www.tranquilforrestt3.xyz Open in urlscan Pro
2606:4700:3030::6815:da0 Public Scan

URL: https://www.facebook.com/firstpostin

URL: https://twitter.com/firstpost

URL: https://www.instagram.com/firstpost/

URL: https://www.youtube.com/user/Firstpostin

URL: https://www.firstpost.com/category/health
Title: Health

URL: https://www.firstpost.com/category/india
Title: India

URL: https://www.firstpost.com/category/world
Title: World

URL: https://www.firstpost.com/category/art-and-culture
Title: Arts & Culture

URL: https://www.firstpost.com/category/sports
Title: Sports

URL: https://www.firstpost.com/category/entertainment
Title: Entertainment

URL: https://www.firstpost.com/tech/
Title: Tech

URL: https://www.firstpost.com/tag/cryptocurrency
Title: Cryptocurrency

URL: https://www.firstpost.com/pro-kabaddi-league
Title: Pro Kabaddi

URL: https://www.news18.com/netrasuraksha/

URL: https://www.firstpost.com/tag/coronavirus
Title: Coronavirus Outbreak

URL: https://www.firstpost.com/education/board-results
Title: Board Exam Results 2020

URL: https://www.firstpost.com/india-positive-in-coronavirus
Title: India Positive In Coronavirus

URL: https://www.firstpost.com/tech/gadgets
Title: Tech2 Gadgets

URL: https://www.firstpost.com/firstcricket/series/ipl-2021.html
Title: IPL 2021

URL: https://www.firstpost.com/manjul-toons
Title: Manjul Toons

URL: https://www.moneycontrol.com/promos/pro.php?utm_source=firstpost-header&utm_medium=referral&utm_campaign=Pro365
Title: FREEDOM365

URL: https://www.firstpost.com/shows/firstpost-conversations
Title: Firstpost Conversations

URL: https://www.firstpost.com/9-months/season-5
Title: 9 Months S.5

URL: https://www.firstpost.com/shows/vanity-diaries
Title: Vanity Diaries

URL: https://www.firstpost.com/shows/poetry-project
Title: Poetry Project

URL: https://www.firstpost.com/shows/social-media-star
Title: Social Media Star

URL: https://www.firstpost.com/shows/firstpost-original-videos
Title: F. Originals

URL: https://www.firstpost.com/shows/its-a-wrap
Title: Its a wrap

URL: https://www.firstpost.com/shows/firstpost-salon
Title: Firstpost Salon

URL: https://www.firstpost.com/shows/first-day-first-showsha
Title: Firstday First Showsha

URL: https://www.firstpost.com/shows/india-ka-fashion-capital
Title: India Ka Fashion Capital

URL: https://www.firstpost.com/shows/firstpost-ground-report
Title: Firstpost Ground Report

URL: https://www.firstpost.com/shows/our-better-world
Title: Our Better World

URL: https://www.firstpost.com/shows/web-talkies
Title: Web Talkies

URL: https://www.firstpost.com/shows/bowled-over-cricket-interviews
Title: Bowled Over

URL: https://www.firstpost.com/shows/what-the-duck-cricket-conversations
Title: What the Duck

URL: https://www.firstpost.com/shows/101-india
Title: 101 India

URL: https://www.firstpost.com/shows/patio-unplugged
Title: Patio Unplugged

URL: https://www.firstpost.com/tata-steel
Title: TATA Steel

URL: https://www.firstpost.com/tech2-innovate
Title: Tech2 Innovate

URL: https://www.firstpost.com/meghalaya-tourism/
Title: Meghalaya Tourism

URL: https://www.firstpost.com/category/politics
Title: Politics

URL: https://www.firstpost.com/category/business
Title: Business

URL: https://www.firstpost.com/category/photos
Title: Photos

URL: https://www.firstpost.com/category/videos
Title: Videos

URL: https://www.firstpost.com/entertainment/before-fight-club-heres-how-china-has-imposed-alternate-endings-on-hollywood-and-hong-kong-movies-10328061.html

URL: https://www.firstpost.com/business/budget-2022-long-short-and-everything-interesting-about-the-annual-financial-statement-10328421.html

URL: https://www.firstpost.com/india/lavanya-episode-shows-how-deep-the-missionary-rot-is-in-tamil-nadu-and-andhra-pradesh-10328141.html

URL: https://www.firstpost.com/india/the-cloud-the-wind-and-the-rain-never-die-remembering-thich-nhat-hanh-10328591.html

URL: https://www.firstpost.com/india/badhaai-do-trailer-sheds-light-on-lavender-marriages-all-you-need-to-know-about-it-and-why-it-could-hurt-lgbtq-cause-in-india-10328121.html

URL: https://www.firstpost.com/world/the-long-and-troubled-history-of-tapi-pipeline-what-you-need-to-know-about-ambitious-gas-pipeline-project-10328721.html

URL: https://www.firstpost.com/politics/desperation-of-losing-bjp-akhilesh-alleges-conspiracy-after-chopper-to-ups-muzaffarnagar-stopped-in-delhi-10328411.html

URL: https://www.firstpost.com/india/why-all-sing-and-dance-over-eternal-flame-and-abide-with-me-are-politically-motivated-10326691.html

URL: https://www.firstpost.com/blogs/blog-india/health-blog-india/neocov-new-kind-of-coronavirus-that-spreads-among-bats-may-pose-threat-to-humans-in-future-warn-wuhan-scientists-10328621.html

URL: https://www.firstpost.com/category/blogs/blog-india/health-blog-india
Title: Health

URL: https://www.firstpost.com/world/watch-man-plays-flute-while-raven-sings-along-this-adorable-video-will-make-your-day-10328351.html

URL: https://www.firstpost.com/business/market-roundup-sensex-falls-76-points-nifty-ends-at-17101-check-top-winners-and-losers-here-10328531.html

URL: https://www.firstpost.com/india/watch-telangana-home-guard-risks-life-to-save-dog-caught-in-flood-internet-salutes-his-courage-10328511.html

