
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 14 Mar 2024 12:23:19 GMT

GET
DATA 200
OK truncated
/ Frame 267F 217 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b253f131fefeea767d2a567f6a867b4fc5c499ef8e0ac2b661d48834ea0f2814

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

Content-Type: image/png

POST
H/1.1 204
No Content api-errors
yeet.revcontent.com/yeet/events/ Frame BC55 0
0 88ms
88ms Fetch 52.51.126.33
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://yeet.revcontent.com/yeet/events/api-errors
Requested by: Host: assets.revcontent.com
URL: https://assets.revcontent.com/master/delivery.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.51.126.33 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-51-126-33.eu-west-1.compute.amazonaws.com
Software: openresty /
Resource Hash

Request headers

Referer: https://orangesport.ro/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
Content-Type: application/json

Response headers

X-RC-Region: eu-west-1c
access-control-allow-origin: *
Date: Thu, 16 Mar 2023 14:30:00 GMT
Server: openresty
Connection: keep-alive
vary: Origin

OPTIONS
H/1.1 200
OK api-errors
yeet.revcontent.com/yeet/events/ Frame 0
0 291ms
100ms Preflight 52.51.126.33
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://yeet.revcontent.com/yeet/events/api-errors
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.51.126.33 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-51-126-33.eu-west-1.compute.amazonaws.com
Software: openresty /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://orangesport.ro
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

Connection: keep-alive
Content-Length: 0
Date: Thu, 16 Mar 2023 14:30:00 GMT
Server: openresty
X-RC-Region: eu-west-1c
access-control-allow-headers: Content-Type
access-control-allow-methods: POST
access-control-allow-origin: *
vary: Origin,Access-Control-Request-Method,Access-Control-Request-Headers

GET
H3 200 index.html Show response
s0.2mdn.net/sadbundle/16046623051478990848/300x250-Live_Happy/ Frame 3007 21 KB
4 KB 134ms
49ms Document
text/html 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/16046623051478990848/300x250-Live_Happy/index.html?e=69&leftOffset=0&topOffset=0&c=Av8zpsw209&t=1&renderingType=2&ev=01_247

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_276.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

054c480b41dbb8bb1a0db0dd51f85a18dafa9679cd1988d4824f9da3f8aa1215

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
cross-origin-resource-policy: cross-origin
date: Thu, 16 Mar 2023 14:30:00 GMT
expires: Fri, 15 Mar 2024 14:30:00 GMT
last-modified: Tue, 10 May 2022 13:01:32 GMT
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-xss-protection: 0

GET
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame 24F9 0
0 182ms
85ms Fetch
image/gif 142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjssyv2FLmSY18OM-oIH1kLtDf89w2TRBEM6K72B83z0pDvLzN3OZnTbpAYH_mdkZPCV6NJcrJrQVcJWaJ0OgGPtvFbYa8MZGoZIivyRg-RQM_D2EnG_1g9gJYe4ivAcebswYkdFXDJkupOnavzGTGGP2Jha6d4ZLN4jyb9GKxgdqRGDiRipyKgLHGTVNOzrJGfEj1TAswg2C30vVrVwTiqlx0iqwdZKmWSkzPF2ffAfTJ-OHpxN1pU5z0ZiSSLt5g0jyyfyPFFSPJQjtcsqw2PtdiOhCyU2QEkNAQCY7uE5wMbKhoADHJXzBqZN1PuW-axdWXq6j3LqnzSuyiyE5js2W9u02DRlHBeQWRpcFOQUw5z-tFIlTFGTmzmz_zPUiX_Ur0bM4R9mNJGzfm8dyObJGRMANZDaE99Hb_-8kVgkRhKIzVt3rOE-bY9XvfZgHfRCmdp-ssU-2VyvPRaie0TrPmutK-oYyvrA-n00ji31HtPFZdI7t4LA5z7n4EKkXl6gK3ghv5FIyyFEoEgN8ZbVRD2d1BVZ_ZT3-3BR8xKE9ZLm5bGg7qnGllppv0ac0u3GgoIhCT-K02y_h8molXW41S_50Kqg5KaxDwu18Q-m2xA8cZ8Anyq_L9BQX6aH5mBRc8QxnJBXzMMx5-mwric87DhMqbqIKTg5YlyXl__0aRZyKAUNGmkbVJCcN7eu6YXt0v716yeHoxbHLU9HeIafMlGu0dtideUq-auNZRyD1fqRxszI3YZuKlij20KkBbI4hZV3pfdTZN1WarKZX7Sf-CzfGPZliCYinaj7x_2uKFB3hwOSSQMel25nGo9PpfL_ZhXGNTwp1VkMnqdVfaMo-VL1j0ONVD8M-WvLEb10Xo26mPkp5npeq9DxEZbJTk0d0_iO0HueFl1WVSEHmdkxdU3IMx-f1xR085OMCoJckLvhrifUzHPBRKE6LRhGh4zGlb1AQCs0NUPTrm1GFXMatQThIop1dNZBrFIHcDDTFodxciekCakWGihpwIUiU5mbKa7v8Flx-TMl2w7qK5pRp4-Dy7a2CDvm5RU2qO8vohhdPzmNfnKIeo-nNr10BPDxaijzujeolsVFhqZ3OA8sJEkItEE20APzwZOSHIZSb3RQzRGKC_qNtOiTEOHjuOG731oUwzSWEOeFXZVbG55y4K4daRawRbhdG6meWidLcdqxB95P9CJsiL0G4Kz9AiyVX-wywezpDWRxx0s9DxKryBLJTiHTx7RuzcL3bLE9bM06yKv8CPtNQ6w5x77dvnXq-IjRfapUnviXtCdqEQW8&sai=AMfl-YTXDsGfYw2zHPVyVyvSTobY-DSx1r7ltYCp7n9huzZhCYAVcadKUHJON0raOtHbHsx_VTLUM7Ywu1i7XmF4Kzs0sHAImfg_Hhel9uLV05efOVDL91lGlVNTWRLVrcOAfT8bCMGTZSZ7cVZ806EssqDBEs5fBewzgauDCNUqs7Pt54l_7KDiPRB1a8KFvAnNahKyXeXRgnt7t9EwafyQYnUwOOyfnHb2dXW4vftpCg_c7ubjcOpd9yA_l3Zq6sRSQjis0wtXepIcL7IQFTDrdBXxUG8zSqZRt0fU&sig=Cg0ArKJSzNPkanQJ9aThEAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=283&cbvp=1&cstd=276&cisv=r20230314.56384&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&arae=0&ftch=1&adurl=

Requested by

Host: orangesport.ro
URL: https://orangesport.ro/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Thu, 16 Mar 2023 14:30:00 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Thu, 16 Mar 2023 14:30:00 GMT

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame 3E35 41 KB
15 KB 42ms
41ms Script
text/javascript 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com
URL: https://a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Wed, 15 Mar 2023 12:23:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 94001
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 14 Mar 2024 12:23:19 GMT

GET
DATA 200
OK truncated
/ Frame 3E35 217 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 8378c9af556b92b91ce9430bd6bdd21307935b8d9d3c2dd4af7b3fdb8855a2d2

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame 7AE0 41 KB
15 KB 40ms
40ms Script
text/javascript 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com
URL: https://a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Wed, 15 Mar 2023 12:23:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 94001
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 14 Mar 2024 12:23:19 GMT

GET
DATA 200
OK truncated
/ Frame 7AE0 219 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 9c103d583af4cfff0b6d12d0e68e6b8e8b840b3f39f920d26f5297cad0abd27a

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame 73E7 41 KB
15 KB 40ms
40ms Script
text/javascript 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com
URL: https://a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Wed, 15 Mar 2023 12:23:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 94001
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 14 Mar 2024 12:23:19 GMT

GET
DATA 200
OK truncated
/ Frame 73E7 218 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 9a2ae43b02fa31d0ffaa78a8e87ae5294cc1f4b22ec7d32d50a682dc463355c7

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 160x600.html Show response
s0.2mdn.net/9912961/1676374217816/ Frame B31E 6 KB
2 KB 41ms
40ms Document
text/html 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/9912961/1676374217816/160x600.html

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_276.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c3a678207a432581f35da030188a47c714b0a311da77d6beab04f1b1e7a0f885

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
age: 1265
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=86400
content-encoding: gzip
content-length: 2371
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
cross-origin-resource-policy: cross-origin
date: Thu, 16 Mar 2023 14:08:55 GMT
expires: Fri, 17 Mar 2023 14:08:55 GMT
last-modified: Tue, 14 Feb 2023 11:30:17 GMT
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame 267F 0
0 97ms
87ms Fetch
image/gif 142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjss5lpU8d2aGRaMCLi-8wY1a_RNYUIFXGvqtcuj8sUMkCkbb6Ld6ZaJ9R7EyIGdx5yxrf2SSVsE_BTPRqx0R3WtByMTjnZ1xDP3nslRfyKnay0MCJCaT_8i-TRAgHMZq_2MxmkYFXCb5stfGggksiy2T4a1xMI6h7nd5plLXUrQNUJOJt2OiEuxmi6My9FLDQ5TocRUOAWDMD2jz5Q_Md7E9x3N_TaF2OVsc9DFE8lLKI-ApgMxZfPhD9eD2v9xDc35HNQV-UBaGsyhO3m-13UZpOSpUJENua0-XuxoW0cp4E-FyhvXRWTxMW5e1tjHnbUqmN0uz6rjyrsAudRZ5PsQjG-YuLrdNUHBAlyJz9eLoOW8ODUfhNpCuzsdd_EP5pdKOCrmLWMKRfbql-deLMhbEIWAJJtE4QoDldT7ilS1Jh-y5Np-4gTNNT0BPzrs1JbALcvLf4b4lbxO57GSCsPoAtU3uFE-Peu6Rf-I6USppyZpHmP-QIQt3O-fFpZhfwV5HvT2WFzO-uoEAT77ySGJeiXyF-H8EykOE0ElwF-HtWVSTGEt2pwCJ_zzp4wDlvNVYWoLblMwgI2bL4D4efzvbzKuXIMGNsOdIwF6w5NV9EphwsJdEviuOeGgrpTe6Kc7T8WV-h631ak5S8sVmdkkIlJxrT3EZpfeB71P_1rR53y1C3RMS9Wx9TtrGZ9EFthXnQo6ty_70Vj-PkoKbv_1TrTF6LrfqW-yGW7EX8Heykhvq2zDcuo9JeQuBxOThDqNZUhSkQOtpDqlK349JjIE2cW_7dj1Eu4rWnQgTr9wOy5qEbYlFBaWnVmYGOAdglE_RLqFcZGPHutMshseKBJTf51GThqoRNqi0dG3Xvh8qQXmjNXbpcGoDIB8FGlxICxrktPFHV3htPJRiajpDDr4LU6qZQ6D8mpUMCQAj9uwIw0K-186A3O2jvjHPI8-lRNDAOBypMCZ_ZEvT8drJg37Js-RtDE53d6gn0oajozzR_8US2cRY2p-8XH88O1L6oRSPyXS5S03uun-eOsrH61GClgdrraW7Fi5cih8GcL2fsFTSp32lUiip96ixs1mebcpYrI0_9VFQ7gB8LatGFKBad-17c1tglN2uCzzSOiYaRp3MUmGpBTxcCYnOEQ9sqtmzQ0iM5MNgOBjp3Rn5DKa-YYAfcaDW6VFHPjbAk5Tp0rIwfS8WoINxiEFYatMIiVtEtBalYST8nV5ItT4Rhll8aeJ17bzfBF2-vBdgmyweYJXDfuFA_BiZPwbyVgLz&sai=AMfl-YQawH_MDC2iD4uu-JxvQE1_9OJ_pNAhUjvAYsafr1oC5CCflDeiSobMV3Hqq3FNTeC3TtLzHfQCF7eHXG4X6ugNWNU36rGp2TJQDHYA8IeOPG3ZuADP-Vscj_Qpz-3HzSbwbY-sBC-W0IMB598ibdxbZWCc34t_YpT4thZQVR334Cb0PaEHQemnYlHUS5hbgfTfV8b5DAQUurVkIZdXWwK4cRl9rwCfm9GoKgQ68XD7-gJDuiLr6T32R-8iAQywnHiFWgVerO8v00cjNy6zkz4WUhuzfUc1yPos&sig=Cg0ArKJSzMAwBkq5aLE_EAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=261&cbvp=1&cstd=258&cisv=r20230314.29273&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&arae=0&ftch=1&adurl=

Requested by

Host: orangesport.ro
URL: https://orangesport.ro/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Thu, 16 Mar 2023 14:30:00 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Thu, 16 Mar 2023 14:30:00 GMT

GET
H3 200 haezTdMeijvNpzpe-iMvzf0waJjhxHRsaf2aRdVkA3o.js Show response
pagead2.googlesyndication.com/bg/ Frame 97CB 36 KB
14 KB 40ms
40ms Script
text/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/haezTdMeijvNpzpe-iMvzf0waJjhxHRsaf2aRdVkA3o.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

85a7b34dd31e8a3bcda73a5efa232fcdfd306898e1c4746c69fd9a45d564037a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Wed, 15 Mar 2023 13:18:39 GMT
content-encoding: br
x-content-type-options: nosniff
age: 90681
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14212
x-xss-protection: 0
last-modified: Mon, 06 Mar 2023 11:38:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 14 Mar 2024 13:18:39 GMT

GET
H3 200 index.html Show response
s0.2mdn.net/sadbundle/9548364509937149214/ Frame AD53 15 KB
2 KB 56ms
55ms Document
text/html 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/9548364509937149214/index.html?e=69&leftOffset=0&topOffset=0&c=BRndvIgLyS&t=1&renderingType=2&ev=01_247

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_276.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1ff067250a334697aa929240baa053c275243c0bbc1a5cf9b1e280ff2eff85aa

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 2270
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
cross-origin-resource-policy: cross-origin
date: Thu, 16 Mar 2023 14:30:00 GMT
expires: Fri, 15 Mar 2024 14:30:00 GMT
last-modified: Thu, 16 Feb 2023 16:30:06 GMT
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-xss-protection: 0

GET
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame 7AE0 0
0 86ms
85ms Fetch
image/gif 142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsvPwULeyh0VleFk86TY7dVOS9HdtBD7-H_6alYfo_3WSD572VUNXYe5fo7FQVvNLYEwhcf4gXGhyMcxXLmr-4wpiI6zWqeqUSIhh_Wgq4miJ5cRyTv3AQvg438VElNm_24NbgA-QrPeuYHf0iEiU3UMDCXAOj1b7w22jg457H_nMq5kRfO1C9nlzX2ItSNdmcD0fJBTc6vNir0bhJnW1uqr0CzRR39Bv2hcK3u2dgs4WlLp-GBfCafVReOMlsgZOXUP12FYAH6T8RGOxv_BbSMAJEbNcS2xJNWsgZgjSLUnZid7JYeVrNqtmZgLzL7KCmqbkK09Dl02xw2vDrCvUf-Mzk95J8b0gRYPKrg-qiarQ-42aRI397CKJtflFOs6-X-QTdMT3iouI1OzN9-2rLVA_5EdGmVm7YW1_J3mu35VGeY_bBP9RFigU_iPlkuxKxypewDZDsXZy-IupyF2z_3_xNSvumgXw-9kAPViprkTfT_Oh_72-8yZ08mA3NK6CopufB14rUcl8H9XYP4301WXikUlfC6ztdWyxPAuq9ahZFEoFW7cT8pN7B_RDTrBzCWLVHfBJd0NXkz79ymix36i_iqO3VlwbI01muL1TQtDx2nCxQF3p_eHbHf4yGlBmr0-JMcLXEl3ci9iclhB9P_7HVkL9iLPes5ZzefetGMgHFUnn-iSoL7AmS6A-C6WRiWv7FApRpOAG7vK3is4HdFOG86ZQE1AMVucwN99ILpQZJnlm6CXiT20PEXHkW5BzDHhSAMpbyPtrXCJ3_giBpzt0dpfps77VfDSGr0INknTIWzseSxw7e5D9SW1BTDkc1ccnBkwNtsA8K1d23TExPXJsHXvTlW9vSUs3bk-QLrr6HgFK1wTMJWDzXLdC1FZHpmiUoQMfpe9dOfQNtg1a3rZDfY_01wWUiYkpHRf_1jIa8kJowVzB23MbC69_GqwpQFr5AudmD0bWoj2x4-useqM9iBca-PRQ3J6sD4aX1KmRLD_FiDYauAwGH3CX8F8Po2CmLAnqHCU8N_vvLEMz_-dAPkihWO1QGNqLOU8vBi1dsLmMaQ3IanR4CmcTq7Xxzu2uPOcwjYNvM7C2KqDQgtBwOqxKZdrz4TSG6NCsg5IuYR3GD3SucjYT13YAyHfF1IDQHIW9zf5ty1Jr2FU6MPWs-nJT7qUvVk43IsyoOZtt72IyBJvWUP-esEcJ0fhtZ8t9_3vEOItDZdg8VsxQNP3WmWKPzIzc73Mcx10ViNFOI8XQH4mWLmkQiU8vLcykQH3NXf9lMahfw&sai=AMfl-YTbFrile3Aa2RBXtPLtnBYSCQg7XMptRCxZ77ZoOhdDEuyYhioS-mwtDfQ3F9HFpQzaWYFHpnvuJHGocgLd_MwJUVrzLl4XybuKb6ekGeFdlvHWq2Gc8SJDw4sS_17sdfCJ3Kf3U2YFzid4PBxAL3UqUSTF7gOOEEBP7OCJpBcrmZMtL1qdD3ireoQiq-mFZ3MU-8KhcqkL7ZUFEeHss2FFaUnfjd3r8QYFb6TYPEbv1WKeN_4eQPW1Tmw2rGhunlr6M-7gFSPZ_OH8Lje9RCBNLLdxl4f_eewT&sig=Cg0ArKJSzHMeYKNXXDRpEAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=236&cbvp=1&cstd=233&cisv=r20230314.53696&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&arae=0&ftch=1&adurl=

Requested by

Host: orangesport.ro
URL: https://orangesport.ro/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Thu, 16 Mar 2023 14:30:00 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Thu, 16 Mar 2023 14:30:00 GMT

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame 738F 41 KB
15 KB 41ms
41ms Script
text/javascript 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com
URL: https://a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Wed, 15 Mar 2023 12:23:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 94001
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 14 Mar 2024 12:23:19 GMT

GET
DATA 200
OK truncated
/ Frame 738F 213 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 8f9aeed37dfb6d24789d39eb914d9268c267a8710ce97889ce523e6ec133ca8f

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame 5C64 41 KB
15 KB 40ms
40ms Script
text/javascript 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com
URL: https://a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Wed, 15 Mar 2023 12:23:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 94001
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 14 Mar 2024 12:23:19 GMT

GET
DATA 200
OK truncated
/ Frame 5C64 214 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 2457b02a73ae343a2f18d121d2fed395f27fbd68fe8c53077d4a4eff6a10baac

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame D707 22 KB
8 KB 41ms
40ms Document
text/html 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 430458
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 8395
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Sat, 11 Mar 2023 14:55:42 GMT
expires: Sun, 10 Mar 2024 14:55:42 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame 184F 41 KB
15 KB 40ms
40ms Script
text/javascript 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com
URL: https://a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Wed, 15 Mar 2023 12:23:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 94001
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 14 Mar 2024 12:23:19 GMT

GET
DATA 200
OK truncated
/ Frame 184F 214 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 3ebeca259e6700b1cd27504f45576dd85a8a16ec3a9ad20d805cf304b230c988

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame 3218 41 KB
15 KB 40ms
40ms Script
text/javascript 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com
URL: https://a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Wed, 15 Mar 2023 12:23:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 94001
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 14 Mar 2024 12:23:19 GMT

GET
DATA 200
OK truncated
/ Frame 3218 220 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 33a8928ead9e309d8d592154a7f34af2e1ff65857b52bc95707ec45ca2164a9e

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 index.html Show response
s0.2mdn.net/sadbundle/9548364509937149214/ Frame 2370 15 KB
2 KB 50ms
49ms Document
text/html 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/9548364509937149214/index.html?e=69&leftOffset=0&topOffset=0&c=k02vPx69ko&t=1&renderingType=2&ev=01_247

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_276.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1ff067250a334697aa929240baa053c275243c0bbc1a5cf9b1e280ff2eff85aa

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 2270
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
cross-origin-resource-policy: cross-origin
date: Thu, 16 Mar 2023 14:30:00 GMT
expires: Fri, 15 Mar 2024 14:30:00 GMT
last-modified: Thu, 16 Feb 2023 16:30:06 GMT
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-xss-protection: 0

GET
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame 73E7 0
0 86ms
85ms Fetch
image/gif 142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsuB9QK_wq6ujQrzmWlUVy_ZPlEhKuqQj2Z8NZKQc5_i91hGTg4Ask_hM14KLJBXhL-90McwH2vsvuvivxPdZGdmZ3iBROQ1kgKC4XdrBZJWMKOe5cjVANGvKKyknruEWehxJuF3HA0WMwVuLRttH9SPRvdXaJIE-ysLxCVHpS41oTJvX4jmOKG1j6ehL4A0V2EJ4DrcbsUvjgRWNkkpfYnPi8RVuRM-lHNQfoUTPhhUDZrhym_V1a6Hk83aZ-lb8j7udKfDQLgQ71zmUzmQkMoD22Wzx0inAKfbK_0M91Qt5U3LvotXvbW0QQQ-O8lvo-Q4YnUJRD6PQVNMj_UpW0kdKSLDHjs_Xk6y5ea0D-tiZLXeSkQL52lETyu6CWVYWxz7HqpXpTF-5kZ7szbiUtFGkVuerXs2sTysZa9PEkIgpaoxgr-l89LqPjS4RDNG8wFpxBO0xrCVvq3VZ-cAMPhVeqCo6k_jLRA1Ne_vn6QnNFkcfcTvpfwR3r7eJtr_pMwYp97RdbTssXSQF8RtTGLn7l8U7VqJ-RrfYTLFUG0ySqF6EVkJLq4XubHw9EWT2r2PmJepRR3Do0UGiRsjstBzSIjp8HHTVaWdVOcP4vhY98dsMyheN8NkK_OrB3X-z2hihZG3UV2RmZsBmNamsi0hZiytImhAaMNs8v53MAKJLUSysMTJc6pV5rYPCzTXzkU18G2aQ3xFM_O2bDc7a9pX5vjnWu8YMIP93qyRZb9A2gOvy2mwBPVBNp871d9RK0wrd_prq5evuO5qOV8I60MbUIDSzr3-0Imu5cVdwN7pQiuuvMCjd_xYZgvLga05c6FLZxkOHz6NhmvvBLrQ5v9uPXGytJZxZE9N5g2wCudpYIDvzIqjHnbfnb9C3lbbFrFNgpW2R_D_Llnhzu6TejBVI-gLezH-TSr_cYHAAX9V3Nwi-O-fhjqYPxRMU-qEoNNMsbaed-XkSNzG-oLwhLEuWV-T3kcm8KPyK01UxKHoNjmTGYNtMbbu_Qe18Yo71C5Dr1GY4wudi14M83X76F3YxOYa2IEc7y0dqPUyUSEvZzD9hcS-9TcbVCPLnmdhdTH1tJxhF7qg4IIO9Qz24WT__YMAJsCzcDbexWYY4KVtSdfj5x4Pbr6s8F3Umj9eYrKqsi3pbCv28rb70F0T6tAqtTz7tPygY6EZcDznHSn8kmlt9y7Pu7WX4Wd9H6qEkW2Xc7K6mjQTQHzhlOfA0mgDWjO7gRrIqf0BxOA9hfJ3pxn2i23SF9hgkltIMX9GKlyX1XUfT3JYfw&sai=AMfl-YQNuj_QBB7vg7Aw-CQazTskjrdfuRnAA8wpVyccqQ1YzEfXwDUM_gKyY_Ol0aJFDX3M7ufqHtBP4y_OMtVMu-2GmZEBI5jceKK6lUhmrLOfNd4Bz-7Yz0LPSy-KYTLMNw_qnM9qtuexow0yqgsSTpDldtUzP9d_Ui6Iks-dL0iljipqBX94SPU5W3tO6EV-b7RJ77eJzirecWNzoxtTT6OkqJv85zHAPIQHmERYG4L3jlI6eN9z1sNTtBmb6IeXcX3fyqun42GKSmSyOTA8P3MQD6gaRSjSxP7C&sig=Cg0ArKJSzIM2JLpq4moXEAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=374&cbvp=1&cstd=370&cisv=r20230314.33106&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&arae=0&ftch=1&adurl=

Requested by

Host: orangesport.ro
URL: https://orangesport.ro/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Thu, 16 Mar 2023 14:30:00 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Thu, 16 Mar 2023 14:30:00 GMT

GET
H3 200 index.html Show response
s0.2mdn.net/sadbundle/9548364509937149214/ Frame 7C94 15 KB
2 KB 49ms
48ms Document
text/html 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/9548364509937149214/index.html?e=69&leftOffset=0&topOffset=0&c=uIfgOF2LHx&t=1&renderingType=2&ev=01_247

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_276.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1ff067250a334697aa929240baa053c275243c0bbc1a5cf9b1e280ff2eff85aa

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 2270
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
cross-origin-resource-policy: cross-origin
date: Thu, 16 Mar 2023 14:30:00 GMT
expires: Fri, 15 Mar 2024 14:30:00 GMT
last-modified: Thu, 16 Feb 2023 16:30:06 GMT
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-xss-protection: 0

GET
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame 738F 0
0 89ms
88ms Fetch
image/gif 142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjst8qDm-2Dk2AO9ZxqWp6PMsezQMcO7iju_OKbsmvFMuRqbL67tqFzhiGLZUZ8AgPS-bb5olNMD2jaNNzG0dqgHizrK559eUhkvdotQdR6RQGUQ2u1TvVGZnc4bQGuIi1TRtAm9xnkI8zO28RMDkIBEQCKC7jBJt40lhFroa1nRvFnS5dIzJkKTZKNuQ7iZUT1rKnbgOMSFMI8G5Nf9m6ThbJt6efE8CkrPOBC-VqJMdflMRI45QeyYZg12bXkINWtspl3DeOhiT1MFX6rEnWqMMHBgHRG1Xc7hH-yxGPlqxns-aCz59HJ0v4YEFaI4eHOsAIGVWRJKOKo8UHLJaCm4TeSqGes5Ek1QYJEU7YvPsa2C2zDDWQzr4dk_DO-5sL0ptWnUuS1tE5lUmOPtll4F6K_LF2mjEse7CFhV7yh5VCBfxh6ngY8YJ5JA8ja7cuLzWcjUWnStUxKwRcQ0H-jcOGSY-tArhudda0fTeLDNr_qIa0p53F7Z7UW0dhjnPBuvlKapDS1oEBEhb6laaML3YIOeGqo5RZ3pbWaxS7rjOVCEeT707YeGNk2MhQi5Gr8N4er9vFhxPLd83V6e4rA9b9XD50sJJuqBdZRrsQGtFFB9SqsFxhywUg0wR2TeaXVppiR5UwF9ngJGIgP3Ey_mmfVYGsFYioCD0Jq2J7CJBYKICMx7lRucX4fr51hDFhPQxkMnJT5Nj4HypvrBTXgtYGnoGpqq8CPoCEXjSW-8gDrgMxnoyb04JFxp80zgzf2Mfy5PA0mihCfoao3ZV_EaflZ4wAVkm7ANUGj9Kus9IFOo6C4VzbpOU0uMrkSML02vqW9l1foDKMZqN-8BqZI9yYRv71d2AybngBFxS9LanlJGNu-h8OloP-m9eKb4L44U675daNihaSYvd9IoGnU1760VgkV3bjjNVDTXlYm7dykymyTYAASwdsf-EgsWAf0owkdQSqVpVR7WFSv2UrbmPYOqFB-jZN94cx09s9KXaqveUOuXEwmjKdk89RoIwBdL_BZ0-Y-7_5_JlniZYz06GVNYRpmVapMz_W0h_16lODBI8XoxbRSvLtivIr5xYWFGZ9frAnTzFbkakB8FhEF87Wayd5YZtGiwWxuY81QqtsetAdFU_dH65-ENtFNXkTl7PJOmPMJwltvpbf4g0c6ZVCRJ0LFTyI3Wzx7PJBT946Bk57RDvEd2t0lk1Y3bRLdI9yDXKxA0_fT0hhVBjg38pZEukb85ygSuN8FHN0Zbou9ABNKhj_m5yDbg2PbUo5m1KPiF1JWxwjg&sai=AMfl-YQZFO9vvtGHsSAJQWR_rKX8sVs8CyLywUgD4V39u8L1dlPFD113RbwkxlJEHe6FQStA2JEOp1s9d4mJMjYjBeuwhkpg9VQtjHlkpeQZ_xeR6Kqqcrzpw_JVV2AlgYJTtI2qrakQ3X0NfpXjzoMqzbT3F1esHiicbmbxAN_xaNlewcsKGjhBniCuNp-d7VENQeeB6UpzF9JjaHiZjDdXwxorsMK0azRRC9jVEh-3blVDyC50xUy2gOazkrOarcgTuKSsmU_PnBFueX8vSebtaI97bMwVsOcVHbKF&sig=Cg0ArKJSzIKWErCSyFJlEAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=363&cbvp=1&cstd=359&cisv=r20230314.78161&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&arae=0&ftch=1&adurl=

Requested by

Host: orangesport.ro
URL: https://orangesport.ro/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Thu, 16 Mar 2023 14:30:00 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Thu, 16 Mar 2023 14:30:00 GMT

GET
H/1.1 200
OK / Show response
trends.revcontent.com/api/delivery/ Frame BC55 7 KB
4 KB 170ms
169ms Fetch
text/html 99.81.25.188
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://trends.revcontent.com/api/delivery/?is_blocked=undefined&w=272943&width=728&rev_allow_cookies=0&site_url=https%3A%2F%2Forangesport.ro%2F&icr_url=&referer=https%3A%2F%2Forangesport.ro%2F&va=0&user_uuid=undefined&time=1678977000461&banner_size=728x90&up=pc&bn=chrome&bv=111&widget_width=728&style_id=0&idhub[pubcid]=cbae49ee-744c-4f9a-bba2-bffce32c1e22&an=false

Requested by

Host: assets.revcontent.com
URL: https://assets.revcontent.com/master/delivery.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

99.81.25.188 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-99-81-25-188.eu-west-1.compute.amazonaws.com

Software

openresty /

Resource Hash

9a11767aeedf06f6dae966910e4b3d9a507a05e6f3f953afb7b8e51ad4dda5e2

Security Headers

Name	Value
Strict-Transport-Security	max-age=931536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://orangesport.ro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

X-RC-Region: eu-west-1c
Date: Thu, 16 Mar 2023 14:30:00 GMT
content-encoding: gzip
Strict-Transport-Security: max-age=931536000; includeSubDomains
Server: openresty
vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
access-control-allow-origin: https://orangesport.ro
access-control-allow-credentials: true
Connection: keep-alive
Content-Length: 3700

GET
H3 200 createjs_2019.11.15_min.js Show response
s0.2mdn.net/ads/studio/cached_libs/ Frame B31E 236 KB
63 KB 52ms
51ms Script
text/javascript 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/ads/studio/cached_libs/createjs_2019.11.15_min.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/9912961/1676374217816/160x600.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

bc12347103da4da2ac30f8b4defd567679284e0bad691a54fad78ad804fc9c27

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/9912961/1676374217816/160x600.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 14:30:00 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 0
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 64275
x-xss-protection: 0
last-modified: Fri, 15 Nov 2019 19:16:20 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=0
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 16 Mar 2023 14:30:00 GMT

GET
H3 200 160x600.js Show response
s0.2mdn.net/9912961/1676374217816/ Frame B31E 64 KB
12 KB 41ms
40ms Script
text/javascript 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/9912961/1676374217816/160x600.js?1675857162229

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/9912961/1676374217816/160x600.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3cdc74370d14b767220ca1dc4ba2f11676fe0b4c532e1e878828a857c768a66e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/9912961/1676374217816/160x600.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 14:08:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1265
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 12356
x-xss-protection: 0
last-modified: Tue, 14 Feb 2023 11:30:18 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 17 Mar 2023 14:08:55 GMT

GET
H3 200 adlib.css
s0.2mdn.net/sadbundle/16046623051478990848/300x250-Live_Happy/ Frame 3007 5 KB
2 KB 44ms
42ms Stylesheet
text/css 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/16046623051478990848/300x250-Live_Happy/adlib.css

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/16046623051478990848/300x250-Live_Happy/index.html?e=69&leftOffset=0&topOffset=0&c=Av8zpsw209&t=1&renderingType=2&ev=01_247

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

90ffe9c3c7fc061d72993059a62d15675b509f98a1da6dd20794d067bf482b81

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/16046623051478990848/300x250-Live_Happy/index.html?e=69&leftOffset=0&topOffset=0&c=Av8zpsw209&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Wed, 15 Mar 2023 18:53:00 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 70620
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1870
x-xss-protection: 0
last-modified: Tue, 10 May 2022 13:01:32 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 14 Mar 2024 18:53:00 GMT

GET
H3 200 fonts.css
s0.2mdn.net/sadbundle/16046623051478990848/300x250-Live_Happy/ Frame 3007 1002 B
256 B 47ms
44ms Stylesheet
text/css 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/16046623051478990848/300x250-Live_Happy/fonts.css

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/16046623051478990848/300x250-Live_Happy/index.html?e=69&leftOffset=0&topOffset=0&c=Av8zpsw209&t=1&renderingType=2&ev=01_247

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

400b356ca22f3e2283d3822a337d97c84c6c03c6ce51d79dae917a50d04f982d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/16046623051478990848/300x250-Live_Happy/index.html?e=69&leftOffset=0&topOffset=0&c=Av8zpsw209&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 09 Mar 2023 19:36:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 586392
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 227
x-xss-protection: 0
last-modified: Tue, 10 May 2022 13:01:32 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 08 Mar 2024 19:36:48 GMT

GET
H3 200 adStyle.css
s0.2mdn.net/sadbundle/16046623051478990848/300x250-Live_Happy/ Frame 3007 5 KB
1 KB 47ms
44ms Stylesheet
text/css 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/16046623051478990848/300x250-Live_Happy/adStyle.css

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/16046623051478990848/300x250-Live_Happy/index.html?e=69&leftOffset=0&topOffset=0&c=Av8zpsw209&t=1&renderingType=2&ev=01_247

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7041206683c7b5da4188ef7ed1523815102ac13af21f55c4b04b5fbbe4514ae5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/16046623051478990848/300x250-Live_Happy/index.html?e=69&leftOffset=0&topOffset=0&c=Av8zpsw209&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Sat, 11 Mar 2023 06:00:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 462593
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1059
x-xss-protection: 0
last-modified: Tue, 10 May 2022 13:01:32 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 10 Mar 2024 06:00:07 GMT

GET
H3 200 Enabler_01_247.js Show response
s0.2mdn.net/879366/ Frame 3007 118 KB
40 KB 48ms
46ms Script
text/javascript 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/Enabler_01_247.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/16046623051478990848/300x250-Live_Happy/index.html?e=69&leftOffset=0&topOffset=0&c=Av8zpsw209&t=1&renderingType=2&ev=01_247

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e2ec81b19233fd4cd6ef5adcb45c0cbec6bd5673716ba0454ce56b67486ece46

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/16046623051478990848/300x250-Live_Happy/index.html?e=69&leftOffset=0&topOffset=0&c=Av8zpsw209&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Wed, 15 Mar 2023 18:32:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 71866
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 41099
x-xss-protection: 0
last-modified: Mon, 27 Sep 2021 18:45:07 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 16 Mar 2023 18:32:14 GMT

GET
H3 200 gsap_3.2.4_min.js Show response
s0.2mdn.net/ads/studio/cached_libs/ Frame 3007 57 KB
23 KB 101ms
99ms Script
text/javascript 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/ads/studio/cached_libs/gsap_3.2.4_min.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/16046623051478990848/300x250-Live_Happy/index.html?e=69&leftOffset=0&topOffset=0&c=Av8zpsw209&t=1&renderingType=2&ev=01_247

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e8403779d45a9590b43c0ecf984ebe11e75fd2982630d658390a6001a6768770

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/16046623051478990848/300x250-Live_Happy/index.html?e=69&leftOffset=0&topOffset=0&c=Av8zpsw209&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 14:30:00 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 0
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 23276
x-xss-protection: 0
last-modified: Thu, 05 Mar 2020 03:53:22 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=0
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 16 Mar 2023 14:30:00 GMT

GET
H3 200 SplitText.min.js Show response
s0.2mdn.net/sadbundle/16046623051478990848/300x250-Live_Happy/ Frame 3007 9 KB
4 KB 66ms
64ms Script
application/x-javascript 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/16046623051478990848/300x250-Live_Happy/SplitText.min.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/16046623051478990848/300x250-Live_Happy/index.html?e=69&leftOffset=0&topOffset=0&c=Av8zpsw209&t=1&renderingType=2&ev=01_247

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4934174cd39db1f62680ac12ae44ad9aa040bd445d831ae65f79779b7f2e6e8f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/16046623051478990848/300x250-Live_Happy/index.html?e=69&leftOffset=0&topOffset=0&c=Av8zpsw209&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Sat, 11 Mar 2023 06:00:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 462593
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 3818
x-xss-protection: 0
last-modified: Tue, 10 May 2022 13:01:32 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 10 Mar 2024 06:00:07 GMT

GET
H3 200 adlibUtils-v3.js Show response
s0.2mdn.net/sadbundle/16046623051478990848/300x250-Live_Happy/ Frame 3007 24 KB
10 KB 58ms
56ms Script
application/x-javascript 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/16046623051478990848/300x250-Live_Happy/adlibUtils-v3.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/16046623051478990848/300x250-Live_Happy/index.html?e=69&leftOffset=0&topOffset=0&c=Av8zpsw209&t=1&renderingType=2&ev=01_247

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

dfe8853b2397a43e20d55fd377aafeed785c7ae335ed07b4986997b9780f48a2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/16046623051478990848/300x250-Live_Happy/index.html?e=69&leftOffset=0&topOffset=0&c=Av8zpsw209&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Tue, 14 Mar 2023 10:49:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 186059
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 10567
x-xss-protection: 0
last-modified: Tue, 10 May 2022 13:01:32 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 13 Mar 2024 10:49:01 GMT

GET
H3 200 animation.js Show response
s0.2mdn.net/sadbundle/16046623051478990848/300x250-Live_Happy/ Frame 3007 17 KB
3 KB 57ms
55ms Script
application/x-javascript 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/16046623051478990848/300x250-Live_Happy/animation.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/16046623051478990848/300x250-Live_Happy/index.html?e=69&leftOffset=0&topOffset=0&c=Av8zpsw209&t=1&renderingType=2&ev=01_247

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f13bc08411a45add285949483ee8ab65001f6d7ebaddcfc83d5b2df50a4cde0b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/16046623051478990848/300x250-Live_Happy/index.html?e=69&leftOffset=0&topOffset=0&c=Av8zpsw209&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Sat, 11 Mar 2023 15:44:06 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 427554
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2678
x-xss-protection: 0
last-modified: Tue, 10 May 2022 13:01:32 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 10 Mar 2024 15:44:06 GMT

GET
H3 200 160x600.html Show response
s0.2mdn.net/9912961/1676374217816/ Frame ED58 6 KB
2 KB 41ms
41ms Document
text/html 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/9912961/1676374217816/160x600.html

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_276.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c3a678207a432581f35da030188a47c714b0a311da77d6beab04f1b1e7a0f885

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
age: 1265
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=86400
content-encoding: gzip
content-length: 2371
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
cross-origin-resource-policy: cross-origin
date: Thu, 16 Mar 2023 14:08:55 GMT
expires: Fri, 17 Mar 2023 14:08:55 GMT
last-modified: Tue, 14 Feb 2023 11:30:17 GMT
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame 3E35 0
0 85ms
85ms Fetch
image/gif 142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsuDtLWQ24q48pAxLlkeruhxniS0CoOPzXAAIy9peqgNeex8su1Oqd5GAAPHGnvR8XU69B_AmxZeptL1LvaMuhwxVPXCC6U6iM3zwRdUdCj4g4KDU4_Bx_NY3YuYwu7bA1xMQl4nFSC9PU6-rqVqfdNjbYDVtE5Uxea6IuO2D270V3rPijE5lKoU54cGAZLwBaPSvmL4zwhvZC08cPJDrg_wCvn1_LAc_Ms3HL_WB4O2W3TvIpS88t439Rp0TlzH57Tm3IJ9kmWkXN-671P57Lnj46rE5viU2g8axUbNkNWhWOPUvncOgnZ4FPPYGBxVDtCMK8Ua8SGDnxY9HxPrRoMcucg9kMDJj6yCok4GQyZbNL5rinM_pq97zCuEEgFwe5KCgN3c1mIkrheNELzHBDA9f0Q3LdpmavOMW9pS588jE63efLbbl6udvd7k9Qftd4ReeHeHt4lMNZ9vKHFgXqN5FenWO8_Pfah60ipDtpg1xi6TeDZGL8-ARkMlNHGvOYCtkaKn50r0CmSx2dlz7lefH0G17v0t-NZ8qnQkLxo3nWibZ0CrjO3tzuSV0n7vrbrWbB2bJyrTYEfnExvD-AaerwXRZxanKiIj485wc73FsRJ282x7SYGWziU5ghlFFiFwBfDjXtcTtDAEa5iIyenOhcpxuCS39OR-LU3i39qJNvKXzXFRXBh6TOY6QFx7xxuKjpT-C4EdupgWn8kMczy3CG6khbL3pMgQiRf2-UVQfbra7S6jQSLfg4moMHBrKcPcINgVVk-J5GMfjdckgTsYztxpUSfQ9tEoRRN2DjehQFUih0lYpDPFiHi-EyxZglOZYEmnrtnnEAEJo9aPXspMZQRnAxNO6yjF5VwcM1UFJMePlWuVij0MbBLBEU8MvyOgPFtwhk2wlLHv9KZk9WcjTa9aXvfv3tE8TnVNru5VhJhGdYPNgctGOvJlUk6swTiyp3mDmy0EFxetHRPiJ22nDQeQt2okdy4j7OEDQteOZLJFJWHUBwTJGrBYBBXPnYc1CrSSBhlbxUsUyprlVYQF9l9QYgTsSXYVS99Is-Gaj1vH8zTm31xOLS5STxW3lyQ3JNCSCeEnaIBROTSbHYRskXUXQh5Rmbwxk6Ms2FqxIfNDcxt1w3PzZbtdRZUsubAr6p_v3HNOXR5bTe7ra8lFqVWcALn_XfSZ5mXTTiITUQTMxZXW7qgJ6qo6ZAODsVmTCX_Yz1ZJTlD5GgwYCVhioJiwGTyfOACKH4NcaTzTF_E74mzc_W5su7pkfg&sai=AMfl-YRFardfPtzo4_xoDqH1oupTrNy6nntzrrhCuKWytGY4ZdRJaPVtTnJadPONOyeSjzVKB3W3CETjl-EJ_rmvuUTAQozwUUZ9JtaHbxJuaNAHQBz7DWMnbWZYKmWvbtEptPKJYJDaTXoon0wT2LwuGATDYbEo3dwuaiFWpv2CoAvuZ0gcZe9XOHrwkWnxKfPpBrE9rg8UKFrJ6-louf8ogC4GCUjcpvBdb6d8XHQUvXGSflMYfSulh_JBtyoRoCu_4BX_DxENu4PzJBDlfekZHZRFzrnwLLGGV-xn&sig=Cg0ArKJSzETGnDaKvd5OEAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=383&cbvp=1&cstd=380&cisv=r20230314.19537&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&arae=0&ftch=1&adurl=

Requested by

Host: orangesport.ro
URL: https://orangesport.ro/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Thu, 16 Mar 2023 14:30:00 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Thu, 16 Mar 2023 14:30:00 GMT

GET
H3 200 index.html Show response
s0.2mdn.net/sadbundle/9548364509937149214/ Frame 3D31 15 KB
2 KB 55ms
53ms Document
text/html 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/9548364509937149214/index.html?e=69&leftOffset=0&topOffset=0&c=acEf2kB9KP&t=1&renderingType=2&ev=01_247

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_276.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1ff067250a334697aa929240baa053c275243c0bbc1a5cf9b1e280ff2eff85aa

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 2270
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
cross-origin-resource-policy: cross-origin
date: Thu, 16 Mar 2023 14:30:00 GMT
expires: Fri, 15 Mar 2024 14:30:00 GMT
last-modified: Thu, 16 Feb 2023 16:30:06 GMT
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-xss-protection: 0

GET
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame 3218 0
0 87ms
84ms Fetch
image/gif 142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjst8VFTdFqBrBS5IGuCWGLAGDL6uJ0eZGSa0bdbdjCrTwh4lm72dJoo2pB5WBohVXWun5h-UXuHQzHJf47jKreGIOnx-Oji9tehADpt07FvvmadnB6S3qjCHkkwpa8VjEIo6wbWlrzWQBsMvjFX6BaNqYQMCaDQTU4PZZ0X_6Sy749Ux3TGcZIabAv-U2nwA3xqvh839pVYEjHy0ENxC7E7ghUw-RPoFXf15fISC9l62bqXK3dwMGr1pBmy2I49VE9mgqxsn78-Xri4CsYoHkNAx8Rcx_VgdeoR92cDbJncjoE3FK1fMpko2cuVjXEg93lFOBaE6f26gWn2j_bvyDsbk6wVLODuy_O5Sq-KOiFM1CyUptx175Oc4iTMp1y45uOtx03whA7g5-H2ZKLBXID_SmZGYC3_4t1zr9gJZsh2TlHLcby1glcHtQjxl4eo0DVzuEdkjT2tQTxWlgsRqZA1nYVpD5V2LCdhlQTkMXwlAf1ilOpzSWqzMzYeU1TaB1r4zyvoVyk5wyM167w1ZwQ_LJieD3EvTKoRd7PKodTZCcwSEw9S0rb7OZxI131SYv5T_cVNM8SBiBgJOk7EfdjTJ9KNR1UmqEtHP5SDxo93J9L0nM5JiFTEV_ZqdD8oJ8aBh4PgL7yRa-UM42uy4I6xvrXnQDnxN5JXZvj91T74WnWBX_t9ZyRGjPS21SW1B0gRbrx1HB5F3tmDsdE1WZSIAazLCbDw5G-awhndMsu6zgp3bpLKePzQkUb3Zc5tiMmfYbGLkeiqzIu_2_e8iaJqJfSEC2U8a5FQNxCYy0_DbBvgSdgLmyGNUoZ8AUEYwpjWIQUZc1NYIEADYOFyKpMoyQhjb7Q98w0BB6_Y5E3_IAh50JuKS2txnjnIynAi1PYN0HCMh5lfpjCDKP231_Nd_DyBC7_hnwgiEoZadiWsR_MdXLNlcmini5w7AedPefWkyBWa78rwR2EM9C8vK82i8earkrET-zeRn0C9qN8T88cDQEgG8CZFlRvYuZMjl9VSmrgRHn-PqXs0H4a_W_d_U-wqVbJcMmdMsuEClhSvc7JzxUwecIffEiDbZFX6r-tRDCmty80e5C-WvWle-RfC5zEZoT_o-hWjg495-VnNrmG6DYXipjOkrLc8LNGAFRBn5p5DNFuM7JAHsn4mtDEmXAOoh1ujkOeq2cDWnGnNnAxm2WAoXtd-TqbgtPyL1ZRt3AlfuFXiHHIgskLKBudNn7gLuRLl2abnPlqbvxzyKUbB7t3WW_j2H6Ek1cjQnvb14ugEcSNehQQ&sai=AMfl-YSA6hRXQ6Ab7pjKNZoqXiddW4gEZj0k2tk_nnrELg5YBPec602X5XZkT-E3vnA6aRqFn_4W4YX5cYLJcp806tH47GmpMNDZgEDGQQ-ArCSxE4sq2DZvm-VKy9ZVrjx3YSXAyL-Y7RrbZHsVl5LBPSRbzylNbSIsK98B-t4slA0lyiswlA9pWvkiT44U4hkTZyIQrLiSdOSUdOqGql58qd-n4VgtqFPJH8Q2dELci2aSAZcw48sXSG7ulehu47Zvoay7Foheyn2gdcB1WC1WoY0uFYHEcDZCK30n&sig=Cg0ArKJSzJBe0jKIq6tiEAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=376&cbvp=1&cstd=371&cisv=r20230314.34626&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&arae=0&ftch=1&adurl=

Requested by

Host: orangesport.ro
URL: https://orangesport.ro/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Thu, 16 Mar 2023 14:30:00 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Thu, 16 Mar 2023 14:30:00 GMT

GET
H2

200

4.js Show response
static.adsafeprotected.com/ Frame 24F9
Redirect Chain

https://fw.adsafeprotected.com/rfw/st/886862/62195780/4.js?ias_dspID=&ias_campId=&ias_pubId=&ias_chanId=&ias_placementId=&bidurl=&ias_dealId=&adsafe_par&ias_impId=&adContainerId=brand_safety_5ycTZM...
https://static.adsafeprotected.com/4.js

1 KB
1 KB

40ms
40ms

Script
application/javascript

2600:9000:223f:ec00:8:48e:53c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.adsafeprotected.com/4.js
Requested by: Host: a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com
URL: https://a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: H2
Server: 2600:9000:223f:ec00:8:48e:53c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 27564fe0e5a95c61c9fbd45ecdb0a0a640fbb320bb64a54f3307a52fe96f86e4

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

x-amz-version-id: vtoVcOeStqySRz0ovnOpcMO_.XzI7BRS
content-encoding: gzip
via: 1.1 fb49d852ca52c03c834ce98098b51516.cloudfront.net (CloudFront)
date: Wed, 15 Mar 2023 19:35:45 GMT
x-amz-cf-pop: FRA56-P5
age: 68056
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
last-modified: Wed, 22 Feb 2023 19:35:40 GMT
server: AmazonS3
etag: W/"33dffa7df253125904b2f354b5bb5e8d"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=604800
x-amz-cf-id: Ypv7cd6J6Z4kBlA9ARQT4NI1QGQgKuXrhl8Xg7IzYJUIXmCzctoccQ==

Redirect headers

pragma: no-cache
date: Thu, 16 Mar 2023 14:30:00 GMT
server: nginx
x-server-name: app16.ie.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
location: https://static.adsafeprotected.com/4.js
cache-control: no-cache
content-length: 0

GET
H2 200 sca.17.6.2.js Show response
static.adsafeprotected.com/ Frame 56D4 91 KB
23 KB 138ms
44ms Script
application/javascript 2600:9000:223f:ec00:8:48e:53c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.adsafeprotected.com/sca.17.6.2.js
Requested by: Host: a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com
URL: https://a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:223f:ec00:8:48e:53c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 01cee6a7a3f1444680b188ab84052e2b6c85966f53a718d3926135ebcc832ffd

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Wed, 21 Sep 2022 15:36:17 GMT
x-amz-version-id: go8nfBUviNCPCwnrYX1LpMW5hEx3ASGy
content-encoding: gzip
via: 1.1 fb49d852ca52c03c834ce98098b51516.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 15202424
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
last-modified: Tue, 20 Sep 2022 19:21:34 GMT
server: AmazonS3
etag: W/"1f3488247c90bb5de253d3d0cb3b7458"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=315360000
x-amz-cf-id: PcAC36G5WMYhAIIDWwR3DyOwv7SQmEOwTP8B8qpzVtSyE6ey4KLnQg==

GET
H3 200 index.html Show response
s0.2mdn.net/sadbundle/16046623051478990848/300x250-Live_Happy/ Frame D591 21 KB
4 KB 52ms
51ms Document
text/html 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/16046623051478990848/300x250-Live_Happy/index.html?e=69&leftOffset=0&topOffset=0&c=SJsGLb7TbI&t=1&renderingType=2&ev=01_247

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_276.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

054c480b41dbb8bb1a0db0dd51f85a18dafa9679cd1988d4824f9da3f8aa1215

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
cross-origin-resource-policy: cross-origin
date: Thu, 16 Mar 2023 14:30:00 GMT
expires: Fri, 15 Mar 2024 14:30:00 GMT
last-modified: Tue, 10 May 2022 13:01:32 GMT
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-xss-protection: 0

GET
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame 184F 0
0 86ms
85ms Fetch
image/gif 142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjstSN4u9iPiXjoovyiH-ZdFTcgsR_AzRLu_iHREWVOCogAdLO9dbZ1OGYEOuZez9afGw1o6mDtpP8XIlRkkRDrO6XIDG5sFDOECs95tSk4qiiaWc8ZEBWUuLZn3VcCDYJoXS5cfpyDbGxTFaf5DHLJVZ2u_nHWGLut1MuZCb9VG38Je32d2EpVjLcrCEHSVHFvcbl9939nDOLS6CX_nJOAw3euhG4L1RROLKdHV717xRDHZ3CKYcKMMWMtfmju62NGgM90NOGGUMwKWtFkrfmtnSX_BzkrCzK2EC-8rileGph9gKHyzb5FVSJFCTek39oU4sNr2S0SN4CI4XFKdk3f5KbZDO3065uMzOqDQmGlfa6E6ajjj5-JAmJdTh3MyfMgMd7qwqPe2Q8NLUbbnsry-uiydFooF1G5ROr5eZ_IvyLWBlmZ229wUcH_AFPJvWVHco8VHI1HpbxE9w5K7dxR_WMjMrL3xZ_KF87cP6JuFbnu0REy-rNTSFu8OV3FOhkyhkz21hGFzThgt_9tjuQ858WMy9-HjEzJcKr14R14BEafWTjF5OoriMScMzQMeheBQPiiYA_Ve9YScdQsVEuwPLDhtOo251H6TpAGUXOZDaWk1EAfiw_SR54wcY7jMRu0S6od04e6oW20VtMfb6597I-tjbgcfs5iaVHdWyzHK2y7CKVdasgAE-Wmlx58SIKGRy9DvVq1BEwcHK4mnuetZT_jIqeqNtt9sVzC3V-AZLrRmQr1uWJPhhXqGBMbiRSOXANuxJFF_fhw9WKfbTTtozmKx2AAGjesJ_12uuMvIWmq3EeCdMhi-_mXHNVO4G3HWb_3H9_RVi0hyWNSnjLp-uqNhPmkMBSduk2Bp092c0eWmPSzaxLjge7xIToYuL_BQXUFMn-AFhTATwOO2NKqBF3DYeMyPIWgc2VCU--BAudhQhxMpWt-HhSUTkdAdmYyMT6owitzzp97O1lJPfe1Mp1xLQZkFPyd-soOe9RSfDQwWH4OtGMYDDI3_dxAIeOF-TVzPEtbg8c52wH584Xh_uIMJ49LCpbx1de7A4d1V-LJu_wnNuxFyqrzlI2hr15bSzuRZUH4V2PdCKuSqkikMMU9NA4R-p96ZkzEEiBOmTaokMd2ZUxnIkkBJw3oLWDhEqgioGVUflw9-6u_Gw8PLwlzrowfDpGmFJWR58NtvJ5rUy3M7jc7_J5dfEsmBpPMOgcxEQhxzQQEMNKhzzNFBealXRpWK1rGSfL9A4b4rQDytDILhsklhGGDa9idDyJSsFVBBVdFY02Uej-Z7H-9i-KC9V&sai=AMfl-YSiMByfrH2PVbG5DGJyBmknC6lSuUEgAvbSlYMD1TGlXl3f61N1I-QIGs65jRzO-hMfWkLTAgeKH7zLp3OiBQ9WV84WJJzXzPbUjKCEPBVxCwEsLF_n89MJjkeLhASi7gExAk5aTex1pGwk0L7EdAD0ru0IzBAoHFNIC8n-BC6yGUIZnjITwkv8e6SMFM0SpxhtFQa_EbYBWrDc0fsVn5uLQsJRhf1UvJiABMQXoDR2fW6SNYLOgnSMV1pQEP9zJjcmvDoJMFqRMl5YtcaB4r_eh7RORb-3R3SD&sig=Cg0ArKJSzF24zasS6uFxEAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=430&cbvp=1&cstd=426&cisv=r20230314.66822&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&arae=0&ftch=1&adurl=

Requested by

Host: orangesport.ro
URL: https://orangesport.ro/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Thu, 16 Mar 2023 14:30:00 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Thu, 16 Mar 2023 14:30:00 GMT

GET
H3 200 index.html Show response
s0.2mdn.net/sadbundle/5949325981360586752/728x90-Live_Happy/ Frame 1EBD 21 KB
4 KB 51ms
50ms Document
text/html 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/5949325981360586752/728x90-Live_Happy/index.html?e=69&leftOffset=0&topOffset=0&c=lPCkWJ52pY&t=1&renderingType=2&ev=01_247

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_276.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0af374f8cbcb355cb1e9761a08c2d41400bf81b7f9ad176ef22871d31bc31ee6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
cross-origin-resource-policy: cross-origin
date: Thu, 16 Mar 2023 14:30:00 GMT
expires: Fri, 15 Mar 2024 14:30:00 GMT
last-modified: Wed, 18 May 2022 15:39:48 GMT
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-xss-protection: 0

GET
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame 5C64 0
0 86ms
86ms Fetch
image/gif 142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsspEzeB1Nyr2KRS1cna9yCQIFKcv5Tsj00VCoIbFOuu17lA2VnhVMSzpDHFePQBTqhaX2QlVjoS4b0jebSkF-fghdqPZTvnnZMCSeQbv0H3C_zaU80jnukGhvQWqFuPkgP4ZL9QOaseTyUVoHVtIYIxLTepQSbnnS2aEszqex_hwHTF8G1N0HpW4nMIQTFJc92WMARNRJO7DCrfntrE0lNnpxOiRyS5934GkDMjYkP-3CpU2KUsT_Kn33n_HnRPernV9JVTliXKBjK_sL80iyJj-GNpXC7DHrum6Q5zPafguz37o3bvEmLWRaT2_q7ZBI2dZVInWiTpgUQE8Slr-yxdl-clKDCT0wYN6IPKSIhj-i4wmd3o_50kJDHtFZd7TiR8NDZmM1aBVSZsSH-EFaH6P1V9I0Msxl6D8ZV0uyz1FPxIl7ATnSkQ_qjxWOkVh4ROPcMst419rlztwBMT_dlRkkswSNLCbIS5P4NJETbq_KN8NU_Zhs8gnqNe2GTBoc7yzA_EAUKpN1exUzeL3xIG0ViqMOOMSHdcv-B0iVSif2Zavc36eCAhPu0OzvghFXgcFxROtKK05e4aj3stYhsAMPTtVMx7cgp4HHC2zempzaOP6mG9ie9-ksDfwJqiiDDKPZgjdcUGiU0orPPKOem9xhzcDIT2zfC70r2WP-3pBlNUx2W2g5FHML67eYOUqu1h_88zCRe2B7-HhxUEu6GwGww0k0k9LhI6OSfRJndH7WV-CklsDbmNErQMody73iXyaJ3gpvdLtJfccmlkorM6CozpG41C0b3pvBIsyXnuk26xtKQx5P-_8Ap5Sma7-uKa1i90O2-g96X8YVNJpZncCELQINfmemO2Io-XV6xr06ybFoE2c0jpCm_yvRdeyCWmO8KKU9-zCysZXzNFitSGgO9eXF--MLBAv5WBkOcyENj3cXsZjPuOO7i1fNc4aO0lEzLuqFuBEquk3ggqAG8L9vO_P4Iv84HhT9dMilnSae_XEIkGXdg7booSpuP1W3GToiziZThrf4urDYemseEWA6zIYyuMdv5CFGoVcACMs96Ipq0u7mK-2Hz3_YPQk-Bh9Bxsg4yM3paJ938w_b4xo1EGWcnqZagUWL3sZGNK2DMx64UdmA0QqrzKnqCohyJ5-akcVLb0qn5eOTxwnlpqRKGT_qyZa0vl4Cj0eJ0F9dcStZCn94QXy8GdyA1VqUeZURF9cQjbr_jOEcRvJKA1OjiSISkfmDvgIfs4yjJStbb6hq01nv0Wu8wZWEdn8ItQ2gPzRtuwpIiGvCZbpw&sai=AMfl-YTUi7Gyf5ET3J1fo5gCRFMNliq8S4npvUsh7tbeD7aWIGRV-OLpnDipwpOhZxlunG4RH4BR_ttYhb3aRNy4Dk2HQ6YwCXt09utt6247Hxa_YwVCkQqB1bEAsegmZx_2Tym63B05jnWPm4WkrwJ2Lvxc4CqpV8qBGHJJ7m0BYRc2kZVAqmtrZjBP7Mc71RBwBZGn-3rv1MeWJ9HE5bQ7kRtKCSN92eO7D1X4voM82EoeiDZb__c3l51Z9sGtALCzPRzcuLpFic46Dyu3YLXAgLyttlcv4cf4pytX&sig=Cg0ArKJSzIbHPyZ2n9OaEAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=429&cbvp=1&cstd=425&cisv=r20230314.41762&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&arae=0&ftch=1&adurl=

Requested by

Host: orangesport.ro
URL: https://orangesport.ro/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Thu, 16 Mar 2023 14:30:00 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Thu, 16 Mar 2023 14:30:00 GMT

GET
H3 200 1676550659977.css
s0.2mdn.net/sadbundle/9548364509937149214/ Frame AD53 9 KB
2 KB 42ms
41ms Stylesheet
text/css 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/9548364509937149214/1676550659977.css

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/9548364509937149214/index.html?e=69&leftOffset=0&topOffset=0&c=BRndvIgLyS&t=1&renderingType=2&ev=01_247

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

232bf950740690a92eb6f4a6110a536fbe24114928c38ebe80f69aa3b2db6709

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/9548364509937149214/index.html?e=69&leftOffset=0&topOffset=0&c=BRndvIgLyS&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 09 Mar 2023 18:17:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 591178
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2341
x-xss-protection: 0
last-modified: Thu, 16 Feb 2023 16:30:06 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 08 Mar 2024 18:17:02 GMT

GET
H3 200 Enabler_01_247.js Show response
s0.2mdn.net/879366/ Frame AD53 118 KB
40 KB 41ms
40ms Script
text/javascript 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/Enabler_01_247.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/9548364509937149214/index.html?e=69&leftOffset=0&topOffset=0&c=BRndvIgLyS&t=1&renderingType=2&ev=01_247

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e2ec81b19233fd4cd6ef5adcb45c0cbec6bd5673716ba0454ce56b67486ece46

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/9548364509937149214/index.html?e=69&leftOffset=0&topOffset=0&c=BRndvIgLyS&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Wed, 15 Mar 2023 18:32:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 71866
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 41099
x-xss-protection: 0
last-modified: Mon, 27 Sep 2021 18:45:07 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 16 Mar 2023 18:32:14 GMT

GET
H3 200 1676550659977.js Show response
s0.2mdn.net/sadbundle/9548364509937149214/ Frame AD53 20 KB
5 KB 46ms
46ms Script
application/x-javascript 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/9548364509937149214/1676550659977.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/9548364509937149214/index.html?e=69&leftOffset=0&topOffset=0&c=BRndvIgLyS&t=1&renderingType=2&ev=01_247

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cff8001763a4cb0cb81352e07fb9927790673baaeda29140c072f30c5933cf10

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/9548364509937149214/index.html?e=69&leftOffset=0&topOffset=0&c=BRndvIgLyS&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 09 Mar 2023 18:17:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 591178
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 5491
x-xss-protection: 0
last-modified: Thu, 16 Feb 2023 16:30:06 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 08 Mar 2024 18:17:02 GMT

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 5304 22 KB
8 KB 42ms
41ms Document
text/html 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 430458
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 8395
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Sat, 11 Mar 2023 14:55:42 GMT
expires: Sun, 10 Mar 2024 14:55:42 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

POST
H2 200 collect Show response
www.google-analytics.com/j/ 3 B
207 B 48ms
47ms XHR
text/plain 2a00:1450:4001:810::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j99&aip=1&a=1609397219&t=pageview&_s=1&dl=https%3A%2F%2Forangesport.ro%2F&ul=en-us&de=UTF-8&dt=Orangesport%20-%20Mereu%20%C3%AEn%20joc&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=aAhAAEABEAAAICAAoj~&cid=115104387.1678976999&tid=UA-542258-50&_gid=1697206594.1678977001&_slc=1&gtm=45He33f0h2n81NN5ZXNJ&gcs=G101&z=128762860

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

1cffc2b3146584685cd72751d7f28aa030ab9ae2f1bc78f2c27909f8d8287b26

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://orangesport.ro/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Thu, 16 Mar 2023 14:30:00 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://orangesport.ro
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 3
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame C9AC 22 KB
8 KB 42ms
41ms Document
text/html 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 430458
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 8395
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Sat, 11 Mar 2023 14:55:42 GMT
expires: Sun, 10 Mar 2024 14:55:42 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2

200

4.js Show response
static.adsafeprotected.com/ Frame 267F
Redirect Chain

https://fw.adsafeprotected.com/rfw/st/1272511/69505651/4.js?bundleId=${BUNDLE_ID}&ias_dspID=3&ias_campId=1010256565&ias_pubId=pub-4841000241565878&ias_chanId=1&ias_placementId=19312088295&bidurl=ht...
https://static.adsafeprotected.com/4.js?bundleId=${BUNDLE_ID}

1 KB
1 KB

41ms
41ms

Script
application/javascript

2600:9000:223f:ec00:8:48e:53c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.adsafeprotected.com/4.js?bundleId=${BUNDLE_ID}
Requested by: Host: a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com
URL: https://a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: H2
Server: 2600:9000:223f:ec00:8:48e:53c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 27564fe0e5a95c61c9fbd45ecdb0a0a640fbb320bb64a54f3307a52fe96f86e4

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

x-amz-version-id: vtoVcOeStqySRz0ovnOpcMO_.XzI7BRS
content-encoding: gzip
via: 1.1 fb49d852ca52c03c834ce98098b51516.cloudfront.net (CloudFront)
date: Wed, 15 Mar 2023 19:35:45 GMT
x-amz-cf-pop: FRA56-P5
age: 68056
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
last-modified: Wed, 22 Feb 2023 19:35:40 GMT
server: AmazonS3
etag: W/"33dffa7df253125904b2f354b5bb5e8d"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=604800
x-amz-cf-id: YgZgozLhlqvdOaC6xruua4s5vu-BqJrqfJP-LcN7fCRpSvQdhr09JQ==

Redirect headers

pragma: no-cache
date: Thu, 16 Mar 2023 14:30:00 GMT
server: nginx
x-server-name: app07.ie.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
location: https://static.adsafeprotected.com/4.js?bundleId=${BUNDLE_ID}
cache-control: no-cache
content-length: 0

GET
H2 200 sca.17.6.2.js Show response
static.adsafeprotected.com/ Frame 9528 91 KB
23 KB 46ms
45ms Script
application/javascript 2600:9000:223f:ec00:8:48e:53c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.adsafeprotected.com/sca.17.6.2.js
Requested by: Host: a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com
URL: https://a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:223f:ec00:8:48e:53c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 01cee6a7a3f1444680b188ab84052e2b6c85966f53a718d3926135ebcc832ffd

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Wed, 21 Sep 2022 15:36:17 GMT
x-amz-version-id: go8nfBUviNCPCwnrYX1LpMW5hEx3ASGy
content-encoding: gzip
via: 1.1 fb49d852ca52c03c834ce98098b51516.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 15202424
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
last-modified: Tue, 20 Sep 2022 19:21:34 GMT
server: AmazonS3
etag: W/"1f3488247c90bb5de253d3d0cb3b7458"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=315360000
x-amz-cf-id: KaufrAz1e4UPa65_B0fdIq75_YPYwfKOKe7t0Dr6yItp5sj-ETTsSA==

GET
H2

200

4.js Show response
static.adsafeprotected.com/ Frame 3E35
Redirect Chain

https://fw.adsafeprotected.com/rfw/st/1272511/69505651/4.js?bundleId=${BUNDLE_ID}&ias_dspID=3&ias_campId=1010256565&ias_pubId=pub-4841000241565878&ias_chanId=1&ias_placementId=19312088295&bidurl=ht...
https://static.adsafeprotected.com/4.js?bundleId=${BUNDLE_ID}

1 KB
1 KB

39ms
39ms

Script
application/javascript

2600:9000:223f:ec00:8:48e:53c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.adsafeprotected.com/4.js?bundleId=${BUNDLE_ID}
Requested by: Host: a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com
URL: https://a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: H2
Server: 2600:9000:223f:ec00:8:48e:53c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 27564fe0e5a95c61c9fbd45ecdb0a0a640fbb320bb64a54f3307a52fe96f86e4

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

x-amz-version-id: vtoVcOeStqySRz0ovnOpcMO_.XzI7BRS
content-encoding: gzip
via: 1.1 fb49d852ca52c03c834ce98098b51516.cloudfront.net (CloudFront)
date: Wed, 15 Mar 2023 19:35:45 GMT
x-amz-cf-pop: FRA56-P5
age: 68056
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
last-modified: Wed, 22 Feb 2023 19:35:40 GMT
server: AmazonS3
etag: W/"33dffa7df253125904b2f354b5bb5e8d"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=604800
x-amz-cf-id: 17xTeeBWESBrzxq0UWf-bKENaEvzy33N76VSryikL6QuFmIGdg9XNA==

Redirect headers

pragma: no-cache
date: Thu, 16 Mar 2023 14:30:00 GMT
server: nginx
x-server-name: app06.ie.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
location: https://static.adsafeprotected.com/4.js?bundleId=${BUNDLE_ID}
cache-control: no-cache
content-length: 0

GET
H2 200 sca.17.6.2.js Show response
static.adsafeprotected.com/ Frame EB86 91 KB
23 KB 46ms
45ms Script
application/javascript 2600:9000:223f:ec00:8:48e:53c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.adsafeprotected.com/sca.17.6.2.js
Requested by: Host: a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com
URL: https://a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:223f:ec00:8:48e:53c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 01cee6a7a3f1444680b188ab84052e2b6c85966f53a718d3926135ebcc832ffd

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Wed, 21 Sep 2022 15:36:17 GMT
x-amz-version-id: go8nfBUviNCPCwnrYX1LpMW5hEx3ASGy
content-encoding: gzip
via: 1.1 fb49d852ca52c03c834ce98098b51516.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 15202424
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
last-modified: Tue, 20 Sep 2022 19:21:34 GMT
server: AmazonS3
etag: W/"1f3488247c90bb5de253d3d0cb3b7458"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=315360000
x-amz-cf-id: VlkHN2VLMkzgqV9YMRBX4vFfUdbZMKhb0D9yeh2pAartUj6ja9-8Xw==

GET
H3 200 1676550659977.css
s0.2mdn.net/sadbundle/9548364509937149214/ Frame 2370 9 KB
2 KB 40ms
39ms Stylesheet
text/css 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/9548364509937149214/1676550659977.css

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/9548364509937149214/index.html?e=69&leftOffset=0&topOffset=0&c=k02vPx69ko&t=1&renderingType=2&ev=01_247

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

232bf950740690a92eb6f4a6110a536fbe24114928c38ebe80f69aa3b2db6709

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/9548364509937149214/index.html?e=69&leftOffset=0&topOffset=0&c=k02vPx69ko&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 09 Mar 2023 18:17:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 591178
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2341
x-xss-protection: 0
last-modified: Thu, 16 Feb 2023 16:30:06 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 08 Mar 2024 18:17:02 GMT

GET
H3 200 Enabler_01_247.js Show response
s0.2mdn.net/879366/ Frame 2370 118 KB
40 KB 41ms
41ms Script
text/javascript 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/Enabler_01_247.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/9548364509937149214/index.html?e=69&leftOffset=0&topOffset=0&c=k02vPx69ko&t=1&renderingType=2&ev=01_247

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e2ec81b19233fd4cd6ef5adcb45c0cbec6bd5673716ba0454ce56b67486ece46

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/9548364509937149214/index.html?e=69&leftOffset=0&topOffset=0&c=k02vPx69ko&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Wed, 15 Mar 2023 18:32:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 71866
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 41099
x-xss-protection: 0
last-modified: Mon, 27 Sep 2021 18:45:07 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 16 Mar 2023 18:32:14 GMT

GET
H3 200 1676550659977.js Show response
s0.2mdn.net/sadbundle/9548364509937149214/ Frame 2370 20 KB
5 KB 44ms
43ms Script
application/x-javascript 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/9548364509937149214/1676550659977.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/9548364509937149214/index.html?e=69&leftOffset=0&topOffset=0&c=k02vPx69ko&t=1&renderingType=2&ev=01_247

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cff8001763a4cb0cb81352e07fb9927790673baaeda29140c072f30c5933cf10

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/9548364509937149214/index.html?e=69&leftOffset=0&topOffset=0&c=k02vPx69ko&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 09 Mar 2023 18:17:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 591178
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 5491
x-xss-protection: 0
last-modified: Thu, 16 Feb 2023 16:30:06 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 08 Mar 2024 18:17:02 GMT

GET
H3 200 1676550659977.css
s0.2mdn.net/sadbundle/9548364509937149214/ Frame 7C94 9 KB
2 KB 40ms
39ms Stylesheet
text/css 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/9548364509937149214/1676550659977.css

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/9548364509937149214/index.html?e=69&leftOffset=0&topOffset=0&c=uIfgOF2LHx&t=1&renderingType=2&ev=01_247

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

232bf950740690a92eb6f4a6110a536fbe24114928c38ebe80f69aa3b2db6709

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/9548364509937149214/index.html?e=69&leftOffset=0&topOffset=0&c=uIfgOF2LHx&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 09 Mar 2023 18:17:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 591178
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2341
x-xss-protection: 0
last-modified: Thu, 16 Feb 2023 16:30:06 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 08 Mar 2024 18:17:02 GMT

GET
H3 200 Enabler_01_247.js Show response
s0.2mdn.net/879366/ Frame 7C94 118 KB
40 KB 41ms
40ms Script
text/javascript 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/Enabler_01_247.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/9548364509937149214/index.html?e=69&leftOffset=0&topOffset=0&c=uIfgOF2LHx&t=1&renderingType=2&ev=01_247

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e2ec81b19233fd4cd6ef5adcb45c0cbec6bd5673716ba0454ce56b67486ece46

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/9548364509937149214/index.html?e=69&leftOffset=0&topOffset=0&c=uIfgOF2LHx&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Wed, 15 Mar 2023 18:32:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 71866
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 41099
x-xss-protection: 0
last-modified: Mon, 27 Sep 2021 18:45:07 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 16 Mar 2023 18:32:14 GMT

GET
H3 200 1676550659977.js Show response
s0.2mdn.net/sadbundle/9548364509937149214/ Frame 7C94 20 KB
5 KB 43ms
43ms Script
application/x-javascript 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/9548364509937149214/1676550659977.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/9548364509937149214/index.html?e=69&leftOffset=0&topOffset=0&c=uIfgOF2LHx&t=1&renderingType=2&ev=01_247

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cff8001763a4cb0cb81352e07fb9927790673baaeda29140c072f30c5933cf10

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/9548364509937149214/index.html?e=69&leftOffset=0&topOffset=0&c=uIfgOF2LHx&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 09 Mar 2023 18:17:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 591178
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 5491
x-xss-protection: 0
last-modified: Thu, 16 Feb 2023 16:30:06 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 08 Mar 2024 18:17:02 GMT

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 24F9 43 B
216 B 378ms
119ms Image
image/gif 2600:1f18:1aca:4282:ffb2:25bd:a3d3:4283
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=886862&asId=bcbcff77-5dfa-c486-b694-2a5f9ed0cd33&tv=%7Bc:72dVew,pingTime:-3,time:267,type:v,clog:%5B%7Bpiv:0,vs:o,r:r,w:300,h:250,t:26%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:1,slTimes:%7Bi:0,o:267,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:26,wc:0.0.1600.1200,ac:NaN.NaN.300.250,am:sp,cc:0.0.300.250,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B259~0%5D,as:%5B259~300.250%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:0,fm:tyG4o9D+11%7C12%7C13%7C14%7C1511%7C16%7C17%7C18*.886862-62195780%7C181%7C182%7C183%7C191%7C1a11%7C1a12%7C1a13%7C1b11%7C1b12%7C1c1%7C1d1%7C1d2%7C1e1%7C1e2%7C1f1%7C1f2%7C1g1%7C1g2%7C1h%7C1i%7C1j,idMap:18*,rmeas:1,rend:0,renddet:na,siq:28%7D&br=c
Requested by: Host: a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com
URL: https://a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:1aca:4282:ffb2:25bd:a3d3:4283 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Mar 2023 14:30:01 GMT
server: nginx
x-server-name: dt18.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 24F9 43 B
215 B 486ms
231ms Image
image/gif 2600:1f18:1aca:4282:ffb2:25bd:a3d3:4283
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=886862&asId=bcbcff77-5dfa-c486-b694-2a5f9ed0cd33&tv=%7Bc:72dVey,pingTime:-6,time:269,type:i,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:1,slTimes:%7Bi:0,o:269,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:26,wc:0.0.1600.1200,ac:NaN.NaN.300.250,am:sp,cc:0.0.300.250,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B261~0%5D,as:%5B261~300.250%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:0,fm:tyG4o9D+11%7C12%7C13%7C14%7C1511%7C16%7C17%7C18*.886862-62195780%7C181%7C182%7C183%7C191%7C1a11%7C1a12%7C1a13%7C1b11%7C1b12%7C1c1%7C1d1%7C1d2%7C1e1%7C1e2%7C1f1%7C1f2%7C1g1%7C1g2%7C1h%7C1i%7C1j,idMap:18*,rmeas:1,rend:0,renddet:na,siq:28%7D&tpiLookup=ao:orangesport.ro*&br=c
Requested by: Host: a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com
URL: https://a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:1aca:4282:ffb2:25bd:a3d3:4283 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Mar 2023 14:30:01 GMT
server: nginx
x-server-name: dt26.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H3 200 createjs_2019.11.15_min.js Show response
s0.2mdn.net/ads/studio/cached_libs/ Frame ED58 236 KB
63 KB 48ms
47ms Script
text/javascript 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/ads/studio/cached_libs/createjs_2019.11.15_min.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/9912961/1676374217816/160x600.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

bc12347103da4da2ac30f8b4defd567679284e0bad691a54fad78ad804fc9c27

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/9912961/1676374217816/160x600.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 14:30:00 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 0
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 64275
x-xss-protection: 0
last-modified: Fri, 15 Nov 2019 19:16:20 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=0
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 16 Mar 2023 14:30:00 GMT

GET
H3 200 160x600.js Show response
s0.2mdn.net/9912961/1676374217816/ Frame ED58 64 KB
12 KB 40ms
39ms Script
text/javascript 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/9912961/1676374217816/160x600.js?1675857162229

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/9912961/1676374217816/160x600.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3cdc74370d14b767220ca1dc4ba2f11676fe0b4c532e1e878828a857c768a66e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/9912961/1676374217816/160x600.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 14:08:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1265
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 12356
x-xss-protection: 0
last-modified: Tue, 14 Feb 2023 11:30:18 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 17 Mar 2023 14:08:55 GMT

GET
H3 200 1676550659977.css
s0.2mdn.net/sadbundle/9548364509937149214/ Frame 3D31 9 KB
2 KB 40ms
39ms Stylesheet
text/css 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/9548364509937149214/1676550659977.css

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/9548364509937149214/index.html?e=69&leftOffset=0&topOffset=0&c=acEf2kB9KP&t=1&renderingType=2&ev=01_247

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

232bf950740690a92eb6f4a6110a536fbe24114928c38ebe80f69aa3b2db6709

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/9548364509937149214/index.html?e=69&leftOffset=0&topOffset=0&c=acEf2kB9KP&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 09 Mar 2023 18:17:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 591178
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2341
x-xss-protection: 0
last-modified: Thu, 16 Feb 2023 16:30:06 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 08 Mar 2024 18:17:02 GMT

GET
H3 200 Enabler_01_247.js Show response
s0.2mdn.net/879366/ Frame 3D31 118 KB
40 KB 44ms
42ms Script
text/javascript 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/Enabler_01_247.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/9548364509937149214/index.html?e=69&leftOffset=0&topOffset=0&c=acEf2kB9KP&t=1&renderingType=2&ev=01_247

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e2ec81b19233fd4cd6ef5adcb45c0cbec6bd5673716ba0454ce56b67486ece46

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/9548364509937149214/index.html?e=69&leftOffset=0&topOffset=0&c=acEf2kB9KP&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Wed, 15 Mar 2023 18:32:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 71866
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 41099
x-xss-protection: 0
last-modified: Mon, 27 Sep 2021 18:45:07 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 16 Mar 2023 18:32:14 GMT

GET
H3 200 1676550659977.js Show response
s0.2mdn.net/sadbundle/9548364509937149214/ Frame 3D31 20 KB
5 KB 47ms
45ms Script
application/x-javascript 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/9548364509937149214/1676550659977.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/9548364509937149214/index.html?e=69&leftOffset=0&topOffset=0&c=acEf2kB9KP&t=1&renderingType=2&ev=01_247

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cff8001763a4cb0cb81352e07fb9927790673baaeda29140c072f30c5933cf10

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/9548364509937149214/index.html?e=69&leftOffset=0&topOffset=0&c=acEf2kB9KP&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 09 Mar 2023 18:17:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 591178
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 5491
x-xss-protection: 0
last-modified: Thu, 16 Feb 2023 16:30:06 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 08 Mar 2024 18:17:02 GMT

GET
H2

200

4.js Show response
static.adsafeprotected.com/ Frame 5C64
Redirect Chain

https://fw.adsafeprotected.com/rfw/st/886862/62195778/4.js?ias_dspID=&ias_campId=&ias_pubId=&ias_chanId=&ias_placementId=&bidurl=&ias_dealId=&adsafe_par&ias_impId=&adContainerId=brand_safety_5ycTZP...
https://static.adsafeprotected.com/4.js

1 KB
1 KB

42ms
42ms

Script
application/javascript

2600:9000:223f:ec00:8:48e:53c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.adsafeprotected.com/4.js
Requested by: Host: a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com
URL: https://a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: H2
Server: 2600:9000:223f:ec00:8:48e:53c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 27564fe0e5a95c61c9fbd45ecdb0a0a640fbb320bb64a54f3307a52fe96f86e4

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

x-amz-version-id: vtoVcOeStqySRz0ovnOpcMO_.XzI7BRS
content-encoding: gzip
via: 1.1 fb49d852ca52c03c834ce98098b51516.cloudfront.net (CloudFront)
date: Wed, 15 Mar 2023 19:35:45 GMT
x-amz-cf-pop: FRA56-P5
age: 68057
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
last-modified: Wed, 22 Feb 2023 19:35:40 GMT
server: AmazonS3
etag: W/"33dffa7df253125904b2f354b5bb5e8d"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=604800
x-amz-cf-id: HiQze7gYGgoLPvvd87xT0KSpnVAO2ewgWd31UyfgUqqKwERqXZm1ng==

Redirect headers

pragma: no-cache
date: Thu, 16 Mar 2023 14:30:00 GMT
server: nginx
x-server-name: app05.ie.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
location: https://static.adsafeprotected.com/4.js
cache-control: no-cache
content-length: 0

GET
H2 200 sca.17.6.2.js Show response
static.adsafeprotected.com/ Frame A2EE 91 KB
23 KB 46ms
45ms Script
application/javascript 2600:9000:223f:ec00:8:48e:53c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.adsafeprotected.com/sca.17.6.2.js
Requested by: Host: a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com
URL: https://a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:223f:ec00:8:48e:53c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 01cee6a7a3f1444680b188ab84052e2b6c85966f53a718d3926135ebcc832ffd

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Wed, 21 Sep 2022 15:36:17 GMT
x-amz-version-id: go8nfBUviNCPCwnrYX1LpMW5hEx3ASGy
content-encoding: gzip
via: 1.1 fb49d852ca52c03c834ce98098b51516.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 15202424
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
last-modified: Tue, 20 Sep 2022 19:21:34 GMT
server: AmazonS3
etag: W/"1f3488247c90bb5de253d3d0cb3b7458"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=315360000
x-amz-cf-id: ebJs9dI92oCy35vTH032QVrRpFn05dd-3xY5kaVUwDfyClSyQU2PJA==

GET
H2

200

4.js Show response
static.adsafeprotected.com/ Frame 184F
Redirect Chain

https://fw.adsafeprotected.com/rfw/st/886862/62195780/4.js?ias_dspID=&ias_campId=&ias_pubId=&ias_chanId=&ias_placementId=&bidurl=&ias_dealId=&adsafe_par&ias_impId=&adContainerId=brand_safety_5ycTZI...
https://static.adsafeprotected.com/4.js

1 KB
1 KB

41ms
41ms

Script
application/javascript

2600:9000:223f:ec00:8:48e:53c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.adsafeprotected.com/4.js
Requested by: Host: a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com
URL: https://a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: H2
Server: 2600:9000:223f:ec00:8:48e:53c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 27564fe0e5a95c61c9fbd45ecdb0a0a640fbb320bb64a54f3307a52fe96f86e4

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

x-amz-version-id: vtoVcOeStqySRz0ovnOpcMO_.XzI7BRS
content-encoding: gzip
via: 1.1 fb49d852ca52c03c834ce98098b51516.cloudfront.net (CloudFront)
date: Wed, 15 Mar 2023 19:35:45 GMT
x-amz-cf-pop: FRA56-P5
age: 68057
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
last-modified: Wed, 22 Feb 2023 19:35:40 GMT
server: AmazonS3
etag: W/"33dffa7df253125904b2f354b5bb5e8d"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=604800
x-amz-cf-id: WNYOe5iyJCGrWtA1kZpdrq6tpnLtfecfGPU4hytA5XffEBYAbva1kA==

Redirect headers

pragma: no-cache
date: Thu, 16 Mar 2023 14:30:00 GMT
server: nginx
x-server-name: app17.ie.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
location: https://static.adsafeprotected.com/4.js
cache-control: no-cache
content-length: 0

GET
H2 200 sca.17.6.2.js Show response
static.adsafeprotected.com/ Frame 6C2B 91 KB
23 KB 45ms
45ms Script
application/javascript 2600:9000:223f:ec00:8:48e:53c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.adsafeprotected.com/sca.17.6.2.js
Requested by: Host: a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com
URL: https://a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:223f:ec00:8:48e:53c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 01cee6a7a3f1444680b188ab84052e2b6c85966f53a718d3926135ebcc832ffd

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Wed, 21 Sep 2022 15:36:17 GMT
x-amz-version-id: go8nfBUviNCPCwnrYX1LpMW5hEx3ASGy
content-encoding: gzip
via: 1.1 fb49d852ca52c03c834ce98098b51516.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 15202424
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
last-modified: Tue, 20 Sep 2022 19:21:34 GMT
server: AmazonS3
etag: W/"1f3488247c90bb5de253d3d0cb3b7458"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=315360000
x-amz-cf-id: 8kl6vbyh77dbMIuSZgso7VeCe3rRuRnlnFEuoGP3Q4JRjnJipAV4nA==

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 8470 22 KB
8 KB 40ms
40ms Document
text/html 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 430458
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 8395
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Sat, 11 Mar 2023 14:55:42 GMT
expires: Sun, 10 Mar 2024 14:55:42 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 adlib.css
s0.2mdn.net/sadbundle/16046623051478990848/300x250-Live_Happy/ Frame D591 5 KB
2 KB 40ms
39ms Stylesheet
text/css 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/16046623051478990848/300x250-Live_Happy/adlib.css

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/16046623051478990848/300x250-Live_Happy/index.html?e=69&leftOffset=0&topOffset=0&c=SJsGLb7TbI&t=1&renderingType=2&ev=01_247

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

90ffe9c3c7fc061d72993059a62d15675b509f98a1da6dd20794d067bf482b81

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/16046623051478990848/300x250-Live_Happy/index.html?e=69&leftOffset=0&topOffset=0&c=SJsGLb7TbI&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Wed, 15 Mar 2023 18:53:00 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 70620
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1870
x-xss-protection: 0
last-modified: Tue, 10 May 2022 13:01:32 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 14 Mar 2024 18:53:00 GMT

GET
H3 200 fonts.css
s0.2mdn.net/sadbundle/16046623051478990848/300x250-Live_Happy/ Frame D591 1002 B
256 B 41ms
39ms Stylesheet
text/css 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/16046623051478990848/300x250-Live_Happy/fonts.css

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/16046623051478990848/300x250-Live_Happy/index.html?e=69&leftOffset=0&topOffset=0&c=SJsGLb7TbI&t=1&renderingType=2&ev=01_247

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

400b356ca22f3e2283d3822a337d97c84c6c03c6ce51d79dae917a50d04f982d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/16046623051478990848/300x250-Live_Happy/index.html?e=69&leftOffset=0&topOffset=0&c=SJsGLb7TbI&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 09 Mar 2023 19:36:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 586392
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 227
x-xss-protection: 0
last-modified: Tue, 10 May 2022 13:01:32 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 08 Mar 2024 19:36:48 GMT

GET
H3 200 adStyle.css
s0.2mdn.net/sadbundle/16046623051478990848/300x250-Live_Happy/ Frame D591 5 KB
1 KB 42ms
40ms Stylesheet
text/css 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/16046623051478990848/300x250-Live_Happy/adStyle.css