URL: https://www.firstpost.com/india/rrb-ntpc-and-level-1-recruitment-2019-exam-suggestions-window-opens-check-direct-link-here-10328581.html

URL: https://www.firstpost.com/india/ini-cet-2022-aiims-announces-schedule-for-july-session-registration-begins-from-31-january-exam-on-8-may-10328171.html

URL: https://www.firstpost.com/business/find-your-egde-at-facebooks-grow-your-business-summit-10113121.html

URL: https://www.firstpost.com/tech/news-analysis/heres-why-the-power-packed-oppo-f19-pro-5g-is-the-best-smartphone-you-can-buy-today-9430071.html

URL: https://www.firstpost.com/category/tech
Title: #tech

URL: https://www.firstpost.com/politics/uttarakhand-polls-congress-denies-ticket-to-bjp-turncoat-harak-singh-rawat-10328831.html

URL: https://www.firstpost.com/india/no-one-can-stop-that-nation-whose-youth-works-with-the-nation-first-spirit-says-pm-modi-at-ncc-rally-10327991.html

URL: https://www.firstpost.com/firstcricket/sports-news/big-bash-league-2021-22-perth-scorchers-crush-sydney-sixers-to-clinch-record-fourth-title-10328761.html

URL: https://www.firstpost.com/firstcricket/
Title: firstcricket

URL: https://www.firstpost.com/firstcricket/sports-news/kevin-pietersen-receives-pm-narendra-modis-republic-day-letter-calls-india-global-powerhouse-10328731.html

URL: https://www.firstpost.com/videos/india/why-india-is-witnessing-one-of-its-coldest-wettest-winters-this-year-10322331.html

URL: https://www.firstpost.com/videos/business/market-roundup-sensex-rises-366-points-nifty-ends-at-17277-check-top-winners-and-losers-here-10319281.html

URL: https://www.firstpost.com/videos/world/landing-mishap-seven-soldiers-injured-after-us-f-35-jet-crashes-in-south-china-sea-during-military-exercise-10317911.html

URL: https://www.firstpost.com/india/bharat-biotechs-intranasal-covid-booster-dose-gets-dgci-nod-for-phase-3-trials-10328631.html

URL: https://www.firstpost.com/sports/australian-open-2022-unbelievable-to-be-playing-at-this-level-says-rafael-nadal-after-reaching-final-10328671.html

URL: https://www.firstpost.com/sports/speak-out-against-genocide-games-activists-urge-athletes-participating-in-beijing-olympics-10328451.html

URL: https://www.firstpost.com/sports/serie-a-dusan-vlahovic-undergoing-medical-with-juventus-for-transfer-10328641.html

URL: https://www.firstpost.com/india/india-to-sell-brahmos-missiles-to-philippines-for-374-mn-in-major-defence-export-boost-10328561.html

URL: https://www.firstpost.com/sports/australian-open-2022-rafael-nadal-reaches-final-within-1-win-of-21st-grand-slam-titles-record-10327471.html

URL: https://www.firstpost.com/sports/australian-open-2022-matteo-berrettini-focuses-on-the-positives-after-semi-final-defeat-against-rafael-nadal-10328401.html

URL: https://www.firstpost.com/world/watch-motorcyclist-crashes-right-in-front-of-oncoming-truck-see-what-happens-next-10328131.html

URL: https://www.firstpost.com/world/sweden-and-finland-mull-joining-nato-amid-russian-aggression-against-ukraine-10328381.html

URL: https://www.firstpost.com/firstcricket/sports-news/indian-cricket-in-good-hands-under-rohit-sharmas-leadership-feels-ex-west-indies-captain-darren-sammy-10328371.html

URL: https://www.firstpost.com/world/we-dont-want-war-but-dont-tread-on-us-says-russia-as-ukraine-tensions-mount-10328301.html

URL: https://www.firstpost.com/india/selling-s-400-missile-system-to-india-part-of-russias-destabilising-role-us-10328251.html

URL: https://www.firstpost.com/photos/35-hrs-50-stitches-shanghai-grannies-knit-perfect-bouquets-for-beijing-winter-olympics-medalists-10325301.html

URL: https://www.firstpost.com/photos/73rd-republic-day-india-showcases-military-power-cultural-diversity-during-parade-10322001.html

URL: https://www.firstpost.com/photos/snowstorm-halts-life-in-greece-shuts-down-europes-busiest-airport-in-istanbul-10318261.html

URL: https://www.firstpost.com/photos/over-1500-acres-and-counting-wildfire-rages-across-california-forces-evacuations-and-closure-of-highways-10314941.html

URL: https://www.firstpost.com/india/supreme-court-overturns-maharashtra-speakers-one-year-suspension-order-of-12-bjp-mlas-calls-it-unconstitutional-and-illegal-10327161.html
Title: Supreme Court overturns Maharashtra Speaker's one-year suspension order of 12 BJP MLAs, calls it ‘unconstitutional and illegal’ The 12 BJP MLAs had been suspended for a year in July 2021 for their alleged unruly and threatening behaviour towards the Speaker

URL: https://www.firstpost.com/india/bs-yediyurappas-granddaughter-dr-soundarya-dies-by-suicide-10328161.html
Title: BS Yediyurappa's granddaughter Dr Soundarya dies by suicide The BJP leader's granddaughter ended her life by hanging herself from the ceiling fan at her Vasant Nagar flat on Friday morning, police said

URL: https://www.outbrain.com/what-is/default/en

URL: https://www.toocool2betrue.com/random-knowledge-quiz/?utm_source=ob-quiz&utm_template=quiz&utm_medium=$publisher_name$-$section_name$&utm_term=$publisher_id$_$section_id$&utm_content=00ca52924dfd12ea6919efdd32f8e4012f&utm_campaign=tc-ob-eur-d-randomquiz-22.01.24-6621-cnr_p15_chrome_4863&utm_cpc=$cpc$&obOrigUrl=true
Title: We Will Guess Your Education Level in 20 Questions TooCool2BeTrue

URL: https://bestofsenior.com/trending/hollywoods-veterans-the-greatest-stars-from-the-golden-age-era-are-still-alive-enjoying-life-in-retirement-ob-lorenzolamas-2?utm_source=outbrain&utm_campaign=003e44720ccf5e13ca996a33a0fbeade56&utm_medium=$section_name$__$section_id$&utm_term=%5BPics%5D+Do+you+Remember+Him%3F+This+Is+Him+At+63&ts=$time_stamp$&tbv=$cpc$&pcl=1&obOrigUrl=true
Title: [Pics] Do you Remember Him? This Is Him At 63 Best Of Senior

URL: http://groovyhistory.com/60-groovy-photos?utm_subid=1076126&utm_campaign=5INT_336523&utm_source=outbrain_tc&utm_medium=tc&utm_term=$publisher_name$_$section_name$&utm_content=0047137d4f6df941b33a183b2c35aef03d_$section_id$&obOrigUrl=true
Title: 60 Vintage Photos: Photos No Longer Censored groovyhistory.com

URL: https://galleries.parentsdome.com/movie-scene-quiz/?utm_source=ob-quiz&utm_template=quiz&utm_medium=$publisher_name$-$section_name$&utm_term=$publisher_id$_$section_id$&utm_content=00d1bef7cbd2b79a9a69d73b6a15951d99&utm_campaign=xpd-ob-eur-d-moviesquiz-22.01.28-8383-chrome_3467&utm_cpc=$cpc$&obOrigUrl=true
Title: 9/10 Fail This Knowledge Quiz, Can You Nail It? Parentsdome Galleries

URL: https://www.youtube.com/embed/4RHoJWfJ9AY?autoplay=1&mute=1&rel=0
Title: 9 Months Season 5 Episode 1 | Pregnancy & Gearing Up for Delivery

URL: https://hindi.news18.com/crypto-ki-samajh/

URL: https://www.firstpost.com/about-firstpost
Title: About Firstpost

URL: https://www.firstpost.com/press-release
Title: Press Release

URL: https://www.firstpost.com/rss
Title: RSS

URL: https://www.facebook.com/pages/Firstpost/165818073477856
Title: Facebook

URL: https://www.firstpost.com/category/press-release
Title: Press Release

URL: https://www.firstpost.com/culture-of-world/
Title: Firstculture

URL: https://www.firstpost.com/tag/long-reads
Title: Long Reads

URL: https://www.firstpost.com/tech/mobiles
Title: Latest Mobiles

URL: https://www.firstpost.com/tech/tablets
Title: Latest Tablets

URL: https://www.firstpost.com/tech/laptops
Title: Latest Laptops

URL: https://www.firstpost.com/firstcricket/cricket-live-score
Title: Cricket Live Score

URL: https://www.firstpost.com/category/delhi
Title: New Delhi

URL: https://www.firstpost.com/category/mumbai
Title: Mumbai

URL: https://www.firstpost.com/firstcricket/series/ipl-2020.html
Title: Ipl 2020

URL: https://feeds.feedburner.com/firstpost/xfJh
Title: Rss Feeds

URL: https://itunes.apple.com/in/app/firstpost/id445829858?mt=8
Title: Ios

URL: https://play.google.com/store/apps/details?id=com.firstpost
Title: Android

URL: https://www.moneycontrol.com/
Title: Moneycontrol

URL: https://www.news18.com/
Title: News18

URL: https://www.cnbctv18.com/
Title: CNBC TV18

URL: https://overdrive.in/
Title: Overdrive

URL: https://www.forbesindia.com/
Title: Forbes India

URL: https://www.topperlearning.com/
Title: TopperLearning

URL: https://www.firstpost.com/terms-of-use
Title: Terms of use

URL: https://www.firstpost.com/privacy
Title: Privacy

URL: https://www.firstpost.com/cookie-policy
Title: Cookie Policy

URL: https://www.izooto.com/getting-started-with-izooto?utm_source=referral&utm_medium=PoweredBy&utm_campaign=http%3A%2F%2Fwww.firstpost.com
Title: Powered by iZooto

a184-30-25-162.deploy.static.akamaitechnologies.com

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 29

http://rules.quantcount.com/rules-p-54Nt-1NAaEEe0.js HTTP 301
https://rules.quantcount.com/rules-p-54Nt-1NAaEEe0.js

Request Chain 30

http://pixel.quantserve.com/pixel;r=457442145;rf=0;a=p-54Nt-1NAaEEe0;url=http%3A%2F%2Fwww.tranquilforrestt3.xyz%2F;uh=e51ed67dfb8d91dc24b15e2ace0c3bc33bc53c3e1dfb09200d6c2f8387d67ea6;uht=2;fpan=1;fpa=P0-418850482-1643377585596;pbc=;ns=0;ce=1;qjs=1;qv=92a3679b-20211110211611;cm=;gdpr=0;ref=;d=tranquilforrestt3.xyz;je=0;sr=1600x1200x24;dst=0;et=1643377585596;tzo=0;ogl=title.LIVE%20updates%252C%20Latest%20News%252C%20Breaking%20News%252C%20Bollywood%252C%20Business%20and%20Political%20News%2Cdescription.LIVE%20Updates%3A%20Get%20the%20Latest%20Breaking%20News%20from%20India%20and%20the%20World%252C%20Health%252C%20Pol%2Clocale.en_US%2Csite_name.Firstpost%2Ctype.website%2Cimage.https%3A%2F%2Fwww%252Efirstpost%252Ecom%2Fstatic%2Fimages%2Ffp-logo%252Epng%2Curl.https%3A%2F%2Fwww%252Efirstpost%252Ecom HTTP 301
https://pixel.quantserve.com/pixel;r=457442145;rf=0;a=p-54Nt-1NAaEEe0;url=http%3A%2F%2Fwww.tranquilforrestt3.xyz%2F;uh=e51ed67dfb8d91dc24b15e2ace0c3bc33bc53c3e1dfb09200d6c2f8387d67ea6;uht=2;fpan=1;fpa=P0-418850482-1643377585596;pbc=;ns=0;ce=1;qjs=1;qv=92a3679b-20211110211611;cm=;gdpr=0;ref=;d=tranquilforrestt3.xyz;je=0;sr=1600x1200x24;dst=0;et=1643377585596;tzo=0;ogl=title.LIVE%20updates%252C%20Latest%20News%252C%20Breaking%20News%252C%20Bollywood%252C%20Business%20and%20Political%20News%2Cdescription.LIVE%20Updates%3A%20Get%20the%20Latest%20Breaking%20News%20from%20India%20and%20the%20World%252C%20Health%252C%20Pol%2Clocale.en_US%2Csite_name.Firstpost%2Ctype.website%2Cimage.https%3A%2F%2Fwww%252Efirstpost%252Ecom%2Fstatic%2Fimages%2Ffp-logo%252Epng%2Curl.https%3A%2F%2Fwww%252Efirstpost%252Ecom