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/16046623051478990848/300x250-Live_Happy/index.html?e=69&leftOffset=0&topOffset=0&c=SJsGLb7TbI&t=1&renderingType=2&ev=01_247

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7041206683c7b5da4188ef7ed1523815102ac13af21f55c4b04b5fbbe4514ae5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/16046623051478990848/300x250-Live_Happy/index.html?e=69&leftOffset=0&topOffset=0&c=SJsGLb7TbI&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Sat, 11 Mar 2023 06:00:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 462593
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1059
x-xss-protection: 0
last-modified: Tue, 10 May 2022 13:01:32 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 10 Mar 2024 06:00:07 GMT

GET
H3 200 Enabler_01_247.js Show response
s0.2mdn.net/879366/ Frame D591 118 KB
40 KB 43ms
41ms Script
text/javascript 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/Enabler_01_247.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/16046623051478990848/300x250-Live_Happy/index.html?e=69&leftOffset=0&topOffset=0&c=SJsGLb7TbI&t=1&renderingType=2&ev=01_247

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e2ec81b19233fd4cd6ef5adcb45c0cbec6bd5673716ba0454ce56b67486ece46

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/16046623051478990848/300x250-Live_Happy/index.html?e=69&leftOffset=0&topOffset=0&c=SJsGLb7TbI&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Wed, 15 Mar 2023 18:32:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 71866
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 41099
x-xss-protection: 0
last-modified: Mon, 27 Sep 2021 18:45:07 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 16 Mar 2023 18:32:14 GMT

GET
H3 200 gsap_3.2.4_min.js Show response
s0.2mdn.net/ads/studio/cached_libs/ Frame D591 57 KB
23 KB 54ms
52ms Script
text/javascript 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/ads/studio/cached_libs/gsap_3.2.4_min.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/16046623051478990848/300x250-Live_Happy/index.html?e=69&leftOffset=0&topOffset=0&c=SJsGLb7TbI&t=1&renderingType=2&ev=01_247

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e8403779d45a9590b43c0ecf984ebe11e75fd2982630d658390a6001a6768770

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/16046623051478990848/300x250-Live_Happy/index.html?e=69&leftOffset=0&topOffset=0&c=SJsGLb7TbI&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 14:30:00 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 0
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 23276
x-xss-protection: 0
last-modified: Thu, 05 Mar 2020 03:53:22 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=0
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 16 Mar 2023 14:30:00 GMT

GET
H3 200 SplitText.min.js Show response
s0.2mdn.net/sadbundle/16046623051478990848/300x250-Live_Happy/ Frame D591 9 KB
4 KB 43ms
42ms Script
application/x-javascript 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/16046623051478990848/300x250-Live_Happy/SplitText.min.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/16046623051478990848/300x250-Live_Happy/index.html?e=69&leftOffset=0&topOffset=0&c=SJsGLb7TbI&t=1&renderingType=2&ev=01_247

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4934174cd39db1f62680ac12ae44ad9aa040bd445d831ae65f79779b7f2e6e8f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/16046623051478990848/300x250-Live_Happy/index.html?e=69&leftOffset=0&topOffset=0&c=SJsGLb7TbI&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Sat, 11 Mar 2023 06:00:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 462593
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 3818
x-xss-protection: 0
last-modified: Tue, 10 May 2022 13:01:32 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 10 Mar 2024 06:00:07 GMT

GET
H3 200 adlibUtils-v3.js Show response
s0.2mdn.net/sadbundle/16046623051478990848/300x250-Live_Happy/ Frame D591 24 KB
10 KB 45ms
43ms Script
application/x-javascript 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/16046623051478990848/300x250-Live_Happy/adlibUtils-v3.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/16046623051478990848/300x250-Live_Happy/index.html?e=69&leftOffset=0&topOffset=0&c=SJsGLb7TbI&t=1&renderingType=2&ev=01_247

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

dfe8853b2397a43e20d55fd377aafeed785c7ae335ed07b4986997b9780f48a2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/16046623051478990848/300x250-Live_Happy/index.html?e=69&leftOffset=0&topOffset=0&c=SJsGLb7TbI&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Tue, 14 Mar 2023 10:49:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 186059
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 10567
x-xss-protection: 0
last-modified: Tue, 10 May 2022 13:01:32 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 13 Mar 2024 10:49:01 GMT

GET
H3 200 animation.js Show response
s0.2mdn.net/sadbundle/16046623051478990848/300x250-Live_Happy/ Frame D591 17 KB
3 KB 45ms
44ms Script
application/x-javascript 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/16046623051478990848/300x250-Live_Happy/animation.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/16046623051478990848/300x250-Live_Happy/index.html?e=69&leftOffset=0&topOffset=0&c=SJsGLb7TbI&t=1&renderingType=2&ev=01_247

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f13bc08411a45add285949483ee8ab65001f6d7ebaddcfc83d5b2df50a4cde0b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/16046623051478990848/300x250-Live_Happy/index.html?e=69&leftOffset=0&topOffset=0&c=SJsGLb7TbI&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Sat, 11 Mar 2023 15:44:06 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 427554
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2678
x-xss-protection: 0
last-modified: Tue, 10 May 2022 13:01:32 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 10 Mar 2024 15:44:06 GMT

GET
H3 200 adlib.css
s0.2mdn.net/sadbundle/5949325981360586752/728x90-Live_Happy/ Frame 1EBD 5 KB
2 KB 42ms
41ms Stylesheet
text/css 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/5949325981360586752/728x90-Live_Happy/adlib.css

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/5949325981360586752/728x90-Live_Happy/index.html?e=69&leftOffset=0&topOffset=0&c=lPCkWJ52pY&t=1&renderingType=2&ev=01_247

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

90ffe9c3c7fc061d72993059a62d15675b509f98a1da6dd20794d067bf482b81

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/5949325981360586752/728x90-Live_Happy/index.html?e=69&leftOffset=0&topOffset=0&c=lPCkWJ52pY&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 06:00:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 30576
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1870
x-xss-protection: 0
last-modified: Wed, 18 May 2022 15:39:48 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 15 Mar 2024 06:00:24 GMT

GET
H3 200 fonts.css
s0.2mdn.net/sadbundle/5949325981360586752/728x90-Live_Happy/ Frame 1EBD 1002 B
260 B 44ms
42ms Stylesheet
text/css 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/5949325981360586752/728x90-Live_Happy/fonts.css

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/5949325981360586752/728x90-Live_Happy/index.html?e=69&leftOffset=0&topOffset=0&c=lPCkWJ52pY&t=1&renderingType=2&ev=01_247

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

400b356ca22f3e2283d3822a337d97c84c6c03c6ce51d79dae917a50d04f982d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/5949325981360586752/728x90-Live_Happy/index.html?e=69&leftOffset=0&topOffset=0&c=lPCkWJ52pY&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 09 Mar 2023 18:02:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 592045
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 227
x-xss-protection: 0
last-modified: Wed, 18 May 2022 15:39:48 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 08 Mar 2024 18:02:35 GMT

GET
H3 200 adStyle.css
s0.2mdn.net/sadbundle/5949325981360586752/728x90-Live_Happy/ Frame 1EBD 6 KB
1 KB 45ms
44ms Stylesheet
text/css 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/5949325981360586752/728x90-Live_Happy/adStyle.css

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/5949325981360586752/728x90-Live_Happy/index.html?e=69&leftOffset=0&topOffset=0&c=lPCkWJ52pY&t=1&renderingType=2&ev=01_247

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

38d08cb91aebf6b33bb560d39265b174413c0112c64ad9a214cf9252336e266f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/5949325981360586752/728x90-Live_Happy/index.html?e=69&leftOffset=0&topOffset=0&c=lPCkWJ52pY&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 06:00:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 30575
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1256
x-xss-protection: 0
last-modified: Wed, 18 May 2022 15:39:48 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 15 Mar 2024 06:00:25 GMT

GET
H3 200 Enabler_01_247.js Show response
s0.2mdn.net/879366/ Frame 1EBD 118 KB
40 KB 42ms
41ms Script
text/javascript 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/Enabler_01_247.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/5949325981360586752/728x90-Live_Happy/index.html?e=69&leftOffset=0&topOffset=0&c=lPCkWJ52pY&t=1&renderingType=2&ev=01_247

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e2ec81b19233fd4cd6ef5adcb45c0cbec6bd5673716ba0454ce56b67486ece46

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/5949325981360586752/728x90-Live_Happy/index.html?e=69&leftOffset=0&topOffset=0&c=lPCkWJ52pY&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Wed, 15 Mar 2023 18:32:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 71866
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 41099
x-xss-protection: 0
last-modified: Mon, 27 Sep 2021 18:45:07 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 16 Mar 2023 18:32:14 GMT

GET
H3 200 gsap_3.2.4_min.js Show response
s0.2mdn.net/ads/studio/cached_libs/ Frame 1EBD 57 KB
23 KB 58ms
57ms Script
text/javascript 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/ads/studio/cached_libs/gsap_3.2.4_min.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/5949325981360586752/728x90-Live_Happy/index.html?e=69&leftOffset=0&topOffset=0&c=lPCkWJ52pY&t=1&renderingType=2&ev=01_247

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e8403779d45a9590b43c0ecf984ebe11e75fd2982630d658390a6001a6768770

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/5949325981360586752/728x90-Live_Happy/index.html?e=69&leftOffset=0&topOffset=0&c=lPCkWJ52pY&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 14:30:00 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 0
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 23276
x-xss-protection: 0
last-modified: Thu, 05 Mar 2020 03:53:22 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=0
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 16 Mar 2023 14:30:00 GMT

GET
H3 200 SplitText.min.js Show response
s0.2mdn.net/sadbundle/5949325981360586752/728x90-Live_Happy/ Frame 1EBD 9 KB
4 KB 47ms
46ms Script
application/x-javascript 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/5949325981360586752/728x90-Live_Happy/SplitText.min.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/5949325981360586752/728x90-Live_Happy/index.html?e=69&leftOffset=0&topOffset=0&c=lPCkWJ52pY&t=1&renderingType=2&ev=01_247

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4934174cd39db1f62680ac12ae44ad9aa040bd445d831ae65f79779b7f2e6e8f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/5949325981360586752/728x90-Live_Happy/index.html?e=69&leftOffset=0&topOffset=0&c=lPCkWJ52pY&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Wed, 15 Mar 2023 14:06:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 87796
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 3818
x-xss-protection: 0
last-modified: Wed, 18 May 2022 15:39:48 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 14 Mar 2024 14:06:44 GMT

GET
H3 200 adlibUtils-v3.js Show response
s0.2mdn.net/sadbundle/5949325981360586752/728x90-Live_Happy/ Frame 1EBD 25 KB
10 KB 46ms
45ms Script
application/x-javascript 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/5949325981360586752/728x90-Live_Happy/adlibUtils-v3.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/5949325981360586752/728x90-Live_Happy/index.html?e=69&leftOffset=0&topOffset=0&c=lPCkWJ52pY&t=1&renderingType=2&ev=01_247

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7a2f9d442f2bdcfc85728dbe33d891a4e160d31a22e80811519cca5e4493ca00

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/5949325981360586752/728x90-Live_Happy/index.html?e=69&leftOffset=0&topOffset=0&c=lPCkWJ52pY&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 06:00:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 30575
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 10631
x-xss-protection: 0
last-modified: Wed, 18 May 2022 15:39:48 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 15 Mar 2024 06:00:25 GMT

GET
H3 200 animation.js Show response
s0.2mdn.net/sadbundle/5949325981360586752/728x90-Live_Happy/ Frame 1EBD 21 KB
3 KB 45ms
44ms Script
application/x-javascript 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/5949325981360586752/728x90-Live_Happy/animation.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/5949325981360586752/728x90-Live_Happy/index.html?e=69&leftOffset=0&topOffset=0&c=lPCkWJ52pY&t=1&renderingType=2&ev=01_247

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

53b8e119aed83815ba6c2fa51e63f3760a1a6ecc0131a8b2a35b695c746ddf70

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/5949325981360586752/728x90-Live_Happy/index.html?e=69&leftOffset=0&topOffset=0&c=lPCkWJ52pY&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Fri, 10 Mar 2023 14:32:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 518235
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2922
x-xss-protection: 0
last-modified: Wed, 18 May 2022 15:39:48 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 09 Mar 2024 14:32:45 GMT

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 267F 43 B
215 B 327ms
234ms Image
image/gif 2600:1f18:1aca:4282:ffb2:25bd:a3d3:4283
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1272511&asId=2024076d-4c72-08f3-3cd4-e94b99023914&tv=%7Bc:72dVhb,pingTime:-3,time:291,type:v,clog:%5B%7Bpiv:0,vs:o,r:r,w:160,h:600,t:30%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:0,slTimes:%7Bi:0,o:291,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:30,wc:0.0.1600.1200,ac:NaN.NaN.160.600,am:sp,cc:0.0.160.600,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B285~0%5D,as:%5B285~160.600%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:0,fm:tyG4o9D+11%7C12%7C13%7C14%7C1511%7C16%7C17%7C18.886862-62195780%7C181%7C182%7C183%7C184%7C191%7C192%7C1a1*.1272511-69505651%7C1a11%7C1a12%7C1a13%7C1b11%7C1b12%7C1b13%7C1c1%7C1c2%7C1d1%7C1d2%7C1e1%7C1e2%7C1e3%7C1f1%7C1f2%7C1g1%7C1g2%7C1h%7C1i%7C1j,idMap:1a1*,rmeas:1,rend:0,renddet:na,siq:31%7D&br=c
Requested by: Host: a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com
URL: https://a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:1aca:4282:ffb2:25bd:a3d3:4283 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Mar 2023 14:30:01 GMT
server: nginx
x-server-name: dt23.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 267F 43 B
215 B 325ms
234ms Image
image/gif 2600:1f18:1aca:4282:ffb2:25bd:a3d3:4283
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1272511&asId=2024076d-4c72-08f3-3cd4-e94b99023914&tv=%7Bc:72dVhc,pingTime:-6,time:292,type:i,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:0,slTimes:%7Bi:0,o:292,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:30,wc:0.0.1600.1200,ac:NaN.NaN.160.600,am:sp,cc:0.0.160.600,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B286~0%5D,as:%5B286~160.600%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:0,fm:tyG4o9D+11%7C12%7C13%7C14%7C1511%7C16%7C17%7C18.886862-62195780%7C181%7C182%7C183%7C184%7C191%7C192%7C1a1*.1272511-69505651%7C1a11%7C1a12%7C1a13%7C1b11%7C1b12%7C1b13%7C1c1%7C1c2%7C1d1%7C1d2%7C1e1%7C1e2%7C1e3%7C1f1%7C1f2%7C1g1%7C1g2%7C1h%7C1i%7C1j,idMap:1a1*,rmeas:1,rend:0,renddet:na,siq:31%7D&tpiLookup=ao:orangesport.ro*%2Ca2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com*&br=c
Requested by: Host: a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com
URL: https://a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:1aca:4282:ffb2:25bd:a3d3:4283 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Mar 2023 14:30:01 GMT
server: nginx
x-server-name: dt29.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 3E35 43 B
215 B 201ms
124ms Image
image/gif 2600:1f18:1aca:4282:ffb2:25bd:a3d3:4283
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1272511&asId=50bd15bf-7cbd-075d-1536-ed708d7d9a4c&tv=%7Bc:72dVhq,pingTime:-3,time:250,type:v,clog:%5B%7Bpiv:0,vs:o,r:r,w:160,h:600,t:24%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:0,slTimes:%7Bi:0,o:250,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:24,wc:0.0.1600.1200,ac:NaN.NaN.160.600,am:sp,cc:0.0.160.600,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B243~0%5D,as:%5B243~160.600%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:0,fm:tyG4o9D+11%7C12%7C13%7C14%7C1511%7C16%7C17%7C18.886862-62195780%7C181%7C182%7C183%7C184%7C191%7C192%7C1a1.1272511-69505651%7C1a11%7C1a12%7C1a13%7C1a14%7C1b1*.1272511-69505651%7C1b11%7C1b12%7C1b13%7C1c1%7C1c2%7C1d1%7C1d2%7C1e1%7C1e2%7C1e3%7C1f1%7C1f2%7C1g1%7C1g2%7C1h%7C1i%7C1j,idMap:1b1*,rmeas:1,rend:0,renddet:DIV,siq:26%7D&br=c
Requested by: Host: a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com
URL: https://a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:1aca:4282:ffb2:25bd:a3d3:4283 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Mar 2023 14:30:01 GMT
server: nginx
x-server-name: dt27.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 3E35 43 B
215 B 197ms
122ms Image
image/gif 2600:1f18:1aca:4282:ffb2:25bd:a3d3:4283
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1272511&asId=50bd15bf-7cbd-075d-1536-ed708d7d9a4c&tv=%7Bc:72dVhr,pingTime:-6,time:251,type:i,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:0,slTimes:%7Bi:0,o:251,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:24,wc:0.0.1600.1200,ac:NaN.NaN.160.600,am:sp,cc:0.0.160.600,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B244~0%5D,as:%5B244~160.600%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:0,fm:tyG4o9D+11%7C12%7C13%7C14%7C1511%7C16%7C17%7C18.886862-62195780%7C181%7C182%7C183%7C184%7C191%7C192%7C1a1.1272511-69505651%7C1a11%7C1a12%7C1a13%7C1a14%7C1b1*.1272511-69505651%7C1b11%7C1b12%7C1b13%7C1c1%7C1c2%7C1d1%7C1d2%7C1e1%7C1e2%7C1e3%7C1f1%7C1f2%7C1g1%7C1g2%7C1h%7C1i%7C1j,idMap:1b1*,rmeas:1,rend:0,renddet:DIV,siq:26%7D&tpiLookup=ao:orangesport.ro*%2Ca2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com*&br=c
Requested by: Host: a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com
URL: https://a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:1aca:4282:ffb2:25bd:a3d3:4283 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Mar 2023 14:30:01 GMT
server: nginx
x-server-name: dt28.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 24F9 43 B
215 B 194ms
122ms Image
image/gif 2600:1f18:1aca:4282:ffb2:25bd:a3d3:4283
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=886862&asId=bcbcff77-5dfa-c486-b694-2a5f9ed0cd33&tv=%7Bc:72dVhw,pingTime:-2,time:453,type:a,im:%7Bsf:0,pom:1,prf:%7BbeA:1188,beZ:1189,mfA:1191,cmA:1192,inA:1193,inZ:1198,prA:1198,prZ:1208,si:1215,poA:1216,poZ:1239,cmZ:1239,mfZ:1239,loA:1456,loZ:1458,ltA:1640,ltZ:1641%7D%7D,sca:%7Bdfp:%7Bdf:4,sz:300.250,dom:div%7D%7D,env:%7Bgca:false,cca:false,gca2:false%7D,clog:%5B%7Bpiv:0,vs:o,r:r,w:300,h:250,t:26%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:1,slTimes:%7Bi:0,o:453,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:26,wc:0.0.1600.1200,ac:NaN.NaN.300.250,am:sp,cc:0.0.300.250,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B445~0%5D,as:%5B445~300.250%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:0,fm:tyG4o9D+11%7C12%7C13%7C14%7C1511%7C16%7C17%7C18*.886862-62195780%7C181%7C182%7C183%7C191%7C1a1.1272511-69505651%7C1a11%7C1a12%7C1a13%7C1b1.1272511-69505651%7C1b11%7C1b12%7C1c1%7C1d1%7C1d2%7C1e1%7C1e2%7C1f1%7C1f2%7C1g1%7C1g2%7C1h%7C1i%7C1j,idMap:18*,pd:VEBo.mhjfbmdgcfjbbpaeojofohoefgiehjai,rmeas:1,rend:0,renddet:na,siq:28,sinceFw:425,readyFired:true%7D&br=c
Requested by: Host: a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com
URL: https://a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:1aca:4282:ffb2:25bd:a3d3:4283 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Mar 2023 14:30:01 GMT
server: nginx
x-server-name: dt29.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 5C64 43 B
215 B 174ms
124ms Image
image/gif 2600:1f18:1aca:4282:ffb2:25bd:a3d3:4283
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=886862&asId=733096cb-92e3-f88d-4dcc-9893788dba82&tv=%7Bc:72dVhS,pingTime:-3,time:187,type:v,clog:%5B%7Bpiv:0,vs:o,r:r,w:728,h:90,t:17%7D%5D,es:1,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:1,slTimes:%7Bi:0,o:188,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:17,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:sp,cc:0.0.728.90,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B183~0%5D,as:%5B183~728.90%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:0,fm:tyG4obU+11%7C12%7C13%7C14%7C1511%7C16%7C17%7C181%7C182%7C183%7C184%7C191%7C192%7C1a1.1272511-69505651%7C1a11%7C1a12%7C1a13%7C1a14%7C1b1.1272511-69505651%7C1b11%7C1b12%7C1b13%7C1b14%7C1c*.886862-62195778%7C1c1%7C1c2%7C1d1%7C1d2%7C1e1%7C1e2%7C1e3%7C1f1%7C1f2%7C1g1%7C1g2%7C1h%7C1i%7C1j,idMap:1c*,rmeas:1,rend:0,renddet:DIV,siq:18%7D&br=c
Requested by: Host: a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com
URL: https://a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:1aca:4282:ffb2:25bd:a3d3:4283 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Mar 2023 14:30:01 GMT
server: nginx
x-server-name: dt23.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 5C64 43 B
215 B 279ms
232ms Image
image/gif 2600:1f18:1aca:4282:ffb2:25bd:a3d3:4283
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=886862&asId=733096cb-92e3-f88d-4dcc-9893788dba82&tv=%7Bc:72dVhU,pingTime:-6,time:189,type:i,es:1,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:1,slTimes:%7Bi:0,o:189,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:17,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:sp,cc:0.0.728.90,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B184~0%5D,as:%5B184~728.90%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:0,fm:tyG4obU+11%7C12%7C13%7C14%7C1511%7C16%7C17%7C181%7C182%7C183%7C184%7C191%7C192%7C1a1.1272511-69505651%7C1a11%7C1a12%7C1a13%7C1a14%7C1b1.1272511-69505651%7C1b11%7C1b12%7C1b13%7C1b14%7C1c*.886862-62195778%7C1c1%7C1c2%7C1d1%7C1d2%7C1e1%7C1e2%7C1e3%7C1f1%7C1f2%7C1g1%7C1g2%7C1h%7C1i%7C1j,idMap:1c*,rmeas:1,rend:0,renddet:DIV,siq:18%7D&tpiLookup=ao:orangesport.ro*&br=c
Requested by: Host: a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com
URL: https://a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:1aca:4282:ffb2:25bd:a3d3:4283 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Mar 2023 14:30:01 GMT
server: nginx
x-server-name: dt16.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 184F 43 B
215 B 162ms
121ms Image
image/gif 2600:1f18:1aca:4282:ffb2:25bd:a3d3:4283
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=886862&asId=287db009-3141-a5d2-644b-fa23c3d31ed8&tv=%7Bc:72dVi1,pingTime:-3,time:155,type:v,clog:%5B%7Bpiv:0,vs:o,r:r,w:300,h:250,t:18%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:1,slTimes:%7Bi:0,o:155,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:18,wc:0.0.1600.1200,ac:NaN.NaN.300.250,am:sp,cc:0.0.300.250,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B150~0%5D,as:%5B150~300.250%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:0,fm:tyG4obU+11%7C12%7C13%7C14%7C1511%7C16%7C17%7C181%7C182%7C183%7C184%7C19*.886862-62195780%7C191%7C192%7C1a1.1272511-69505651%7C1a11%7C1a12%7C1a13%7C1a14%7C1b1.1272511-69505651%7C1b11%7C1b12%7C1b13%7C1b14%7C1c.886862-62195778%7C1c1%7C1c2%7C1c3%7C1d1%7C1d2%7C1e1%7C1e2%7C1e3%7C1f1%7C1f2%7C1g1%7C1g2%7C1h%7C1i%7C1j,idMap:19*,rmeas:1,rend:0,renddet:DIV,siq:19%7D&br=c
Requested by: Host: a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com
URL: https://a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:1aca:4282:ffb2:25bd:a3d3:4283 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Mar 2023 14:30:01 GMT
server: nginx
x-server-name: dt15.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 184F 43 B
215 B 272ms
233ms Image
image/gif 2600:1f18:1aca:4282:ffb2:25bd:a3d3:4283
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=886862&asId=287db009-3141-a5d2-644b-fa23c3d31ed8&tv=%7Bc:72dVi2,pingTime:-6,time:156,type:i,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:1,slTimes:%7Bi:0,o:156,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:18,wc:0.0.1600.1200,ac:NaN.NaN.300.250,am:sp,cc:0.0.300.250,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B151~0%5D,as:%5B151~300.250%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:0,fm:tyG4obU+11%7C12%7C13%7C14%7C1511%7C16%7C17%7C181%7C182%7C183%7C184%7C19*.886862-62195780%7C191%7C192%7C1a1.1272511-69505651%7C1a11%7C1a12%7C1a13%7C1a14%7C1b1.1272511-69505651%7C1b11%7C1b12%7C1b13%7C1b14%7C1c.886862-62195778%7C1c1%7C1c2%7C1c3%7C1d1%7C1d2%7C1e1%7C1e2%7C1e3%7C1f1%7C1f2%7C1g1%7C1g2%7C1h%7C1i%7C1j,idMap:19*,rmeas:1,rend:0,renddet:DIV,siq:19%7D&tpiLookup=ao:orangesport.ro*&br=c
Requested by: Host: a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com
URL: https://a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:1aca:4282:ffb2:25bd:a3d3:4283 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Mar 2023 14:30:01 GMT
server: nginx
x-server-name: dt28.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 0132 22 KB
8 KB 41ms
41ms Document
text/html 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 430459
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 8395
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Sat, 11 Mar 2023 14:55:42 GMT
expires: Sun, 10 Mar 2024 14:55:42 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 3551 22 KB
8 KB 45ms
43ms Document
text/html 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 430459
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 8395
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Sat, 11 Mar 2023 14:55:42 GMT
expires: Sun, 10 Mar 2024 14:55:42 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame D515 22 KB
8 KB 43ms
40ms Document
text/html 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 430459
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 8395
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Sat, 11 Mar 2023 14:55:42 GMT
expires: Sun, 10 Mar 2024 14:55:42 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 7D8B 22 KB
8 KB 42ms
41ms Document
text/html 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 430459
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 8395
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Sat, 11 Mar 2023 14:55:42 GMT
expires: Sun, 10 Mar 2024 14:55:42 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 267F 43 B
215 B 234ms
234ms Image
image/gif 2600:1f18:1aca:4282:ffb2:25bd:a3d3:4283
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1272511&asId=2024076d-4c72-08f3-3cd4-e94b99023914&tv=%7Bc:72dViI,pingTime:-2,time:386,type:a,im:%7Bsf:0,pom:1,prf:%7BbeA:1124,beZ:1125,mfA:1127,cmA:1128,inA:1129,inZ:1133,prA:1133,prZ:1149,si:1155,poA:1156,poZ:1179,cmZ:1179,mfZ:1179,loA:1415,loZ:1418,ltA:1509,ltZ:1509%7D%7D,sca:%7Bdfp:%7Bdf:4,sz:160.600,dom:div%7D%7D,env:%7Bgca:false,cca:false,gca2:false%7D,clog:%5B%7Bpiv:0,vs:o,r:r,w:160,h:600,t:30%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:0,slTimes:%7Bi:0,o:386,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:30,wc:0.0.1600.1200,ac:NaN.NaN.160.600,am:sp,cc:0.0.160.600,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B380~0%5D,as:%5B380~160.600%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:0,fm:tyG4o9D+11%7C12%7C13%7C14%7C1511%7C16%7C17%7C18.886862-62195780%7C181%7C182%7C183%7C184%7C19.886862-62195780%7C191%7C192%7C1a1*.1272511-69505651%7C1a11%7C1a12%7C1a13%7C1b1.1272511-69505651%7C1b11%7C1b12%7C1b13%7C1c.886862-62195778%7C1c1%7C1c2%7C1d1%7C1d2%7C1e1%7C1e2%7C1e3%7C1f1%7C1f2%7C1g1%7C1g2%7C1h%7C1i%7C1j,idMap:1a1*,pd:CV8L.internal-pdf-viewer,rmeas:1,rend:0,renddet:na,siq:31,sinceFw:353,readyFired:true%7D&br=c
Requested by: Host: a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com
URL: https://a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:1aca:4282:ffb2:25bd:a3d3:4283 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Mar 2023 14:30:01 GMT
server: nginx
x-server-name: dt16.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 3E35 43 B
215 B 228ms
227ms Image
image/gif 2600:1f18:1aca:4282:ffb2:25bd:a3d3:4283
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1272511&asId=50bd15bf-7cbd-075d-1536-ed708d7d9a4c&tv=%7Bc:72dViP,pingTime:-2,time:337,type:a,im:%7Bsf:0,pom:1,prf:%7BbeA:1170,beZ:1171,mfA:1173,cmA:1175,inA:1175,inZ:1179,prA:1179,prZ:1189,si:1195,poA:1196,poZ:1216,cmZ:1216,mfZ:1216,loA:1421,loZ:1423,ltA:1507,ltZ:1507%7D%7D,sca:%7Bdfp:%7Bdf:4,sz:160.600,dom:div%7D%7D,env:%7Bgca:false,cca:false,gca2:false%7D,clog:%5B%7Bpiv:0,vs:o,r:r,w:160,h:600,t:24%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:0,slTimes:%7Bi:0,o:337,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:24,wc:0.0.1600.1200,ac:NaN.NaN.160.600,am:sp,cc:0.0.160.600,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B330~0%5D,as:%5B330~160.600%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:0,fm:tyG4o9D+11%7C12%7C13%7C14%7C1511%7C16%7C17%7C18.886862-62195780%7C181%7C182%7C183%7C184%7C19.886862-62195780%7C191%7C192%7C1a1.1272511-69505651%7C1a11%7C1a12%7C1a13%7C1a14%7C1b1*.1272511-69505651%7C1b11%7C1b12%7C1b13%7C1c.886862-62195778%7C1c1%7C1c2%7C1d1%7C1d2%7C1e1%7C1e2%7C1e3%7C1f1%7C1f2%7C1g1%7C1g2%7C1h%7C1i%7C1j,idMap:1b1*,pd:VEBo.mhjfbmdgcfjbbpaeojofohoefgiehjai,rmeas:1,rend:0,renddet:DIV,siq:26,sinceFw:310,readyFired:true%7D&br=c
Requested by: Host: a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com
URL: https://a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:1aca:4282:ffb2:25bd:a3d3:4283 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Mar 2023 14:30:01 GMT
server: nginx
x-server-name: dt15.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 5C64 43 B
215 B 216ms
216ms Image
image/gif 2600:1f18:1aca:4282:ffb2:25bd:a3d3:4283
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=886862&asId=733096cb-92e3-f88d-4dcc-9893788dba82&tv=%7Bc:72dVj0,pingTime:-2,time:257,type:a,im:%7Bsf:0,pom:1,prf:%7BbeA:1460,beZ:1461,mfA:1463,cmA:1463,inA:1464,inZ:1467,prA:1467,prZ:1473,si:1477,poA:1478,poZ:1500,cmZ:1500,mfZ:1500,loA:1648,loZ:1651,ltA:1716,ltZ:1716%7D%7D,sca:%7Bdfp:%7Bdf:4,sz:728.90,dom:div%7D%7D,env:%7Bgca:false,cca:false,gca2:false%7D,clog:%5B%7Bpiv:0,vs:o,r:r,w:728,h:90,t:17%7D%5D,es:1,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:1,slTimes:%7Bi:0,o:257,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:17,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:sp,cc:0.0.728.90,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B252~0%5D,as:%5B252~728.90%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:0,fm:tyG4o9D+11%7C12%7C13%7C14%7C1511%7C16%7C17%7C18.886862-62195780%7C181%7C182%7C183%7C184%7C19.886862-62195780%7C191%7C192%7C1a1.1272511-69505651%7C1a11%7C1a12%7C1a13%7C1a14%7C1b1.1272511-69505651%7C1b11%7C1b12%7C1b13%7C1b14%7C1c*.886862-62195778%7C1c1%7C1c2%7C1d1%7C1d2%7C1e1%7C1e2%7C1e3%7C1f1%7C1f2%7C1g1%7C1g2%7C1h%7C1i%7C1j,idMap:1c*,pd:0YtC.internal-nacl-plugin,rmeas:1,rend:0,renddet:DIV,siq:18,sinceFw:239,readyFired:true%7D&br=c
Requested by: Host: a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com
URL: https://a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:1aca:4282:ffb2:25bd:a3d3:4283 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Mar 2023 14:30:01 GMT
server: nginx
x-server-name: dt04.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 184F 43 B
215 B 211ms
211ms Image
image/gif 2600:1f18:1aca:4282:ffb2:25bd:a3d3:4283
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=886862&asId=287db009-3141-a5d2-644b-fa23c3d31ed8&tv=%7Bc:72dVj6,pingTime:-2,time:222,type:a,im:%7Bsf:0,pom:1,prf:%7BbeA:1512,beZ:1513,mfA:1515,cmA:1516,inA:1516,inZ:1519,prA:1519,prZ:1526,si:1531,poA:1532,poZ:1550,cmZ:1551,mfZ:1551,loA:1668,loZ:1670,ltA:1734,ltZ:1734%7D%7D,sca:%7Bdfp:%7Bdf:4,sz:300.250,dom:div%7D%7D,env:%7Bgca:false,cca:false,gca2:false%7D,clog:%5B%7Bpiv:0,vs:o,r:r,w:300,h:250,t:18%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:1,slTimes:%7Bi:0,o:222,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:18,wc:0.0.1600.1200,ac:NaN.NaN.300.250,am:sp,cc:0.0.300.250,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B217~0%5D,as:%5B217~300.250%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:0,fm:tyG4o9D+11%7C12%7C13%7C14%7C1511%7C16%7C17%7C18.886862-62195780%7C181%7C182%7C183%7C184%7C19*.886862-62195780%7C191%7C192%7C1a1.1272511-69505651%7C1a11%7C1a12%7C1a13%7C1a14%7C1b1.1272511-69505651%7C1b11%7C1b12%7C1b13%7C1b14%7C1c.886862-62195778%7C1c1%7C1c2%7C1c3%7C1d1%7C1d2%7C1e1%7C1e2%7C1e3%7C1f1%7C1f2%7C1g1%7C1g2%7C1h%7C1i%7C1j,idMap:19*,pd:0YtC.internal-nacl-plugin,rmeas:1,rend:0,renddet:DIV,siq:19,sinceFw:202,readyFired:true%7D&br=c
Requested by: Host: a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com
URL: https://a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:1aca:4282:ffb2:25bd:a3d3:4283 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Mar 2023 14:30:01 GMT
server: nginx
x-server-name: dt12.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame BC55 42 B
64 B 159ms
77ms Fetch
image/gif 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsslF8duG_b5OWMKCc852GJqcDEuIS9GpDkkP1dp9j8461B2jBVJ9XtkLkKC-IYopW7oKJeNQG0lw3MS7eid_kLjSxEnMIbSe9VTIvslo4H_BrslnxTn&sig=Cg0ArKJSzEPXvX9-D_V1EAE&id=lidar2&mcvt=1066&p=1110,436,1200,1164&mtos=1066,1066,1066,1066,1066&tos=1066,0,0,0,0&v=20230315&bin=7&avms=nio&bs=1600,1200&mc=1&vu=1&app=0&itpl=19&adk=1110188790&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&vs=4&r=v&rst=1678976999410&rpt=571&isd=0&lsd=0&met=ce&wmsd=0&pbe=0&vae=0&spb=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://orangesport.ro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Mar 2023 14:30:01 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 haezTdMeijvNpzpe-iMvzf0waJjhxHRsaf2aRdVkA3o.js Show response
pagead2.googlesyndication.com/bg/ Frame D707 36 KB
14 KB 40ms
39ms Script
text/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/haezTdMeijvNpzpe-iMvzf0waJjhxHRsaf2aRdVkA3o.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

85a7b34dd31e8a3bcda73a5efa232fcdfd306898e1c4746c69fd9a45d564037a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Wed, 15 Mar 2023 13:18:39 GMT
content-encoding: br
x-content-type-options: nosniff
age: 90682
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14212
x-xss-protection: 0
last-modified: Mon, 06 Mar 2023 11:38:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 14 Mar 2024 13:18:39 GMT

GET
H2 200 rtbWidget.delivery.js Show response
assets.revcontent.com/master/ Frame BC55 16 KB
5 KB 71ms
71ms Script
application/x-javascript 151.139.128.10
STACKPATH-CDN

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.revcontent.com/master/rtbWidget.delivery.js
Requested by: Host: assets.revcontent.com
URL: https://assets.revcontent.com/master/delivery.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.139.128.10 , United States, ASN20446 (STACKPATH-CDN, US),
Reverse DNS: map3.hwcdn.net
Software: AmazonS3 /
Resource Hash: e6770420f0302245616ce6574713f932c01910378a9358650ece6ae3fdf5ea24

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://orangesport.ro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 14:30:01 GMT
content-encoding: gzip
last-modified: Fri, 10 Mar 2023 19:39:22 GMT
server: AmazonS3
x-amz-request-id: Q5S8WVWM2GK0NMKM
etag: "f6d5938c1775d79589ef0c0ce11aedc3"
x-amz-server-side-encryption: AES256
x-hw: 1678977001.cds143.fr8.hn,1678977001.cds219.fr8.c
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public,max-age=600
accept-ranges: bytes
content-length: 5034
x-amz-id-2: P01DANuHLD4osqjoRRHD3n9gCZL+z0tFJynPkfKXzvGmNcKPFExF2D9s6pMHMeCaq/0izfo+qBY=

GET
H3 200 160x600_atlas_NP_1.jpg
s0.2mdn.net/9912961/1676374217816/images/ Frame B31E 48 KB
48 KB 48ms
48ms Image
image/jpeg 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/9912961/1676374217816/images/160x600_atlas_NP_1.jpg?1675857162180

Requested by

Host: a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com
URL: https://a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7acb39c464a48e54dc24e3c2fd9aaa947cbad325ec284216c54b1408da1d2b8b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/9912961/1676374217816/160x600.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 14:08:55 GMT
x-content-type-options: nosniff
age: 1266
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 49211
x-xss-protection: 0
last-modified: Tue, 14 Feb 2023 11:30:18 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 17 Mar 2023 14:08:55 GMT

GET
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame 267F 0
0 78ms
78ms Fetch
image/gif 142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjss5lpU8d2aGRaMCLi-8wY1a_RNYUIFXGvqtcuj8sUMkCkbb6Ld6ZaJ9R7EyIGdx5yxrf2SSVsE_BTPRqx0R3WtByMTjnZ1xDP3nslRfyKnay0MCJCaT_8i-TRAgHMZq_2MxmkYFXCb5stfGggksiy2T4a1xMI6h7nd5plLXUrQNUJOJt2OiEuxmi6My9FLDQ5TocRUOAWDMD2jz5Q_Md7E9x3N_TaF2OVsc9DFE8lLKI-ApgMxZfPhD9eD2v9xDc35HNQV-UBaGsyhO3m-13UZpOSpUJENua0-XuxoW0cp4E-FyhvXRWTxMW5e1tjHnbUqmN0uz6rjyrsAudRZ5PsQjG-YuLrdNUHBAlyJz9eLoOW8ODUfhNpCuzsdd_EP5pdKOCrmLWMKRfbql-deLMhbEIWAJJtE4QoDldT7ilS1Jh-y5Np-4gTNNT0BPzrs1JbALcvLf4b4lbxO57GSCsPoAtU3uFE-Peu6Rf-I6USppyZpHmP-QIQt3O-fFpZhfwV5HvT2WFzO-uoEAT77ySGJeiXyF-H8EykOE0ElwF-HtWVSTGEt2pwCJ_zzp4wDlvNVYWoLblMwgI2bL4D4efzvbzKuXIMGNsOdIwF6w5NV9EphwsJdEviuOeGgrpTe6Kc7T8WV-h631ak5S8sVmdkkIlJxrT3EZpfeB71P_1rR53y1C3RMS9Wx9TtrGZ9EFthXnQo6ty_70Vj-PkoKbv_1TrTF6LrfqW-yGW7EX8Heykhvq2zDcuo9JeQuBxOThDqNZUhSkQOtpDqlK349JjIE2cW_7dj1Eu4rWnQgTr9wOy5qEbYlFBaWnVmYGOAdglE_RLqFcZGPHutMshseKBJTf51GThqoRNqi0dG3Xvh8qQXmjNXbpcGoDIB8FGlxICxrktPFHV3htPJRiajpDDr4LU6qZQ6D8mpUMCQAj9uwIw0K-186A3O2jvjHPI8-lRNDAOBypMCZ_ZEvT8drJg37Js-RtDE53d6gn0oajozzR_8US2cRY2p-8XH88O1L6oRSPyXS5S03uun-eOsrH61GClgdrraW7Fi5cih8GcL2fsFTSp32lUiip96ixs1mebcpYrI0_9VFQ7gB8LatGFKBad-17c1tglN2uCzzSOiYaRp3MUmGpBTxcCYnOEQ9sqtmzQ0iM5MNgOBjp3Rn5DKa-YYAfcaDW6VFHPjbAk5Tp0rIwfS8WoINxiEFYatMIiVtEtBalYST8nV5ItT4Rhll8aeJ17bzfBF2-vBdgmyweYJXDfuFA_BiZPwbyVgLz&sai=AMfl-YQawH_MDC2iD4uu-JxvQE1_9OJ_pNAhUjvAYsafr1oC5CCflDeiSobMV3Hqq3FNTeC3TtLzHfQCF7eHXG4X6ugNWNU36rGp2TJQDHYA8IeOPG3ZuADP-Vscj_Qpz-3HzSbwbY-sBC-W0IMB598ibdxbZWCc34t_YpT4thZQVR334Cb0PaEHQemnYlHUS5hbgfTfV8b5DAQUurVkIZdXWwK4cRl9rwCfm9GoKgQ68XD7-gJDuiLr6T32R-8iAQywnHiFWgVerO8v00cjNy6zkz4WUhuzfUc1yPos&sig=Cg0ArKJSzMAwBkq5aLE_EAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=1071&vt=11&dtpt=810&dett=3&cstd=258&cisv=r20230314.29273&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&arae=0&ftch=1&adurl=

Requested by

Host: orangesport.ro
URL: https://orangesport.ro/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 14:30:01 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Thu, 16 Mar 2023 14:30:01 GMT

GET
H3 200 logo.svg
s0.2mdn.net/sadbundle/9548364509937149214/ Frame AD53 3 KB
1 KB 41ms
41ms Image
image/svg+xml 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/9548364509937149214/logo.svg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/9548364509937149214/1676550659977.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6f88ad1b185e443ce4a39c76c65fa4b6f199c1521398535cc5452b19304d5f17

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/9548364509937149214/1676550659977.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Fri, 10 Mar 2023 20:37:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 496352
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1359
x-xss-protection: 0
last-modified: Thu, 16 Feb 2023 16:30:06 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 09 Mar 2024 20:37:29 GMT

GET
H3 200 haezTdMeijvNpzpe-iMvzf0waJjhxHRsaf2aRdVkA3o.js Show response
pagead2.googlesyndication.com/bg/ Frame 5304 36 KB
14 KB 41ms
41ms Script
text/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/haezTdMeijvNpzpe-iMvzf0waJjhxHRsaf2aRdVkA3o.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

85a7b34dd31e8a3bcda73a5efa232fcdfd306898e1c4746c69fd9a45d564037a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Wed, 15 Mar 2023 13:18:39 GMT
content-encoding: br
x-content-type-options: nosniff
age: 90682
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14212
x-xss-protection: 0
last-modified: Mon, 06 Mar 2023 11:38:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 14 Mar 2024 13:18:39 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 24F9 0
20 B 85ms
85ms Ping
image/gif 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=pvtw&eid=5ycTZMfEMebnx_AP8YyloA4&p=ias&bl=0&twt=1208&st=633

Requested by

Host: orangesport.ro
URL: https://orangesport.ro/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Mar 2023 14:30:01 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 haezTdMeijvNpzpe-iMvzf0waJjhxHRsaf2aRdVkA3o.js Show response
pagead2.googlesyndication.com/bg/ Frame C9AC 36 KB
14 KB 39ms
39ms Script
text/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/haezTdMeijvNpzpe-iMvzf0waJjhxHRsaf2aRdVkA3o.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

85a7b34dd31e8a3bcda73a5efa232fcdfd306898e1c4746c69fd9a45d564037a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Wed, 15 Mar 2023 13:18:39 GMT
content-encoding: br
x-content-type-options: nosniff
age: 90682
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14212
x-xss-protection: 0
last-modified: Mon, 06 Mar 2023 11:38:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 14 Mar 2024 13:18:39 GMT