Request Chain 153

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEMO_oTo6ItujaHZqt6EDqQE&google_cver=1

Request Chain 154

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YfPzs1KMxDHDRFBvdH2Q9QAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEMO_oTo6ItujaHZqt6EDqQE&google_cver=1

Request Chain 155

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESEDDo0YkupafgKDZV1Z8H86I&google_cver=1

Request Chain 156

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NTYxNDY2NzE0Mjc4MTE3NDQ3

Request Chain 171

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEMO_oTo6ItujaHZqt6EDqQE&google_cver=1

Request Chain 172

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YfPzs1KMxDHDRFBvdH2Q9QAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEMO_oTo6ItujaHZqt6EDqQE&google_cver=1

Request Chain 173

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESEDDo0YkupafgKDZV1Z8H86I&google_cver=1

Request Chain 174

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NTYxNDY2NzE0Mjc4MTE3NDQ3

Request Chain 178

https://sync-tm.everesttech.net/upi/pid/5w3jqr4k?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dg8f47s39e399f3fe%26google_hm%3D%24%7BTM_USER_ID_BASE64ENC_URLENC%7D&google_gid=CAESECCDTzpGAzqNPnLxw6XgtLQ&google_cver=1&google_push=AYg5qPLkTbZofUhugjPo2e7ekTbZ2_bnX7htk21P87hALOIEvnbmtuU-UB4Y2Yy_fWkiO3AnMO2CNYCdctUen73q0Z1JPJpVh-I HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=&google_cver=1&google_gid=CAESECCDTzpGAzqNPnLxw6XgtLQ&google_push=AYg5qPLkTbZofUhugjPo2e7ekTbZ2_bnX7htk21P87hALOIEvnbmtuU-UB4Y2Yy_fWkiO3AnMO2CNYCdctUen73q0Z1JPJpVh-I

Request Chain 181

https://onetag-sys.com/sync/i,19/?google_gid=CAESEPfDveB504t_ude3fpbD8ho&google_cver=1&google_push=AYg5qPLXyJHmvoejTuV1S6ale7WpKLs_Qs08W-KlurNQ_9K8Frp56yGpdbAhtA4ivQ0TPXmd-qTXOVnXDuBIzPqzMYDQMdSPJqw HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_push=AYg5qPLXyJHmvoejTuV1S6ale7WpKLs_Qs08W-KlurNQ_9K8Frp56yGpdbAhtA4ivQ0TPXmd-qTXOVnXDuBIzPqzMYDQMdSPJqw HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_push=AYg5qPLXyJHmvoejTuV1S6ale7WpKLs_Qs08W-KlurNQ_9K8Frp56yGpdbAhtA4ivQ0TPXmd-qTXOVnXDuBIzPqzMYDQMdSPJqw HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_push=AYg5qPLXyJHmvoejTuV1S6ale7WpKLs_Qs08W-KlurNQ_9K8Frp56yGpdbAhtA4ivQ0TPXmd-qTXOVnXDuBIzPqzMYDQMdSPJqw HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_push=AYg5qPLXyJHmvoejTuV1S6ale7WpKLs_Qs08W-KlurNQ_9K8Frp56yGpdbAhtA4ivQ0TPXmd-qTXOVnXDuBIzPqzMYDQMdSPJqw HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_push=AYg5qPLXyJHmvoejTuV1S6ale7WpKLs_Qs08W-KlurNQ_9K8Frp56yGpdbAhtA4ivQ0TPXmd-qTXOVnXDuBIzPqzMYDQMdSPJqw HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_push=AYg5qPLXyJHmvoejTuV1S6ale7WpKLs_Qs08W-KlurNQ_9K8Frp56yGpdbAhtA4ivQ0TPXmd-qTXOVnXDuBIzPqzMYDQMdSPJqw HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_push=AYg5qPLXyJHmvoejTuV1S6ale7WpKLs_Qs08W-KlurNQ_9K8Frp56yGpdbAhtA4ivQ0TPXmd-qTXOVnXDuBIzPqzMYDQMdSPJqw HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_push=AYg5qPLXyJHmvoejTuV1S6ale7WpKLs_Qs08W-KlurNQ_9K8Frp56yGpdbAhtA4ivQ0TPXmd-qTXOVnXDuBIzPqzMYDQMdSPJqw HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_push=AYg5qPLXyJHmvoejTuV1S6ale7WpKLs_Qs08W-KlurNQ_9K8Frp56yGpdbAhtA4ivQ0TPXmd-qTXOVnXDuBIzPqzMYDQMdSPJqw HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_push=AYg5qPLXyJHmvoejTuV1S6ale7WpKLs_Qs08W-KlurNQ_9K8Frp56yGpdbAhtA4ivQ0TPXmd-qTXOVnXDuBIzPqzMYDQMdSPJqw HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_push=AYg5qPLXyJHmvoejTuV1S6ale7WpKLs_Qs08W-KlurNQ_9K8Frp56yGpdbAhtA4ivQ0TPXmd-qTXOVnXDuBIzPqzMYDQMdSPJqw HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_push=AYg5qPLXyJHmvoejTuV1S6ale7WpKLs_Qs08W-KlurNQ_9K8Frp56yGpdbAhtA4ivQ0TPXmd-qTXOVnXDuBIzPqzMYDQMdSPJqw HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_push=AYg5qPLXyJHmvoejTuV1S6ale7WpKLs_Qs08W-KlurNQ_9K8Frp56yGpdbAhtA4ivQ0TPXmd-qTXOVnXDuBIzPqzMYDQMdSPJqw HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_push=AYg5qPLXyJHmvoejTuV1S6ale7WpKLs_Qs08W-KlurNQ_9K8Frp56yGpdbAhtA4ivQ0TPXmd-qTXOVnXDuBIzPqzMYDQMdSPJqw HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_push=AYg5qPLXyJHmvoejTuV1S6ale7WpKLs_Qs08W-KlurNQ_9K8Frp56yGpdbAhtA4ivQ0TPXmd-qTXOVnXDuBIzPqzMYDQMdSPJqw HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_push=AYg5qPLXyJHmvoejTuV1S6ale7WpKLs_Qs08W-KlurNQ_9K8Frp56yGpdbAhtA4ivQ0TPXmd-qTXOVnXDuBIzPqzMYDQMdSPJqw HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_push=AYg5qPLXyJHmvoejTuV1S6ale7WpKLs_Qs08W-KlurNQ_9K8Frp56yGpdbAhtA4ivQ0TPXmd-qTXOVnXDuBIzPqzMYDQMdSPJqw HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_push=AYg5qPLXyJHmvoejTuV1S6ale7WpKLs_Qs08W-KlurNQ_9K8Frp56yGpdbAhtA4ivQ0TPXmd-qTXOVnXDuBIzPqzMYDQMdSPJqw HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_push=AYg5qPLXyJHmvoejTuV1S6ale7WpKLs_Qs08W-KlurNQ_9K8Frp56yGpdbAhtA4ivQ0TPXmd-qTXOVnXDuBIzPqzMYDQMdSPJqw HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_push=AYg5qPLXyJHmvoejTuV1S6ale7WpKLs_Qs08W-KlurNQ_9K8Frp56yGpdbAhtA4ivQ0TPXmd-qTXOVnXDuBIzPqzMYDQMdSPJqw

Request Chain 183

https://ups.analytics.yahoo.com/ups/58281/sync?redir=true&google_gid=CAESEBwyxzelZwPGVFaHUQ4dL-U&google_cver=1&google_push=AYg5qPKzdoL2ZAPSrokMll6es3TSlmbmOA9OedmljnVMeKd6J4FOiZpWNNvDkgaSk5kvwYLp8tjsxIk9vjlqo35uuRaIRbzfIMQ HTTP 302
https://ups.analytics.yahoo.com/ups/58281/sync?redir=true&google_gid=CAESEBwyxzelZwPGVFaHUQ4dL-U&google_cver=1&google_push=AYg5qPKzdoL2ZAPSrokMll6es3TSlmbmOA9OedmljnVMeKd6J4FOiZpWNNvDkgaSk5kvwYLp8tjsxIk9vjlqo35uuRaIRbzfIMQ&verify=true HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=oath__display__app_eb_&google_hm=eS15VWkyR2daRTJ1SGl6VkZOSTVkUDJlVjNUUlhMYzRYaX5B&google_push=AYg5qPKzdoL2ZAPSrokMll6es3TSlmbmOA9OedmljnVMeKd6J4FOiZpWNNvDkgaSk5kvwYLp8tjsxIk9vjlqo35uuRaIRbzfIMQ