GET
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame 24F9 0
0 80ms
78ms Fetch
image/gif 142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjssyv2FLmSY18OM-oIH1kLtDf89w2TRBEM6K72B83z0pDvLzN3OZnTbpAYH_mdkZPCV6NJcrJrQVcJWaJ0OgGPtvFbYa8MZGoZIivyRg-RQM_D2EnG_1g9gJYe4ivAcebswYkdFXDJkupOnavzGTGGP2Jha6d4ZLN4jyb9GKxgdqRGDiRipyKgLHGTVNOzrJGfEj1TAswg2C30vVrVwTiqlx0iqwdZKmWSkzPF2ffAfTJ-OHpxN1pU5z0ZiSSLt5g0jyyfyPFFSPJQjtcsqw2PtdiOhCyU2QEkNAQCY7uE5wMbKhoADHJXzBqZN1PuW-axdWXq6j3LqnzSuyiyE5js2W9u02DRlHBeQWRpcFOQUw5z-tFIlTFGTmzmz_zPUiX_Ur0bM4R9mNJGzfm8dyObJGRMANZDaE99Hb_-8kVgkRhKIzVt3rOE-bY9XvfZgHfRCmdp-ssU-2VyvPRaie0TrPmutK-oYyvrA-n00ji31HtPFZdI7t4LA5z7n4EKkXl6gK3ghv5FIyyFEoEgN8ZbVRD2d1BVZ_ZT3-3BR8xKE9ZLm5bGg7qnGllppv0ac0u3GgoIhCT-K02y_h8molXW41S_50Kqg5KaxDwu18Q-m2xA8cZ8Anyq_L9BQX6aH5mBRc8QxnJBXzMMx5-mwric87DhMqbqIKTg5YlyXl__0aRZyKAUNGmkbVJCcN7eu6YXt0v716yeHoxbHLU9HeIafMlGu0dtideUq-auNZRyD1fqRxszI3YZuKlij20KkBbI4hZV3pfdTZN1WarKZX7Sf-CzfGPZliCYinaj7x_2uKFB3hwOSSQMel25nGo9PpfL_ZhXGNTwp1VkMnqdVfaMo-VL1j0ONVD8M-WvLEb10Xo26mPkp5npeq9DxEZbJTk0d0_iO0HueFl1WVSEHmdkxdU3IMx-f1xR085OMCoJckLvhrifUzHPBRKE6LRhGh4zGlb1AQCs0NUPTrm1GFXMatQThIop1dNZBrFIHcDDTFodxciekCakWGihpwIUiU5mbKa7v8Flx-TMl2w7qK5pRp4-Dy7a2CDvm5RU2qO8vohhdPzmNfnKIeo-nNr10BPDxaijzujeolsVFhqZ3OA8sJEkItEE20APzwZOSHIZSb3RQzRGKC_qNtOiTEOHjuOG731oUwzSWEOeFXZVbG55y4K4daRawRbhdG6meWidLcdqxB95P9CJsiL0G4Kz9AiyVX-wywezpDWRxx0s9DxKryBLJTiHTx7RuzcL3bLE9bM06yKv8CPtNQ6w5x77dvnXq-IjRfapUnviXtCdqEQW8&sai=AMfl-YTXDsGfYw2zHPVyVyvSTobY-DSx1r7ltYCp7n9huzZhCYAVcadKUHJON0raOtHbHsx_VTLUM7Ywu1i7XmF4Kzs0sHAImfg_Hhel9uLV05efOVDL91lGlVNTWRLVrcOAfT8bCMGTZSZ7cVZ806EssqDBEs5fBewzgauDCNUqs7Pt54l_7KDiPRB1a8KFvAnNahKyXeXRgnt7t9EwafyQYnUwOOyfnHb2dXW4vftpCg_c7ubjcOpd9yA_l3Zq6sRSQjis0wtXepIcL7IQFTDrdBXxUG8zSqZRt0fU&sig=Cg0ArKJSzNPkanQJ9aThEAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=1225&vt=11&dtpt=942&dett=3&cstd=276&cisv=r20230314.56384&vwbs=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&arae=0&ftch=1&adurl=

Requested by

Host: orangesport.ro
URL: https://orangesport.ro/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 14:30:01 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Thu, 16 Mar 2023 14:30:01 GMT

GET
H3 200 logo.svg
s0.2mdn.net/sadbundle/9548364509937149214/ Frame 2370 3 KB
1 KB 51ms
51ms Image
image/svg+xml 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/9548364509937149214/logo.svg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/9548364509937149214/1676550659977.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6f88ad1b185e443ce4a39c76c65fa4b6f199c1521398535cc5452b19304d5f17

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/9548364509937149214/1676550659977.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Fri, 10 Mar 2023 20:37:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 496352
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1359
x-xss-protection: 0
last-modified: Thu, 16 Feb 2023 16:30:06 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 09 Mar 2024 20:37:29 GMT

GET
H3 200 logo.svg
s0.2mdn.net/sadbundle/9548364509937149214/ Frame 7C94 3 KB
1 KB 54ms
53ms Image
image/svg+xml 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/9548364509937149214/logo.svg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/9548364509937149214/1676550659977.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6f88ad1b185e443ce4a39c76c65fa4b6f199c1521398535cc5452b19304d5f17

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/9548364509937149214/1676550659977.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Fri, 10 Mar 2023 20:37:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 496352
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1359
x-xss-protection: 0
last-modified: Thu, 16 Feb 2023 16:30:06 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 09 Mar 2024 20:37:29 GMT

GET
H3 200 logo.svg
s0.2mdn.net/sadbundle/9548364509937149214/ Frame 3D31 3 KB
1 KB 53ms
52ms Image
image/svg+xml 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/9548364509937149214/logo.svg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/9548364509937149214/1676550659977.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6f88ad1b185e443ce4a39c76c65fa4b6f199c1521398535cc5452b19304d5f17

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/9548364509937149214/1676550659977.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Fri, 10 Mar 2023 20:37:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 496352
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1359
x-xss-protection: 0
last-modified: Thu, 16 Feb 2023 16:30:06 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 09 Mar 2024 20:37:29 GMT

GET
H3 200 160x600_atlas_NP_1.jpg
s0.2mdn.net/9912961/1676374217816/images/ Frame ED58 48 KB
48 KB 51ms
51ms Image
image/jpeg 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/9912961/1676374217816/images/160x600_atlas_NP_1.jpg?1675857162180

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/ads/studio/cached_libs/createjs_2019.11.15_min.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7acb39c464a48e54dc24e3c2fd9aaa947cbad325ec284216c54b1408da1d2b8b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/9912961/1676374217816/160x600.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 14:08:55 GMT
x-content-type-options: nosniff
age: 1266
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 49211
x-xss-protection: 0
last-modified: Tue, 14 Feb 2023 11:30:18 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 17 Mar 2023 14:08:55 GMT

GET
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame 3E35 0
0 77ms
77ms Fetch
image/gif 142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsuDtLWQ24q48pAxLlkeruhxniS0CoOPzXAAIy9peqgNeex8su1Oqd5GAAPHGnvR8XU69B_AmxZeptL1LvaMuhwxVPXCC6U6iM3zwRdUdCj4g4KDU4_Bx_NY3YuYwu7bA1xMQl4nFSC9PU6-rqVqfdNjbYDVtE5Uxea6IuO2D270V3rPijE5lKoU54cGAZLwBaPSvmL4zwhvZC08cPJDrg_wCvn1_LAc_Ms3HL_WB4O2W3TvIpS88t439Rp0TlzH57Tm3IJ9kmWkXN-671P57Lnj46rE5viU2g8axUbNkNWhWOPUvncOgnZ4FPPYGBxVDtCMK8Ua8SGDnxY9HxPrRoMcucg9kMDJj6yCok4GQyZbNL5rinM_pq97zCuEEgFwe5KCgN3c1mIkrheNELzHBDA9f0Q3LdpmavOMW9pS588jE63efLbbl6udvd7k9Qftd4ReeHeHt4lMNZ9vKHFgXqN5FenWO8_Pfah60ipDtpg1xi6TeDZGL8-ARkMlNHGvOYCtkaKn50r0CmSx2dlz7lefH0G17v0t-NZ8qnQkLxo3nWibZ0CrjO3tzuSV0n7vrbrWbB2bJyrTYEfnExvD-AaerwXRZxanKiIj485wc73FsRJ282x7SYGWziU5ghlFFiFwBfDjXtcTtDAEa5iIyenOhcpxuCS39OR-LU3i39qJNvKXzXFRXBh6TOY6QFx7xxuKjpT-C4EdupgWn8kMczy3CG6khbL3pMgQiRf2-UVQfbra7S6jQSLfg4moMHBrKcPcINgVVk-J5GMfjdckgTsYztxpUSfQ9tEoRRN2DjehQFUih0lYpDPFiHi-EyxZglOZYEmnrtnnEAEJo9aPXspMZQRnAxNO6yjF5VwcM1UFJMePlWuVij0MbBLBEU8MvyOgPFtwhk2wlLHv9KZk9WcjTa9aXvfv3tE8TnVNru5VhJhGdYPNgctGOvJlUk6swTiyp3mDmy0EFxetHRPiJ22nDQeQt2okdy4j7OEDQteOZLJFJWHUBwTJGrBYBBXPnYc1CrSSBhlbxUsUyprlVYQF9l9QYgTsSXYVS99Is-Gaj1vH8zTm31xOLS5STxW3lyQ3JNCSCeEnaIBROTSbHYRskXUXQh5Rmbwxk6Ms2FqxIfNDcxt1w3PzZbtdRZUsubAr6p_v3HNOXR5bTe7ra8lFqVWcALn_XfSZ5mXTTiITUQTMxZXW7qgJ6qo6ZAODsVmTCX_Yz1ZJTlD5GgwYCVhioJiwGTyfOACKH4NcaTzTF_E74mzc_W5su7pkfg&sai=AMfl-YRFardfPtzo4_xoDqH1oupTrNy6nntzrrhCuKWytGY4ZdRJaPVtTnJadPONOyeSjzVKB3W3CETjl-EJ_rmvuUTAQozwUUZ9JtaHbxJuaNAHQBz7DWMnbWZYKmWvbtEptPKJYJDaTXoon0wT2LwuGATDYbEo3dwuaiFWpv2CoAvuZ0gcZe9XOHrwkWnxKfPpBrE9rg8UKFrJ6-louf8ogC4GCUjcpvBdb6d8XHQUvXGSflMYfSulh_JBtyoRoCu_4BX_DxENu4PzJBDlfekZHZRFzrnwLLGGV-xn&sig=Cg0ArKJSzETGnDaKvd5OEAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=1053&vt=11&dtpt=670&dett=3&cstd=380&cisv=r20230314.19537&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&arae=0&ftch=1&adurl=

Requested by

Host: orangesport.ro
URL: https://orangesport.ro/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 14:30:01 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Thu, 16 Mar 2023 14:30:01 GMT

GET
H3 200 haezTdMeijvNpzpe-iMvzf0waJjhxHRsaf2aRdVkA3o.js Show response
pagead2.googlesyndication.com/bg/ Frame 8470 36 KB
14 KB 43ms
43ms Script
text/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/haezTdMeijvNpzpe-iMvzf0waJjhxHRsaf2aRdVkA3o.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

85a7b34dd31e8a3bcda73a5efa232fcdfd306898e1c4746c69fd9a45d564037a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Wed, 15 Mar 2023 13:18:39 GMT
content-encoding: br
x-content-type-options: nosniff
age: 90682
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14212
x-xss-protection: 0
last-modified: Mon, 06 Mar 2023 11:38:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 14 Mar 2024 13:18:39 GMT

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame 3007 7 KB
6 KB 84ms
84ms XHR
application/json 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=xfad&tv=01_247&st=int

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_247.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

af322978ee0049b3413a25bfb10129a7dd173244ab5b815b2431c8b161f40d69

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 14:30:01 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 5772
x-xss-protection: 0

GET
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame 7AE0 0
0 86ms
76ms Fetch
image/gif 142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsvPwULeyh0VleFk86TY7dVOS9HdtBD7-H_6alYfo_3WSD572VUNXYe5fo7FQVvNLYEwhcf4gXGhyMcxXLmr-4wpiI6zWqeqUSIhh_Wgq4miJ5cRyTv3AQvg438VElNm_24NbgA-QrPeuYHf0iEiU3UMDCXAOj1b7w22jg457H_nMq5kRfO1C9nlzX2ItSNdmcD0fJBTc6vNir0bhJnW1uqr0CzRR39Bv2hcK3u2dgs4WlLp-GBfCafVReOMlsgZOXUP12FYAH6T8RGOxv_BbSMAJEbNcS2xJNWsgZgjSLUnZid7JYeVrNqtmZgLzL7KCmqbkK09Dl02xw2vDrCvUf-Mzk95J8b0gRYPKrg-qiarQ-42aRI397CKJtflFOs6-X-QTdMT3iouI1OzN9-2rLVA_5EdGmVm7YW1_J3mu35VGeY_bBP9RFigU_iPlkuxKxypewDZDsXZy-IupyF2z_3_xNSvumgXw-9kAPViprkTfT_Oh_72-8yZ08mA3NK6CopufB14rUcl8H9XYP4301WXikUlfC6ztdWyxPAuq9ahZFEoFW7cT8pN7B_RDTrBzCWLVHfBJd0NXkz79ymix36i_iqO3VlwbI01muL1TQtDx2nCxQF3p_eHbHf4yGlBmr0-JMcLXEl3ci9iclhB9P_7HVkL9iLPes5ZzefetGMgHFUnn-iSoL7AmS6A-C6WRiWv7FApRpOAG7vK3is4HdFOG86ZQE1AMVucwN99ILpQZJnlm6CXiT20PEXHkW5BzDHhSAMpbyPtrXCJ3_giBpzt0dpfps77VfDSGr0INknTIWzseSxw7e5D9SW1BTDkc1ccnBkwNtsA8K1d23TExPXJsHXvTlW9vSUs3bk-QLrr6HgFK1wTMJWDzXLdC1FZHpmiUoQMfpe9dOfQNtg1a3rZDfY_01wWUiYkpHRf_1jIa8kJowVzB23MbC69_GqwpQFr5AudmD0bWoj2x4-useqM9iBca-PRQ3J6sD4aX1KmRLD_FiDYauAwGH3CX8F8Po2CmLAnqHCU8N_vvLEMz_-dAPkihWO1QGNqLOU8vBi1dsLmMaQ3IanR4CmcTq7Xxzu2uPOcwjYNvM7C2KqDQgtBwOqxKZdrz4TSG6NCsg5IuYR3GD3SucjYT13YAyHfF1IDQHIW9zf5ty1Jr2FU6MPWs-nJT7qUvVk43IsyoOZtt72IyBJvWUP-esEcJ0fhtZ8t9_3vEOItDZdg8VsxQNP3WmWKPzIzc73Mcx10ViNFOI8XQH4mWLmkQiU8vLcykQH3NXf9lMahfw&sai=AMfl-YTbFrile3Aa2RBXtPLtnBYSCQg7XMptRCxZ77ZoOhdDEuyYhioS-mwtDfQ3F9HFpQzaWYFHpnvuJHGocgLd_MwJUVrzLl4XybuKb6ekGeFdlvHWq2Gc8SJDw4sS_17sdfCJ3Kf3U2YFzid4PBxAL3UqUSTF7gOOEEBP7OCJpBcrmZMtL1qdD3ireoQiq-mFZ3MU-8KhcqkL7ZUFEeHss2FFaUnfjd3r8QYFb6TYPEbv1WKeN_4eQPW1Tmw2rGhunlr6M-7gFSPZ_OH8Lje9RCBNLLdxl4f_eewT&sig=Cg0ArKJSzHMeYKNXXDRpEAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=1124&vt=11&dtpt=888&dett=3&cstd=233&cisv=r20230314.53696&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&arae=0&ftch=1&adurl=

Requested by

Host: orangesport.ro
URL: https://orangesport.ro/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 14:30:01 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Thu, 16 Mar 2023 14:30:01 GMT

GET
H2 200 webfont.js Show response
ajax.googleapis.com/ajax/libs/webfont/1/ Frame AD53 13 KB
6 KB 139ms
41ms Script
text/javascript 2a00:1450:4001:810::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ajax.googleapis.com/ajax/libs/webfont/1/webfont.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/9548364509937149214/1676550659977.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

81016ac6be850b72df5d4faa0c3cec8e2c1b0ba0045712144a6766adfad40bee

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Tue, 14 Mar 2023 13:32:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 176238
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 5437
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
vary: Accept-Encoding
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 13 Mar 2024 13:32:43 GMT

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame AD53 7 KB
6 KB 93ms
83ms XHR
application/json 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=xfad&tv=01_247&st=int

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_247.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

2a13ec60ec0d7cc72b2bf03b6a5ede39cf8e145f826986df12932395857bc81e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 14:30:01 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 5736
x-xss-protection: 0

GET
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame 184F 0
0 88ms
78ms Fetch
image/gif 142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjstSN4u9iPiXjoovyiH-ZdFTcgsR_AzRLu_iHREWVOCogAdLO9dbZ1OGYEOuZez9afGw1o6mDtpP8XIlRkkRDrO6XIDG5sFDOECs95tSk4qiiaWc8ZEBWUuLZn3VcCDYJoXS5cfpyDbGxTFaf5DHLJVZ2u_nHWGLut1MuZCb9VG38Je32d2EpVjLcrCEHSVHFvcbl9939nDOLS6CX_nJOAw3euhG4L1RROLKdHV717xRDHZ3CKYcKMMWMtfmju62NGgM90NOGGUMwKWtFkrfmtnSX_BzkrCzK2EC-8rileGph9gKHyzb5FVSJFCTek39oU4sNr2S0SN4CI4XFKdk3f5KbZDO3065uMzOqDQmGlfa6E6ajjj5-JAmJdTh3MyfMgMd7qwqPe2Q8NLUbbnsry-uiydFooF1G5ROr5eZ_IvyLWBlmZ229wUcH_AFPJvWVHco8VHI1HpbxE9w5K7dxR_WMjMrL3xZ_KF87cP6JuFbnu0REy-rNTSFu8OV3FOhkyhkz21hGFzThgt_9tjuQ858WMy9-HjEzJcKr14R14BEafWTjF5OoriMScMzQMeheBQPiiYA_Ve9YScdQsVEuwPLDhtOo251H6TpAGUXOZDaWk1EAfiw_SR54wcY7jMRu0S6od04e6oW20VtMfb6597I-tjbgcfs5iaVHdWyzHK2y7CKVdasgAE-Wmlx58SIKGRy9DvVq1BEwcHK4mnuetZT_jIqeqNtt9sVzC3V-AZLrRmQr1uWJPhhXqGBMbiRSOXANuxJFF_fhw9WKfbTTtozmKx2AAGjesJ_12uuMvIWmq3EeCdMhi-_mXHNVO4G3HWb_3H9_RVi0hyWNSnjLp-uqNhPmkMBSduk2Bp092c0eWmPSzaxLjge7xIToYuL_BQXUFMn-AFhTATwOO2NKqBF3DYeMyPIWgc2VCU--BAudhQhxMpWt-HhSUTkdAdmYyMT6owitzzp97O1lJPfe1Mp1xLQZkFPyd-soOe9RSfDQwWH4OtGMYDDI3_dxAIeOF-TVzPEtbg8c52wH584Xh_uIMJ49LCpbx1de7A4d1V-LJu_wnNuxFyqrzlI2hr15bSzuRZUH4V2PdCKuSqkikMMU9NA4R-p96ZkzEEiBOmTaokMd2ZUxnIkkBJw3oLWDhEqgioGVUflw9-6u_Gw8PLwlzrowfDpGmFJWR58NtvJ5rUy3M7jc7_J5dfEsmBpPMOgcxEQhxzQQEMNKhzzNFBealXRpWK1rGSfL9A4b4rQDytDILhsklhGGDa9idDyJSsFVBBVdFY02Uej-Z7H-9i-KC9V&sai=AMfl-YSiMByfrH2PVbG5DGJyBmknC6lSuUEgAvbSlYMD1TGlXl3f61N1I-QIGs65jRzO-hMfWkLTAgeKH7zLp3OiBQ9WV84WJJzXzPbUjKCEPBVxCwEsLF_n89MJjkeLhASi7gExAk5aTex1pGwk0L7EdAD0ru0IzBAoHFNIC8n-BC6yGUIZnjITwkv8e6SMFM0SpxhtFQa_EbYBWrDc0fsVn5uLQsJRhf1UvJiABMQXoDR2fW6SNYLOgnSMV1pQEP9zJjcmvDoJMFqRMl5YtcaB4r_eh7RORb-3R3SD&sig=Cg0ArKJSzF24zasS6uFxEAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=1073&vt=11&dtpt=643&dett=3&cstd=426&cisv=r20230314.66822&vwbs=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&arae=0&ftch=1&adurl=

Requested by

Host: orangesport.ro
URL: https://orangesport.ro/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 14:30:01 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Thu, 16 Mar 2023 14:30:01 GMT

GET
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame 5C64 0
0 88ms
80ms Fetch
image/gif 142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsspEzeB1Nyr2KRS1cna9yCQIFKcv5Tsj00VCoIbFOuu17lA2VnhVMSzpDHFePQBTqhaX2QlVjoS4b0jebSkF-fghdqPZTvnnZMCSeQbv0H3C_zaU80jnukGhvQWqFuPkgP4ZL9QOaseTyUVoHVtIYIxLTepQSbnnS2aEszqex_hwHTF8G1N0HpW4nMIQTFJc92WMARNRJO7DCrfntrE0lNnpxOiRyS5934GkDMjYkP-3CpU2KUsT_Kn33n_HnRPernV9JVTliXKBjK_sL80iyJj-GNpXC7DHrum6Q5zPafguz37o3bvEmLWRaT2_q7ZBI2dZVInWiTpgUQE8Slr-yxdl-clKDCT0wYN6IPKSIhj-i4wmd3o_50kJDHtFZd7TiR8NDZmM1aBVSZsSH-EFaH6P1V9I0Msxl6D8ZV0uyz1FPxIl7ATnSkQ_qjxWOkVh4ROPcMst419rlztwBMT_dlRkkswSNLCbIS5P4NJETbq_KN8NU_Zhs8gnqNe2GTBoc7yzA_EAUKpN1exUzeL3xIG0ViqMOOMSHdcv-B0iVSif2Zavc36eCAhPu0OzvghFXgcFxROtKK05e4aj3stYhsAMPTtVMx7cgp4HHC2zempzaOP6mG9ie9-ksDfwJqiiDDKPZgjdcUGiU0orPPKOem9xhzcDIT2zfC70r2WP-3pBlNUx2W2g5FHML67eYOUqu1h_88zCRe2B7-HhxUEu6GwGww0k0k9LhI6OSfRJndH7WV-CklsDbmNErQMody73iXyaJ3gpvdLtJfccmlkorM6CozpG41C0b3pvBIsyXnuk26xtKQx5P-_8Ap5Sma7-uKa1i90O2-g96X8YVNJpZncCELQINfmemO2Io-XV6xr06ybFoE2c0jpCm_yvRdeyCWmO8KKU9-zCysZXzNFitSGgO9eXF--MLBAv5WBkOcyENj3cXsZjPuOO7i1fNc4aO0lEzLuqFuBEquk3ggqAG8L9vO_P4Iv84HhT9dMilnSae_XEIkGXdg7booSpuP1W3GToiziZThrf4urDYemseEWA6zIYyuMdv5CFGoVcACMs96Ipq0u7mK-2Hz3_YPQk-Bh9Bxsg4yM3paJ938w_b4xo1EGWcnqZagUWL3sZGNK2DMx64UdmA0QqrzKnqCohyJ5-akcVLb0qn5eOTxwnlpqRKGT_qyZa0vl4Cj0eJ0F9dcStZCn94QXy8GdyA1VqUeZURF9cQjbr_jOEcRvJKA1OjiSISkfmDvgIfs4yjJStbb6hq01nv0Wu8wZWEdn8ItQ2gPzRtuwpIiGvCZbpw&sai=AMfl-YTUi7Gyf5ET3J1fo5gCRFMNliq8S4npvUsh7tbeD7aWIGRV-OLpnDipwpOhZxlunG4RH4BR_ttYhb3aRNy4Dk2HQ6YwCXt09utt6247Hxa_YwVCkQqB1bEAsegmZx_2Tym63B05jnWPm4WkrwJ2Lvxc4CqpV8qBGHJJ7m0BYRc2kZVAqmtrZjBP7Mc71RBwBZGn-3rv1MeWJ9HE5bQ7kRtKCSN92eO7D1X4voM82EoeiDZb__c3l51Z9sGtALCzPRzcuLpFic46Dyu3YLXAgLyttlcv4cf4pytX&sig=Cg0ArKJSzIbHPyZ2n9OaEAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=1066&vt=11&dtpt=637&dett=3&cstd=425&cisv=r20230314.41762&vwbs=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&arae=0&ftch=1&adurl=

Requested by

Host: orangesport.ro
URL: https://orangesport.ro/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 14:30:01 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Thu, 16 Mar 2023 14:30:01 GMT

GET
H3 200 haezTdMeijvNpzpe-iMvzf0waJjhxHRsaf2aRdVkA3o.js Show response
pagead2.googlesyndication.com/bg/ Frame 0132 36 KB
14 KB 47ms
46ms Script
text/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/haezTdMeijvNpzpe-iMvzf0waJjhxHRsaf2aRdVkA3o.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

85a7b34dd31e8a3bcda73a5efa232fcdfd306898e1c4746c69fd9a45d564037a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Wed, 15 Mar 2023 13:18:39 GMT
content-encoding: br
x-content-type-options: nosniff
age: 90682
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14212
x-xss-protection: 0
last-modified: Mon, 06 Mar 2023 11:38:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 14 Mar 2024 13:18:39 GMT

GET
H2 200 webfont.js Show response
ajax.googleapis.com/ajax/libs/webfont/1/ Frame 2370 13 KB
5 KB 130ms
57ms Script
text/javascript 2a00:1450:4001:810::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ajax.googleapis.com/ajax/libs/webfont/1/webfont.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/9548364509937149214/1676550659977.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

81016ac6be850b72df5d4faa0c3cec8e2c1b0ba0045712144a6766adfad40bee

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Tue, 14 Mar 2023 13:32:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 176238
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 5437
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
vary: Accept-Encoding
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 13 Mar 2024 13:32:43 GMT

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame 2370 8 KB
6 KB 82ms
81ms XHR
application/json 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=xfad&tv=01_247&st=int

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_247.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

247a6cae1d933da70e41c2c30fc19cd80c7581054c35127be767eceba0a58d41

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 14:30:01 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 5846
x-xss-protection: 0

GET
H2 200 webfont.js Show response
ajax.googleapis.com/ajax/libs/webfont/1/ Frame 7C94 13 KB
5 KB 89ms
45ms Script
text/javascript 2a00:1450:4001:810::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ajax.googleapis.com/ajax/libs/webfont/1/webfont.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/9548364509937149214/1676550659977.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

81016ac6be850b72df5d4faa0c3cec8e2c1b0ba0045712144a6766adfad40bee

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Tue, 14 Mar 2023 13:32:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 176238
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 5437
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
vary: Accept-Encoding
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 13 Mar 2024 13:32:43 GMT

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame 7C94 7 KB
6 KB 90ms
82ms XHR
application/json 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=xfad&tv=01_247&st=int

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_247.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

371ed7a0ec633fcd22cb71e59f7061adaa1512b2434945581e1da7d5fe3f016b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 14:30:01 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 5693
x-xss-protection: 0

GET
H2 200 webfont.js Show response
ajax.googleapis.com/ajax/libs/webfont/1/ Frame 3D31 13 KB
5 KB 96ms
56ms Script
text/javascript 2a00:1450:4001:810::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ajax.googleapis.com/ajax/libs/webfont/1/webfont.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/9548364509937149214/1676550659977.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

81016ac6be850b72df5d4faa0c3cec8e2c1b0ba0045712144a6766adfad40bee

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Tue, 14 Mar 2023 13:32:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 176238
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 5437
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
vary: Accept-Encoding
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 13 Mar 2024 13:32:43 GMT

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame 3D31 7 KB
6 KB 87ms
83ms XHR
application/json 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=xfad&tv=01_247&st=int

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_247.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

093f41bafd520a357a4b6673c9215b9f52340df98147f6c23973d9765a22fd05

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 14:30:01 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 5667
x-xss-protection: 0

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame D591 7 KB
6 KB 95ms
92ms XHR
application/json 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=xfad&tv=01_247&st=int

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_247.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d3f2192d267d411aafddfd9cf79da96538c5d9d9afd8a38c4fbf8d759050409a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 14:30:01 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 5725
x-xss-protection: 0

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame 1EBD 7 KB
6 KB 109ms
108ms XHR
application/json 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=xfad&tv=01_247&st=int

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_247.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e5cac75ad868a7eccd334bd3bb77f01912a9eb6994f360f74ca4840901c8682c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 14:30:01 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 5744
x-xss-protection: 0

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame 3007 17 KB
6 KB 51ms
50ms Script
text/javascript 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_247.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 14:30:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Thu, 16 Mar 2023 14:30:01 GMT

GET
H3 200 skyblue.png_1650378740125_skyblue.png
s0.2mdn.net/dynamic/2/10951441/cdn.ad-lib.io/v3/partners/6048f7a4c18e4a000660a2ca/assets/singleFiles/6193d4acf923678c6222aa94/original/ Frame 3007 2 KB
2 KB 49ms
47ms Image
image/png 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/dynamic/2/10951441/cdn.ad-lib.io/v3/partners/6048f7a4c18e4a000660a2ca/assets/singleFiles/6193d4acf923678c6222aa94/original/skyblue.png_1650378740125_skyblue.png

Requested by

Host: orangesport.ro
URL: https://orangesport.ro/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

802a0ac9c835c0add64067c222d71b52bff0f5cfaafe4b673b1875a68ffaabb4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/16046623051478990848/300x250-Live_Happy/index.html?e=69&leftOffset=0&topOffset=0&c=Av8zpsw209&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 09:02:56 GMT
x-content-type-options: nosniff
age: 19625
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-programmable
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2050
x-xss-protection: 0
last-modified: Tue, 19 Apr 2022 14:32:24 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-programmable"
report-to: {"group":"ads-programmable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-programmable"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 15 Mar 2024 09:02:56 GMT

GET
H3 200 Pool-Boy_NoSmile_Ret_72dpi_290_37_0.78.jpeg_1652778014080_Pool-Boy_NoSmile_Ret_72dpi_290_37_0.78.jpeg
s0.2mdn.net/dynamic/2/10951441/cdn.ad-lib.io/v3/partners/6048f7a4c18e4a000660a2ca/assets/singleFiles/627516dad8cd7ef2f7d5875e/original/ Frame 3007 25 KB
25 KB 50ms
47ms Image
image/jpeg 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/dynamic/2/10951441/cdn.ad-lib.io/v3/partners/6048f7a4c18e4a000660a2ca/assets/singleFiles/627516dad8cd7ef2f7d5875e/original/Pool-Boy_NoSmile_Ret_72dpi_290_37_0.78.jpeg_1652778014080_Pool-Boy_NoSmile_Ret_72dpi_290_37_0.78.jpeg

Requested by

Host: orangesport.ro
URL: https://orangesport.ro/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d8295848601a45fc6ff78a90ac4d35396851ea4411b76a06feeb357ec99a37bc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/16046623051478990848/300x250-Live_Happy/index.html?e=69&leftOffset=0&topOffset=0&c=Av8zpsw209&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 08:04:48 GMT
x-content-type-options: nosniff
age: 23113
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-programmable
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 25127
x-xss-protection: 0
last-modified: Tue, 17 May 2022 09:00:18 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-programmable"
report-to: {"group":"ads-programmable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-programmable"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 15 Mar 2024 08:04:48 GMT

GET
H3 200 gradient.png_1650378740125_gradient.png
s0.2mdn.net/dynamic/2/10951441/cdn.ad-lib.io/v3/partners/6048f7a4c18e4a000660a2ca/assets/singleFiles/6193d3c7f923674455229a97/original/ Frame 3007 2 KB
2 KB 50ms
48ms Image
image/png 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/dynamic/2/10951441/cdn.ad-lib.io/v3/partners/6048f7a4c18e4a000660a2ca/assets/singleFiles/6193d3c7f923674455229a97/original/gradient.png_1650378740125_gradient.png

Requested by

Host: orangesport.ro
URL: https://orangesport.ro/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

64ab062a2a4d62d22170dd14c4a3a566632d1ebf476ab80d27c7c81901209e36

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/16046623051478990848/300x250-Live_Happy/index.html?e=69&leftOffset=0&topOffset=0&c=Av8zpsw209&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Wed, 15 Mar 2023 12:48:29 GMT
x-content-type-options: nosniff
age: 92492
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-programmable
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2035
x-xss-protection: 0
last-modified: Tue, 19 Apr 2022 14:32:25 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-programmable"
report-to: {"group":"ads-programmable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-programmable"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 14 Mar 2024 12:48:29 GMT

GET
H3 200 baseGradient.png_1650378740125_baseGradient.png
s0.2mdn.net/dynamic/2/10951441/cdn.ad-lib.io/v3/partners/6048f7a4c18e4a000660a2ca/assets/singleFiles/6193d498f923672aa622aa07/original/ Frame 3007 3 KB
3 KB 50ms
48ms Image
image/png 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/dynamic/2/10951441/cdn.ad-lib.io/v3/partners/6048f7a4c18e4a000660a2ca/assets/singleFiles/6193d498f923672aa622aa07/original/baseGradient.png_1650378740125_baseGradient.png

Requested by

Host: orangesport.ro
URL: https://orangesport.ro/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0e16d841b1486b5bd9c69a543084e0f558463ad9bd7ffd8791301367f8a849a6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/16046623051478990848/300x250-Live_Happy/index.html?e=69&leftOffset=0&topOffset=0&c=Av8zpsw209&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 08:04:48 GMT
x-content-type-options: nosniff
age: 23113
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-programmable
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 3232
x-xss-protection: 0
last-modified: Tue, 19 Apr 2022 14:32:24 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-programmable"
report-to: {"group":"ads-programmable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-programmable"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 15 Mar 2024 08:04:48 GMT

GET
H3 200 blank.png_1650378740125_blank.png
s0.2mdn.net/dynamic/2/10951441/cdn.ad-lib.io/v3/partners/6048f7a4c18e4a000660a2ca/assets/singleFiles/6113a5288a7ab49328617a1f/original/ Frame 3007 91 B
120 B 49ms
47ms Image
image/png 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/dynamic/2/10951441/cdn.ad-lib.io/v3/partners/6048f7a4c18e4a000660a2ca/assets/singleFiles/6113a5288a7ab49328617a1f/original/blank.png_1650378740125_blank.png

Requested by

Host: orangesport.ro
URL: https://orangesport.ro/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4df4f831ed5cdb639c42779819720daea3b9850e12cafe851ea4b242ccaa166e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/16046623051478990848/300x250-Live_Happy/index.html?e=69&leftOffset=0&topOffset=0&c=Av8zpsw209&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 06:00:07 GMT
x-content-type-options: nosniff
age: 30594
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-programmable
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 91
x-xss-protection: 0
last-modified: Tue, 19 Apr 2022 14:32:26 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-programmable"
report-to: {"group":"ads-programmable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-programmable"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 15 Mar 2024 06:00:07 GMT

GET
H3 200 icon1.png_1650378740125_icon1.png
s0.2mdn.net/dynamic/2/10951441/cdn.ad-lib.io/v2/partners/6048f7a4c18e4a000660a2ca/assets/concepts/6140774920f9cf1c3253f6d9/templates/6169b2fafb3919768fcc6857/content/ Frame 3007 7 KB
7 KB 66ms
63ms Image
image/png 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/dynamic/2/10951441/cdn.ad-lib.io/v2/partners/6048f7a4c18e4a000660a2ca/assets/concepts/6140774920f9cf1c3253f6d9/templates/6169b2fafb3919768fcc6857/content/icon1.png_1650378740125_icon1.png

Requested by

Host: orangesport.ro
URL: https://orangesport.ro/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1aada9922d43e2107b82a139dff7179ed9dddb86da040ec3e5e98e0f57e420d3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/16046623051478990848/300x250-Live_Happy/index.html?e=69&leftOffset=0&topOffset=0&c=Av8zpsw209&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Fri, 10 Mar 2023 14:32:47 GMT
x-content-type-options: nosniff
age: 518234
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-programmable
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 7071
x-xss-protection: 0
last-modified: Tue, 19 Apr 2022 14:32:27 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-programmable"
report-to: {"group":"ads-programmable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-programmable"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sat, 09 Mar 2024 14:32:47 GMT

GET
H3 200 icon2.png_1650378740125_icon2.png
s0.2mdn.net/dynamic/2/10951441/cdn.ad-lib.io/v2/partners/6048f7a4c18e4a000660a2ca/assets/concepts/6140774920f9cf1c3253f6d9/templates/6169b2fafb3919768fcc6857/content/ Frame 3007 6 KB
6 KB 67ms
64ms Image
image/png 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

Requested by

Host: orangesport.ro
URL: https://orangesport.ro/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

829faafbb39055b06c83f4b6b208d52dc50e0119499f827d573888f5846d3a15

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/16046623051478990848/300x250-Live_Happy/index.html?e=69&leftOffset=0&topOffset=0&c=Av8zpsw209&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Fri, 10 Mar 2023 13:48:46 GMT
x-content-type-options: nosniff
age: 520875
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-programmable
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 5901
x-xss-protection: 0
last-modified: Tue, 19 Apr 2022 14:32:22 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-programmable"
report-to: {"group":"ads-programmable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-programmable"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sat, 09 Mar 2024 13:48:46 GMT

GET
H3 200 icon3.png_1650378740125_icon3.png
s0.2mdn.net/dynamic/2/10951441/cdn.ad-lib.io/v2/partners/6048f7a4c18e4a000660a2ca/assets/concepts/6140774920f9cf1c3253f6d9/templates/6169b2fafb3919768fcc6857/content/ Frame 3007 6 KB
6 KB 65ms
62ms Image
image/png 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

Requested by

Host: orangesport.ro
URL: https://orangesport.ro/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0836d2070d6754e9355c30c8b2c34174428c5e78e25b6668aba9d10fb7cd6d78

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/16046623051478990848/300x250-Live_Happy/index.html?e=69&leftOffset=0&topOffset=0&c=Av8zpsw209&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 06:00:33 GMT
x-content-type-options: nosniff
age: 30568
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-programmable
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6126
x-xss-protection: 0
last-modified: Tue, 19 Apr 2022 14:32:24 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-programmable"
report-to: {"group":"ads-programmable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-programmable"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 15 Mar 2024 06:00:33 GMT

GET
H3 200 logo.png_1650378740125_logo.png
s0.2mdn.net/dynamic/2/10951441/cdn.ad-lib.io/v2/partners/6048f7a4c18e4a000660a2ca/assets/concepts/6140774920f9cf1c3253f6d9/templates/6169b2fafb3919768fcc6857/content/ Frame 3007 3 KB
3 KB 67ms
65ms Image
image/png 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

Requested by

Host: orangesport.ro
URL: https://orangesport.ro/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

94ae8e248d081ccb4096fb784379fac2dc61da4bba62eee5d920b5c89a142215

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/16046623051478990848/300x250-Live_Happy/index.html?e=69&leftOffset=0&topOffset=0&c=Av8zpsw209&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Fri, 10 Mar 2023 07:55:03 GMT
x-content-type-options: nosniff
age: 542098
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-programmable
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 3423
x-xss-protection: 0
last-modified: Tue, 19 Apr 2022 14:32:27 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-programmable"
report-to: {"group":"ads-programmable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-programmable"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sat, 09 Mar 2024 07:55:03 GMT

GET
H3 200 logo2.png_1650378740125_logo2.png
s0.2mdn.net/dynamic/2/10951441/cdn.ad-lib.io/v2/partners/6048f7a4c18e4a000660a2ca/assets/concepts/6140774920f9cf1c3253f6d9/templates/6169b2fafb3919768fcc6857/content/ Frame 3007 2 KB
2 KB 66ms
63ms Image
image/png 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

Requested by

Host: orangesport.ro
URL: https://orangesport.ro/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ff6db6c1dd0910b5619dafb5284abf59aa7bb8c6d3d0122c1ba5983cddaaa2a3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/16046623051478990848/300x250-Live_Happy/index.html?e=69&leftOffset=0&topOffset=0&c=Av8zpsw209&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Wed, 15 Mar 2023 08:39:39 GMT
x-content-type-options: nosniff
age: 107422
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-programmable
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1701
x-xss-protection: 0
last-modified: Tue, 19 Apr 2022 14:32:26 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-programmable"
report-to: {"group":"ads-programmable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-programmable"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 14 Mar 2024 08:39:39 GMT

GET
H3 200 blank_-149_-124_1.00.png_1650378740125_blank_-149_-124_1.00.png
s0.2mdn.net/dynamic/2/10951441/cdn.ad-lib.io/v3/partners/6048f7a4c18e4a000660a2ca/assets/singleFiles/61813780cac5bddaebde1d40/original/ Frame 3007 2 KB
2 KB 66ms
63ms Image
image/png 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/dynamic/2/10951441/cdn.ad-lib.io/v3/partners/6048f7a4c18e4a000660a2ca/assets/singleFiles/61813780cac5bddaebde1d40/original/blank_-149_-124_1.00.png_1650378740125_blank_-149_-124_1.00.png

Requested by

Host: orangesport.ro
URL: https://orangesport.ro/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6d38edfdaff5a3e6cfcccd26f9eed468207f91adf8833e2dd28e8660035492ba

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/16046623051478990848/300x250-Live_Happy/index.html?e=69&leftOffset=0&topOffset=0&c=Av8zpsw209&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Fri, 10 Mar 2023 10:56:38 GMT
x-content-type-options: nosniff
age: 531203
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-programmable
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1923
x-xss-protection: 0
last-modified: Tue, 19 Apr 2022 14:32:22 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-programmable"
report-to: {"group":"ads-programmable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-programmable"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sat, 09 Mar 2024 10:56:38 GMT

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame AD53 17 KB
6 KB 52ms
51ms Script
text/javascript 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_247.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 14:30:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Thu, 16 Mar 2023 14:30:01 GMT

GET
H3 200 haezTdMeijvNpzpe-iMvzf0waJjhxHRsaf2aRdVkA3o.js Show response
pagead2.googlesyndication.com/bg/ Frame 3551 36 KB
14 KB 41ms
40ms Script
text/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/haezTdMeijvNpzpe-iMvzf0waJjhxHRsaf2aRdVkA3o.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

85a7b34dd31e8a3bcda73a5efa232fcdfd306898e1c4746c69fd9a45d564037a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Wed, 15 Mar 2023 13:18:39 GMT
content-encoding: br
x-content-type-options: nosniff
age: 90682
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14212
x-xss-protection: 0
last-modified: Mon, 06 Mar 2023 11:38:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 14 Mar 2024 13:18:39 GMT

GET
H3 200 haezTdMeijvNpzpe-iMvzf0waJjhxHRsaf2aRdVkA3o.js Show response
pagead2.googlesyndication.com/bg/ Frame D515 36 KB
14 KB 45ms
39ms Script
text/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/haezTdMeijvNpzpe-iMvzf0waJjhxHRsaf2aRdVkA3o.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

85a7b34dd31e8a3bcda73a5efa232fcdfd306898e1c4746c69fd9a45d564037a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Wed, 15 Mar 2023 13:18:39 GMT
content-encoding: br
x-content-type-options: nosniff
age: 90682
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14212
x-xss-protection: 0
last-modified: Mon, 06 Mar 2023 11:38:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 14 Mar 2024 13:18:39 GMT

GET
H3 200 haezTdMeijvNpzpe-iMvzf0waJjhxHRsaf2aRdVkA3o.js Show response
pagead2.googlesyndication.com/bg/ Frame 7D8B 36 KB
14 KB 48ms
42ms Script
text/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/haezTdMeijvNpzpe-iMvzf0waJjhxHRsaf2aRdVkA3o.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

85a7b34dd31e8a3bcda73a5efa232fcdfd306898e1c4746c69fd9a45d564037a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Wed, 15 Mar 2023 13:18:39 GMT
content-encoding: br
x-content-type-options: nosniff
age: 90682
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14212
x-xss-protection: 0
last-modified: Mon, 06 Mar 2023 11:38:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 14 Mar 2024 13:18:39 GMT

GET
H2 200 67ed30cebd17b969e9b1c6c39e6d918e.jpeg
images.revcontent.com/revcontent/image/fetch/f_webp,q_auto:eco,h_90,w_180,c_fill,g_faces:auto/pg_1/https://media.revcontent.com/content/images/ Frame BC55 1 KB
2 KB 165ms
44ms Image
image/webp 151.139.128.10
STACKPATH-CDN