Request Chain 201

https://hal90003.redintelligence.net/request.php?zone=npoee1nv94vs&nw=20&renderingType=javascript&namespace=6d54706880&subid=&uid=b428444764c4ff02&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=300x250&scrollPos=0x0&extData[]=&envData=&gdpr=-1&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCI5v5svPzYYHeMND5-gbno6mABbXN-YNXzN65q-UM8C4QASD_58geYJXikIKgB8gBCakC0TMiCJ2vsj6oAwGqBO8BT9DhdVczv9428O2_BjiEAI5UHAvw4T5twSgOskDGRcX5FJakUo1LV3mpquOtPxobXENgKmeXZ4bFgGp0qWOXtQA2jnjAmR6rGhsNr968dGAHUYum_QMmUaNV80ahQ9uXKZR0b2m6MGEZw-MuFJgLbTSREfHbW2zparqCPlJi8Zv2ICBLAeb6y9vjB6EvT_jFzOMks_tyGEYujr412pvAtg6H7NCeVgZim4vDssg4ipjwwWfA4B6MltDH16BYMQc38ezFPPblDnIwOurQzzPfpxwxoRr0vLGhJyGfwwTvDxUMKRoybAcMZrjml9B9UVPABKqd_L7PAeAEA5AGAaAGTYAH6-foXqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB9XJG6gHpr4bqAfz0RuoB5bYG6gHqpuxAqgH35-xAtgHANIICQiA4YAQEAEYHYAKA5gLAcgLAYAMAbAT3JnrDdATANgTA9gUAdAVAYAXAQ%26ae%3D1%26num%3D1%26cid%3DCAASEuRoY00iCdPLvO2BEKKVJ0t2gA%26sig%3DAOD64_0PsSyQgGvdpCxxU-auyoz4EAFBNw%26client%3Dca-pub-2192002536170159%26dbm_c%3DAKAmf-BHAySTd6h5rL_a7Ybk3bYicod7IMbe_uyfqEd_6BoeqW7IV5IMXzy10y6_ZZyHmYYrDNyYS2lAvCXtXBnz6-KV7FtmuZq2sXL5fAB_VUhYVopp1OhBkKCyUwhSPrAGldBoEjGq94yIXOoaT7yEPX99c2Wpgg%26cry%3D1%26dbm_d%3DAKAmf-AbF5PMg6K-0EeroMqKLvwXIvSVO8cFD_Y45IY9DfyO3sUWtcTO8rncjC8OlA6nqibMjgDsHjPF7H0zmRSezeRkoMcWO8QAadzmxplWaZdlmiXmfu3pOhrI2NIiVEMLkwQQObBjGFn5jukvNvvVWu2Gf07PMlrGZnPqHOrjLnip4hcLXn7NKd3uWKjZ1qQn-vOvrJDDDvi8u5KepaUztE6ILJg3wuPumoz07xWh-s9boVj_-fiZjA_Fn3xZqEmELV_O6VzVP1pYfRNw-WCeQClr7UY-idICbC4BGj2DmB_xoY3cli71lpHCk7TCffklAU4T3rhj8YQ262VR12aReeXPqILsPF46kD82vpGFp50cqBEq6fH_Eg7QBb7_HdmP6FoUYB9-e_oAie0g1MCetiB-VB6JQQ%26adurl%3D&documentReferer=http%3A%2F%2Fwww.tranquilforrestt3.xyz%2F&ancestorOrigins=http%3A%2F%2Fwww.tranquilforrestt3.xyz&random=9015614728628&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0 HTTP 302
https://hal90003.redintelligence.net/request.php?zone=npoee1nv94vs&nw=20&renderingType=javascript&namespace=6d54706880&subid=&uid=b428444764c4ff02&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=300x250&scrollPos=0x0&extData[]=&envData=&gdpr=-1&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCI5v5svPzYYHeMND5-gbno6mABbXN-YNXzN65q-UM8C4QASD_58geYJXikIKgB8gBCakC0TMiCJ2vsj6oAwGqBO8BT9DhdVczv9428O2_BjiEAI5UHAvw4T5twSgOskDGRcX5FJakUo1LV3mpquOtPxobXENgKmeXZ4bFgGp0qWOXtQA2jnjAmR6rGhsNr968dGAHUYum_QMmUaNV80ahQ9uXKZR0b2m6MGEZw-MuFJgLbTSREfHbW2zparqCPlJi8Zv2ICBLAeb6y9vjB6EvT_jFzOMks_tyGEYujr412pvAtg6H7NCeVgZim4vDssg4ipjwwWfA4B6MltDH16BYMQc38ezFPPblDnIwOurQzzPfpxwxoRr0vLGhJyGfwwTvDxUMKRoybAcMZrjml9B9UVPABKqd_L7PAeAEA5AGAaAGTYAH6-foXqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB9XJG6gHpr4bqAfz0RuoB5bYG6gHqpuxAqgH35-xAtgHANIICQiA4YAQEAEYHYAKA5gLAcgLAYAMAbAT3JnrDdATANgTA9gUAdAVAYAXAQ%26ae%3D1%26num%3D1%26cid%3DCAASEuRoY00iCdPLvO2BEKKVJ0t2gA%26sig%3DAOD64_0PsSyQgGvdpCxxU-auyoz4EAFBNw%26client%3Dca-pub-2192002536170159%26dbm_c%3DAKAmf-BHAySTd6h5rL_a7Ybk3bYicod7IMbe_uyfqEd_6BoeqW7IV5IMXzy10y6_ZZyHmYYrDNyYS2lAvCXtXBnz6-KV7FtmuZq2sXL5fAB_VUhYVopp1OhBkKCyUwhSPrAGldBoEjGq94yIXOoaT7yEPX99c2Wpgg%26cry%3D1%26dbm_d%3DAKAmf-AbF5PMg6K-0EeroMqKLvwXIvSVO8cFD_Y45IY9DfyO3sUWtcTO8rncjC8OlA6nqibMjgDsHjPF7H0zmRSezeRkoMcWO8QAadzmxplWaZdlmiXmfu3pOhrI2NIiVEMLkwQQObBjGFn5jukvNvvVWu2Gf07PMlrGZnPqHOrjLnip4hcLXn7NKd3uWKjZ1qQn-vOvrJDDDvi8u5KepaUztE6ILJg3wuPumoz07xWh-s9boVj_-fiZjA_Fn3xZqEmELV_O6VzVP1pYfRNw-WCeQClr7UY-idICbC4BGj2DmB_xoY3cli71lpHCk7TCffklAU4T3rhj8YQ262VR12aReeXPqILsPF46kD82vpGFp50cqBEq6fH_Eg7QBb7_HdmP6FoUYB9-e_oAie0g1MCetiB-VB6JQQ%26adurl%3D&documentReferer=http%3A%2F%2Fwww.tranquilforrestt3.xyz%2F&ancestorOrigins=http%3A%2F%2Fwww.tranquilforrestt3.xyz&random=9015614728628&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0&uidRedirect=1

Request Chain 203

http://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Request Chain 204

https://pv.medialead.de/trck/epv/e99aace94e6e5873881d3400993e1e7e?subid=62201000133746800710616011853003&t=htlp HTTP 301
https://pb.media01.eu/view.aspx?trackid=529D4F146E3238B0FD87AE72E1190AD4&dt_subid1=52180&dt_subid2=62201000133746800710616011853003&actionid=879111&produktid=ratenkredit&dt_url=

Request Chain 207

https://5994599.fls.doubleclick.net/activityi;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=2558020600155.462 HTTP 302
https://5994599.fls.doubleclick.net/activityi;dc_pre=CKCL6crK1PUCFZjRUQodftkObw;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=2558020600155.462

Request Chain 209

https://medialead.de/trck/eview/e99aace94e6e5873881d3400993e1e7e?subid=62201000133746800710616011853003 HTTP 302
https://pv.medialead.de/trck/eview/e99aace94e6e5873881d3400993e1e7e?subid=62201000133746800710616011853003 HTTP 301
https://ad-server.eu/wm/pb/native.png

Request Chain 217

https://sync-tm.everesttech.net/upi/pid/5w3jqr4k?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dg8f47s39e399f3fe%26google_hm%3D%24%7BTM_USER_ID_BASE64ENC_URLENC%7D&google_gid=CAESEBrcyqIPs0GEnckQuxZS9m0&google_cver=1&google_push=AYg5qPJ0kZlRlDtEU8Y32rTobxAbjYGiZn0zvtcCR1jU1Q-VunFvkECaUDOYSFJoSeOuVP1387q0aEL3bVcFrXDy8ryMEzFP3rQG HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=WWZQenN3QUI4LV90bHdCQg==&google_gid=CAESEBrcyqIPs0GEnckQuxZS9m0&google_cver=1&google_push=AYg5qPJ0kZlRlDtEU8Y32rTobxAbjYGiZn0zvtcCR1jU1Q-VunFvkECaUDOYSFJoSeOuVP1387q0aEL3bVcFrXDy8ryMEzFP3rQG