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://images.revcontent.com/revcontent/image/fetch/f_webp,q_auto:eco,h_90,w_180,c_fill,g_faces:auto/pg_1/https://media.revcontent.com/content/images/67ed30cebd17b969e9b1c6c39e6d918e.jpeg

Requested by

Host: orangesport.ro
URL: https://orangesport.ro/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.139.128.10 , United States, ASN20446 (STACKPATH-CDN, US),

Reverse DNS

map3.hwcdn.net

Software

cloudflare /

Resource Hash

ce8764fe6464750c91cc9103fe596a9641663e903cc5e55f99d64a83556f6b41

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://orangesport.ro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 14:30:01 GMT
strict-transport-security: max-age=604800
x-content-type-options: nosniff
content-disposition: inline; filename="67ed30cebd17b969e9b1c6c39e6d918e.webp"
server-timing: cloudflare;dur=612;start=2023-03-11T23:49:04.282Z;desc=miss,rtt;dur=1;cloudinary;dur=106;start=2023-03-11T23:49:04.743Z
content-length: 1146
last-modified: Sat, 11 Mar 2023 23:16:31 GMT
server: cloudflare
etag: "a83151d40366884480f3b1a5f448eba3"
x-hw: 1678977001.cds146.fr8.hn,1678977001.cds258.fr8.c
content-type: image/webp
access-control-allow-origin: *
access-control-expose-headers: Content-Length,Content-Disposition,ETag,Server-Timing,Vary,x-content-type-options
cache-control: public, no-transform, immutable, max-age=604800
accept-ranges: bytes
cf-ray: 7a67b11db9615c9e-FRA
timing-allow-origin: *

POST
H/1.1 204
No Content impression
trends.revcontent.com/event/ Frame BC55 0
0 289ms
125ms Fetch 99.81.25.188
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://trends.revcontent.com/event/impression

Requested by

Host: assets.revcontent.com
URL: https://assets.revcontent.com/master/delivery.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

99.81.25.188 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-99-81-25-188.eu-west-1.compute.amazonaws.com

Software

openresty /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=931536000; includeSubDomains

Request headers

Referer: https://orangesport.ro/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8

Response headers

X-RC-Region: eu-west-1c
Date: Thu, 16 Mar 2023 14:30:01 GMT
Strict-Transport-Security: max-age=931536000; includeSubDomains
Server: openresty
vary: Origin
access-control-allow-origin: https://orangesport.ro
access-control-allow-credentials: true
Connection: keep-alive

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame D591 17 KB
6 KB 53ms
53ms Script
text/javascript 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_247.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 14:30:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Thu, 16 Mar 2023 14:30:01 GMT

GET
H3 200 skyblue.png_1650378740125_skyblue.png
s0.2mdn.net/dynamic/2/10951441/cdn.ad-lib.io/v3/partners/6048f7a4c18e4a000660a2ca/assets/singleFiles/6193d4acf923678c6222aa94/original/ Frame D591 2 KB
2 KB 40ms
39ms Image
image/png 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/dynamic/2/10951441/cdn.ad-lib.io/v3/partners/6048f7a4c18e4a000660a2ca/assets/singleFiles/6193d4acf923678c6222aa94/original/skyblue.png_1650378740125_skyblue.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/16046623051478990848/300x250-Live_Happy/adlibUtils-v3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

802a0ac9c835c0add64067c222d71b52bff0f5cfaafe4b673b1875a68ffaabb4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/16046623051478990848/300x250-Live_Happy/index.html?e=69&leftOffset=0&topOffset=0&c=SJsGLb7TbI&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 09:02:56 GMT
x-content-type-options: nosniff
age: 19625
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-programmable
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2050
x-xss-protection: 0
last-modified: Tue, 19 Apr 2022 14:32:24 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-programmable"
report-to: {"group":"ads-programmable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-programmable"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 15 Mar 2024 09:02:56 GMT

GET
H3 200 Pool-Boy_NoSmile_Ret_72dpi_290_37_0.78.jpeg_1652778014080_Pool-Boy_NoSmile_Ret_72dpi_290_37_0.78.jpeg
s0.2mdn.net/dynamic/2/10951441/cdn.ad-lib.io/v3/partners/6048f7a4c18e4a000660a2ca/assets/singleFiles/627516dad8cd7ef2f7d5875e/original/ Frame D591 25 KB
25 KB 41ms
40ms Image
image/jpeg 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/16046623051478990848/300x250-Live_Happy/adlibUtils-v3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d8295848601a45fc6ff78a90ac4d35396851ea4411b76a06feeb357ec99a37bc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/16046623051478990848/300x250-Live_Happy/index.html?e=69&leftOffset=0&topOffset=0&c=SJsGLb7TbI&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 08:04:48 GMT
x-content-type-options: nosniff
age: 23113
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-programmable
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 25127
x-xss-protection: 0
last-modified: Tue, 17 May 2022 09:00:18 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-programmable"
report-to: {"group":"ads-programmable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-programmable"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 15 Mar 2024 08:04:48 GMT

GET
H3 200 gradient.png_1650378740125_gradient.png
s0.2mdn.net/dynamic/2/10951441/cdn.ad-lib.io/v3/partners/6048f7a4c18e4a000660a2ca/assets/singleFiles/6193d3c7f923674455229a97/original/ Frame D591 2 KB
2 KB 42ms
40ms Image
image/png 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/dynamic/2/10951441/cdn.ad-lib.io/v3/partners/6048f7a4c18e4a000660a2ca/assets/singleFiles/6193d3c7f923674455229a97/original/gradient.png_1650378740125_gradient.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/16046623051478990848/300x250-Live_Happy/adlibUtils-v3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

64ab062a2a4d62d22170dd14c4a3a566632d1ebf476ab80d27c7c81901209e36

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/16046623051478990848/300x250-Live_Happy/index.html?e=69&leftOffset=0&topOffset=0&c=SJsGLb7TbI&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Wed, 15 Mar 2023 12:48:29 GMT
x-content-type-options: nosniff
age: 92492
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-programmable
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2035
x-xss-protection: 0
last-modified: Tue, 19 Apr 2022 14:32:25 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-programmable"
report-to: {"group":"ads-programmable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-programmable"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 14 Mar 2024 12:48:29 GMT

GET
H3 200 baseGradient.png_1650378740125_baseGradient.png
s0.2mdn.net/dynamic/2/10951441/cdn.ad-lib.io/v3/partners/6048f7a4c18e4a000660a2ca/assets/singleFiles/6193d498f923672aa622aa07/original/ Frame D591 3 KB
3 KB 43ms
41ms Image
image/png 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/dynamic/2/10951441/cdn.ad-lib.io/v3/partners/6048f7a4c18e4a000660a2ca/assets/singleFiles/6193d498f923672aa622aa07/original/baseGradient.png_1650378740125_baseGradient.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/16046623051478990848/300x250-Live_Happy/adlibUtils-v3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0e16d841b1486b5bd9c69a543084e0f558463ad9bd7ffd8791301367f8a849a6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/16046623051478990848/300x250-Live_Happy/index.html?e=69&leftOffset=0&topOffset=0&c=SJsGLb7TbI&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 08:04:48 GMT
x-content-type-options: nosniff
age: 23113
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-programmable
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 3232
x-xss-protection: 0
last-modified: Tue, 19 Apr 2022 14:32:24 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-programmable"
report-to: {"group":"ads-programmable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-programmable"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 15 Mar 2024 08:04:48 GMT

GET
H3 200 blank.png_1650378740125_blank.png
s0.2mdn.net/dynamic/2/10951441/cdn.ad-lib.io/v3/partners/6048f7a4c18e4a000660a2ca/assets/singleFiles/6113a5288a7ab49328617a1f/original/ Frame D591 91 B
120 B 43ms
41ms Image
image/png 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/dynamic/2/10951441/cdn.ad-lib.io/v3/partners/6048f7a4c18e4a000660a2ca/assets/singleFiles/6113a5288a7ab49328617a1f/original/blank.png_1650378740125_blank.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/16046623051478990848/300x250-Live_Happy/adlibUtils-v3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4df4f831ed5cdb639c42779819720daea3b9850e12cafe851ea4b242ccaa166e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/16046623051478990848/300x250-Live_Happy/index.html?e=69&leftOffset=0&topOffset=0&c=SJsGLb7TbI&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 06:00:07 GMT
x-content-type-options: nosniff
age: 30594
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-programmable
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 91
x-xss-protection: 0
last-modified: Tue, 19 Apr 2022 14:32:26 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-programmable"
report-to: {"group":"ads-programmable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-programmable"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 15 Mar 2024 06:00:07 GMT

GET
H3 200 icon1.png_1650378740125_icon1.png
s0.2mdn.net/dynamic/2/10951441/cdn.ad-lib.io/v2/partners/6048f7a4c18e4a000660a2ca/assets/concepts/6140774920f9cf1c3253f6d9/templates/6169b2fafb3919768fcc6857/content/ Frame D591 7 KB
7 KB 50ms
40ms Image
image/png 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/16046623051478990848/300x250-Live_Happy/adlibUtils-v3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1aada9922d43e2107b82a139dff7179ed9dddb86da040ec3e5e98e0f57e420d3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/16046623051478990848/300x250-Live_Happy/index.html?e=69&leftOffset=0&topOffset=0&c=SJsGLb7TbI&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Fri, 10 Mar 2023 14:32:47 GMT
x-content-type-options: nosniff
age: 518234
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-programmable
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 7071
x-xss-protection: 0
last-modified: Tue, 19 Apr 2022 14:32:27 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-programmable"
report-to: {"group":"ads-programmable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-programmable"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sat, 09 Mar 2024 14:32:47 GMT

GET
H3 200 icon2.png_1650378740125_icon2.png
s0.2mdn.net/dynamic/2/10951441/cdn.ad-lib.io/v2/partners/6048f7a4c18e4a000660a2ca/assets/concepts/6140774920f9cf1c3253f6d9/templates/6169b2fafb3919768fcc6857/content/ Frame D591 6 KB
6 KB 51ms
41ms Image
image/png 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/16046623051478990848/300x250-Live_Happy/adlibUtils-v3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

829faafbb39055b06c83f4b6b208d52dc50e0119499f827d573888f5846d3a15

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/16046623051478990848/300x250-Live_Happy/index.html?e=69&leftOffset=0&topOffset=0&c=SJsGLb7TbI&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Fri, 10 Mar 2023 13:48:46 GMT
x-content-type-options: nosniff
age: 520875
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-programmable
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 5901
x-xss-protection: 0
last-modified: Tue, 19 Apr 2022 14:32:22 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-programmable"
report-to: {"group":"ads-programmable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-programmable"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sat, 09 Mar 2024 13:48:46 GMT

GET
H3 200 icon3.png_1650378740125_icon3.png
s0.2mdn.net/dynamic/2/10951441/cdn.ad-lib.io/v2/partners/6048f7a4c18e4a000660a2ca/assets/concepts/6140774920f9cf1c3253f6d9/templates/6169b2fafb3919768fcc6857/content/ Frame D591 6 KB
6 KB 54ms
39ms Image
image/png 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/16046623051478990848/300x250-Live_Happy/adlibUtils-v3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0836d2070d6754e9355c30c8b2c34174428c5e78e25b6668aba9d10fb7cd6d78

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/16046623051478990848/300x250-Live_Happy/index.html?e=69&leftOffset=0&topOffset=0&c=SJsGLb7TbI&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 06:00:33 GMT
x-content-type-options: nosniff
age: 30568
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-programmable
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6126
x-xss-protection: 0
last-modified: Tue, 19 Apr 2022 14:32:24 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-programmable"
report-to: {"group":"ads-programmable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-programmable"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 15 Mar 2024 06:00:33 GMT

GET
H3 200 logo.png_1650378740125_logo.png
s0.2mdn.net/dynamic/2/10951441/cdn.ad-lib.io/v2/partners/6048f7a4c18e4a000660a2ca/assets/concepts/6140774920f9cf1c3253f6d9/templates/6169b2fafb3919768fcc6857/content/ Frame D591 3 KB
3 KB 56ms
41ms Image
image/png 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/16046623051478990848/300x250-Live_Happy/adlibUtils-v3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

94ae8e248d081ccb4096fb784379fac2dc61da4bba62eee5d920b5c89a142215

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/16046623051478990848/300x250-Live_Happy/index.html?e=69&leftOffset=0&topOffset=0&c=SJsGLb7TbI&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Fri, 10 Mar 2023 07:55:03 GMT
x-content-type-options: nosniff
age: 542098
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-programmable
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 3423
x-xss-protection: 0
last-modified: Tue, 19 Apr 2022 14:32:27 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-programmable"
report-to: {"group":"ads-programmable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-programmable"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sat, 09 Mar 2024 07:55:03 GMT

GET
H3 200 logo2.png_1650378740125_logo2.png
s0.2mdn.net/dynamic/2/10951441/cdn.ad-lib.io/v2/partners/6048f7a4c18e4a000660a2ca/assets/concepts/6140774920f9cf1c3253f6d9/templates/6169b2fafb3919768fcc6857/content/ Frame D591 2 KB
2 KB 58ms
42ms Image
image/png 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/16046623051478990848/300x250-Live_Happy/adlibUtils-v3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ff6db6c1dd0910b5619dafb5284abf59aa7bb8c6d3d0122c1ba5983cddaaa2a3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/16046623051478990848/300x250-Live_Happy/index.html?e=69&leftOffset=0&topOffset=0&c=SJsGLb7TbI&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Wed, 15 Mar 2023 08:39:39 GMT
x-content-type-options: nosniff
age: 107422
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-programmable
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1701
x-xss-protection: 0
last-modified: Tue, 19 Apr 2022 14:32:26 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-programmable"
report-to: {"group":"ads-programmable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-programmable"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 14 Mar 2024 08:39:39 GMT

GET
H3 200 blank_-149_-124_1.00.png_1650378740125_blank_-149_-124_1.00.png
s0.2mdn.net/dynamic/2/10951441/cdn.ad-lib.io/v3/partners/6048f7a4c18e4a000660a2ca/assets/singleFiles/61813780cac5bddaebde1d40/original/ Frame D591 2 KB
2 KB 58ms
43ms Image
image/png 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/16046623051478990848/300x250-Live_Happy/adlibUtils-v3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6d38edfdaff5a3e6cfcccd26f9eed468207f91adf8833e2dd28e8660035492ba

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/16046623051478990848/300x250-Live_Happy/index.html?e=69&leftOffset=0&topOffset=0&c=SJsGLb7TbI&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Fri, 10 Mar 2023 10:56:38 GMT
x-content-type-options: nosniff
age: 531203
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-programmable
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1923
x-xss-protection: 0
last-modified: Tue, 19 Apr 2022 14:32:22 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-programmable"
report-to: {"group":"ads-programmable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-programmable"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sat, 09 Mar 2024 10:56:38 GMT

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame 1EBD 17 KB
6 KB 64ms
52ms Script
text/javascript 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_247.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 14:30:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Thu, 16 Mar 2023 14:30:01 GMT

GET
H3 200 blank.png_1650378740125_blank.png
s0.2mdn.net/dynamic/2/10951441/cdn.ad-lib.io/v3/partners/6048f7a4c18e4a000660a2ca/assets/singleFiles/6113a5288a7ab49328617a1f/original/ Frame 1EBD 91 B
120 B 52ms
40ms Image
image/png 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/dynamic/2/10951441/cdn.ad-lib.io/v3/partners/6048f7a4c18e4a000660a2ca/assets/singleFiles/6113a5288a7ab49328617a1f/original/blank.png_1650378740125_blank.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/5949325981360586752/728x90-Live_Happy/adlibUtils-v3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4df4f831ed5cdb639c42779819720daea3b9850e12cafe851ea4b242ccaa166e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/5949325981360586752/728x90-Live_Happy/index.html?e=69&leftOffset=0&topOffset=0&c=lPCkWJ52pY&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 06:00:07 GMT
x-content-type-options: nosniff
age: 30594
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-programmable
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 91
x-xss-protection: 0
last-modified: Tue, 19 Apr 2022 14:32:26 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-programmable"
report-to: {"group":"ads-programmable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-programmable"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 15 Mar 2024 06:00:07 GMT

GET
H3 200 skyblue.png_1650378740125_skyblue.png
s0.2mdn.net/dynamic/2/10951441/cdn.ad-lib.io/v3/partners/6048f7a4c18e4a000660a2ca/assets/singleFiles/6193d69cf9236724d422baf3/original/ Frame 1EBD 359 B
391 B 60ms
49ms Image
image/png 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/dynamic/2/10951441/cdn.ad-lib.io/v3/partners/6048f7a4c18e4a000660a2ca/assets/singleFiles/6193d69cf9236724d422baf3/original/skyblue.png_1650378740125_skyblue.png

Requested by

Host: orangesport.ro
URL: https://orangesport.ro/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f70e21f986e952c4c99ddbb0226df11b3de722b1050153a767451b5c3239d27a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/5949325981360586752/728x90-Live_Happy/index.html?e=69&leftOffset=0&topOffset=0&c=lPCkWJ52pY&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Wed, 15 Mar 2023 08:47:01 GMT
x-content-type-options: nosniff
age: 106980
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-programmable
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 359
x-xss-protection: 0
last-modified: Tue, 19 Apr 2022 14:32:25 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-programmable"
report-to: {"group":"ads-programmable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-programmable"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 14 Mar 2024 08:47:01 GMT

GET
H3 200 Pool-Boy_NoSmile_Ret_72dpi_32_468_1.62.jpeg_1652778014080_Pool-Boy_NoSmile_Ret_72dpi_32_468_1.62.jpeg
s0.2mdn.net/dynamic/2/10951441/cdn.ad-lib.io/v3/partners/6048f7a4c18e4a000660a2ca/assets/singleFiles/62751761d8cd7e6485d590e4/original/ Frame 1EBD 17 KB
17 KB 54ms
43ms Image
image/jpeg 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/dynamic/2/10951441/cdn.ad-lib.io/v3/partners/6048f7a4c18e4a000660a2ca/assets/singleFiles/62751761d8cd7e6485d590e4/original/Pool-Boy_NoSmile_Ret_72dpi_32_468_1.62.jpeg_1652778014080_Pool-Boy_NoSmile_Ret_72dpi_32_468_1.62.jpeg

Requested by

Host: orangesport.ro
URL: https://orangesport.ro/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

854519d07d155c90609264652626944b998fdf68a153e9a5b8c44173d401329e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/5949325981360586752/728x90-Live_Happy/index.html?e=69&leftOffset=0&topOffset=0&c=lPCkWJ52pY&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 06:00:26 GMT
x-content-type-options: nosniff
age: 30575
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-programmable
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 17679
x-xss-protection: 0
last-modified: Tue, 17 May 2022 09:00:20 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-programmable"
report-to: {"group":"ads-programmable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-programmable"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 15 Mar 2024 06:00:26 GMT

GET
H3 200 vector.png_1650378740125_vector.png
s0.2mdn.net/dynamic/2/10951441/cdn.ad-lib.io/v3/partners/6048f7a4c18e4a000660a2ca/assets/singleFiles/6193d621f92367dc9122b2bb/original/ Frame 1EBD 1 KB
1 KB 59ms
47ms Image
image/png 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/dynamic/2/10951441/cdn.ad-lib.io/v3/partners/6048f7a4c18e4a000660a2ca/assets/singleFiles/6193d621f92367dc9122b2bb/original/vector.png_1650378740125_vector.png

Requested by

Host: orangesport.ro
URL: https://orangesport.ro/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

78d707e764332efe4a8d928a8726b495449073194bf4b9ca22856f08d5cafb8e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/5949325981360586752/728x90-Live_Happy/index.html?e=69&leftOffset=0&topOffset=0&c=lPCkWJ52pY&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Tue, 14 Mar 2023 16:50:03 GMT
x-content-type-options: nosniff
age: 164398
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-programmable
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1472
x-xss-protection: 0
last-modified: Tue, 19 Apr 2022 14:32:27 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-programmable"
report-to: {"group":"ads-programmable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-programmable"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 13 Mar 2024 16:50:03 GMT

GET
H3 200 gradient.png_1650378740125_gradient.png
s0.2mdn.net/dynamic/2/10951441/cdn.ad-lib.io/v3/partners/6048f7a4c18e4a000660a2ca/assets/singleFiles/6193d64af92367802122b412/original/ Frame 1EBD 3 KB
3 KB 60ms
48ms Image
image/png 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/dynamic/2/10951441/cdn.ad-lib.io/v3/partners/6048f7a4c18e4a000660a2ca/assets/singleFiles/6193d64af92367802122b412/original/gradient.png_1650378740125_gradient.png

Requested by

Host: orangesport.ro
URL: https://orangesport.ro/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6f039a988d1611052fd690332adcf2199c47eebcc77fe9926a084a2e316216d6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/5949325981360586752/728x90-Live_Happy/index.html?e=69&leftOffset=0&topOffset=0&c=lPCkWJ52pY&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Wed, 15 Mar 2023 08:49:58 GMT
x-content-type-options: nosniff
age: 106803
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-programmable
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 3076
x-xss-protection: 0
last-modified: Tue, 19 Apr 2022 14:32:26 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-programmable"
report-to: {"group":"ads-programmable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-programmable"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 14 Mar 2024 08:49:58 GMT

GET
H3 200 icon1.png_1650378740125_icon1.png
s0.2mdn.net/dynamic/2/10951441/cdn.ad-lib.io/v2/partners/6048f7a4c18e4a000660a2ca/assets/concepts/6140774920f9cf1c3253f6d9/templates/6169b31afb39191271cc6da4/content/ Frame 1EBD 7 KB
7 KB 58ms
47ms Image
image/png 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/dynamic/2/10951441/cdn.ad-lib.io/v2/partners/6048f7a4c18e4a000660a2ca/assets/concepts/6140774920f9cf1c3253f6d9/templates/6169b31afb39191271cc6da4/content/icon1.png_1650378740125_icon1.png

Requested by

Host: orangesport.ro
URL: https://orangesport.ro/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1aada9922d43e2107b82a139dff7179ed9dddb86da040ec3e5e98e0f57e420d3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/5949325981360586752/728x90-Live_Happy/index.html?e=69&leftOffset=0&topOffset=0&c=lPCkWJ52pY&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 09 Mar 2023 15:08:51 GMT
x-content-type-options: nosniff
age: 602470
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-programmable
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 7071
x-xss-protection: 0
last-modified: Tue, 19 Apr 2022 14:32:26 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-programmable"
report-to: {"group":"ads-programmable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-programmable"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 08 Mar 2024 15:08:51 GMT

GET
H3 200 icon2.png_1650378740125_icon2.png
s0.2mdn.net/dynamic/2/10951441/cdn.ad-lib.io/v2/partners/6048f7a4c18e4a000660a2ca/assets/concepts/6140774920f9cf1c3253f6d9/templates/6169b31afb39191271cc6da4/content/ Frame 1EBD 6 KB
6 KB 56ms
45ms Image
image/png 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

Requested by

Host: orangesport.ro
URL: https://orangesport.ro/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

829faafbb39055b06c83f4b6b208d52dc50e0119499f827d573888f5846d3a15

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/5949325981360586752/728x90-Live_Happy/index.html?e=69&leftOffset=0&topOffset=0&c=lPCkWJ52pY&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Fri, 10 Mar 2023 06:00:16 GMT
x-content-type-options: nosniff
age: 548985
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-programmable
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 5901
x-xss-protection: 0
last-modified: Tue, 19 Apr 2022 14:32:27 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-programmable"
report-to: {"group":"ads-programmable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-programmable"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sat, 09 Mar 2024 06:00:16 GMT

GET
H3 200 icon3.png_1650378740125_icon3.png
s0.2mdn.net/dynamic/2/10951441/cdn.ad-lib.io/v2/partners/6048f7a4c18e4a000660a2ca/assets/concepts/6140774920f9cf1c3253f6d9/templates/6169b31afb39191271cc6da4/content/ Frame 1EBD 6 KB
6 KB 57ms
46ms Image
image/png 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

Requested by

Host: orangesport.ro
URL: https://orangesport.ro/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0836d2070d6754e9355c30c8b2c34174428c5e78e25b6668aba9d10fb7cd6d78

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/5949325981360586752/728x90-Live_Happy/index.html?e=69&leftOffset=0&topOffset=0&c=lPCkWJ52pY&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Fri, 10 Mar 2023 06:00:16 GMT
x-content-type-options: nosniff
age: 548985
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-programmable
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6126
x-xss-protection: 0
last-modified: Tue, 19 Apr 2022 14:32:25 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-programmable"
report-to: {"group":"ads-programmable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-programmable"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sat, 09 Mar 2024 06:00:16 GMT

GET
H3 200 logo.png_1650378740125_logo.png
s0.2mdn.net/dynamic/2/10951441/cdn.ad-lib.io/v2/partners/6048f7a4c18e4a000660a2ca/assets/concepts/6140774920f9cf1c3253f6d9/templates/6169b31afb39191271cc6da4/content/ Frame 1EBD 3 KB
3 KB 60ms
49ms Image
image/png 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

Requested by

Host: orangesport.ro
URL: https://orangesport.ro/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

94ae8e248d081ccb4096fb784379fac2dc61da4bba62eee5d920b5c89a142215

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/5949325981360586752/728x90-Live_Happy/index.html?e=69&leftOffset=0&topOffset=0&c=lPCkWJ52pY&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 09 Mar 2023 16:31:33 GMT
x-content-type-options: nosniff
age: 597508
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-programmable
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 3423
x-xss-protection: 0
last-modified: Tue, 19 Apr 2022 14:32:23 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-programmable"
report-to: {"group":"ads-programmable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-programmable"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 08 Mar 2024 16:31:33 GMT

GET
H3 200 logo2.png_1650378740125_logo2.png
s0.2mdn.net/dynamic/2/10951441/cdn.ad-lib.io/v2/partners/6048f7a4c18e4a000660a2ca/assets/concepts/6140774920f9cf1c3253f6d9/templates/6169b31afb39191271cc6da4/content/ Frame 1EBD 2 KB
2 KB 60ms
48ms Image
image/png 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

Requested by

Host: orangesport.ro
URL: https://orangesport.ro/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ff6db6c1dd0910b5619dafb5284abf59aa7bb8c6d3d0122c1ba5983cddaaa2a3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/5949325981360586752/728x90-Live_Happy/index.html?e=69&leftOffset=0&topOffset=0&c=lPCkWJ52pY&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 11:17:38 GMT
x-content-type-options: nosniff
age: 11543
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-programmable
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1701
x-xss-protection: 0
last-modified: Tue, 19 Apr 2022 14:32:27 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-programmable"
report-to: {"group":"ads-programmable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-programmable"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 15 Mar 2024 11:17:38 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 5C64 42 B
64 B 81ms
81ms Fetch
image/gif 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsv93WjhFPCevDsYO3DPJAC5BTbE-rrDB609EdP08g0WefyXpV3vd-bc4wmstmaAOu6rm4ZchLZNsHQPoB1CHA9KYwRYP0jSGunparlqh3xB6SITHHFHIBuCCmEqfyfSmIuuglaAJg&sai=AMfl-YQLgac3C-jyteXQyYim8T5n7nHsdrRCL6rtX_QC6W3D2JbPkl_y-jeNQDWrWJXcCb_ENVzqCvXhlNFhfViTA1V9FsNi8AmcKsrXz32MAoz3sN-O_tcl1Jt7y7SWyvOA1tXV1MCvuPwRtQ45yA&sig=Cg0ArKJSzPDLal957b1XEAE&cid=CAQSTADUE5ymhglG2dMD-sPmC8mCDI0u5KoE_5q8J5NHkATB1V2Tq2g5sqUdj7zWA0sjZyLAAxs1a9KBqtF1u5TeC8CpxvltVTEEfDPfHUYYAQ&id=lidar2&mcvt=1139&p=582,436,672,1164&mtos=1139,1139,1139,1139,1139&tos=1139,0,0,0,0&v=20230315&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=20&adk=3036626603&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&vs=4&r=v&rst=1678976999330&rpt=1015&isd=0&lsd=0&met=ce&wmsd=0&pbe=0&vae=0&spb=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Mar 2023 14:30:01 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 24F9 43 B
215 B 117ms
117ms Image
image/gif 2600:1f18:1aca:4282:ffb2:25bd:a3d3:4283
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=886862&asId=bcbcff77-5dfa-c486-b694-2a5f9ed0cd33&tv=%7Bc:72dVsX,pingTime:-10,time:1162,type:s,mvn:ZnNjPTEzLHNkPTMsbm89OCxhc3A9MQ--,sd:MTcuNi4ydjEyMDB8fDE2MDB8fDF8fDF8fDI0fHwxMjAwfHwwfHwwfHwxfHxsYW5kc2NhcGUtcHJpbWFyeXx8MjR8fDQvM3x8NC8zfHwwfHwxNjAw,no:MTcuNi4ydk1vemlsbGF8fE5ldHNjYXBlfHxufHxufHwwfHxufHxXaW4zMnx8R2Vja298fDIwMDMwMTA3fHwwfHxNb3ppbGxhLzUuMCAoV2luZG93cyBOVCAxMC4wOyBXaW42NDsgeDY0KSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBDaHJvbWUvMTExLjAuNTU2My42NCBTYWZhcmkvNTM3LjM2fHwxfHwxfHxHb29nbGUgSW5jLnx8bg--,ch:n,fsc:17.6.2v222222220002222202222222222222222222202222222220222202000022000220222222220000222202002222202222222220222222220000020022222200022222220200000222200022220002022022022222202002220222022222022220000220200000022220222220222222222222202222222222222222222222222222222222222200000022022020020000002022202022022022222222000000000020222202022022222000000020000000000000000000020220202220000022200222202220022200200222022202220022220222200202222020002200002222022222202222000002002002222222202220022202200022002220222202,asp:1678977001663%7C%7Ce8cc9329991747ba2d57d603c3603b7f%7C%7C048cfc492222ea08fb0159cb46ab52cc%7C%7C2419541dcaa6b59d4e1f0b5b67168595%7C%7C13ede6a7a56e600056d1aa9e6bc818b2%7C%7Ce08ec9c3f3e802a4cb6f600eaf558839%7C%7C35884d35eef6c70c5ce0cb3f33200098%7C%7C23e81e46e4d3dae5ee87e593651057f3%7C%7C1663701684,im:%7Bpci:%7Btdr:627%7D%7D%7D
Requested by: Host: orangesport.ro
URL: https://orangesport.ro/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:1aca:4282:ffb2:25bd:a3d3:4283 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Mar 2023 14:30:01 GMT
server: nginx
x-server-name: dt24.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 97CB 0
20 B 76ms
76ms Image
image/gif 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BnDe55ycTZMfEMebnx_AP8YyloA4AAAAAOAHgBAI&bg=!1dal1oLNAAZKh9k7aoc7ADkAdvg8WulJvLYIbFhERszNNHfHQqmlcdBW2dVBKU9yXvFcEW7aeEvS-X8NmoKqofD-_POLY0e3NT8CAAACElIAAAACaAEHmQLg7aQz2-268LjqNh2ybVB8PgnUR3v17uelFi0XMcl5JLPEHsY-XWLh6f1wZvRreZvxsYxrp_nY6lA7wcjv0y47KaVwEIMwpaO_HvK6eE5U5DPEO-wwx80NqL1Fw_kMs5vtdPGWYlanpS80SDm6XM5pcsA_OK3uoWXt-wCJ17zkxnHEoFXaDIMEv2tje661MRjHGwq3bnB-nTAs2epyaJ9XZLn6SQqJ6-omekA2xJw6f7x7fYlLO7mA8uzInHyA2FpJQDbREak4GBox8t16bXJZAmYvJKczpc5n28QyQ5ls3F-T7_zp50fWSvL5Cr1DI2OlaTVvb7zdB6oIBYJCsFUzxwnCU0Wme4NA6zwuOTBr3GMNh_DT0E_dvNJ7NoPP6PtY1hNPz2c1Q8peVe151kH7etQthvzNz8OlvSmsN_0avkdzGYzQFHGVLRwoBjMiQH5Fk5VKxFYKo2StSlfNJ2-MIbLSyMlFrEedgt_UttE9EhvQ7jPEOhxWGMLF41rwcCfYxbxH8YBcIi7QuMJGEMv1Fspq9RGG-uL7ym6N1c-_LrK7pSgINC5oo-RIgyXsi1JQ_unW1uFGek6NOdU1lqT1s9wTwVWGJI8FHWPYip_LHqm5KXbtb9toVsu86ARbN7JxdMMlOmJudi8khOFCLYWzevTBVG6xHDhTs7NPw7rUSQWZEsxd1FA2scWmlkAxsVAqaB-6AeH8JwPlEtOAVeNxNN08KaRPNOGnWctQ-hWOkliUA3QqWu3V08LRq-_z2tYKqN8h78aDxM4yaVnHd52ByurXGIKl9lsKu-N0uHwd_O2dDXSghZqEtVT75p_pOl7pLHfm2Ml-nX-Bo6xU1wHB3SKvo9FCUjPZZdLOolWt9ekVQWe5h88mbM-KAnx3G3cdJD_YbC7X5ko3LE30SpyA4Pij6__X5mNHc32cv2PrFJv9Gbua0oSRjIU-cIArePTDWpryXZ1QOU24HEKSlUKemg

Requested by

Host: orangesport.ro
URL: https://orangesport.ro/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Mar 2023 14:30:01 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 haezTdMeijvNpzpe-iMvzf0waJjhxHRsaf2aRdVkA3o.js Show response
pagead2.googlesyndication.com/bg/ Frame D7E9 36 KB
14 KB 42ms
42ms Script
text/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/haezTdMeijvNpzpe-iMvzf0waJjhxHRsaf2aRdVkA3o.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

85a7b34dd31e8a3bcda73a5efa232fcdfd306898e1c4746c69fd9a45d564037a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Wed, 15 Mar 2023 13:18:39 GMT
content-encoding: br
x-content-type-options: nosniff
age: 90682
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14212
x-xss-protection: 0
last-modified: Mon, 06 Mar 2023 11:38:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 14 Mar 2024 13:18:39 GMT

GET
H3 200 haezTdMeijvNpzpe-iMvzf0waJjhxHRsaf2aRdVkA3o.js Show response
pagead2.googlesyndication.com/bg/ Frame 9A88 36 KB
14 KB 39ms
39ms Script
text/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/haezTdMeijvNpzpe-iMvzf0waJjhxHRsaf2aRdVkA3o.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

85a7b34dd31e8a3bcda73a5efa232fcdfd306898e1c4746c69fd9a45d564037a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Wed, 15 Mar 2023 13:18:39 GMT
content-encoding: br
x-content-type-options: nosniff
age: 90682
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14212
x-xss-protection: 0
last-modified: Mon, 06 Mar 2023 11:38:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 14 Mar 2024 13:18:39 GMT

OPTIONS
H/1.1 200
OK page-view
yeet.revcontent.com/yeet/events/ Frame 0
0 85ms
85ms Preflight 52.51.126.33
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://yeet.revcontent.com/yeet/events/page-view
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.51.126.33 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-51-126-33.eu-west-1.compute.amazonaws.com
Software: openresty /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://orangesport.ro
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

Connection: keep-alive
Content-Length: 0
Date: Thu, 16 Mar 2023 14:30:01 GMT
Server: openresty
X-RC-Region: eu-west-1c
access-control-allow-headers: Content-Type
access-control-allow-methods: POST
access-control-allow-origin: *
vary: Origin,Access-Control-Request-Method,Access-Control-Request-Headers

OPTIONS
H/1.1 200
OK widget-loaded
yeet.revcontent.com/yeet/events/ Frame 0
0 167ms
81ms Preflight 52.51.126.33
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://yeet.revcontent.com/yeet/events/widget-loaded
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.51.126.33 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-51-126-33.eu-west-1.compute.amazonaws.com
Software: openresty /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://orangesport.ro
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

Connection: keep-alive
Content-Length: 0
Date: Thu, 16 Mar 2023 14:30:01 GMT
Server: openresty
X-RC-Region: eu-west-1c
access-control-allow-headers: Content-Type
access-control-allow-methods: POST
access-control-allow-origin: *
vary: Origin,Access-Control-Request-Method,Access-Control-Request-Headers

POST
H/1.1 204
No Content page-view
yeet.revcontent.com/yeet/events/ Frame BC55 0
0 148ms
65ms Fetch 52.51.126.33
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://yeet.revcontent.com/yeet/events/page-view
Requested by: Host: assets.revcontent.com
URL: https://assets.revcontent.com/master/delivery.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.51.126.33 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-51-126-33.eu-west-1.compute.amazonaws.com
Software: openresty /
Resource Hash

Request headers

Referer: https://orangesport.ro/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
Content-Type: application/json

Response headers

X-RC-Region: eu-west-1c
access-control-allow-origin: *
Date: Thu, 16 Mar 2023 14:30:01 GMT
Server: openresty
Connection: keep-alive
vary: Origin

POST
H/1.1 204
No Content widget-loaded
yeet.revcontent.com/yeet/events/ Frame BC55 0
0 72ms
70ms Fetch 52.51.126.33
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://yeet.revcontent.com/yeet/events/widget-loaded
Requested by: Host: assets.revcontent.com
URL: https://assets.revcontent.com/master/delivery.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.51.126.33 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-51-126-33.eu-west-1.compute.amazonaws.com
Software: openresty /
Resource Hash

Request headers

Referer: https://orangesport.ro/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
Content-Type: application/json

Response headers

X-RC-Region: eu-west-1c
access-control-allow-origin: *
Date: Thu, 16 Mar 2023 14:30:01 GMT
Server: openresty
Connection: keep-alive
vary: Origin

GET
H3 200 congstarfont.woff2
s0.2mdn.net/creatives/assets/4234010/ Frame AD53 98 KB
98 KB 41ms
41ms Font
font/woff2 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/creatives/assets/4234010/congstarfont.woff2

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/9548364509937149214/1676550659977.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1d019867c120344469403527c7d958861b81d0fc873813c97ee135f707d74122

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/sadbundle/9548364509937149214/1676550659977.css
Origin: https://s0.2mdn.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 14:18:00 GMT
x-content-type-options: nosniff
age: 721
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 100772
x-xss-protection: 0
last-modified: Thu, 05 Aug 2021 09:13:07 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 16 Mar 2023 14:33:00 GMT

GET
H3 200 86bef0b5-fa75-4ca3-8394-cb7b5a474a45-3.woff
s0.2mdn.net/creatives/assets/1881029/ Frame AD53 57 KB
57 KB 44ms
43ms Font
font/woff 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/creatives/assets/1881029/86bef0b5-fa75-4ca3-8394-cb7b5a474a45-3.woff

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/9548364509937149214/1676550659977.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

853a8c7e34be5549a44fc541e13876f5c2838123142f527dab2265950feaeefb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/sadbundle/9548364509937149214/1676550659977.css
Origin: https://s0.2mdn.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 14:28:17 GMT
x-content-type-options: nosniff
age: 104
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 58447
x-xss-protection: 0
last-modified: Wed, 15 Feb 2017 10:23:50 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: font/woff
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 16 Mar 2023 14:43:17 GMT

GET
H3 200 congstarfont.woff2
s0.2mdn.net/creatives/assets/4234010/ Frame 7C94 98 KB
98 KB 48ms
45ms Font
font/woff2 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/creatives/assets/4234010/congstarfont.woff2

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/9548364509937149214/1676550659977.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1d019867c120344469403527c7d958861b81d0fc873813c97ee135f707d74122

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/sadbundle/9548364509937149214/1676550659977.css
Origin: https://s0.2mdn.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 14:18:00 GMT
x-content-type-options: nosniff
age: 721
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 100772
x-xss-protection: 0
last-modified: Thu, 05 Aug 2021 09:13:07 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 16 Mar 2023 14:33:00 GMT

GET
H3 200 86bef0b5-fa75-4ca3-8394-cb7b5a474a45-3.woff
s0.2mdn.net/creatives/assets/1881029/ Frame 7C94 57 KB
57 KB 49ms
46ms Font
font/woff 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/creatives/assets/1881029/86bef0b5-fa75-4ca3-8394-cb7b5a474a45-3.woff

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/9548364509937149214/1676550659977.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

853a8c7e34be5549a44fc541e13876f5c2838123142f527dab2265950feaeefb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/sadbundle/9548364509937149214/1676550659977.css
Origin: https://s0.2mdn.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 14:28:17 GMT
x-content-type-options: nosniff
age: 104
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 58447
x-xss-protection: 0
last-modified: Wed, 15 Feb 2017 10:23:50 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: font/woff
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 16 Mar 2023 14:43:17 GMT

GET
H3 200 congstarfont.woff2
s0.2mdn.net/creatives/assets/4234010/ Frame 3D31 98 KB
98 KB 51ms
47ms Font
font/woff2 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/creatives/assets/4234010/congstarfont.woff2

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/9548364509937149214/1676550659977.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1d019867c120344469403527c7d958861b81d0fc873813c97ee135f707d74122

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/sadbundle/9548364509937149214/1676550659977.css
Origin: https://s0.2mdn.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 14:18:00 GMT
x-content-type-options: nosniff
age: 721
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 100772
x-xss-protection: 0
last-modified: Thu, 05 Aug 2021 09:13:07 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 16 Mar 2023 14:33:00 GMT

GET
H3 200 86bef0b5-fa75-4ca3-8394-cb7b5a474a45-3.woff
s0.2mdn.net/creatives/assets/1881029/ Frame 3D31 57 KB
57 KB 53ms
50ms Font
font/woff 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/creatives/assets/1881029/86bef0b5-fa75-4ca3-8394-cb7b5a474a45-3.woff

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/9548364509937149214/1676550659977.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

853a8c7e34be5549a44fc541e13876f5c2838123142f527dab2265950feaeefb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/sadbundle/9548364509937149214/1676550659977.css
Origin: https://s0.2mdn.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 14:28:17 GMT
x-content-type-options: nosniff
age: 104
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 58447
x-xss-protection: 0
last-modified: Wed, 15 Feb 2017 10:23:50 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: font/woff
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 16 Mar 2023 14:43:17 GMT

GET
H3 200 congstarfont.woff2
s0.2mdn.net/creatives/assets/4234010/ Frame 2370 98 KB
98 KB 54ms
51ms Font
font/woff2 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/creatives/assets/4234010/congstarfont.woff2

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/9548364509937149214/1676550659977.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1d019867c120344469403527c7d958861b81d0fc873813c97ee135f707d74122

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/sadbundle/9548364509937149214/1676550659977.css
Origin: https://s0.2mdn.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 14:18:00 GMT
x-content-type-options: nosniff
age: 721
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 100772
x-xss-protection: 0
last-modified: Thu, 05 Aug 2021 09:13:07 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 16 Mar 2023 14:33:00 GMT

GET
H3 200 86bef0b5-fa75-4ca3-8394-cb7b5a474a45-3.woff
s0.2mdn.net/creatives/assets/1881029/ Frame 2370 57 KB
57 KB 54ms
52ms Font
font/woff 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/creatives/assets/1881029/86bef0b5-fa75-4ca3-8394-cb7b5a474a45-3.woff

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/9548364509937149214/1676550659977.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

853a8c7e34be5549a44fc541e13876f5c2838123142f527dab2265950feaeefb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/sadbundle/9548364509937149214/1676550659977.css
Origin: https://s0.2mdn.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 14:28:17 GMT
x-content-type-options: nosniff
age: 104
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 58447
x-xss-protection: 0
last-modified: Wed, 15 Feb 2017 10:23:50 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: font/woff
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 16 Mar 2023 14:43:17 GMT

GET
H3 200 haezTdMeijvNpzpe-iMvzf0waJjhxHRsaf2aRdVkA3o.js Show response
pagead2.googlesyndication.com/bg/ Frame A0F8 36 KB
14 KB 40ms
39ms Script
text/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/haezTdMeijvNpzpe-iMvzf0waJjhxHRsaf2aRdVkA3o.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

85a7b34dd31e8a3bcda73a5efa232fcdfd306898e1c4746c69fd9a45d564037a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Wed, 15 Mar 2023 13:18:39 GMT
content-encoding: br
x-content-type-options: nosniff
age: 90682
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14212
x-xss-protection: 0
last-modified: Mon, 06 Mar 2023 11:38:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 14 Mar 2024 13:18:39 GMT

GET
H3 200 haezTdMeijvNpzpe-iMvzf0waJjhxHRsaf2aRdVkA3o.js Show response
pagead2.googlesyndication.com/bg/ Frame F990 36 KB
14 KB 39ms
39ms Script
text/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/haezTdMeijvNpzpe-iMvzf0waJjhxHRsaf2aRdVkA3o.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

85a7b34dd31e8a3bcda73a5efa232fcdfd306898e1c4746c69fd9a45d564037a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Wed, 15 Mar 2023 13:18:39 GMT
content-encoding: br
x-content-type-options: nosniff
age: 90682
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14212
x-xss-protection: 0
last-modified: Mon, 06 Mar 2023 11:38:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 14 Mar 2024 13:18:39 GMT

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 267F 43 B
215 B 117ms
116ms Image
image/gif 2600:1f18:1aca:4282:ffb2:25bd:a3d3:4283
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1272511&asId=2024076d-4c72-08f3-3cd4-e94b99023914&tv=%7Bc:72dVve,time:1162,type:e,im:%7Bpci:%7Btdr:439%7D%7D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:0,slTimes:%7Bi:0,o:1162,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:30,wc:0.0.1600.1200,ac:NaN.NaN.160.600,am:sp,cc:0.0.160.600,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B1156~0%5D,as:%5B1156~160.600%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:303,fm:tyG4o9D+11%7C12%7C13%7C14%7C1511%7C16%7C17%7C18.886862-62195780%7C181%7C182%7C183%7C184%7C19.886862-62195780%7C191%7C192%7C1a1*.1272511-69505651%7C1a11%7C1a12%7C1a13%7C1b1.1272511-69505651%7C1b11%7C1b12%7C1b13%7C1c.886862-62195778%7C1c1%7C1c2%7C1d1%7C1d2%7C1e1%7C1e2%7C1e3%7C1f1%7C1f2%7C1g1%7C1g2%7C1h%7C1i%7C1j,idMap:1a1*,rmeas:1,rend:1,renddet:XIFRAME.qs.lf,siq:31,sis:518%7D&br=c
Requested by: Host: orangesport.ro
URL: https://orangesport.ro/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:1aca:4282:ffb2:25bd:a3d3:4283 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Mar 2023 14:30:01 GMT
server: nginx
x-server-name: dt24.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame 7C94 17 KB
6 KB 54ms
54ms Script
text/javascript 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_247.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 14:30:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Thu, 16 Mar 2023 14:30:01 GMT

GET
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame 738F 0
0 78ms
78ms Fetch
image/gif 142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjst8qDm-2Dk2AO9ZxqWp6PMsezQMcO7iju_OKbsmvFMuRqbL67tqFzhiGLZUZ8AgPS-bb5olNMD2jaNNzG0dqgHizrK559eUhkvdotQdR6RQGUQ2u1TvVGZnc4bQGuIi1TRtAm9xnkI8zO28RMDkIBEQCKC7jBJt40lhFroa1nRvFnS5dIzJkKTZKNuQ7iZUT1rKnbgOMSFMI8G5Nf9m6ThbJt6efE8CkrPOBC-VqJMdflMRI45QeyYZg12bXkINWtspl3DeOhiT1MFX6rEnWqMMHBgHRG1Xc7hH-yxGPlqxns-aCz59HJ0v4YEFaI4eHOsAIGVWRJKOKo8UHLJaCm4TeSqGes5Ek1QYJEU7YvPsa2C2zDDWQzr4dk_DO-5sL0ptWnUuS1tE5lUmOPtll4F6K_LF2mjEse7CFhV7yh5VCBfxh6ngY8YJ5JA8ja7cuLzWcjUWnStUxKwRcQ0H-jcOGSY-tArhudda0fTeLDNr_qIa0p53F7Z7UW0dhjnPBuvlKapDS1oEBEhb6laaML3YIOeGqo5RZ3pbWaxS7rjOVCEeT707YeGNk2MhQi5Gr8N4er9vFhxPLd83V6e4rA9b9XD50sJJuqBdZRrsQGtFFB9SqsFxhywUg0wR2TeaXVppiR5UwF9ngJGIgP3Ey_mmfVYGsFYioCD0Jq2J7CJBYKICMx7lRucX4fr51hDFhPQxkMnJT5Nj4HypvrBTXgtYGnoGpqq8CPoCEXjSW-8gDrgMxnoyb04JFxp80zgzf2Mfy5PA0mihCfoao3ZV_EaflZ4wAVkm7ANUGj9Kus9IFOo6C4VzbpOU0uMrkSML02vqW9l1foDKMZqN-8BqZI9yYRv71d2AybngBFxS9LanlJGNu-h8OloP-m9eKb4L44U675daNihaSYvd9IoGnU1760VgkV3bjjNVDTXlYm7dykymyTYAASwdsf-EgsWAf0owkdQSqVpVR7WFSv2UrbmPYOqFB-jZN94cx09s9KXaqveUOuXEwmjKdk89RoIwBdL_BZ0-Y-7_5_JlniZYz06GVNYRpmVapMz_W0h_16lODBI8XoxbRSvLtivIr5xYWFGZ9frAnTzFbkakB8FhEF87Wayd5YZtGiwWxuY81QqtsetAdFU_dH65-ENtFNXkTl7PJOmPMJwltvpbf4g0c6ZVCRJ0LFTyI3Wzx7PJBT946Bk57RDvEd2t0lk1Y3bRLdI9yDXKxA0_fT0hhVBjg38pZEukb85ygSuN8FHN0Zbou9ABNKhj_m5yDbg2PbUo5m1KPiF1JWxwjg&sai=AMfl-YQZFO9vvtGHsSAJQWR_rKX8sVs8CyLywUgD4V39u8L1dlPFD113RbwkxlJEHe6FQStA2JEOp1s9d4mJMjYjBeuwhkpg9VQtjHlkpeQZ_xeR6Kqqcrzpw_JVV2AlgYJTtI2qrakQ3X0NfpXjzoMqzbT3F1esHiicbmbxAN_xaNlewcsKGjhBniCuNp-d7VENQeeB6UpzF9JjaHiZjDdXwxorsMK0azRRC9jVEh-3blVDyC50xUy2gOazkrOarcgTuKSsmU_PnBFueX8vSebtaI97bMwVsOcVHbKF&sig=Cg0ArKJSzIKWErCSyFJlEAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=1807&vt=11&dtpt=1444&dett=3&cstd=359&cisv=r20230314.78161&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&arae=0&ftch=1&adurl=

Requested by

Host: orangesport.ro
URL: https://orangesport.ro/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 14:30:01 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Thu, 16 Mar 2023 14:30:01 GMT

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame 3D31 17 KB
6 KB 55ms
55ms Script
text/javascript 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_247.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 14:30:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Thu, 16 Mar 2023 14:30:01 GMT

GET
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame 3218 0
0 76ms
75ms Fetch
image/gif 142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjst8VFTdFqBrBS5IGuCWGLAGDL6uJ0eZGSa0bdbdjCrTwh4lm72dJoo2pB5WBohVXWun5h-UXuHQzHJf47jKreGIOnx-Oji9tehADpt07FvvmadnB6S3qjCHkkwpa8VjEIo6wbWlrzWQBsMvjFX6BaNqYQMCaDQTU4PZZ0X_6Sy749Ux3TGcZIabAv-U2nwA3xqvh839pVYEjHy0ENxC7E7ghUw-RPoFXf15fISC9l62bqXK3dwMGr1pBmy2I49VE9mgqxsn78-Xri4CsYoHkNAx8Rcx_VgdeoR92cDbJncjoE3FK1fMpko2cuVjXEg93lFOBaE6f26gWn2j_bvyDsbk6wVLODuy_O5Sq-KOiFM1CyUptx175Oc4iTMp1y45uOtx03whA7g5-H2ZKLBXID_SmZGYC3_4t1zr9gJZsh2TlHLcby1glcHtQjxl4eo0DVzuEdkjT2tQTxWlgsRqZA1nYVpD5V2LCdhlQTkMXwlAf1ilOpzSWqzMzYeU1TaB1r4zyvoVyk5wyM167w1ZwQ_LJieD3EvTKoRd7PKodTZCcwSEw9S0rb7OZxI131SYv5T_cVNM8SBiBgJOk7EfdjTJ9KNR1UmqEtHP5SDxo93J9L0nM5JiFTEV_ZqdD8oJ8aBh4PgL7yRa-UM42uy4I6xvrXnQDnxN5JXZvj91T74WnWBX_t9ZyRGjPS21SW1B0gRbrx1HB5F3tmDsdE1WZSIAazLCbDw5G-awhndMsu6zgp3bpLKePzQkUb3Zc5tiMmfYbGLkeiqzIu_2_e8iaJqJfSEC2U8a5FQNxCYy0_DbBvgSdgLmyGNUoZ8AUEYwpjWIQUZc1NYIEADYOFyKpMoyQhjb7Q98w0BB6_Y5E3_IAh50JuKS2txnjnIynAi1PYN0HCMh5lfpjCDKP231_Nd_DyBC7_hnwgiEoZadiWsR_MdXLNlcmini5w7AedPefWkyBWa78rwR2EM9C8vK82i8earkrET-zeRn0C9qN8T88cDQEgG8CZFlRvYuZMjl9VSmrgRHn-PqXs0H4a_W_d_U-wqVbJcMmdMsuEClhSvc7JzxUwecIffEiDbZFX6r-tRDCmty80e5C-WvWle-RfC5zEZoT_o-hWjg495-VnNrmG6DYXipjOkrLc8LNGAFRBn5p5DNFuM7JAHsn4mtDEmXAOoh1ujkOeq2cDWnGnNnAxm2WAoXtd-TqbgtPyL1ZRt3AlfuFXiHHIgskLKBudNn7gLuRLl2abnPlqbvxzyKUbB7t3WW_j2H6Ek1cjQnvb14ugEcSNehQQ&sai=AMfl-YSA6hRXQ6Ab7pjKNZoqXiddW4gEZj0k2tk_nnrELg5YBPec602X5XZkT-E3vnA6aRqFn_4W4YX5cYLJcp806tH47GmpMNDZgEDGQQ-ArCSxE4sq2DZvm-VKy9ZVrjx3YSXAyL-Y7RrbZHsVl5LBPSRbzylNbSIsK98B-t4slA0lyiswlA9pWvkiT44U4hkTZyIQrLiSdOSUdOqGql58qd-n4VgtqFPJH8Q2dELci2aSAZcw48sXSG7ulehu47Zvoay7Foheyn2gdcB1WC1WoY0uFYHEcDZCK30n&sig=Cg0ArKJSzJBe0jKIq6tiEAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=1792&vt=11&dtpt=1416&dett=3&cstd=371&cisv=r20230314.34626&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&arae=0&ftch=1&adurl=

Requested by

Host: orangesport.ro
URL: https://orangesport.ro/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 14:30:01 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Thu, 16 Mar 2023 14:30:01 GMT

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame 2370 17 KB
6 KB 59ms
58ms Script
text/javascript 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_247.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 14:30:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Thu, 16 Mar 2023 14:30:01 GMT

GET
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame 73E7 0
0 77ms
77ms Fetch
image/gif 142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsuB9QK_wq6ujQrzmWlUVy_ZPlEhKuqQj2Z8NZKQc5_i91hGTg4Ask_hM14KLJBXhL-90McwH2vsvuvivxPdZGdmZ3iBROQ1kgKC4XdrBZJWMKOe5cjVANGvKKyknruEWehxJuF3HA0WMwVuLRttH9SPRvdXaJIE-ysLxCVHpS41oTJvX4jmOKG1j6ehL4A0V2EJ4DrcbsUvjgRWNkkpfYnPi8RVuRM-lHNQfoUTPhhUDZrhym_V1a6Hk83aZ-lb8j7udKfDQLgQ71zmUzmQkMoD22Wzx0inAKfbK_0M91Qt5U3LvotXvbW0QQQ-O8lvo-Q4YnUJRD6PQVNMj_UpW0kdKSLDHjs_Xk6y5ea0D-tiZLXeSkQL52lETyu6CWVYWxz7HqpXpTF-5kZ7szbiUtFGkVuerXs2sTysZa9PEkIgpaoxgr-l89LqPjS4RDNG8wFpxBO0xrCVvq3VZ-cAMPhVeqCo6k_jLRA1Ne_vn6QnNFkcfcTvpfwR3r7eJtr_pMwYp97RdbTssXSQF8RtTGLn7l8U7VqJ-RrfYTLFUG0ySqF6EVkJLq4XubHw9EWT2r2PmJepRR3Do0UGiRsjstBzSIjp8HHTVaWdVOcP4vhY98dsMyheN8NkK_OrB3X-z2hihZG3UV2RmZsBmNamsi0hZiytImhAaMNs8v53MAKJLUSysMTJc6pV5rYPCzTXzkU18G2aQ3xFM_O2bDc7a9pX5vjnWu8YMIP93qyRZb9A2gOvy2mwBPVBNp871d9RK0wrd_prq5evuO5qOV8I60MbUIDSzr3-0Imu5cVdwN7pQiuuvMCjd_xYZgvLga05c6FLZxkOHz6NhmvvBLrQ5v9uPXGytJZxZE9N5g2wCudpYIDvzIqjHnbfnb9C3lbbFrFNgpW2R_D_Llnhzu6TejBVI-gLezH-TSr_cYHAAX9V3Nwi-O-fhjqYPxRMU-qEoNNMsbaed-XkSNzG-oLwhLEuWV-T3kcm8KPyK01UxKHoNjmTGYNtMbbu_Qe18Yo71C5Dr1GY4wudi14M83X76F3YxOYa2IEc7y0dqPUyUSEvZzD9hcS-9TcbVCPLnmdhdTH1tJxhF7qg4IIO9Qz24WT__YMAJsCzcDbexWYY4KVtSdfj5x4Pbr6s8F3Umj9eYrKqsi3pbCv28rb70F0T6tAqtTz7tPygY6EZcDznHSn8kmlt9y7Pu7WX4Wd9H6qEkW2Xc7K6mjQTQHzhlOfA0mgDWjO7gRrIqf0BxOA9hfJ3pxn2i23SF9hgkltIMX9GKlyX1XUfT3JYfw&sai=AMfl-YQNuj_QBB7vg7Aw-CQazTskjrdfuRnAA8wpVyccqQ1YzEfXwDUM_gKyY_Ol0aJFDX3M7ufqHtBP4y_OMtVMu-2GmZEBI5jceKK6lUhmrLOfNd4Bz-7Yz0LPSy-KYTLMNw_qnM9qtuexow0yqgsSTpDldtUzP9d_Ui6Iks-dL0iljipqBX94SPU5W3tO6EV-b7RJ77eJzirecWNzoxtTT6OkqJv85zHAPIQHmERYG4L3jlI6eN9z1sNTtBmb6IeXcX3fyqun42GKSmSyOTA8P3MQD6gaRSjSxP7C&sig=Cg0ArKJSzIM2JLpq4moXEAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=1848&vt=11&dtpt=1474&dett=3&cstd=370&cisv=r20230314.33106&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&arae=0&ftch=1&adurl=

Requested by

Host: orangesport.ro
URL: https://orangesport.ro/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 14:30:01 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Thu, 16 Mar 2023 14:30:01 GMT

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 15 KB
11 KB 91ms
90ms XHR
application/json 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2023030901&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023030901.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

37597c7b7d15ebf128d8ac41c0c5905e28f2298dc8c78392a9257c854458c827

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://orangesport.ro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 14:30:01 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11308
x-xss-protection: 0

POST
H2 200 ingest.php
events.newsroom.bi/ 2 B
0 130ms
50ms Fetch
application/json 162.55.144.218
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://events.newsroom.bi/ingest.php
Requested by: Host: sdk.mrf.io
URL: https://sdk.mrf.io/statics/marfeel-sdk.js?id=1597
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 162.55.144.218 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: haproxy04.cl03.het.mrf.io
Software: istio-envoy /
Resource Hash

Request headers

Referer: https://orangesport.ro/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

date: Thu, 16 Mar 2023 14:30:02 GMT
server: istio-envoy
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/json
access-control-allow-origin: https://orangesport.ro
access-control-expose-headers: Content-Length,Content-Range
cache-control: private,no-store
access-control-allow-credentials: true
x-envoy-upstream-service-time: 5
access-control-allow-headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
content-length: 2

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 184F 43 B
215 B 123ms
122ms Image
image/gif 2600:1f18:1aca:4282:ffb2:25bd:a3d3:4283
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=886862&asId=287db009-3141-a5d2-644b-fa23c3d31ed8&tv=%7Bc:72dVyI,pingTime:-10,time:1190,type:s,mvn:ZnNjPTEzLHNkPTMsbm89OCxhc3A9MQ--,sd:MTcuNi4ydjEyMDB8fDE2MDB8fDF8fDF8fDI0fHwxMjAwfHwwfHwwfHwxfHxsYW5kc2NhcGUtcHJpbWFyeXx8MjR8fDQvM3x8NC8zfHwwfHwxNjAw,no:MTcuNi4ydk1vemlsbGF8fE5ldHNjYXBlfHxufHxufHwwfHxufHxXaW4zMnx8R2Vja298fDIwMDMwMTA3fHwwfHxNb3ppbGxhLzUuMCAoV2luZG93cyBOVCAxMC4wOyBXaW42NDsgeDY0KSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBDaHJvbWUvMTExLjAuNTU2My42NCBTYWZhcmkvNTM3LjM2fHwxfHwxfHxHb29nbGUgSW5jLnx8bg--,ch:n,fsc:17.6.2v222222220002222202222222222222222222202222222220222202000022000220222222220000222202002222202222222220222222220000020022222200022222220200000222200022220002022022022222202002220222022222022220000220200000022220222220222222222222202222222222222222222222222222222222222200000022022020020000002022202022022022222222000000000020222202022022222000000020000000000000000000020220202220000022200222202220022200200222022202220022220222200202222020002200002222022222202222000002002002222222202220022202200022002220222202,asp:1678977001663%7C%7Ce8cc9329991747ba2d57d603c3603b7f%7C%7C048cfc492222ea08fb0159cb46ab52cc%7C%7C2419541dcaa6b59d4e1f0b5b67168595%7C%7C13ede6a7a56e600056d1aa9e6bc818b2%7C%7Ce08ec9c3f3e802a4cb6f600eaf558839%7C%7C35884d35eef6c70c5ce0cb3f33200098%7C%7C23e81e46e4d3dae5ee87e593651057f3%7C%7C1663701684,im:%7Bpci:%7Btdr:1131%7D%7D,sca:%7Bspg:bcbcff77-5dfa-c486-b694-2a5f9ed0cd33%7D%7D
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:1aca:4282:ffb2:25bd:a3d3:4283 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Mar 2023 14:30:02 GMT
server: nginx
x-server-name: dt07.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H2 200 tag Show response
pandg.tapad.com/ Frame 60DC 13 B
257 B 157ms
52ms Document
text/html 34.102.243.38
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://pandg.tapad.com/tag?gdpr=1&referrer_url=&page_url=https%3A%2F%2Forangesport.ro%2F&owner=P%26G&bp_id=eadromania&ch=%7B%22architecture%22%3A%22%22%2C%22bitness%22%3A%22%22%2C%22brands%22%3A%5B%5D%2C%22fullVersionList%22%3A%5B%5D%2C%22mobile%22%3Afalse%2C%22model%22%3A%22%22%2C%22platform%22%3A%22%22%2C%22platformVersion%22%3A%22%22%7D&initiator=js&data=%7B%22category%22%3A%22%22%7D

Requested by

Host: pghub.io
URL: https://pghub.io/js/pandg-sdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

34.102.243.38 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

38.243.102.34.bc.googleusercontent.com

Software

Resource Hash

b633a587c652d02386c4f16f8c6f6aab7352d97f16367c3c40576214372dd628

Security Headers

Name	Value
Content-Security-Policy	default-src 'none';img-src https://*.tapad.com https://match.adsrvr.org
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://orangesport.ro/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-origin: *
access-control-max-age: 300
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-store
content-security-policy: default-src 'none';img-src https://*.tapad.com https://match.adsrvr.org
content-type: text/html;charset=utf-8
date: Thu, 16 Mar 2023 14:30:02 GMT
strict-transport-security: max-age=31536000
via: 1.1 google

OPTIONS
H2 200 json
gum.criteo.com/sid/ Frame 0
0 142ms
46ms Preflight
application/json 2a02:2638:3::c
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Forangesport.ro%2F&domain=orangesport.ro&cw=1&lsw=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::c , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: GET
Origin: https://orangesport.ro
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: content-type
access-control-allow-methods: GET
access-control-allow-origin: https://orangesport.ro
cache-control: no-cache, no-store, must-revalidate
content-encoding: gzip
content-type: application/json; charset=utf-8
date: Thu, 16 Mar 2023 14:30:01 GMT
expires: 0
pragma: no-cache
server: Kestrel
server-processing-duration-in-ticks: 278644
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding

GET
H2 200 envelope Show response
lexicon.33across.com/v1/ Frame BC55 49 B
249 B 237ms
140ms XHR
application/json 2600:1901:0:8344::
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://lexicon.33across.com/v1/envelope?pid=0013300001kQgaMAAS&gdpr=0
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/pwt/160835/4933/pwt.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:1901:0:8344:: Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: d0d2e098cd489ef7bc528c86de8ab5c51b5d6cdf9b76a8b08766036992f0d2f4

Request headers

Referer: https://orangesport.ro/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
Content-Type: text/plain

Response headers

date: Thu, 16 Mar 2023 14:30:01 GMT
via: 1.1 google
vary: origin
content-type: application/json
access-control-allow-origin: https://orangesport.ro
cache-control: private, must-revalidate, max-age=28800
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 49

GET
H2

200

sid Show response
mug.criteo.com/ Frame BC55
Redirect Chain

https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Forangesport.ro%2F&domain=orangesport.ro&cw=1&lsw=1
https://mug.criteo.com/sid?cpp=nvKWoHxsSzdGNXYyMGlqZCtLOHJSc0k0aXc3cTBoVHRnUjMzVWRzMHJkOWdYSTBZMU9XNlUzM1V2YVZuYzFjbXY3U1ZqUHZvdzYyWXA4eHVjdjJoUXVDS204QktXRjVqTmZqRE1kMVUzenZLWm9VL0VURHBObytFNWJRVn...

498 B
582 B

51ms
50ms

XHR
application/json

178.250.0.157
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://mug.criteo.com/sid?cpp=nvKWoHxsSzdGNXYyMGlqZCtLOHJSc0k0aXc3cTBoVHRnUjMzVWRzMHJkOWdYSTBZMU9XNlUzM1V2YVZuYzFjbXY3U1ZqUHZvdzYyWXA4eHVjdjJoUXVDS204QktXRjVqTmZqRE1kMVUzenZLWm9VL0VURHBObytFNWJRVngzaWNOQzAzNXYyemdnUUtuU1FYdStCOXV4OE0rSFFKODhnWlUvSnRSa0JSQmQwNW9Rdm1TakpsZ2E1SWFyNU81SURTYUlyWFJhclljMzJheDAyOXNVZHI4eXUzMFU2R2lmZWlwbzUwdHNwc0QyYnJDdFRwRk5oNkg4SDJYYVBRemtGb1FoemF0QW1CWEpyOXIzRS93Ylo1bUJlUkZqQT09fA&cppv=2

Protocol

Server

178.250.0.157 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

560702bfa9310ca1c0c7ab945ecd16e737f0b6a745db5bac61fd4ca18c622b0c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://orangesport.ro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Mar 2023 14:30:02 GMT
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
server: Kestrel
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/json; charset=utf-8
access-control-allow-origin: null
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
server-processing-duration-in-ticks: 2026052
expires: 0

Redirect headers

pragma: no-cache
date: Thu, 16 Mar 2023 14:30:02 GMT
strict-transport-security: max-age=31536000; preload;
server: Kestrel
access-control-allow-methods: GET
location: https://mug.criteo.com/sid?cpp=nvKWoHxsSzdGNXYyMGlqZCtLOHJSc0k0aXc3cTBoVHRnUjMzVWRzMHJkOWdYSTBZMU9XNlUzM1V2YVZuYzFjbXY3U1ZqUHZvdzYyWXA4eHVjdjJoUXVDS204QktXRjVqTmZqRE1kMVUzenZLWm9VL0VURHBObytFNWJRVngzaWNOQzAzNXYyemdnUUtuU1FYdStCOXV4OE0rSFFKODhnWlUvSnRSa0JSQmQwNW9Rdm1TakpsZ2E1SWFyNU81SURTYUlyWFJhclljMzJheDAyOXNVZHI4eXUzMFU2R2lmZWlwbzUwdHNwc0QyYnJDdFRwRk5oNkg4SDJYYVBRemtGb1FoemF0QW1CWEpyOXIzRS93Ylo1bUJlUkZqQT09fA&cppv=2
access-control-allow-origin: https://orangesport.ro
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
server-processing-duration-in-ticks: 303417
content-length: 0
expires: 0

POST
H/1.1 200 1285.json Show response
id5-sync.com/g/v2/ Frame BC55 214 B
622 B 139ms
56ms XHR
application/json 162.19.138.118
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://id5-sync.com/g/v2/1285.json

Requested by

Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/pwt/160835/4933/pwt.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

162.19.138.118 , France, ASN16276 (OVH, FR),

Reverse DNS

ns31533569.ip-162-19-138.eu

Software

Resource Hash

97dfa5d1066422ee3c14dee64436145bbdd3915dc178f004e9c3a1f1debdec49

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

Referer: https://orangesport.ro/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://orangesport.ro
date: Thu, 16 Mar 2023 14:30:01 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
access-control-allow-credentials: true
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Origin
transfer-encoding: chunked
content-type: application/json;charset=UTF-8

GET envelope
api.rlcdn.com/api/identity/ Frame BC55 0
0

GET
H2 200 id Show response
id.crwdcntrl.net/ Frame BC55 43 B
316 B 201ms
59ms XHR
application/json 52.215.24.184
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://id.crwdcntrl.net/id
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/pwt/160835/4933/pwt.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.215.24.184 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-215-24-184.eu-west-1.compute.amazonaws.com
Software: Jetty(9.4.38.v20210224) /
Resource Hash: a96e1e97d62ab9747678b947bdf0a0ea5f81790b1e3a1df2d4607a86bf802596

Request headers

Referer: https://orangesport.ro/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Thu, 16 Mar 2023 14:30:02 GMT
server: Jetty(9.4.38.v20210224)
content-type: application/json;charset=utf-8
p3p: CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
access-control-allow-origin: https://orangesport.ro
cache-control: no-cache
x-server: 10.45.9.38
access-control-allow-credentials: true
content-length: 43
expires: 0

GET
H2 200 rid Show response
match.adsrvr.org/track/ Frame BC55 63 B
388 B 65ms
65ms XHR
application/json 35.71.131.137
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://match.adsrvr.org/track/rid?ttd_pid=pubmatic&fmt=json
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/pwt/160835/4933/pwt.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.71.131.137 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a6370ebea231e0c9a.awsglobalaccelerator.com
Software: /
Resource Hash: f39eb50e76652a9d9df3efe9aa8d978312dcc96b8f16edfe7462553f739f8503

Request headers

Referer: https://orangesport.ro/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
Content-Type: text/plain

Response headers

date: Thu, 16 Mar 2023 14:30:02 GMT
x-aspnet-version: 4.0.30319
vary: Origin
content-type: application/json; charset=utf-8
access-control-allow-origin: https://orangesport.ro
cache-control: private
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Content-Length, Content-Encoding, Vary, Cache-Control, Accept
content-length: 63
expires: Sat, 15 Apr 2023 14:30:02 GMT

GET
H3 200 03092023-092157851-1456_180_mehr-datenvolumen_grafik_quer_schmal_infosf1c823ff-7ba1-4fb2-a26a-bf2207bdf096.gif
s0.2mdn.net/4528404/ Frame AD53 9 KB
9 KB 44ms
43ms Image
image/gif 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/4528404/03092023-092157851-1456_180_mehr-datenvolumen_grafik_quer_schmal_infosf1c823ff-7ba1-4fb2-a26a-bf2207bdf096.gif

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b6c6cbce924a25fbaea345fd582637c9a14fef43e9f861ad85b94dc438e67453

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/sadbundle/9548364509937149214/index.html?e=69&leftOffset=0&topOffset=0&c=BRndvIgLyS&t=1&renderingType=2&ev=01_247
Origin: https://s0.2mdn.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Wed, 15 Mar 2023 20:21:52 GMT
x-content-type-options: nosniff
age: 65290
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9467
x-xss-protection: 0
last-modified: Thu, 09 Mar 2023 17:21:57 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/gif
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 16 Mar 2023 20:21:52 GMT

POST
H/1.1 204
No Content view
trends.revcontent.com/event/ Frame BC55 0
0 76ms
76ms Fetch 99.81.25.188
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://trends.revcontent.com/event/view

Requested by

Host: assets.revcontent.com
URL: https://assets.revcontent.com/master/delivery.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

99.81.25.188 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-99-81-25-188.eu-west-1.compute.amazonaws.com

Software

openresty /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=931536000; includeSubDomains

Request headers

Referer: https://orangesport.ro/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8

Response headers

X-RC-Region: eu-west-1c
Date: Thu, 16 Mar 2023 14:30:02 GMT
Strict-Transport-Security: max-age=931536000; includeSubDomains
Server: openresty
vary: Origin
access-control-allow-origin: https://orangesport.ro
access-control-allow-credentials: true
Connection: keep-alive

GET
H3 200 03092023-092157851-1456_180_mehr-datenvolumen_grafik_quer_schmal_infosf1c823ff-7ba1-4fb2-a26a-bf2207bdf096.gif
s0.2mdn.net/4528404/ Frame 7C94 9 KB
9 KB 45ms
45ms Image
image/gif 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/4528404/03092023-092157851-1456_180_mehr-datenvolumen_grafik_quer_schmal_infosf1c823ff-7ba1-4fb2-a26a-bf2207bdf096.gif

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/9548364509937149214/1676550659977.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b6c6cbce924a25fbaea345fd582637c9a14fef43e9f861ad85b94dc438e67453

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/sadbundle/9548364509937149214/index.html?e=69&leftOffset=0&topOffset=0&c=uIfgOF2LHx&t=1&renderingType=2&ev=01_247
Origin: https://s0.2mdn.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Wed, 15 Mar 2023 20:21:52 GMT
x-content-type-options: nosniff
age: 65290
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9467
x-xss-protection: 0
last-modified: Thu, 09 Mar 2023 17:21:57 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/gif
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 16 Mar 2023 20:21:52 GMT

GET
H3 200 03092023-092157851-1456_180_mehr-datenvolumen_grafik_quer_schmal_infosf1c823ff-7ba1-4fb2-a26a-bf2207bdf096.gif
s0.2mdn.net/4528404/ Frame 3D31 9 KB
9 KB 43ms
42ms Image
image/gif 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/4528404/03092023-092157851-1456_180_mehr-datenvolumen_grafik_quer_schmal_infosf1c823ff-7ba1-4fb2-a26a-bf2207bdf096.gif

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/9548364509937149214/1676550659977.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b6c6cbce924a25fbaea345fd582637c9a14fef43e9f861ad85b94dc438e67453

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/sadbundle/9548364509937149214/index.html?e=69&leftOffset=0&topOffset=0&c=acEf2kB9KP&t=1&renderingType=2&ev=01_247
Origin: https://s0.2mdn.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Wed, 15 Mar 2023 20:21:52 GMT
x-content-type-options: nosniff
age: 65290
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9467
x-xss-protection: 0
last-modified: Thu, 09 Mar 2023 17:21:57 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/gif
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 16 Mar 2023 20:21:52 GMT

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
6 KB 62ms
62ms Script
text/javascript 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023030901.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://orangesport.ro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 14:30:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Thu, 16 Mar 2023 14:30:02 GMT

GET
H3 200 03092023-092157851-1456_180_mehr-datenvolumen_grafik_quer_schmal_infosf1c823ff-7ba1-4fb2-a26a-bf2207bdf096.gif
s0.2mdn.net/4528404/ Frame 2370 9 KB
9 KB 41ms
41ms Image
image/gif 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/4528404/03092023-092157851-1456_180_mehr-datenvolumen_grafik_quer_schmal_infosf1c823ff-7ba1-4fb2-a26a-bf2207bdf096.gif

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/9548364509937149214/1676550659977.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b6c6cbce924a25fbaea345fd582637c9a14fef43e9f861ad85b94dc438e67453

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/sadbundle/9548364509937149214/index.html?e=69&leftOffset=0&topOffset=0&c=k02vPx69ko&t=1&renderingType=2&ev=01_247
Origin: https://s0.2mdn.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Wed, 15 Mar 2023 20:21:52 GMT
x-content-type-options: nosniff
age: 65290
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9467
x-xss-protection: 0
last-modified: Thu, 09 Mar 2023 17:21:57 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/gif
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 16 Mar 2023 20:21:52 GMT

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 5C64 43 B
215 B 118ms
118ms Image
image/gif 2600:1f18:1aca:4282:ffb2:25bd:a3d3:4283
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=886862&asId=733096cb-92e3-f88d-4dcc-9893788dba82&tv=%7Bc:72dVBE,pingTime:0,time:1413,type:pf,im:%7Bpci:%7Btdr:1146%7D%7D,clog:%5B%7Bpiv:0,vs:o,r:r,w:728,h:90,t:17%7D,%7Bpiv:100,vs:i,r:,t:1412%7D%5D,es:1,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:1,slTimes:%7Bi:1,o:1412,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:17,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:sp,cc:0.0.728.90,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B1407~0,1~100%5D,as:%5B1408~728.90%5D%7D%7D,%7Bsl:i,t:1412,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:sp,cc:0.0.728.90,piv:100,obst:0,th:0,reas:,bkn:%7Bpiv:%5B1407~0,1~100%5D,as:%5B1408~728.90%5D%7D%7D%5D,slEventCount:2,em:true,fr:false,e:,tt:rjss,dtt:290,fm:tyG4o9D+11%7C12%7C13%7C14%7C1511%7C16%7C17%7C18.886862-62195780%7C181%7C182%7C183%7C184%7C19.886862-62195780%7C191%7C192%7C1a1.1272511-69505651%7C1a11%7C1a12%7C1a13%7C1a14%7C1b1.1272511-69505651%7C1b11%7C1b12%7C1b13%7C1b14%7C1c*.886862-62195778%7C1c1%7C1c2%7C1d1%7C1d2%7C1e1%7C1e2%7C1e3%7C1f1%7C1f2%7C1g1%7C1g2%7C1h%7C1i%7C1j,idMap:1c*,rmeas:1,rend:1,renddet:XIFRAME.qs.dr,siq:18,sis:390%7D&br=c
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:1aca:4282:ffb2:25bd:a3d3:4283 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Mar 2023 14:30:02 GMT
server: nginx
x-server-name: dt08.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 267F 43 B
215 B 118ms
117ms Image
image/gif 2600:1f18:1aca:4282:ffb2:25bd:a3d3:4283
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1272511&asId=2024076d-4c72-08f3-3cd4-e94b99023914&tv=%7Bc:72dVCt,pingTime:-10,time:1612,type:s,mvn:ZnNjPTEzLHNkPTMsbm89OCxhc3A9MQ--,sd:MTcuNi4ydjEyMDB8fDE2MDB8fDF8fDF8fDI0fHwxMjAwfHwwfHwwfHwxfHxsYW5kc2NhcGUtcHJpbWFyeXx8MjR8fDQvM3x8NC8zfHwwfHwxNjAw,no:MTcuNi4ydk1vemlsbGF8fE5ldHNjYXBlfHxufHxufHwwfHxufHxXaW4zMnx8R2Vja298fDIwMDMwMTA3fHwwfHxNb3ppbGxhLzUuMCAoV2luZG93cyBOVCAxMC4wOyBXaW42NDsgeDY0KSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBDaHJvbWUvMTExLjAuNTU2My42NCBTYWZhcmkvNTM3LjM2fHwxfHwxfHxHb29nbGUgSW5jLnx8bg--,ch:n,fsc:17.6.2v222222220002222202222222222222222222202222222220222202000022000220222222220000222202002222202222222220222222220000020022222200022222220200000222200022220002022022022222202002220222022222022220000220200000022220222220222222222222202222222222222222222222222222222222222200000022022020020000002022202022022022222222000000000020222202022022222000000020000000000000000000020220202220000022200222202220022200200222022202220022220222200202222020002200002222022222202222000002002002222222202220022202200022002220222202,asp:1678977001663%7C%7Ce8cc9329991747ba2d57d603c3603b7f%7C%7C048cfc492222ea08fb0159cb46ab52cc%7C%7C2419541dcaa6b59d4e1f0b5b67168595%7C%7C13ede6a7a56e600056d1aa9e6bc818b2%7C%7Ce08ec9c3f3e802a4cb6f600eaf558839%7C%7C35884d35eef6c70c5ce0cb3f33200098%7C%7C23e81e46e4d3dae5ee87e593651057f3%7C%7C1663701684,sca:%7Bspg:bcbcff77-5dfa-c486-b694-2a5f9ed0cd33%7D%7D
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:1aca:4282:ffb2:25bd:a3d3:4283 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Mar 2023 14:30:02 GMT
server: nginx
x-server-name: dt06.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H3 200 haezTdMeijvNpzpe-iMvzf0waJjhxHRsaf2aRdVkA3o.js Show response
pagead2.googlesyndication.com/bg/ Frame DCAE 36 KB
14 KB 40ms
40ms Script
text/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/haezTdMeijvNpzpe-iMvzf0waJjhxHRsaf2aRdVkA3o.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

85a7b34dd31e8a3bcda73a5efa232fcdfd306898e1c4746c69fd9a45d564037a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Wed, 15 Mar 2023 13:18:39 GMT
content-encoding: br
x-content-type-options: nosniff
age: 90683
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14212
x-xss-protection: 0
last-modified: Mon, 06 Mar 2023 11:38:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 14 Mar 2024 13:18:39 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 7AE0 0
20 B 73ms
73ms Ping
image/gif 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tler&ord=4128145810353&version=m202301230201&ct=76&x=1&cor=18343781589991836000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Mar 2023 14:30:02 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 haezTdMeijvNpzpe-iMvzf0waJjhxHRsaf2aRdVkA3o.js Show response
pagead2.googlesyndication.com/bg/ Frame 2C6B 36 KB
14 KB 39ms
39ms Script
text/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/haezTdMeijvNpzpe-iMvzf0waJjhxHRsaf2aRdVkA3o.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

85a7b34dd31e8a3bcda73a5efa232fcdfd306898e1c4746c69fd9a45d564037a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Wed, 15 Mar 2023 13:18:39 GMT
content-encoding: br
x-content-type-options: nosniff
age: 90683
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14212
x-xss-protection: 0
last-modified: Mon, 06 Mar 2023 11:38:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 14 Mar 2024 13:18:39 GMT

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 5C64 43 B
215 B 118ms
118ms Image
image/gif 2600:1f18:1aca:4282:ffb2:25bd:a3d3:4283
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=886862&asId=733096cb-92e3-f88d-4dcc-9893788dba82&tv=%7Bc:72dVDY,pingTime:-10,time:1557,type:s,mvn:ZnNjPTEzLHNkPTMsbm89OCxhc3A9MQ--,sd:MTcuNi4ydjEyMDB8fDE2MDB8fDF8fDF8fDI0fHwxMjAwfHwwfHwwfHwxfHxsYW5kc2NhcGUtcHJpbWFyeXx8MjR8fDQvM3x8NC8zfHwwfHwxNjAw,no:MTcuNi4ydk1vemlsbGF8fE5ldHNjYXBlfHxufHxufHwwfHxufHxXaW4zMnx8R2Vja298fDIwMDMwMTA3fHwwfHxNb3ppbGxhLzUuMCAoV2luZG93cyBOVCAxMC4wOyBXaW42NDsgeDY0KSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBDaHJvbWUvMTExLjAuNTU2My42NCBTYWZhcmkvNTM3LjM2fHwxfHwxfHxHb29nbGUgSW5jLnx8bg--,ch:n,fsc:17.6.2v222222220002222202222222222222222222202222222220222202000022000220222222220000222202002222202222222220222222220000020022222200022222220200000222200022220002022022022222202002220222022222022220000220200000022220222220222222222222202222222222222222222222222222222222222200000022022020020000002022202022022022222222000000000020222202022022222000000020000000000000000000020220202220000022200222202220022200200222022202220022220222200202222020002200002222022222202222000002002002222222202220022202200022002220222202,asp:1678977001663%7C%7Ce8cc9329991747ba2d57d603c3603b7f%7C%7C048cfc492222ea08fb0159cb46ab52cc%7C%7C2419541dcaa6b59d4e1f0b5b67168595%7C%7C13ede6a7a56e600056d1aa9e6bc818b2%7C%7Ce08ec9c3f3e802a4cb6f600eaf558839%7C%7C35884d35eef6c70c5ce0cb3f33200098%7C%7C23e81e46e4d3dae5ee87e593651057f3%7C%7C1663701684,sca:%7Bspg:bcbcff77-5dfa-c486-b694-2a5f9ed0cd33%7D%7D
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:1aca:4282:ffb2:25bd:a3d3:4283 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Mar 2023 14:30:02 GMT
server: nginx
x-server-name: dt26.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H3 200 haezTdMeijvNpzpe-iMvzf0waJjhxHRsaf2aRdVkA3o.js Show response
pagead2.googlesyndication.com/bg/ Frame F9E6 36 KB
14 KB 40ms
39ms Script
text/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/haezTdMeijvNpzpe-iMvzf0waJjhxHRsaf2aRdVkA3o.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

85a7b34dd31e8a3bcda73a5efa232fcdfd306898e1c4746c69fd9a45d564037a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Wed, 15 Mar 2023 13:18:39 GMT
content-encoding: br
x-content-type-options: nosniff
age: 90683
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14212
x-xss-protection: 0
last-modified: Mon, 06 Mar 2023 11:38:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 14 Mar 2024 13:18:39 GMT

OPTIONS
H2 200 sid
mug.criteo.com/ Frame 0
0 147ms
50ms Preflight
application/json 178.250.0.157
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.0.157 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: GET
Origin: null
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: content-type
access-control-allow-methods: GET
access-control-allow-origin: null
cache-control: no-cache, no-store, must-revalidate
content-encoding: gzip
content-type: application/json; charset=utf-8
date: Thu, 16 Mar 2023 14:30:01 GMT
expires: 0
pragma: no-cache
server: Kestrel
server-processing-duration-in-ticks: 516103
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding

GET
H3 200 03092023-092157851-1456_180_mehr-datenvolumen_grafik_quer_schmal_infosf1c823ff-7ba1-4fb2-a26a-bf2207bdf096.gif
s0.2mdn.net/4528404/ Frame AD53 9 KB
9 KB 40ms
39ms Image
image/gif 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/4528404/03092023-092157851-1456_180_mehr-datenvolumen_grafik_quer_schmal_infosf1c823ff-7ba1-4fb2-a26a-bf2207bdf096.gif

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b6c6cbce924a25fbaea345fd582637c9a14fef43e9f861ad85b94dc438e67453

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/9548364509937149214/index.html?e=69&leftOffset=0&topOffset=0&c=BRndvIgLyS&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Wed, 15 Mar 2023 20:21:52 GMT
x-content-type-options: nosniff
age: 65290
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9467
x-xss-protection: 0
last-modified: Thu, 09 Mar 2023 17:21:57 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/gif
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 16 Mar 2023 20:21:52 GMT

GET
H3 200 03092023-092157851-1456_180_mehr-datenvolumen_grafik_quer_schmal_infosf1c823ff-7ba1-4fb2-a26a-bf2207bdf096.gif
s0.2mdn.net/4528404/ Frame 7C94 9 KB
9 KB 41ms
41ms Image
image/gif 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/4528404/03092023-092157851-1456_180_mehr-datenvolumen_grafik_quer_schmal_infosf1c823ff-7ba1-4fb2-a26a-bf2207bdf096.gif

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/9548364509937149214/1676550659977.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b6c6cbce924a25fbaea345fd582637c9a14fef43e9f861ad85b94dc438e67453

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/9548364509937149214/index.html?e=69&leftOffset=0&topOffset=0&c=uIfgOF2LHx&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Wed, 15 Mar 2023 20:21:52 GMT
x-content-type-options: nosniff
age: 65290
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9467
x-xss-protection: 0
last-modified: Thu, 09 Mar 2023 17:21:57 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/gif
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 16 Mar 2023 20:21:52 GMT

GET
H3 200 03092023-092157851-1456_180_mehr-datenvolumen_grafik_quer_schmal_infosf1c823ff-7ba1-4fb2-a26a-bf2207bdf096.gif
s0.2mdn.net/4528404/ Frame 3D31 9 KB
9 KB 40ms
39ms Image
image/gif 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/4528404/03092023-092157851-1456_180_mehr-datenvolumen_grafik_quer_schmal_infosf1c823ff-7ba1-4fb2-a26a-bf2207bdf096.gif

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/9548364509937149214/1676550659977.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b6c6cbce924a25fbaea345fd582637c9a14fef43e9f861ad85b94dc438e67453