Request Chain 219

https://x.bidswitch.net/sync?ssp=google&google_gid=CAESEJv18qaNJdsIfIVp6ZDG2rE&google_cver=1&google_push=AYg5qPJ-UYDr6dn9xkAfYYweAbVci-wb_o5uJlf36nTFew7KIP_hxykhaUy7UweReoiZG2-_Oqqkgk7BhD5L940VBYAmyf00-ZOrNw HTTP 302
https://x.bidswitch.net/ul_cb/sync?ssp=google&google_gid=CAESEJv18qaNJdsIfIVp6ZDG2rE&google_cver=1&google_push=AYg5qPJ-UYDr6dn9xkAfYYweAbVci-wb_o5uJlf36nTFew7KIP_hxykhaUy7UweReoiZG2-_Oqqkgk7BhD5L940VBYAmyf00-ZOrNw HTTP 302
https://a.sportradarserving.com/sync?ssp=bidswitch&bidswitch_ssp_id=google HTTP 302
https://a.sportradarserving.com/ul_cb/sync?ssp=bidswitch&bidswitch_ssp_id=google HTTP 302
https://x.bidswitch.net/sync?dsp_id=409&expires=14&user_group=1&user_id=5379e338-2375-4fcd-a4f0-85b485aea059&ssp=google HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=bdsw&google_push=AYg5qPJ-UYDr6dn9xkAfYYweAbVci-wb_o5uJlf36nTFew7KIP_hxykhaUy7UweReoiZG2-_Oqqkgk7BhD5L940VBYAmyf00-ZOrNw&google_hm=vnw8cRdMQ9udIoxoOCCBiA==

Request Chain 221

https://onetag-sys.com/sync/i,19/?google_gid=CAESEFKpxiVXAdVIlfXjALjW5z8&google_cver=1&google_push=AYg5qPIJUp2q38rwfS9pHxu18qJI_pOv2gVPC3t6cU5kmDeYfqHnOebM0_OHKXSzbjsYkvr9eKnECeJPAXQNVeuVhAITEONigTmz HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_push=AYg5qPIJUp2q38rwfS9pHxu18qJI_pOv2gVPC3t6cU5kmDeYfqHnOebM0_OHKXSzbjsYkvr9eKnECeJPAXQNVeuVhAITEONigTmz HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_push=AYg5qPIJUp2q38rwfS9pHxu18qJI_pOv2gVPC3t6cU5kmDeYfqHnOebM0_OHKXSzbjsYkvr9eKnECeJPAXQNVeuVhAITEONigTmz HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_push=AYg5qPIJUp2q38rwfS9pHxu18qJI_pOv2gVPC3t6cU5kmDeYfqHnOebM0_OHKXSzbjsYkvr9eKnECeJPAXQNVeuVhAITEONigTmz HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_push=AYg5qPIJUp2q38rwfS9pHxu18qJI_pOv2gVPC3t6cU5kmDeYfqHnOebM0_OHKXSzbjsYkvr9eKnECeJPAXQNVeuVhAITEONigTmz HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_push=AYg5qPIJUp2q38rwfS9pHxu18qJI_pOv2gVPC3t6cU5kmDeYfqHnOebM0_OHKXSzbjsYkvr9eKnECeJPAXQNVeuVhAITEONigTmz HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_push=AYg5qPIJUp2q38rwfS9pHxu18qJI_pOv2gVPC3t6cU5kmDeYfqHnOebM0_OHKXSzbjsYkvr9eKnECeJPAXQNVeuVhAITEONigTmz HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_push=AYg5qPIJUp2q38rwfS9pHxu18qJI_pOv2gVPC3t6cU5kmDeYfqHnOebM0_OHKXSzbjsYkvr9eKnECeJPAXQNVeuVhAITEONigTmz HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_push=AYg5qPIJUp2q38rwfS9pHxu18qJI_pOv2gVPC3t6cU5kmDeYfqHnOebM0_OHKXSzbjsYkvr9eKnECeJPAXQNVeuVhAITEONigTmz HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_push=AYg5qPIJUp2q38rwfS9pHxu18qJI_pOv2gVPC3t6cU5kmDeYfqHnOebM0_OHKXSzbjsYkvr9eKnECeJPAXQNVeuVhAITEONigTmz HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_push=AYg5qPIJUp2q38rwfS9pHxu18qJI_pOv2gVPC3t6cU5kmDeYfqHnOebM0_OHKXSzbjsYkvr9eKnECeJPAXQNVeuVhAITEONigTmz HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_push=AYg5qPIJUp2q38rwfS9pHxu18qJI_pOv2gVPC3t6cU5kmDeYfqHnOebM0_OHKXSzbjsYkvr9eKnECeJPAXQNVeuVhAITEONigTmz HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_push=AYg5qPIJUp2q38rwfS9pHxu18qJI_pOv2gVPC3t6cU5kmDeYfqHnOebM0_OHKXSzbjsYkvr9eKnECeJPAXQNVeuVhAITEONigTmz HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_push=AYg5qPIJUp2q38rwfS9pHxu18qJI_pOv2gVPC3t6cU5kmDeYfqHnOebM0_OHKXSzbjsYkvr9eKnECeJPAXQNVeuVhAITEONigTmz HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_push=AYg5qPIJUp2q38rwfS9pHxu18qJI_pOv2gVPC3t6cU5kmDeYfqHnOebM0_OHKXSzbjsYkvr9eKnECeJPAXQNVeuVhAITEONigTmz HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_push=AYg5qPIJUp2q38rwfS9pHxu18qJI_pOv2gVPC3t6cU5kmDeYfqHnOebM0_OHKXSzbjsYkvr9eKnECeJPAXQNVeuVhAITEONigTmz HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_push=AYg5qPIJUp2q38rwfS9pHxu18qJI_pOv2gVPC3t6cU5kmDeYfqHnOebM0_OHKXSzbjsYkvr9eKnECeJPAXQNVeuVhAITEONigTmz HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_push=AYg5qPIJUp2q38rwfS9pHxu18qJI_pOv2gVPC3t6cU5kmDeYfqHnOebM0_OHKXSzbjsYkvr9eKnECeJPAXQNVeuVhAITEONigTmz HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_push=AYg5qPIJUp2q38rwfS9pHxu18qJI_pOv2gVPC3t6cU5kmDeYfqHnOebM0_OHKXSzbjsYkvr9eKnECeJPAXQNVeuVhAITEONigTmz HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_push=AYg5qPIJUp2q38rwfS9pHxu18qJI_pOv2gVPC3t6cU5kmDeYfqHnOebM0_OHKXSzbjsYkvr9eKnECeJPAXQNVeuVhAITEONigTmz HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_push=AYg5qPIJUp2q38rwfS9pHxu18qJI_pOv2gVPC3t6cU5kmDeYfqHnOebM0_OHKXSzbjsYkvr9eKnECeJPAXQNVeuVhAITEONigTmz