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/9548364509937149214/index.html?e=69&leftOffset=0&topOffset=0&c=acEf2kB9KP&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Wed, 15 Mar 2023 20:21:52 GMT
x-content-type-options: nosniff
age: 65290
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9467
x-xss-protection: 0
last-modified: Thu, 09 Mar 2023 17:21:57 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/gif
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 16 Mar 2023 20:21:52 GMT

GET
H3 200 03092023-092157851-1456_180_mehr-datenvolumen_grafik_quer_schmal_infosf1c823ff-7ba1-4fb2-a26a-bf2207bdf096.gif
s0.2mdn.net/4528404/ Frame 2370 9 KB
9 KB 40ms
39ms Image
image/gif 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/4528404/03092023-092157851-1456_180_mehr-datenvolumen_grafik_quer_schmal_infosf1c823ff-7ba1-4fb2-a26a-bf2207bdf096.gif

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/9548364509937149214/1676550659977.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b6c6cbce924a25fbaea345fd582637c9a14fef43e9f861ad85b94dc438e67453

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/9548364509937149214/index.html?e=69&leftOffset=0&topOffset=0&c=k02vPx69ko&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Wed, 15 Mar 2023 20:21:52 GMT
x-content-type-options: nosniff
age: 65290
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9467
x-xss-protection: 0
last-modified: Thu, 09 Mar 2023 17:21:57 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/gif
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 16 Mar 2023 20:21:52 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 24F9 0
20 B 73ms
72ms Ping
image/gif 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tler&ord=4295734855024&version=m202301230201&ct=76&x=1&cor=15143331492421624000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Mar 2023 14:30:02 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 267F 0
20 B 73ms
72ms Ping
image/gif 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tler&ord=7706302923775&version=m202301230201&ct=76&x=1&cor=17156096254712402000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Mar 2023 14:30:02 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 3E35 0
20 B 73ms
73ms Ping
image/gif 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tler&ord=3996462559776&version=m202301230201&ct=76&x=1&cor=3318827580576410000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Mar 2023 14:30:02 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 5C64 0
20 B 73ms
73ms Ping
image/gif 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tler&ord=1946524524407&version=m202301230201&ct=76&x=1&cor=4034464783009076700

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Mar 2023 14:30:02 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 184F 0
20 B 73ms
73ms Ping
image/gif 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tler&ord=3489221692080&version=m202301230201&ct=76&x=1&cor=11407736492356500000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Mar 2023 14:30:02 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 8470 0
20 B 77ms
77ms Image
image/gif 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=B4lJy5ycTZK3XN-bCx_APyo6m6AwAAAAAOAHgBAI&bg=!5eal5rLNAAZKh9k7aoc7ADkAdvg8WsG_csrDq6YsHdDGSgBt0p6PmyT04vxTFIRg2WvbA1bZxwPUc3Sj8Mtjzb3CT3JZ1F7bc1kCAAADmFIAAAADaAEHmQLoC1pY265CBDLyTZICIfzhwwdPO_QZvKh2dTvgwlVrtv2haTIZFGeyNm_efuamsJkgNtGMBLHNZZ7b28R8XtQjWVXUJWg5W5OqllWGf16G6HMc1ektusPYtsgJ73HLY2E9XtwdWqxx2hUf4CWoqT4leOxhFfUvNNpx1kDrdzG3phEu5NJUlY9y-KqnvE9WgrkL4pa7GpXAlS5NOmBIYLwD3hT1TizsCKfRo9mYzdA4JQQ_tFl4rHif0to9H_4RwUNiAMYG4QPiSMCWJ8YTbSj3mqxTlIaOJ4_DAZR1I6aCXUrXj8jQF022Rh2oAUjJ0er_msV4KfbpKA_xpWd-05dIbHO3MQ1H3IfsAqqBn_WUNm2e5wfI6r1aqOiJnAfaN2phd8GIf65vBPqAfN-H5a3QuNtVpCqfezcYGcZy_UkvC748bsXM2QAEXo2qhP7atVNA9rZ3kM2ej9zRg-bgdQ6A7i1J9u1JbiFdQ748MjyBTxF0hUv8gxz4ytT-JkjrhERcuCjpDhvcBnER6Qx1n7HYfON5u97TKT34gK0mL-OWaFoddEUq_Im62_0L__38JrR0PljlvsEN1qVWgxvIVwrjJuM3oSmE8L0drKUIzHcOZuEKW5bpdRUAnEbRNJadaJJKBrerqF-e-9c-t3ZGGdu69qFSkxSIWGLOESsLcCV1AvcATcxcFTJEFg3R1kZnHCjndLxHaUc-2TNXyntB88Lqwu2thIpr8NkB6DlhYdhbTmnIxXzd820X8hgEkPgWLdScq-HN0nU1CZ-wQiSJ5tx4-M0sz1d3BDJZaBsMDZHshrBuXDxwj4spjS6f0YvElfisvTB2djuJUAzlls2MPKQ7NbpkGHVHAYy-rmoTstAeYwS8cO0UqYxlEBbaR-2HI4zvOmTNjk1YfQfuvtjPUIpmUiqc-lWC8Ax-FcipPSH3mY7uEMBuwlpsyLIrtqWL7a74UrGaABq5mXmED92vknwcexX0auvllE9S

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Mar 2023 14:30:02 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 3E35 43 B
215 B 118ms
116ms Image
image/gif 2600:1f18:1aca:4282:ffb2:25bd:a3d3:4283
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1272511&asId=50bd15bf-7cbd-075d-1536-ed708d7d9a4c&tv=%7Bc:72dVHE,pingTime:-10,time:1876,type:s,mvn:ZnNjPTEzLHNkPTMsbm89OCxhc3A9MQ--,sd:MTcuNi4ydjEyMDB8fDE2MDB8fDF8fDF8fDI0fHwxMjAwfHwwfHwwfHwxfHxsYW5kc2NhcGUtcHJpbWFyeXx8MjR8fDQvM3x8NC8zfHwwfHwxNjAw,no:MTcuNi4ydk1vemlsbGF8fE5ldHNjYXBlfHxufHxufHwwfHxufHxXaW4zMnx8R2Vja298fDIwMDMwMTA3fHwwfHxNb3ppbGxhLzUuMCAoV2luZG93cyBOVCAxMC4wOyBXaW42NDsgeDY0KSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBDaHJvbWUvMTExLjAuNTU2My42NCBTYWZhcmkvNTM3LjM2fHwxfHwxfHxHb29nbGUgSW5jLnx8bg--,ch:n,fsc:17.6.2v222222220002222202222222222222222222202222222220222202000022000220222222220000222202002222202222222220222222220000020022222200022222220200000222200022220002022022022222202002220222022222022220000220200000022220222220222222222222202222222222222222222222222222222222222200000022022020020000002022202022022022222222000000000020222202022022222000000020000000000000000000020220202220000022200222202220022200200222022202220022220222200202222020002200002222022222202222000002002002222222202220022202200022002220222202,asp:1678977001663%7C%7Ce8cc9329991747ba2d57d603c3603b7f%7C%7C048cfc492222ea08fb0159cb46ab52cc%7C%7C2419541dcaa6b59d4e1f0b5b67168595%7C%7C13ede6a7a56e600056d1aa9e6bc818b2%7C%7Ce08ec9c3f3e802a4cb6f600eaf558839%7C%7C35884d35eef6c70c5ce0cb3f33200098%7C%7C23e81e46e4d3dae5ee87e593651057f3%7C%7C1663701684,im:%7Bpci:%7Btdr:1079%7D%7D,sca:%7Bspg:bcbcff77-5dfa-c486-b694-2a5f9ed0cd33%7D%7D
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:1aca:4282:ffb2:25bd:a3d3:4283 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Mar 2023 14:30:02 GMT
server: nginx
x-server-name: dt08.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 4F8A 13 KB
5 KB 42ms
40ms Document
text/html 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://orangesport.ro/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 4979
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Thu, 16 Mar 2023 13:07:03 GMT
expires: Fri, 15 Mar 2024 13:07:03 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 560B 783 B
1 KB 139ms
50ms Document
text/html 2a00:1450:4001:831::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

848f81ed7764462b85973ee7dfb6ff20553a2a8d27a4c0c6ee71132f0544cb5f

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-Z7_aykBAO3suy_ohG2i8Hg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://orangesport.ro/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=300
content-encoding: gzip
content-length: 512
content-security-policy: script-src 'report-sample' 'nonce-Z7_aykBAO3suy_ohG2i8Hg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Thu, 16 Mar 2023 14:30:02 GMT
expires: Thu, 16 Mar 2023 14:30:02 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame D707 0
20 B 76ms
76ms Image
image/gif 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BQh6E5ycTZP-EOO-k9u8P8PeqqAwAAAAAOAHgBAI&bg=!T0ylTBjNAAZKh9k7aoc7ADkAdvg8Wm4mu1OCw_x9KQsqemBPUqd_7zkosn8d9M-d_36HSkN_ApV-8PGAuxGu2_s5eWzrS3eA1vQCAAADqlIAAAACaAEHmQM-Jk3MLVdbh7QjMbFa0KPmSoAhV6-DALotsdD5GbeI1Yxx-tViNKcTv9CY2543a-Z7gb7vgiDSVqtaZqhPrR6ZyigVEIiMs3obuVF0hqHs0HEelUeXwYvg4JfV_DBfid_DhAgGP-LleraPgCMFvJNiwGFwvSyfSD8pjcJ-Foksu1SLdc_zAiegxaARsKU_rfCEQNu7PIPl90L2xUdx5nXqGW0Gp0zNTX6nfPFX97ZxR4Mf6FtWaWrp4pVnlJj-ExtN4LFEXX0RT6gYvkIY7RliiO81Kj6SCfk5DTPlfQiY141g2zOWNR1ep9NBqU3OAgR7DUd9wLVsCv8laXuc8ysG8XP_khRtfI1r2RrY8mQF-k_OuNMED-Q2HlseKOoAsfFJUiAeynwylf_pVPBQmepc8jegPDGl41VH-u0IppDZx4_ukyH7fxHftqwe-DWqESo14JBQHbZM6jDPKLkAyxM5iBsBXiWjv_Jt7jfLPGvGxGiklHFJcyHpKbV4bqlBbKHBm8rtMpBXaZwIcgS0_L39ianLL8X1lo-LGlRqn2FqrKg9I53Vsehv4k25Lc_DwjmiJn_01J8Wd7ZDbFcuMxYgQX1EOXhuDA4V3eJ6OzoTVEdb1QxY0vWvtShgdDLaxsLQOBR24PbEjFwO0EuOPrQqSMLOwBMdYI68TBA4gcAU-wf3DW41LjW5JnCyDNe1uHXRFcEJfQ-0RKkScNu1vAeMCiLJnTTjz010PBWie0RIqR8Yh4sTGEx-zHtxhHoj0nrI88jGIiB-u96y-deHfNJ7DE5VhA8nNPyoYHRmKEl4x-RygCFnMPUP1n54cEj9-obs0MbjfuwLh7BP7KXiGlBBC5KAXGHZ-m7pWnYPZ8NKrDcEx1nCuCfYtFyEdeJ__Ai8pSs_I2M3sN0xDLpcqyIBS5yZjIHDm8Hi2c2B31K3RhE0d5GD0uy8omNJwOnSeTMwdWfl_4xuCfuM22dKNPIPfBVD5XJBEn4p8UVj_vVRiBFUyQMJWkftqNziKAM2aXU5zXtvU6qGHTPOLDthJGaawXIbpVAHQPJeL6KI9oA7RxXzIV2HhTqDFEf2_GS0jLNcleq-LjjjAfe7Zwj4j7U

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Mar 2023 14:30:02 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 5304 0
20 B 77ms
76ms Image
image/gif 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=B-ApO5ycTZOO0OYWj9u8P_e-EmA4AAAAAOAHgBAI&bg=!PT6lPmrNAAZKh9k7aoc7ADkAdvg8WsOZl8ZhYuJ2OClvmJDC43UKhEVtdv-FkzIC7bmoNX73fANjA-2GQ7ypmRsg9RHdzii1qd8CAAADw1IAAAADaAEHmQNF-Uk7b3QgoRWIeurHMe4-fQREebKgysQyQHN5ujqYd3PuVMa-WvUtqgJtIBK0Hcm3zLbaqr9jidMTQN6-lYAnfA2p7OGzsvZN2bpak2trfFX3zyLF85ZyV6JcIqhj_NSRX2sekVHTwleUz3YYJfuUoLtRUTYBsdm7_hayjT-vMsY9ZEHRlHEG1iZkT1FmOlRcVDo9jOuUYoYALFvvk732RLA7wk8T-9Wb8DGFeQzMrJASsmodG5bHHIQ4EPGMR9AY5w8ulazM0uwX2Cq5iJYYxR9EbI6vWRXlu6bAcYugCdmfKwVFfj4y3eCSqzrHzUa5J1z-mOpJn4xDnoKRR1BW6e_nnKskWBuX-5mrqtqzW0qbsVnUfqAdZciruMsxiY-jAHV65bZtK1OpYM5-iGdJEASRKxOeftKxoz0KvygR33dWCYrpFkMrC1C0o2kQVg1lJxMzetc94caO3WNHOg_h41mQCJN1zz0YA4ya6pOuJTJ0tiScL4qYwcGi951N90QfoGjYo4eGdBXNyuxwPudwdbgT-R3MJSKfwGCPoWVTgNsdTA2MvFHf_mG2Wg9Yvz97oZDd2qpHFiRnXLA3Sy9bYOuXumK9jgiEU6pvghjD5sBExohkHltWD9Gdc8eoXn-G52ahL8OCPClLTjo3Cu8n4u42y8lwod_um_-EV-etEwbNNR9fa77g8jeQeP4DOVmc0rdtgbqa8iTkgn2zIlrUUbE43wJQwHzEj5Tryhfn6jwF1YgV2iPIOz9jwDHJ1Is3HuRi5VzxbPZA4UJdU2eBbv2dTYvuvcWXpsRnWB44zl_AToLS4NxxZa1m8SHe4hUfG6-lh6WfJ1vr0OpafaP-J5eZP14I9l6ZsjGZmrviueaO3I9Lf_QHAM-_CSgg_ywgOgR1QCxXkbPxHuuxHsSbY9FQVh5Whn7otBYmwBbUl-VRBFRhZLiISJMNxW0c-AEm_IOzhLnaR46OCNKqIrxmPyyznYmN1JImEIlxsNkKqyx87otVQ7ADhriIPbbK1yPrLdaSI3QEioYAQ9AcK41lI6uzafsqwaGghR_Fluv4jBJFKi5eRs29d8iLdFERNgqwmT2DqYD_u6QiWStId-Le7YDChyft

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Mar 2023 14:30:02 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 0132 0
20 B 77ms
77ms Image
image/gif 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BMgRJ5ycTZP3OON_hx_APzq-BkAIAAAAAOAHgBAI&bg=!GRqlGk7NAAZKh9k7aoc7ADkAdvg8Wi5_H0LI9ROb67ShJOPUPLbFSKkDIhYTBDyCa-p9p3Gh4L3qhzAp0PQBDZANcNp9ohPnh9cCAAADr1IAAAACaAEHCgAW2n9e11xipNhp7jpHXmp5HVJmqqg3gpkC7IYK0sUkGqBnXQ9egHSVGwt7fijZq88abV9TDIdPpMEWI8aP_QtN1AmY6vQE62mppow2Pm-e-eO1xKyz-RL6DHTyCxAg6wEUeaRv3EJAqGPcZFM6b5Tcv3W3lfJB7RJGApF9GK2V5Y5uGMmpOF57ns7rpSAWFPMKxRpsLbn1RSRbJHJAHT9wXojdDF1fF_J9L_ctWFCpvDJrNN6v6HulocOQrwvhMQvDduQR5ccPB-UaaiCItIdrS9j-IV6CLfnyEpW9XS0t-Lmq36Q0l-D9zJRGOE2Z9Gcg8JSRalh7dG0S7Q7mAWFRKSVuTKcp5kHLXQFj2Iqisj7Vz8mwP-9tvVGV_x0s0lUw0SmmO4AHs2glnLDXHf7TYxLd0wCl0lqbcAeMfkVCR6CbVevG1-AOqTJ9KGVJB-ypGiBQPJuqyDDtImR47_ZHfxh9HPeUYSIml09TnlukHwf5zSzLx8QDRHxqXEmL3jP9hK1Vz5l39ZG3n9IXW2nb1faEH8roSd0MwXCHmukwahWDqlW18zYno0-T2j03wS5_xlfSqlvZA8yz6YdbLnyrGY3Xq8V1Uxp9PcNh0r7Dgw8meLm5VwAgNPVdE2Lillrpxg4nMpqdI2Ko_wcupm0DWjA-SCFM_3QKwvdTtonMV3fYm0drU-e1Fs3fuGvOGUw5xUL_0K_f1gialkK72iqhAiLz8axrO6PrJ11j8SISu30fMW38FjC7sSNZvxQKj7RXjxWyKTA0_gvX3vePqJ50v98OraEOdSELdMEKmOAuSxSx3HRHzBAO5n8RCpo9xWJhST6Yz59y7RhKasWncxrUK_O3kfMRIDtX0luORGN7g9hpsr9yYsMWFE4aBwppkp7DsJUoPhsVRDeZvC0CnsPDnEAu6FYm-F9x6WUVTRvlUA6efVwFesDl2Cp_sr8hxJxtsg5gBX6sv4r7LhZ18gyn3u8CysaLVU3MO_VRiBZjYnr_HLboxWk5aVkhOOJZCzcP1CexOAw

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Mar 2023 14:30:02 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame C9AC 0
20 B 79ms
79ms Image
image/gif 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BIGXA5ycTZInlN7yK9u8PlMimQAAAAAA4AeAEAg&bg=!BQalBlLNAAZKh9k7aoc7ADkAdvg8Wh1aB8wxowlupXpkdX9QML4AUR0C4r06Q8g5G-h-T9T4matyUh5L1nybz8_kyKzdI1rRJlUCAAAEZVIAAAACaAEHmQLsBe3ja9E_RMdKTzg2MkMxuzmWrk44Rt9me0zvu_Z-oyOLGlPz-peTXniymt6L1SmVh82vHnIKNrE1zc_h_CU0eqxG_9OYiCcBSwsiU395QiVWhszMJTFkjix99w7U28UiRTRFobf-QjIschFRjzMYOm5RgaqCiltMkc6vBr2RLR67ArCZ6Xl-yn4atIAX4OY8akom3lh7lO0DNNYne1cLU4M6b4XlcaLsRxFe1SQ_X_ic0krLhKMTRg1FbTWYtO6c7AuRMeBRurCbE4Tdn2wODD_58XfzRDadVjWM0zR81Dwi_utb8n0tdV8vdPNUre3r8ebsVUIsilk3sRba6uoCYxfUv1FV1ndM52PhqszfXBOP2wDY_b5FIuGUbbGFRCjk40sAy95uxcoQe_PVZGA38k8sxHPMBSI5ga2qZUBN4EG-Z-tAIHJzKG4L9S0yqLXNIJeqhFUGve2q8lKqZbwpm1EsI0A60B4dbnssBgMO-n0w430m2iYOKnv34NCGdCXadP1FkLss2wZdlCZ8BkcsMsZ5_eU7pkld5hjY_pZad5ZliWOCcJbX-8wqfZ7Q759ir14e4YiFjAS8oFn1kCLrQOomccDUoIzhGYghcATwPYhvEUQ-FS8k3dCnIH--ybAgSBzrxADEc80L0rF3nz9AekQmWq9Vyv12sgr7ynOd0Y_8uDlzYixoZX5XRmHUsaDLc5hxq9qNstJ0nNagzxNE9KhxTkDVGN_Zu9MS1isyj5qFNw4xr4-Md8N33mFG_0OjFrMjXTc7j688H7jHSpdDLIA6--ipgkCpTVx8SGdNUYE_f2FUuma0bEAxPtLQ5k8nedfjgQmOPjaLUJTzE0if245J67E95g1F8Kx6XKfwCg4vYBkd3FdahGQ3aAkmVFnwSH34OqTB827vrdO0WaurKtUI5PdC9OrLesdQZAQWC2wWeLLa_FtPuS9irV_IkRQx9ap0e52bH8c1Pd43wBrARVe92b2l0xCxftchIA

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Mar 2023 14:30:02 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 3551 0
20 B 76ms
76ms Image
image/gif 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BDLi55ycTZKCBOZLC7_UPq8mA0AkAAAAAOAHgBAI&bg=!EBOlE0fNAAZKh9k7aoc7ADkAdvg8WufEa336EHpoE61sVoNT84zsAFwl0LlShuS1j-yCWR-S6-rm-7NEzFA4CUUzO9IzWmbj_MwCAAAELVIAAAADaAEHCgBBGWHLrJ7ZbDisMjD9FzOaQ5K2EMhS6VJnCG_io42MGW6vnds2f0xa-NzxLSZnhyE1heA4KsaLJJNLqv5qyYNj0fKZAu4xIgx6MCGt-HzM4nfF9tsM5DOnI3HbNYyxVW2oBNsclK0SVEZjXfVwRleWBgbtCG9iOYe88qhDu-o4oEJ2WmFETg1qj3jkb21uvMzaKIcWVTMI4qjNqg9IzFY_jRrWpdU-bgOzy2YPXqos8ncqUHEIGjNDxh8jqgmDg0e4qk8rcwVNPnLYZwgZNCs2tCPHoC3dZwjTx-rBwcuPSrXSwBcv5q41CZXKfciy7KjBCdHxTAtrAz7WLsMdB_-BZ7S1ZXpXbs5rACYF0NLfBNECdpyVYfr0ajSM2JricR7aahgzO38EVKi1thXsIZNJE0c58ZDbYqG2DmGNaDqfmyweLOP5O609ESegYmhb5LAIsspzlt10W_48rJBJXBGC78JQqk8ZPvU1jCPvnva8ueRadi-MHxA4PCLwsdBIeoZnEcZbxh6RA2Q38Tvy2yFTGiLFbQdITUWMaQgA9an92277oz6DkR9ajE9tYincaxQlPKcwyaemwaJ_HdMTHnWF8HFcBnl3XFKHIDwFvycLtUOBeqCpbaVPTAyEWWD-DWz8Q6UEY2cK3CkqDUcM16mwC8Op6nFgl19a09cAHKcGBvwGi8coauGG5PC6Cm_xlj158PSe1eDIg69qONZz8UCiYPOh70o5E0v_ZvP2rJYJUjHceSaqiAgcPskvzGL_FgmJipS9TCAMN7si3e5aUhOFboZb9-Amof53TMGRvBWiRvquJPPfqWPt70CpSQEEoUl3wcCm-PFbewWYIo9ypNYjrNqhWt_0Nd6hgauMsoOaPXoXczF-DbJYtLGinGreiGw4ymQb0RgoY5Zx28gwOur-BzWu4vMOal9CejjwzTDxnf_TtXGiwxYwKfAkj-dsofmMlpOg30r1NENW4bKQ_D26_QwHlfZLD0vbZ91TdFSYJD2BkVc8FUMyUD91OIqODjsXn-UC4iVzalgiQqoQK-zWdybH-R0t2YjcsrogeUbXH-csLjQaG1HDa__1HHcNQGmLpZ4

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Mar 2023 14:30:02 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 560B 0
0 74ms
73ms Image
text/html 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gpt_2023030901&jk=3098948467370611&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 7D8B 0
20 B 77ms
76ms Image
image/gif 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BuJPf5ycTZIPQOJXegAfh5qaIDAAAAAA4AeAEAg&bg=!GxilGEzNAAZKh9k7aoc7ADkAdvg8Wr156E0TiFp8fmdLW3qadH1TYcoo1VQfqBiqQqCCLYOctCpRgPfqJoeweO3e1jeBXuNJnpcCAAAD7VIAAAACaAEHCgBfMOyd_GOxWb3H6m2lwXgmZQa3MyZgK68L-0zNqVAiCkNuv-aEVbaZvg30qJpaiqnZvpFxjyQw14DFeTLjKdXW106OY7G6wy2z17l3peqiW0d45byNzDoRcHmAYvcgH_GZAu3oGDG_YcT898d-yx4cY2TTW28rctXyzYj87qfRZWTRLkQY7GqojdW6Bz_eMr5WtsMo6ztN37BExPpEXJtLudl8iTwkn4fs3wHscbOio4vY1yzSikhSmYunr5RVkcQ4ejIs1QaFwz6H-YzWhUFJCfHdlvMdLIRhU1m08E7mhSwHh2i6OvbwTdvZkFRWu0S6U2R-3nfuXaxrkbOirNtbtO7zDghC27xOupJBbxLRnhWkfm6kkudktKwEGBnN0Ai78SOBfBB0JkR11T9UKGTBIaG5J4XhFJgwCuj96rNGTQwlaRupL8zNj3h2RwhAtxwALAJYAd5gKFYE6sVUQj1Jy34sq3F-lnBvAcqkX4prWQ3YeTtfCNoL_6lBAP33Z0FpchiakJGde6j6ExJCf0CUjyvtcNN2YVHwCHj_c0Hz7xP3f07pAN2lufeXOI4GrpUr3Q8C2NaKotAcUJcFYgKQ-h_PYIl4C577cP_i_-qriGehAxXeF6c8mnzLgX4KHYLxH-2UuvnE6Crro-Dv7GhjbdelqbZJ3H32NgU6AmLmRYbZbo4Mfs8jPo3J_PN34gHYFDqjV9zlka1MeE2KhwzIA-2PiVpmaRM2ohscCkmQXXkg8YZEA57XChp7t8wOYha7MQgdSv4cqLb7Fyqo3p7261ZVIEFS5HCc9G8VV2J4oRqA0KCMr36_7Ye9wYoNzvyjMBYjF98E6EMZLRbuSLZxnkTBoSk5ncMGOkgm07Qk2q4nXqc5oz9vXlC5ySZUonE98DLS_HSsnApyFm51bWoGmQCYLCs0TBA04JsYCxNKpnRVWO3pCyOKCrm5JdQz6TDaFsM3RXxUbAnPu3NpFUFPf_trByr38l9WYEoTsX0H0fkrk80ng4mifPrABSe3Tawd6Kh0Wb06EIYCrhwtwBapzYxuUucQi4Q-Sy5doSARuPnNYWTokeyBFmJF5LPhNz1scoT4BGUCmq6EJUkg_RQlXXbrye1RtXeDjDn8uTYPrA

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Mar 2023 14:30:02 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 738F 0
20 B 75ms
74ms Ping
image/gif 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tler&ord=6425504492768&version=m202301230201&ct=76&x=1&cor=1454132998387860200

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Mar 2023 14:30:02 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 haezTdMeijvNpzpe-iMvzf0waJjhxHRsaf2aRdVkA3o.js Show response
pagead2.googlesyndication.com/bg/ Frame 4F8A 36 KB
14 KB 42ms
41ms Script
text/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/haezTdMeijvNpzpe-iMvzf0waJjhxHRsaf2aRdVkA3o.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

85a7b34dd31e8a3bcda73a5efa232fcdfd306898e1c4746c69fd9a45d564037a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Wed, 15 Mar 2023 13:18:39 GMT
content-encoding: br
x-content-type-options: nosniff
age: 90683
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14212
x-xss-protection: 0
last-modified: Mon, 06 Mar 2023 11:38:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 14 Mar 2024 13:18:39 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame D515 0
20 B 76ms
76ms Image
image/gif 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BBeyi5ycTZOqVOfKyx_APv9yD4AsAAAAAOAHgBAI&bg=!ODulO2_NAAZKh9k7aoc7ADkAdvg8Wgxwb9aVewxae7I-f7PYg3_ZsPu8oRm4eoSCJnz8Xt7jn-1uSPgdOLnmN1km0RgBqzQzd2YCAAAEI1IAAAACaAEHCgBQQsa0aZbu4emaa0jbvgI92anOumt4IGpRagXcfhLveDy6bNMmxScu8KEkByIKbCA-eVTOORoGKbo2HHzr2Ss2GkDs_HsJD8KtJlgEP-hffqSZAwLwRpVuyw5vG3wAFb2zE6RWuNW5l2h0q2qRaXQr8s2B7_5LaAAwpqlShLpxybSHItK8IVjsqYMg_xS6KkFSsmXfdsV5WfkVr4_vyD3vG-_2_m2J-NePYFu0AVSfrdHNgo8f9VEkxZ57FypfoqOrYPAZjm6zFmINeUWI4q5cgvp1ntj8tk9pZTXQqNTakOZro8D_yk-gQ_c61pgxiPwE2r9dGtf-iZRXqMjLRaREfASvyKZ6XjpzjeLtiCK1gSm7yxmj0LDHizTGvWOxivWfNsAKTa4ivPUbzf1hSGWOtcCZRRoJi3SoJ-kRsUVV5yWyEzSGUJjmoDop80OueZGo4o7zt9YZrxzekpkE3m30RJDhesqxRiQY3gMv84WnJAEOHKcWjgRaqUFzN9HwIUkKUP0_j_3eOgObaihFdX9lsTiu26jB5O8p5F0_EEZWgHlDQG-qHQogBlETbjcsW-m2u5Q3RlK1PGSxhnbC_Wf-nAcyX_q_B2rYxJDA-canfBia1_GXN3q466WWQR8L5HtLqfwX1mk2wuB42svV-ZWmKVENc1SdvW3xnpawUZinOaVxPtHM8w-fG2xSvVghbUMN-lJPM6fQ3QGPFQ-BRfo_ajlRHCQnnFYIqlGG6_JfYdMzJxNVOFOa2lWFLhv91gZbG0qFv5MSqBezF8vxcpAnzBY8Gsg4x4W7Apvu8QCNEC-1ikMlvue_cO9yl6leJhZ6j2snHKTa09hR1KlpYth9MGZ-8NCi5Dtf7EN8G0fZKAgTCHEca16dKXUI7bplurYbg53xN5QOwwLsvMXahXGvnpPMNBsved-YELG6vGwnVS_3iNVvyiYtDJ82hVmUGBi45o1TCdSzhUfSMTAY8vQduawTw-p2HRvHjEHj4wNx3z1DWUY1GTtsjeS7P6m6xGdXPk2QCa_BgUnGqAZBYeusADoogFnwq9ovY2BhPTPcgVxO7SYw0H0FhwvR8Zb_BWmL6pkOuB4TEaYnpDuhUXQDqVMe0DN5yj-NmOMaiJSGiUffCDXnKw

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Mar 2023 14:30:02 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 3218 0
20 B 74ms
74ms Ping
image/gif 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tler&ord=4723911474547&version=m202301230201&ct=76&x=1&cor=10645229588543791000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Mar 2023 14:30:02 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 73E7 0
20 B 73ms
73ms Ping
image/gif 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tler&ord=3754934177409&version=m202301230201&ct=76&x=1&cor=3059102117803988500

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Mar 2023 14:30:03 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame 4F8A 0
10 B 40ms
40ms Image
text/plain 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?Nkxu3g
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 14:30:03 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 5C64 43 B
215 B 117ms
117ms Image
image/gif 2600:1f18:1aca:4282:ffb2:25bd:a3d3:4283
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=886862&asId=733096cb-92e3-f88d-4dcc-9893788dba82&tv=%7Bc:72dVS9,pingTime:1,time:2436,type:p,clog:%5B%7Bpiv:0,vs:o,r:r,w:728,h:90,t:17%7D,%7Bpiv:100,vs:i,r:,t:1412%7D%5D,es:1,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:1,slTimes:%7Bi:1024,o:1412,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:17,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:sp,cc:0.0.728.90,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B1407~0,1~100%5D,as:%5B1408~728.90%5D%7D%7D,%7Bsl:i,t:1412,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:sp,cc:0.0.728.90,piv:100,obst:0,th:0,reas:,bkn:%7Bpiv:%5B1023~100%5D,as:%5B1023~728.90%5D%7D%7D%5D,slEventCount:2,em:true,fr:false,e:,tt:rjss,dtt:303,fm:tyG4o9D+11%7C12%7C13%7C14%7C1511%7C16%7C17%7C18.886862-62195780%7C181%7C182%7C183%7C184%7C19.886862-62195780%7C191%7C192%7C1a1.1272511-69505651%7C1a11%7C1a12%7C1a13%7C1a14%7C1b1.1272511-69505651%7C1b11%7C1b12%7C1b13%7C1b14%7C1c*.886862-62195778%7C1c1%7C1c2%7C1d1%7C1d2%7C1e1%7C1e2%7C1e3%7C1f1%7C1f2%7C1g1%7C1g2%7C1h%7C1i%7C1j,idMap:1c*,rmeas:1,rend:1,renddet:XIFRAME.qs.dr,siq:18,sis:390%7D&br=c
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:1aca:4282:ffb2:25bd:a3d3:4283 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Mar 2023 14:30:03 GMT
server: nginx
x-server-name: dt23.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 5C64 43 B
215 B 118ms
117ms Image
image/gif 2600:1f18:1aca:4282:ffb2:25bd:a3d3:4283
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=886862&asId=733096cb-92e3-f88d-4dcc-9893788dba82&tv=%7Bc:72dVS9,pingTime:1,time:2436,type:c,clog:%5B%7Bpiv:0,vs:o,r:r,w:728,h:90,t:17%7D,%7Bpiv:100,vs:i,r:,t:1412%7D%5D,es:1,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:1,slTimes:%7Bi:1024,o:1412,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:17,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:sp,cc:0.0.728.90,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B1407~0,1~100%5D,as:%5B1408~728.90%5D%7D%7D,%7Bsl:i,t:1412,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:sp,cc:0.0.728.90,piv:100,obst:0,th:0,reas:,bkn:%7Bpiv:%5B1023~100%5D,as:%5B1023~728.90%5D%7D%7D%5D,slEventCount:2,em:true,fr:false,e:,tt:rjss,dtt:303,fm:tyG4o9D+11%7C12%7C13%7C14%7C1511%7C16%7C17%7C18.886862-62195780%7C181%7C182%7C183%7C184%7C19.886862-62195780%7C191%7C192%7C1a1.1272511-69505651%7C1a11%7C1a12%7C1a13%7C1a14%7C1b1.1272511-69505651%7C1b11%7C1b12%7C1b13%7C1b14%7C1c*.886862-62195778%7C1c1%7C1c2%7C1d1%7C1d2%7C1e1%7C1e2%7C1e3%7C1f1%7C1f2%7C1g1%7C1g2%7C1h%7C1i%7C1j,idMap:1c*,rmeas:1,rend:1,renddet:XIFRAME.qs.dr,siq:18,sis:390,metricId:grpm1,cmr:t%7D&br=c
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:1aca:4282:ffb2:25bd:a3d3:4283 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Mar 2023 14:30:03 GMT
server: nginx
x-server-name: dt16.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H3 200 Tuitype-Bold.woff
s0.2mdn.net/sadbundle/5949325981360586752/728x90-Live_Happy/ Frame 1EBD 32 KB
32 KB 40ms
39ms Font
font/woff 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/5949325981360586752/728x90-Live_Happy/Tuitype-Bold.woff

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/5949325981360586752/728x90-Live_Happy/fonts.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

72ac9945714b5daef7842be8a7245a5dab9a30392a342935f0c4d81643635206

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/sadbundle/5949325981360586752/728x90-Live_Happy/fonts.css
Origin: https://s0.2mdn.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 06:00:31 GMT
x-content-type-options: nosniff
age: 30572
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 33164
x-xss-protection: 0
last-modified: Wed, 18 May 2022 15:39:48 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: font/woff
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 15 Mar 2024 06:00:31 GMT

GET
H3 200 Tuitype-Regular.woff
s0.2mdn.net/sadbundle/5949325981360586752/728x90-Live_Happy/ Frame 1EBD 32 KB
32 KB 41ms
41ms Font
font/woff 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/5949325981360586752/728x90-Live_Happy/Tuitype-Regular.woff

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/5949325981360586752/728x90-Live_Happy/fonts.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

79a4dcccb7123bdad0763c6dfff95db363b3d1b6c3b5958756a4b0a04e1805da

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/sadbundle/5949325981360586752/728x90-Live_Happy/fonts.css
Origin: https://s0.2mdn.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Sat, 11 Mar 2023 06:00:22 GMT
x-content-type-options: nosniff
age: 462581
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 32792
x-xss-protection: 0
last-modified: Wed, 18 May 2022 15:39:48 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: font/woff
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 10 Mar 2024 06:00:22 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ 0
0 76ms
76ms Image
text/html 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gpt_2023030901&jk=3098948467370611&bg=!NzSlNGDNAAZKh9k7aoc7ADkAdvg8WrO1d_6gYh_uirMtK3plgLxNbZg03kHj51iOIQ4Vu_cijheOG5IMI7ukY6P9CiMrC_BYyJECAAAAm1IAAAADaAEHCgAdiLiopdZ46NAXAAi69aychV6Qvzc_2kh-Tbzp3XSZAq0HkU5_hYY4jNQQS9dXEZ0RinkVWMdf5GdtZqTZyKT-Kmv2DjhtLXIutu5WDICcjzMzkBQrAmUdX9VauQYJNy0LY4cjDkar8Wk-7huJ_SLb6fZB4WoEzNM6m4BEO8zcNesGELdUrgj2G4AKi6poddr17vtl4iHmaFZup8lVV86M3oIIaEfzp2-mXY5j0OyBfEYoe5Yurv5tbxBB58YJpD2GKvIWJYjlEBEDQggAa-v2o0xzimTkZ03Bl-aURNcZQolFujHkFB_Jlx5GCFJ1zhjGI_Bs9wVI4G6Z-2gUk5p49IWeQ4EO2oc2-HYBDUdwJKels83GAJM5scLStwT4YimDGhpvT86eNrX7uguzrtiz_F7Nw7K0rQBjkLMX9L6KkScnvcxfzvL1Xj0qvUX2JH5_OGA0lLmMOAvvN9KVvnYysZHyYGQ-x5RXg3qi89jEHuVC6xtPP83JMM_xs8b0_CHUQNCWV8ncDI-Jo0VpmXRL_NWHE8Piwdd1lWHlAZRZvE_xZWiJKLVfjX8TuZlcokrUoCH3dfwTRpgop_3JNOIdWa9NP8FGnSKiE9OFAVXD-06QtZdSz0O9xVvIawgvybyvkCBRfA0XDW8ewNQfs1g7LtlHBs0iVJ0JCsWg6ttVa7kLK2yU3jItWZfckP5e1V8rPu2rHf49Bq9VhGdjCXHItTgn62rwtq4EhJrNn5LvcX6PKHm7qwW3NgBxDIWPEauVyFyCwbRnE36jIXNl2peEz4qpvmraMuDCp8effqfklBVxjLPLJKHYGHwW064uzd_13zbB7S8ZTOfy_WQ_4oJJjynZOYiNvsvy0kOVsC_bBIEloVxD4fe0GjMtE4xNBaAVmou6sluySTknbjmKRxR9te6U4MimLXv4pXAMRSFey1GbRW47y6ZYgewD-HL0
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://orangesport.ro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 5C64 43 B
215 B 117ms
117ms Image
image/gif 2600:1f18:1aca:4282:ffb2:25bd:a3d3:4283
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=886862&asId=733096cb-92e3-f88d-4dcc-9893788dba82&tv=%7Bc:72dW7V,pingTime:2,time:3414,type:p,clog:%5B%7Bpiv:0,vs:o,r:r,w:728,h:90,t:17%7D,%7Bpiv:100,vs:i,r:,t:1412%7D%5D,es:1,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:1,slTimes:%7Bi:2002,o:1412,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:17,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:sp,cc:0.0.728.90,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B1407~0,1~100%5D,as:%5B1408~728.90%5D%7D%7D,%7Bsl:i,t:1412,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:sp,cc:0.0.728.90,piv:100,obst:0,th:0,reas:,bkn:%7Bpiv:%5B2001~100%5D,as:%5B2001~728.90%5D%7D%7D%5D,slEventCount:2,em:true,fr:false,e:,tt:rjss,dtt:120,fm:tyG4o9D+11%7C12%7C13%7C14%7C1511%7C16%7C17%7C18.886862-62195780%7C181%7C182%7C183%7C184%7C19.886862-62195780%7C191%7C192%7C1a1.1272511-69505651%7C1a11%7C1a12%7C1a13%7C1a14%7C1b1.1272511-69505651%7C1b11%7C1b12%7C1b13%7C1b14%7C1c*.886862-62195778%7C1c1%7C1c2%7C1d1%7C1d2%7C1e1%7C1e2%7C1e3%7C1f1%7C1f2%7C1g1%7C1g2%7C1h%7C1i%7C1j,idMap:1c*,rmeas:1,rend:1,renddet:XIFRAME.qs.dr,siq:18,sis:390%7D&br=c
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:1aca:4282:ffb2:25bd:a3d3:4283 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Mar 2023 14:30:04 GMT
server: nginx
x-server-name: dt06.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H3 200 Tuitype-Bold.woff
s0.2mdn.net/sadbundle/16046623051478990848/300x250-Live_Happy/ Frame 3007 32 KB
32 KB 40ms
40ms Font
font/woff 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/16046623051478990848/300x250-Live_Happy/Tuitype-Bold.woff

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/16046623051478990848/300x250-Live_Happy/fonts.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

72ac9945714b5daef7842be8a7245a5dab9a30392a342935f0c4d81643635206

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/sadbundle/16046623051478990848/300x250-Live_Happy/fonts.css
Origin: https://s0.2mdn.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 09 Mar 2023 18:43:16 GMT
x-content-type-options: nosniff
age: 589608
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 33164
x-xss-protection: 0
last-modified: Tue, 10 May 2022 13:01:32 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: font/woff
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 08 Mar 2024 18:43:16 GMT

GET
H3 200 Tuitype-Regular.woff
s0.2mdn.net/sadbundle/16046623051478990848/300x250-Live_Happy/ Frame 3007 32 KB
32 KB 41ms
41ms Font
font/woff 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/16046623051478990848/300x250-Live_Happy/Tuitype-Regular.woff

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/16046623051478990848/300x250-Live_Happy/fonts.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

79a4dcccb7123bdad0763c6dfff95db363b3d1b6c3b5958756a4b0a04e1805da

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/sadbundle/16046623051478990848/300x250-Live_Happy/fonts.css
Origin: https://s0.2mdn.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Sun, 12 Mar 2023 11:07:28 GMT
x-content-type-options: nosniff
age: 357756
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 32792
x-xss-protection: 0
last-modified: Tue, 10 May 2022 13:01:32 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: font/woff
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Mon, 11 Mar 2024 11:07:28 GMT

GET
H3 200 Tuitype-Bold.woff
s0.2mdn.net/sadbundle/16046623051478990848/300x250-Live_Happy/ Frame D591 32 KB
32 KB 41ms
40ms Font
font/woff 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/16046623051478990848/300x250-Live_Happy/Tuitype-Bold.woff

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/16046623051478990848/300x250-Live_Happy/fonts.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

72ac9945714b5daef7842be8a7245a5dab9a30392a342935f0c4d81643635206

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/sadbundle/16046623051478990848/300x250-Live_Happy/fonts.css
Origin: https://s0.2mdn.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 09 Mar 2023 18:43:16 GMT
x-content-type-options: nosniff
age: 589608
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 33164
x-xss-protection: 0
last-modified: Tue, 10 May 2022 13:01:32 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: font/woff
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 08 Mar 2024 18:43:16 GMT

GET
H3 200 Tuitype-Regular.woff
s0.2mdn.net/sadbundle/16046623051478990848/300x250-Live_Happy/ Frame D591 32 KB
32 KB 41ms
40ms Font
font/woff 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/16046623051478990848/300x250-Live_Happy/Tuitype-Regular.woff

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/16046623051478990848/300x250-Live_Happy/fonts.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

79a4dcccb7123bdad0763c6dfff95db363b3d1b6c3b5958756a4b0a04e1805da

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/sadbundle/16046623051478990848/300x250-Live_Happy/fonts.css
Origin: https://s0.2mdn.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Sun, 12 Mar 2023 11:07:28 GMT
x-content-type-options: nosniff
age: 357756
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 32792
x-xss-protection: 0
last-modified: Tue, 10 May 2022 13:01:32 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: font/woff
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Mon, 11 Mar 2024 11:07:28 GMT

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 5C64 43 B
215 B 119ms
119ms Image
image/gif 2600:1f18:1aca:4282:ffb2:25bd:a3d3:4283
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=886862&asId=733096cb-92e3-f88d-4dcc-9893788dba82&tv=%7Bc:72dWo5,pingTime:3,time:4416,type:p,clog:%5B%7Bpiv:0,vs:o,r:r,w:728,h:90,t:17%7D,%7Bpiv:100,vs:i,r:,t:1412%7D%5D,es:1,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:1,slTimes:%7Bi:3004,o:1412,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:17,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:sp,cc:0.0.728.90,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B1407~0,1~100%5D,as:%5B1408~728.90%5D%7D%7D,%7Bsl:i,t:1412,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:sp,cc:0.0.728.90,piv:100,obst:0,th:0,reas:,bkn:%7Bpiv:%5B3003~100%5D,as:%5B3003~728.90%5D%7D%7D%5D,slEventCount:2,em:true,fr:false,e:,tt:rjss,dtt:119,fm:tyG4o9D+11%7C12%7C13%7C14%7C1511%7C16%7C17%7C18.886862-62195780%7C181%7C182%7C183%7C184%7C19.886862-62195780%7C191%7C192%7C1a1.1272511-69505651%7C1a11%7C1a12%7C1a13%7C1a14%7C1b1.1272511-69505651%7C1b11%7C1b12%7C1b13%7C1b14%7C1c*.886862-62195778%7C1c1%7C1c2%7C1d1%7C1d2%7C1e1%7C1e2%7C1e3%7C1f1%7C1f2%7C1g1%7C1g2%7C1h%7C1i%7C1j,idMap:1c*,rmeas:1,rend:1,renddet:XIFRAME.qs.dr,siq:18,sis:390%7D&br=c
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:1aca:4282:ffb2:25bd:a3d3:4283 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Mar 2023 14:30:05 GMT
server: nginx
x-server-name: dt11.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 5C64 43 B
215 B 118ms
117ms Image
image/gif 2600:1f18:1aca:4282:ffb2:25bd:a3d3:4283
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=886862&asId=733096cb-92e3-f88d-4dcc-9893788dba82&tv=%7Bc:72dWEb,pingTime:4,time:5414,type:p,clog:%5B%7Bpiv:0,vs:o,r:r,w:728,h:90,t:17%7D,%7Bpiv:100,vs:i,r:,t:1412%7D%5D,es:1,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:1,slTimes:%7Bi:4002,o:1412,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:17,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:sp,cc:0.0.728.90,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B1407~0,1~100%5D,as:%5B1408~728.90%5D%7D%7D,%7Bsl:i,t:1412,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:sp,cc:0.0.728.90,piv:100,obst:0,th:0,reas:,bkn:%7Bpiv:%5B4001~100%5D,as:%5B4001~728.90%5D%7D%7D%5D,slEventCount:2,em:true,fr:false,e:,tt:rjss,dtt:125,fm:tyG4o9D+11%7C12%7C13%7C14%7C1511%7C16%7C17%7C18.886862-62195780%7C181%7C182%7C183%7C184%7C19.886862-62195780%7C191%7C192%7C1a1.1272511-69505651%7C1a11%7C1a12%7C1a13%7C1a14%7C1b1.1272511-69505651%7C1b11%7C1b12%7C1b13%7C1b14%7C1c*.886862-62195778%7C1c1%7C1c2%7C1d1%7C1d2%7C1e1%7C1e2%7C1e3%7C1f1%7C1f2%7C1g1%7C1g2%7C1h%7C1i%7C1j,idMap:1c*,rmeas:1,rend:1,renddet:XIFRAME.qs.dr,siq:18,sis:390%7D&br=c
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:1aca:4282:ffb2:25bd:a3d3:4283 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Mar 2023 14:30:06 GMT
server: nginx
x-server-name: dt05.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 5C64 43 B
215 B 117ms
117ms Image
image/gif 2600:1f18:1aca:4282:ffb2:25bd:a3d3:4283
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=886862&asId=733096cb-92e3-f88d-4dcc-9893788dba82&tv=%7Bc:72dWUj,pingTime:5,time:6414,type:p,clog:%5B%7Bpiv:0,vs:o,r:r,w:728,h:90,t:17%7D,%7Bpiv:100,vs:i,r:,t:1412%7D%5D,es:1,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:1,slTimes:%7Bi:5002,o:1412,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:17,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:sp,cc:0.0.728.90,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B1407~0,1~100%5D,as:%5B1408~728.90%5D%7D%7D,%7Bsl:i,t:1412,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:sp,cc:0.0.728.90,piv:100,obst:0,th:0,reas:,bkn:%7Bpiv:%5B5001~100%5D,as:%5B5001~728.90%5D%7D%7D%5D,slEventCount:2,em:true,fr:false,e:,tt:rjss,dtt:120,fm:tyG4o9D+11%7C12%7C13%7C14%7C1511%7C16%7C17%7C18.886862-62195780%7C181%7C182%7C183%7C184%7C19.886862-62195780%7C191%7C192%7C1a1.1272511-69505651%7C1a11%7C1a12%7C1a13%7C1a14%7C1b1.1272511-69505651%7C1b11%7C1b12%7C1b13%7C1b14%7C1c*.886862-62195778%7C1c1%7C1c2%7C1d1%7C1d2%7C1e1%7C1e2%7C1e3%7C1f1%7C1f2%7C1g1%7C1g2%7C1h%7C1i%7C1j,idMap:1c*,rmeas:1,rend:1,renddet:XIFRAME.qs.dr,siq:18,sis:390%7D&br=c
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:1aca:4282:ffb2:25bd:a3d3:4283 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Mar 2023 14:30:07 GMT
server: nginx
x-server-name: dt23.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 5C64 43 B
215 B 117ms
117ms Image
image/gif 2600:1f18:1aca:4282:ffb2:25bd:a3d3:4283
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=886862&asId=733096cb-92e3-f88d-4dcc-9893788dba82&tv=%7Bc:72dXar,pingTime:6,time:7414,type:p,clog:%5B%7Bpiv:0,vs:o,r:r,w:728,h:90,t:17%7D,%7Bpiv:100,vs:i,r:,t:1412%7D%5D,es:1,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:1,slTimes:%7Bi:6002,o:1412,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:17,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:sp,cc:0.0.728.90,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B1407~0,1~100%5D,as:%5B1408~728.90%5D%7D%7D,%7Bsl:i,t:1412,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:sp,cc:0.0.728.90,piv:100,obst:0,th:0,reas:,bkn:%7Bpiv:%5B6001~100%5D,as:%5B6001~728.90%5D%7D%7D%5D,slEventCount:2,em:true,fr:false,e:,tt:rjss,dtt:120,fm:tyG4o9D+11%7C12%7C13%7C14%7C1511%7C16%7C17%7C18.886862-62195780%7C181%7C182%7C183%7C184%7C19.886862-62195780%7C191%7C192%7C1a1.1272511-69505651%7C1a11%7C1a12%7C1a13%7C1a14%7C1b1.1272511-69505651%7C1b11%7C1b12%7C1b13%7C1b14%7C1c*.886862-62195778%7C1c1%7C1c2%7C1d1%7C1d2%7C1e1%7C1e2%7C1e3%7C1f1%7C1f2%7C1g1%7C1g2%7C1h%7C1i%7C1j,idMap:1c*,rmeas:1,rend:1,renddet:XIFRAME.qs.dr,siq:18,sis:390%7D&br=c
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:1aca:4282:ffb2:25bd:a3d3:4283 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Mar 2023 14:30:08 GMT
server: nginx
x-server-name: dt15.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: trends.revcontent.com
URL: https://trends.revcontent.com/sync

Domain: api.rlcdn.com
URL: https://api.rlcdn.com/api/identity/envelope?pid=13781

Verdicts & Comments Add Verdict or Comment

247 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

38 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
orangesport.ro/	1969-12-31 23:59:59	Name: environment Value: a%3A2%3A%7Bs%3A4%3A%22skin%22%3Bs%3A7%3A%22default%22%3Bs%3A4%3A%22lang%22%3Bs%3A5%3A%22ro_RO%22%3B%7D
orangesport.ro/	1970-01-20 10:23:32	Name: mktz_sess Value: sess.2.201948927.1678976998030
orangesport.ro/	1970-01-20 19:08:32	Name: mktz_client Value: %7B%22is_returning%22%3A0%2C%22uid%22%3A%2213261709661972380668%22%2C%22session%22%3A%22sess.2.201948927.1678976998030%22%2C%22views%22%3A1%2C%22referer_url%22%3A%22%22%2C%22referer_domain%22%3A%22%22%2C%22referer_type%22%3A%22direct%22%2C%22visits%22%3A1%2C%22landing%22%3A%22https%3A//orangesport.ro/%22%2C%22enter_at%22%3A%222023-03-16%7C14%3A29%3A58%22%2C%22first_visit%22%3A%222023-03-16%7C14%3A29%3A58%22%2C%22last_visit%22%3A%222023-03-16%7C14%3A29%3A58%22%2C%22last_variation%22%3A%22%22%2C%22utm_source%22%3Afalse%2C%22utm_term%22%3Afalse%2C%22utm_campaign%22%3Afalse%2C%22utm_content%22%3Afalse%2C%22utm_medium%22%3Afalse%2C%22consent%22%3A%22%22%7D
.orangesport.ro/	1969-12-31 23:59:59	Name: ___nrbic Value: %7B%22previousVisit%22%3A1678976998%2C%22currentVisitStarted%22%3A1678976998%2C%22sessionId%22%3A%228e2887cd-4ed5-45e1-9fa3-c7e4bfa40653%22%2C%22sessionVars%22%3A%5B%5D%2C%22visitedInThisSession%22%3Atrue%2C%22pagesViewed%22%3A1%2C%22landingPage%22%3A%22https%3A//orangesport.ro/%22%2C%22referrer%22%3A%22%22%7D
.orangesport.ro/	1970-01-20 14:47:54	Name: ___nrbi Value: %7B%22firstVisit%22%3A1678976998%2C%22userId%22%3A%22ef9777a5-f44d-4c68-a5dd-738a09d6f01c%22%2C%22userVars%22%3A%5B%5D%2C%22futurePreviousVisit%22%3A1678976998%2C%22timesVisited%22%3A1%7D
.orangesport.ro/	1970-01-20 14:47:54	Name: compass_uid Value: ef9777a5-f44d-4c68-a5dd-738a09d6f01c
events.newsroom.bi/	1970-01-20 14:42:08	Name: 1597_u Value: ef9777a5-f44d-4c68-a5dd-738a09d6f01c
events.newsroom.bi/	1969-12-31 23:59:59	Name: 1597_s Value: 8e2887cd-4ed5-45e1-9fa3-c7e4bfa40653
events.newsroom.bi/	1970-01-20 11:06:08	Name: 1597_lv Value: null
events.newsroom.bi/	1970-01-20 11:06:08	Name: 1597_ut Value: 0
.agkn.com/	1970-01-20 19:08:32	Name: u Value: C\|0AEArpeRmK6XkZgAAAAAAAg1RAQCADVIBAIA
.agkn.com/	1970-01-20 19:08:32	Name: ab Value: 0001%3AkjVOwCmfJ5u7OxnX8KyACYmP6M8D94Yp4Loljjv9Sp3n2XdPNw7UKA%3D%3D
.mathtag.com/	1970-01-20 19:48:52	Name: uuid Value: c7e66413-27e6-4e00-9ee1-6c0ed0eca3a1
.orangesport.ro/	1970-01-20 19:08:32	Name: OptanonConsent Value: isIABGlobal=false&datestamp=Thu+Mar+16+2023+14%3A29%3A59+GMT%2B0000+(GMT)&version=6.33.0&hosts=&landingPath=https%3A%2F%2Forangesport.ro%2F&groups=C0001%3A1%2CC0002%3A0%2CC0004%3A0
.orangesport.ro/	1970-01-20 19:44:32	Name: __gads Value: ID=3fa4f3723d613717:T=1678976998:S=ALNI_MajTjQxmfimwkVGHJM7doCa_5tGBA
.orangesport.ro/	1970-01-20 19:44:32	Name: __gpi Value: UID=00000bed4b665e9e:T=1678976998:RT=1678976998:S=ALNI_MY1RfQiXBECWIUCUDQwN8_A8Niu3g
.doubleclick.net/	1970-01-20 19:44:32	Name: IDE Value: AHWqTUkfCDyKqxQbB19BA1aFuBHAKsRaqFK60nXgRnY9VF5xVaipLrZQEj4RH6ovLbs
.orangesport.ro/	1970-01-20 19:44:32	Name: ao-fpgad Value: %7B%22fpcRequired%22%3Afalse%2C%22checkTS%22%3A1678976999564%2C%22domain%22%3A%22orangesport.ro%22%7D
.openx.net/	1970-01-20 19:08:32	Name: i Value: 95c07fd8-5979-4d5a-ae9a-e0ea4e026153\|1678976999
.criteo.com/	1970-01-20 19:44:33	Name: uid Value: ae45891f-b981-4863-8c1a-4c8de7cab42b
.casalemedia.com/	1970-01-20 19:08:33	Name: CMID Value: ZBMn5w.i1uo6rvuE5ijhTgAA
.casalemedia.com/	1970-01-20 12:32:33	Name: CMPS Value: 5216
.casalemedia.com/	1970-01-20 12:32:33	Name: CMPRO Value: 5216
.adnxs.com/	1970-01-20 12:32:32	Name: uuid2 Value: 6869909040794947497
.yahoo.com/	1970-01-20 19:08:54	Name: A3 Value: d=AQABBOcnE2QCEHAJNuh9QrbA08ApuesOlKkFEgEBAQF5FGQdZAAAAAAA_eMAAA&S=AQAAAryZ4C0Q8SStEVoX9aMb5r0
.adnxs.com/	1970-01-20 12:32:32	Name: anj Value: dTM7k!M41.D>6NRF']wIg2E>?wql![!]tbPl1M>e)ZlrFUfJ+tGXxp.W$RE`SMN`vDtTo=:H?U$CvA</Q<<eWF/:cG3If)y3KL9D3I?*zRB>`]
orangesport.ro/	1970-01-20 11:06:08	Name: _pbjs_userid_consent_data Value: 3524755945110770
.orangesport.ro/	1970-01-20 14:42:09	Name: _pubcid Value: cbae49ee-744c-4f9a-bba2-bffce32c1e22
.analytics.yahoo.com/	1970-01-20 19:08:32	Name: IDSYNC Value: 18yl~2ajq
.spotxchange.com/	1970-01-20 11:03:16	Name: audience Value: 082ded4a-c407-11ed-9ca6-14f0ef8b0306
.orangesport.ro/	1970-01-20 19:51:45	Name: _ga Value: GA1.2.115104387.1678976999
.orangesport.ro/	1970-01-20 10:24:23	Name: _gid Value: GA1.2.1697206594.1678977001
orangesport.ro/	1969-12-31 23:59:59	Name: TAPAD Value: %7B%22id%22%3A%22126e0df3-6b5a-4469-bc0a-70dd2009ab26%22%7D
orangesport.ro/	1970-01-20 10:23:00	Name: _lr_retry_request Value: true
orangesport.ro/	1970-01-20 11:06:09	Name: _lr_env_src_ats Value: false
orangesport.ro/	1970-01-20 11:49:21	Name: pbjs-unifiedid Value: %7B%22TDID_LOOKUP%22%3A%22FALSE%22%2C%22TDID_CREATED_AT%22%3A%222023-03-16T14%3A30%3A02%22%7D
.orangesport.ro/	1970-01-20 19:44:32	Name: cto_bundle Value: uHnO8181Tk0wWWJKQUdieW5kTklFMFA2ZXZjc2FoWmhZMDElMkJoYSUyQlRDZUt3UktPcXpiWXgxMHkzakFJRWV6RyUyRldGWFAzZnJzdGNjeGNNWTg5UnI4VlZCaUNtZjJSJTJCRzVqZlIzbkxiRzd0YWQ2Z1I0UHpJQ0ZuaHZYVTFwT054czN5ak5ObSUyRjc5dGJRVW1FakVUb281Ym8lMkJ0RXclM0QlM0Q
.orangesport.ro/	1970-01-20 19:44:32	Name: cto_bidid Value: uHnO8181Tk0wWWJKQUdieW5kTklFMFA2ZXZjc2FoWmhZMDElMkJoYSUyQlRDZUt3UktPcXpiWXgxMHkzakFJRWV6RyUyRldGWFAzZnJzdGNjeGNNWTg5UnI4VlZCaUNtZjJSJTJCRzVqZlIzbkxiRzd0YWQ2Z1I0UHpJQ0ZuaHZYVTFwT054czN5ak5ObSUyRjc5dGJRVW1FakVUb281Ym8lMkJ0RXclM0QlM0Q

6 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://orangesport.ro/assets/fonts/helvneue75_w1g.woff2 Message: Failed to load resource: the server responded with a status of 404 (Not Found)
network	error	URL: https://orangesport.ro/assets/fonts/helvneue55_w1g.woff2 Message: Failed to load resource: the server responded with a status of 404 (Not Found)
network	error	URL: https://orangesport.ro/assets/fonts/helvneue75_w1g.woff Message: Failed to load resource: the server responded with a status of 404 (Not Found)
network	error	URL: https://orangesport.ro/assets/fonts/helvneue75_w1g.ttf Message: Failed to load resource: the server responded with a status of 404 (Not Found)
javascript	error	URL: https://orangesport.ro/ Message: Access to XMLHttpRequest at 'https://api.rlcdn.com/api/identity/envelope?pid=13781' from origin 'https://orangesport.ro' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://api.rlcdn.com/api/identity/envelope?pid=13781 Message: Failed to load resource: net::ERR_FAILED

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

a2856e60f1e84d087911275175d4bd90.safeframe.googlesyndication.com
aa.agkn.com
ad.plus
ads.pubmatic.com
adservice.google.com
adservice.google.de
aghtag.tech
ajax.googleapis.com
api.rlcdn.com
app.omniconvert.com
assets.revcontent.com
bcp.crwdcntrl.net
cdn.id5-sync.com
cdn.jsdelivr.net
cdn.omniconvert.com
cdn.prod.uidapi.com
cdn.taboola.com
cm.g.doubleclick.net
connect.facebook.net
cookie-cdn.cookiepro.com
d.agkn.com
dsum-sec.casalemedia.com
dt.adsafeprotected.com
esp.rtbhouse.com
events.newsroom.bi
fonts.googleapis.com
fw.adsafeprotected.com
google-bidout-d.openx.net
googleads.g.doubleclick.net
googleads4.g.doubleclick.net
gum.criteo.com
i0.1616.ro
ib.adnxs.com
id.crwdcntrl.net
id5-sync.com
images.revcontent.com
invstatic101.creativecdn.com
js.agkn.com
lexicon.33across.com
match.adsrvr.org
mug.criteo.com
oa.openxcdn.net
oajs.openx.net
orangesport.ro
pagead2.googlesyndication.com
paht.tech
pandg.tapad.com
partner.googleadservices.com
pghub.io
pixel.mathtag.com
ro.adocean.pl
rtb-csync.smartadserver.com
s0.2mdn.net
sdk.mrf.io
securepubads.g.doubleclick.net
static.adsafeprotected.com
static.criteo.net
sync.search.spotxchange.com
sync.teads.tv
tags.crwdcntrl.net
telekomsport.ro
tpc.googlesyndication.com
trends.revcontent.com
ups.analytics.yahoo.com
us-u.openx.net
www.google-analytics.com
www.google.com
www.googletagmanager.com
www.googletagservices.com
www.gstatic.com
www.orange.ro
www.telekomsport.ro
yeet.revcontent.com
api.rlcdn.com
trends.revcontent.com
104.111.217.42
104.79.88.164
109.166.184.23
128.140.224.229
142.250.185.66
142.250.186.66
151.101.65.44
151.139.128.10
162.19.138.118
162.55.144.218
178.128.139.113
178.250.0.157
18.66.97.9
185.80.39.216
185.86.139.102
185.89.210.212
185.94.180.126
195.191.47.140
195.191.47.72
23.35.236.201
2600:1901:0:8344::
2600:1f18:1aca:4282:ffb2:25bd:a3d3:4283
2600:9000:223f:ec00:8:48e:53c0:93a1
2600:9000:2250:a800:a:e047:752:b361
2600:9000:2250:ac00:15:efbc:e300:93a1
2606:4700:10::6816:3556
2606:4700:3031::ac43:81b0
2606:4700:3033::6815:325a
2606:4700:3035::6815:53e6
2606:4700:4400::ac40:936c
2606:4700::6810:5814
2a00:1450:4001:800::2002
2a00:1450:4001:802::2002
2a00:1450:4001:80e::2002
2a00:1450:4001:80f::2002
2a00:1450:4001:810::2006
2a00:1450:4001:810::200a
2a00:1450:4001:810::200e
2a00:1450:4001:812::200a
2a00:1450:4001:813::2002
2a00:1450:4001:813::2008
2a00:1450:4001:827::2001
2a00:1450:4001:828::2002
2a00:1450:4001:82f::2002
2a00:1450:4001:830::2001
2a00:1450:4001:830::2003
2a00:1450:4001:831::2004
2a02:2638:3::3
2a02:2638:3::c
2a03:2880:f01c:8012:face:b00c:0:3
2a06:98c1:3120::3
2a06:98c1:3121::3
3.124.137.35
3.75.62.37
34.102.146.192
34.102.243.38
34.120.135.53
34.96.70.87
35.190.39.111
35.241.45.217
35.244.159.8
35.71.131.137
52.215.24.184
52.30.84.16
52.31.114.167
52.51.126.33
54.155.55.194
80.158.66.24
99.81.25.188
0152531ece5b19aa743208c31fd9f9284282bc97a2ec666de5cf770a9aeee0fa
01c06080dd4dd480e82e86ebb2551e062f115c9633696499067dbbddefd1e464
01cee6a7a3f1444680b188ab84052e2b6c85966f53a718d3926135ebcc832ffd
01fe26694f4e55463d8c00efede89e8dfdbf6b8324ce65b58ede76ba061a699f
03340c9ef9335f73493ddeda6d04c5d4f1b8238ce570a8173ac6ae17caf0f2f1
044a20919b144ed871f2e0df99ab181bcdf5f4ad6b2b3ee5b915a989b0479d40
046effd22f52be6c8bb0f6ee31bcd1159f2bdf93f6ec35c142bf82ebf3fb5e4f
054c480b41dbb8bb1a0db0dd51f85a18dafa9679cd1988d4824f9da3f8aa1215
0836d2070d6754e9355c30c8b2c34174428c5e78e25b6668aba9d10fb7cd6d78
09244740f4a5bf8ab1aa815df2f809d370c932e5c5e977221091acbee7b66570
093f41bafd520a357a4b6673c9215b9f52340df98147f6c23973d9765a22fd05
09c6dca21add8a5a5bce50400d4f189d2fd7270b2f55c3e8ea7ab9ac7174eded
0a083eee293844b7d07803a196079f5a42de8f19291884c40a4d3fc96aa7bf9b
0af374f8cbcb355cb1e9761a08c2d41400bf81b7f9ad176ef22871d31bc31ee6
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0c8d55f1e12240d2587efda85929a50cd8e8f6874f6c5e97df7356916c9fd5da
0e16d841b1486b5bd9c69a543084e0f558463ad9bd7ffd8791301367f8a849a6
0f4450b80aba3a223e6fc59efc7ec071621b71fcec65b5d6eb4ca22a8e6b34cf
0fbd5dd39d0390ff16e94a27328b55c9dec898b369289d1f70b350e5d138ec5c
0ff16e20b5ab684fce57aa32522d8b75ff38da3b6428d9e735f09b230f2a5c20
12205c4a98e501359bc86efa7d6dffbb310e8b077a96bc1f7afc0bca22d0f3d3
127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b
14446a1f5f436a59c1d7ec0348e8a67fd715121dfb965d3a1e0b2f6a13d1d656
15eaf840936a8d7f6896456d9a7c01e1915102c596b2d3df14f4b23e8dd0e18d
160e9244e2f585b0778cf6d6a9b0f7bb4d3f9a84a23e427673c1146d9fab070b
16b432ac8f43a6b2d8aa358f41ee60e2ef5923b2645bf2c37f3a06f8334b1557
17dad3cf989058ccb2e3d814ac1e0816927cccb700716aa51accc5577472cd15
18247109fc2ce88ade7b8e0e1bdfc2e247498e15ba762672d7d6490ce3510081
1838ab24ce44aeef404feea267a6e53a63bd8e86314268d6addf2480f9636411
1aada9922d43e2107b82a139dff7179ed9dddb86da040ec3e5e98e0f57e420d3
1c2f2b4cfbff59beaa2c11167cf8dbe29ba6e55bcd371015e7311521d4bfd4ca
1cffc2b3146584685cd72751d7f28aa030ab9ae2f1bc78f2c27909f8d8287b26
1d019867c120344469403527c7d958861b81d0fc873813c97ee135f707d74122
1ff067250a334697aa929240baa053c275243c0bbc1a5cf9b1e280ff2eff85aa
207347e1a4ad445b2848e910522f6704f7576458035f7fc4e76eb40843086003
21e75d79e7559bbc79262648402d9dd645e40259bbcdf21010332ccd6c4332ce
223fc8122a307637f83efd6b57fb96e0daf8795aaa98e431e83064efa65b4da3
232bf950740690a92eb6f4a6110a536fbe24114928c38ebe80f69aa3b2db6709
23bc1d893ce2d2f30b68e549aa3cb991c2a7b7dd87e3df67d9fbb6a8dd113bf8
23ce4ea0d6b01ce2570269c6387b4a2edf518e7aa225cd1a28160fff381ca8af
2457b02a73ae343a2f18d121d2fed395f27fbd68fe8c53077d4a4eff6a10baac
247a6cae1d933da70e41c2c30fc19cd80c7581054c35127be767eceba0a58d41
27564fe0e5a95c61c9fbd45ecdb0a0a640fbb320bb64a54f3307a52fe96f86e4
27c7a22eecffa32e1dd92fd98d76a0fc78ef498f9d399cdf7326152a79995390
28db0991ca6026420ddafcfd3afb831ecfea1cb64921ae2e37ef8af14635ae2d
2940fc3e4be1c44c42429926fd8144235bee8fde8e590386bc0b8900482b82d2
29fbf053f6f09e650a54d4e9fd038062d6f2d2367eca4196202e8fe8bc345f63
2a13ec60ec0d7cc72b2bf03b6a5ede39cf8e145f826986df12932395857bc81e
2a2d24cf8524e034a63d837adcca95f8879cf6195d05aad07dd45b0090b0862f
2bc5ef0d7964a3f601a86f084b8f07cae13819b12275e7f0169d89cdca3c71e9
300504a23c57069dcf0f5bde08da9b8af4288b9dc1eb4101820f9198923370ba
3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5
317f149045d69a8bf445de8bbd3ff61b2cc95da746998e97f4381dfe3326c7f7
328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7
33a8928ead9e309d8d592154a7f34af2e1ff65857b52bc95707ec45ca2164a9e
3456dcd3eb25196e68e2822cca66a20c2f123bedf5986f159be674e4c40a05cb
34f7cb40e930ce75cf7efa17c9f4dffb988e11d4dcf55118b4984092d1616a46
359b73a718356536bf39dbf7e23fe66d556c9675d959f98d6bd95636b89af4d7
371ed7a0ec633fcd22cb71e59f7061adaa1512b2434945581e1da7d5fe3f016b
3727bbba645c1b78bd9a4c551b680ba853bc89dfc1b452cc41b75b9ec3c112b7
37597c7b7d15ebf128d8ac41c0c5905e28f2298dc8c78392a9257c854458c827
37ab5c060ae53ccda75b8bd212d874a17650f7954b11c4e31f568990ab40196b
382a4d68ec2446aefd581f808266ef857ae77218161bcd3a4b488327e57ca167
38918434768fbe94f563b4d082c62d263f9adf598dc2534852892321c46ac115
38d08cb91aebf6b33bb560d39265b174413c0112c64ad9a214cf9252336e266f
3cdc74370d14b767220ca1dc4ba2f11676fe0b4c532e1e878828a857c768a66e
3ebeca259e6700b1cd27504f45576dd85a8a16ec3a9ad20d805cf304b230c988
400b356ca22f3e2283d3822a337d97c84c6c03c6ce51d79dae917a50d04f982d
41083d8509d760c92088a353c90c7c1a3b66b0b5d7964eeaf628e770d8a259ff
4144ebe7750ce431762e797618a6b8c57cf6b173987519641fed9dfba7c56359
41f2d67bc7d54d1fc7714c567d05bc33b34173e8088bd52d521d3e8f3b506c9e
430d7a430dd1469807c0104a5469aef96b3ec039d38ca2af7b3085012d7a614a
448de1b66a8e77c446afcb472053eb0ef4a38fdc576da7def8ee92db900f4b44
45cfd192322c7f45b6ec2b85769aca7bf8741dc1b46777038f4718837d013338
468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99
46dde6dd5afd36e719cfe8c4146eb9608243dfca499da8b5387c02dae3ba2382
4934174cd39db1f62680ac12ae44ad9aa040bd445d831ae65f79779b7f2e6e8f
4abb4400e10a6a00a3b1ceca91af352d1ef711d546f0b60207c7f6d5f1dc93f1
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4d45982f2dc34f36c9045ee46a75a1943666bb7fd64e103cac8c7429e7012840
4d9e50379350abb45769a5049fc416a2ad6455c413756833d1e1249b617e6550
4df4f831ed5cdb639c42779819720daea3b9850e12cafe851ea4b242ccaa166e
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f
53b8e119aed83815ba6c2fa51e63f3760a1a6ecc0131a8b2a35b695c746ddf70
544c55ca9f05d425f3beb90f287308d7a408b1f60d17728eff5c605a494bc1b9
551c9151f4816e93d37fc2a6be317ae002389f4733c7c9a732960ceda32078d6
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
560702bfa9310ca1c0c7ab945ecd16e737f0b6a745db5bac61fd4ca18c622b0c
5706cfbf88652063423496923e7594f3510f4f2f283a8aabab8f82c91d623b31
5971b095cff574a66d35ada016d4c077c86e2dea62e9c0f14cf7c94b258619de
5b1546ae8f493de03b1ca99f9f955a20785679be18625354b363f2f8311f421b
5c4a713ee4250851232be9f9f68d41586be39b299528cfc7266e0b0e7e582e1b
5fa69cefb728ce9b4c241e87a2ad0b2d7f7e3fa7d8d23b7e2dac91d631c3e40f
5fc814f76311281ae957d4e6df3a27c3ce41fb8f436311c147a1486c325af8f2
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
6287e1ceb82308e7675a822f39fc2dd4e8761c6a13bd61fe9ce447223a895186
634dd9e1914822d8e40b6fedb75504a878108cb80e45b0b5537d9ad6aefa0534
63d61f5daef35e1d4186c36649308a466eb984c20379125f8ffebaeb66f11659
64ab062a2a4d62d22170dd14c4a3a566632d1ebf476ab80d27c7c81901209e36
6736760a1c0c624190fee65234d5013a261ded35d345e6f278a3739719fac230
6d38edfdaff5a3e6cfcccd26f9eed468207f91adf8833e2dd28e8660035492ba
6da7b331725d5ef1a6fec7257b61c49046348347069dec883ce6c9717aac60a7
6eb13c8ef60084c1f559db34e3d28afdee4f243c0dfe31e1f264ccc7433cc18e
6f039a988d1611052fd690332adcf2199c47eebcc77fe9926a084a2e316216d6
6f4441b3c0089737bfc9859070b514ece6ce10ac567a6376683e88927138da2b
6f88ad1b185e443ce4a39c76c65fa4b6f199c1521398535cc5452b19304d5f17
6fadd538ea50895cad27c1a05a9262436612ea1b448b50ec2067b67985f95185
7029d63023c037146a2d9195123d0789148f95e0f07e670a9ac0705bcb9baf24
7041206683c7b5da4188ef7ed1523815102ac13af21f55c4b04b5fbbe4514ae5
71fc1599035adc6bc34df2117b8631285905f97737ba730af28644ee6a0d8dde
72ac9945714b5daef7842be8a7245a5dab9a30392a342935f0c4d81643635206
768298b3d962ad990fa2a351624946220559b3dc60a9cc61f4dc73777c4fe423
76c8cb8193f315b81493145ee9bd2984b47b6bec48baec0ca043a96b7553229a
78d707e764332efe4a8d928a8726b495449073194bf4b9ca22856f08d5cafb8e
79a4dcccb7123bdad0763c6dfff95db363b3d1b6c3b5958756a4b0a04e1805da
7a2f9d442f2bdcfc85728dbe33d891a4e160d31a22e80811519cca5e4493ca00
7acb39c464a48e54dc24e3c2fd9aaa947cbad325ec284216c54b1408da1d2b8b
7fa72a64b2372737ea79c800bad41337fde1b9cb8d090fec89cced81258b55de
802a0ac9c835c0add64067c222d71b52bff0f5cfaafe4b673b1875a68ffaabb4
81016ac6be850b72df5d4faa0c3cec8e2c1b0ba0045712144a6766adfad40bee
817dad0dd57952b30439ed3fc1e0d8b8645f2aedd70bbd48564d2909649b48d7
81a27e090e8c76f22b2bfc1e01dc449c16313349ecec4ff7f492366e3829f80a
829faafbb39055b06c83f4b6b208d52dc50e0119499f827d573888f5846d3a15
82d76ee8d1b9ee9b01a38e883280563a0c3e43c2b2808b966a15f78fc9a6a55d
8378c9af556b92b91ce9430bd6bdd21307935b8d9d3c2dd4af7b3fdb8855a2d2
848f81ed7764462b85973ee7dfb6ff20553a2a8d27a4c0c6ee71132f0544cb5f
85343a1fb2474e3c107c51e59cca79895aeb2d1b070fd3bc33321d0cd37bf23e
853a8c7e34be5549a44fc541e13876f5c2838123142f527dab2265950feaeefb
854519d07d155c90609264652626944b998fdf68a153e9a5b8c44173d401329e
85a7b34dd31e8a3bcda73a5efa232fcdfd306898e1c4746c69fd9a45d564037a
869689ef7005acad4dfda7986b43066bbffe46318143c1986301022735a228e9
887594fce13facd8f91c94fb7292332d3c37add7e7df9e6d763a8308344cb5b5
89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7
8a95cd72dd11748d95bbefd4108f3f794340d83f982fd0b095d6d68f125ed50f
8acc588efe281abf36b20cd311836469dac598a67906c08146eb78cfa22ab391
8ae30f6f2162279a812bf9e00efd0c985e20e76efece9444125b410f3a6822a6
8b4b43fd2629a9ae29c5220a852bbc8ff169c571cdf77798633efec65c934df7
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0
8df4e2508308452516a8972eb7d993d970eefeea6705487b0e100c0fa7b4b447
8edbd08b9bb87f815ad871e44aae03af609fc44b1961d608e94eff3f4e010375
8f9aeed37dfb6d24789d39eb914d9268c267a8710ce97889ce523e6ec133ca8f
90ffe9c3c7fc061d72993059a62d15675b509f98a1da6dd20794d067bf482b81
914e6a9e909ddf78313c38905b3154d08e8b06c1ae4e1ded4b57b149637600e3
94ae8e248d081ccb4096fb784379fac2dc61da4bba62eee5d920b5c89a142215
950152b7619f13382e63585efb096c67c5206d3bbd9b96550d54b8c185f70d17
95238c83264b7d83952fce1e58ec1d02a47ece6b410b326f68dce5a4b48fb640
95aab837c5c50d19e2ce6eebd57bacf6eb9975be990beef90c08c061191b3bc5
96da839661d63f7cab3dc3e43613fee97166a472555cc91df21777d6d83e58d9
97d67f8c2575e19d30ae28a32bad7610849e0e56c81ca66e51178124a5c5eed2
97dfa5d1066422ee3c14dee64436145bbdd3915dc178f004e9c3a1f1debdec49
97e3f2f61049ebb9fba0964998a2eaa00b821a8def7a1b10bb084283d57a8a18
98226821dd15cc321c7e12a25b7ea6d25fdeeaa910eef5a1f92eb63cf9103584
98f54de0ab856260748ee94073349bb14e228f657aae54d1774dd6abd0d2f951
9a11767aeedf06f6dae966910e4b3d9a507a05e6f3f953afb7b8e51ad4dda5e2
9a2ae43b02fa31d0ffaa78a8e87ae5294cc1f4b22ec7d32d50a682dc463355c7
9bef1adc900a29316ab4dc1f44cfd254bb03fa823bffce8ec6fa796436371967
9c103d583af4cfff0b6d12d0e68e6b8e8b840b3f39f920d26f5297cad0abd27a
9e48535632fc2614d4eeb5d25bee3e9f3f1b4faec5e5d1628725988532c23d9f
9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120
a1233a650c4255dc0cc1066f04897ed400c999126954f3540a0b3db8ff12a475
a213b591d623e52748a534fb98b326df326b107371f655ac3afd1d9f6c22934a
a28c761a83a656e086c480adfed5312d21e2a193884e350b2914b4ef17a48c5f
a35505df6d4d3a7d78f0538af612526fa8d5b9562874b10215834857949284bd
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a5230196df9a4e9f6382c504668862efc8e25c1ec093c7dc997fbedb4b3ec54e
a625151d401baa25c1a1665b0bbce607a90aac9873ccfbe768218896b75ec235
a84fb0803620acdf77c0f41d652eb5538002ed610424bd0be051203ee50cf940
a9161954861bb1fd7d5044d99f9ce04137b3836979ce8c5c75d224642f57c3f9
a927badf3eea95f7e26e99d91505772e291aab2a27fc350bde7dc533c4d452fd
a96e1e97d62ab9747678b947bdf0a0ea5f81790b1e3a1df2d4607a86bf802596
aad4cb33a357010eef34fe25170ac4477ffaa2f45b9dbf27a8760e4dc52e49d7
af322978ee0049b3413a25bfb10129a7dd173244ab5b815b2431c8b161f40d69
b11c100213437edcddeb2f241627633f653e78676de7eb854b7ab2a5c9b6f34c
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b253f131fefeea767d2a567f6a867b4fc5c499ef8e0ac2b661d48834ea0f2814
b633a587c652d02386c4f16f8c6f6aab7352d97f16367c3c40576214372dd628
b6c6cbce924a25fbaea345fd582637c9a14fef43e9f861ad85b94dc438e67453
b77927bd53591e765793749f03962a8cfcda9e311f29efe60de70b120c7cc42c
b869f8758c328d168a968213e543e71493f09c4ba09c48015872e8ca1c53298e
bb902c927fddefdc85bf40f87b5c43da7c060e68882208f9bea5ccbe5a449a81
bc12347103da4da2ac30f8b4defd567679284e0bad691a54fad78ad804fc9c27
bd9a37b7523beb354673c51bd301b91f4bf0dac017da453401111b8531b0119c
bebc6157b86aaec77de439187a38a3e8870e15cf77b6e1d23aa68d9b67f9040c
c0b453d8af04776f5e058884699e2a13cb0e06a48eaf337e982fe91bd2887eaa
c0c07d5e1cc6e9994f621fb965165bc0106d1a26a04e70bd13c0778af0b93e37
c0f2f83dae62fdc8d300e322d984e1349b873a6e1f10a366482ef5768ae39f6e
c2777526a216d9692dd29697ebee7836fe8ae65f3a290faa20b75b64c0625205
c3a678207a432581f35da030188a47c714b0a311da77d6beab04f1b1e7a0f885
c4d39a7999e7b992f162a625dcf938352a7b30353a0cc0e018d21c019f7b834b
c7fc8dae04703101d705fac5268f8900d96149d6b2d3fdd6c1fac249ed16cf1b
c815509712ee913550a1d1cda6bcad9daba15387ed7f8ec87d4d2313c632d2f0
c8381ba1fcbd2a8fba31a4cc849a54f6824825cdc2443cd9fcdb5752f4bfe634
c8d68d7caa203db844c704e3cf54e7fbe2a2fa1793f58ed5e74d9f6f2b805964
ca070dfc7785775cbf5cce16064029ee534259de42c6d9de10e476e710000e93
cd2abac1178b197e7ba4bf2c1c80002dcafb31ce98ac4b2f717456f18acaee0b
ce8764fe6464750c91cc9103fe596a9641663e903cc5e55f99d64a83556f6b41
cee4cb143daa20c4cab9463bb268fec679ae4e60c7184e422588a05872421ba6
cefe7f1658eb1e3b2da2039c1c0f1feca4efb97d2ab15a828740ec4f31388975
cff8001763a4cb0cb81352e07fb9927790673baaeda29140c072f30c5933cf10
d03f3b7b859c5ab0314bc5600278ce96fedfb2a431b5adf103fb836900cc9fe1
d04a9ebcf5396233d88fbd891e94070d6f9909f177c7f936e87a8022898dafff
d0d2e098cd489ef7bc528c86de8ab5c51b5d6cdf9b76a8b08766036992f0d2f4
d0e8821e889280c3b745b859e6b3971924723a4562bac65ba8aa0fe44bfc83b2
d16e35bb59e6a131c4cd5065dcda37527761f35f2d28c1061e12b83a0b3a1b93
d3f2192d267d411aafddfd9cf79da96538c5d9d9afd8a38c4fbf8d759050409a
d52d61de703f0a6592a00f9598248ee5e4fd10b0ea18a171eba5ae42abbebaa1
d6e7f843eb017ad1852772a63c151d5efe982faffbbc1e0b5a63c4a4bf84c351
d77d5179cedc5dfd9dcb3b0af25359be65872ca6847da18df9e52d309d21863c
d8295848601a45fc6ff78a90ac4d35396851ea4411b76a06feeb357ec99a37bc
d9808d4a2cd1f1d68bbaa2046938cc3633003595baa466eca74d86a602002d52
da841d4807ddf60fb71844ad6c04d5e2e76f70d08ca99ca43333f429bb4324bf
da9a77e15c8cbf2596563d3bc8020cc9e547d2b99976a0b77f5eeadf1c492feb
dbdcd5032177710f51c04a98ab8d155e72b8ea23f0f86fc504408b7fbe735639
dc00d2dc19a9dd32d5f89ec3d68bfed90dd775a5fa638855b7fe00d6415f379b
dc82de33871a9ed40a5379ed264dd0456d9bf58839286b913231648f527bc72b
de8f2bcc7ae21fc9b5baa7f7a0c29472b72da526c6190d3b618c4014fa3a49ee
df2ad48fb1271d575585ec3b950c9c13d7446435113dfb0477834d21d84a7154
dfe8853b2397a43e20d55fd377aafeed785c7ae335ed07b4986997b9780f48a2
e07ebcfd878d7c867b33c328b9d11e75cf4109a0dd020630c627834ecc2bd32f
e185c06f69d350d0c47795551ca78f981da3b1c98a87640df59faf0f4dfe3af1
e21596f8690874ecdc58c699a6350b407afd0f165a46ea90d5c6bc0631d29699
e2ec81b19233fd4cd6ef5adcb45c0cbec6bd5673716ba0454ce56b67486ece46
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e41d1ae45acbf836b8dcc29544c7e41cced4211214df601d5284a7e9c7134c73
e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e
e5cac75ad868a7eccd334bd3bb77f01912a9eb6994f360f74ca4840901c8682c
e6770420f0302245616ce6574713f932c01910378a9358650ece6ae3fdf5ea24
e6893dbc25b5c8d59e77b392250b64f499d72a6f7d3c63c79fd9bb7a37d09c51
e77796cceff8754cfcde438e4cf808f78e6b06a6c3aaa08e2de7a412447da672
e8403779d45a9590b43c0ecf984ebe11e75fd2982630d658390a6001a6768770
ea91d5cb349d107f743df4764bd3abce23b8ed164009104c8ffcc985a89c8bf4
eec1a2dbcb07dd64516d71c56bb5a2c6984caf836b460cd43d793e1ef6368fb2
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f13bc08411a45add285949483ee8ab65001f6d7ebaddcfc83d5b2df50a4cde0b
f39eb50e76652a9d9df3efe9aa8d978312dcc96b8f16edfe7462553f739f8503
f50e59fa7a264b1674e5f94591375a26e9aea318036b2a629e5ba182df01b54f
f5e0f79923e8d14d23c1215707beff394614bbee6e1bd9b2f1c85e3a8c55e51a
f70e21f986e952c4c99ddbb0226df11b3de722b1050153a767451b5c3239d27a
f784c25beff83b54f56dcd8b6e4a3f9a5292f62dcd170a9e76332a506bbc910a
fd70173b3f710fa9dc8ba21ad8f3a12030d3cfa48a9283d182ff009436b47db4
ff6db6c1dd0910b5619dafb5284abf59aa7bb8c6d3d0122c1ba5983cddaaa2a3

orangesport.ro Open in urlscan Pro 195.191.47.72 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

576 Requests

94 %HTTPS

46 %IPv6

51 Domains

73 Subdomains

67 IPs

7 Countries

8860 kBTransfer

19037 kBSize

38 Cookies

7 Outgoing links

Page URL History

Redirected requests

576 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 10 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

orangesport.ro Open in urlscan Pro
195.191.47.72 Public Scan

Screenshot
Live screenshot

Full Image

576
Requests

94 %
HTTPS

46 %
IPv6

51
Domains

73
Subdomains

67
IPs

7
Countries

8860 kB
Transfer

19037 kB
Size

38
Cookies

576 HTTP transactions
10 data transactions