Request Chain 222

https://cs.media.net/cksync?type=g&google_gid=CAESEIkMIXsc4rkrr-RIMTj7P3Q&google_cver=1&google_push=AYg5qPJUnZD1lO0vor4tfTnjN9zE2s9LbmrG9gcZ8qP97znbmb2lJw8Cmr86tC3YKkRIHQExsMqKE8vR6EJAiWOrcYDvnWBC3RWBSw HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=media&google_hm=Mjg2Mzc5MTg3ODM5NzMzODAwMFYxMA%3d%3d&mn_hm=Mjg2Mzc5MTg3ODM5NzMzODAwMFYxMA%3d%3d&google_sc=1&google_push=AYg5qPJUnZD1lO0vor4tfTnjN9zE2s9LbmrG9gcZ8qP97znbmb2lJw8Cmr86tC3YKkRIHQExsMqKE8vR6EJAiWOrcYDvnWBC3RWBSw&gdpr=&gdpr_consent=

Request Chain 237

http://securepubads.g.doubleclick.net/tag/js/gpt.js HTTP 301
https://securepubads.g.doubleclick.net/tag/js/gpt.js

Request Chain 285

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESED3CrVlDuTlQRb4dUbZJ0tg&google_cver=1

Request Chain 286

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YfPzs1KMxDHDRFBvdH2Q9QAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESED3CrVlDuTlQRb4dUbZJ0tg&google_cver=1

Request Chain 287

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESECxGEEYzSIwFEYQ7t5-Ew-8&google_cver=1

Request Chain 288

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NTYxNDY2NzE0Mjc4MTE3NDQ3

Request Chain 306

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESED3CrVlDuTlQRb4dUbZJ0tg&google_cver=1

Request Chain 307

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YfPzs1KMxDHDRFBvdH2Q9QAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESED3CrVlDuTlQRb4dUbZJ0tg&google_cver=1

Request Chain 308

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESECxGEEYzSIwFEYQ7t5-Ew-8&google_cver=1

Request Chain 309

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NTYxNDY2NzE0Mjc4MTE3NDQ3

Request Chain 321

https://x.bidswitch.net/sync?ssp=google&google_gid=CAESEMh-DfYVxqp3Ul2uoy3sRUE&google_cver=1&google_push=AYg5qPLGhfqppDMN3JvZJzZkMynOj2dz92t6ttR5k5ceEfCETt1tyZWA-tCOwl6ICJ35zYkMMZ5Lb3cZM3osaX1-tzHtcrd45V_CrQ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=bdsw&google_push=AYg5qPLGhfqppDMN3JvZJzZkMynOj2dz92t6ttR5k5ceEfCETt1tyZWA-tCOwl6ICJ35zYkMMZ5Lb3cZM3osaX1-tzHtcrd45V_CrQ&google_hm=vnw8cRdMQ9udIoxoOCCBiA==

Request Chain 322

https://c1.adform.net/serving/cookie/match/?party=1&google_gid=CAESEI16aGAVSUfL4uwpDrOHNBQ&google_cver=1&google_push=AYg5qPKvYW_63ZceHHHIpS279lckF4ULGxq2qvEwFOsSff1mgtbTYqGXccBSm-LV1amH-gDO3L5jMqKY5z6nRI-jdMMXpYmciDmjhg HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=NDYwNTY2NzY3NzEwODI0NzYyMw&google_push=AYg5qPKvYW_63ZceHHHIpS279lckF4ULGxq2qvEwFOsSff1mgtbTYqGXccBSm-LV1amH-gDO3L5jMqKY5z6nRI-jdMMXpYmciDmjhg

Request Chain 323

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESEMdeSVV_wMS4lgYt-AtDTSM&google_cver=1&google_push=AYg5qPK7riL5GErFtrwD4vK6IbFedui3JdkJBN7E65CWHKEprL37rm3RPVDVMiuJxow-oTAsM8iXf1Xy-qWOPK1xcMduFx3dXyTSTg HTTP 302
https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESEMdeSVV_wMS4lgYt-AtDTSM&google_cver=1&google_push=AYg5qPK7riL5GErFtrwD4vK6IbFedui3JdkJBN7E65CWHKEprL37rm3RPVDVMiuJxow-oTAsM8iXf1Xy-qWOPK1xcMduFx3dXyTSTg&rdf=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=F9lrfjalT0WxK3QSqJqwVg%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AYg5qPK7riL5GErFtrwD4vK6IbFedui3JdkJBN7E65CWHKEprL37rm3RPVDVMiuJxow-oTAsM8iXf1Xy-qWOPK1xcMduFx3dXyTSTg

Request Chain 325

https://pixel.advertising.com/ups/58202/sync?gdpr=&gdpr_consent=&redir=true&google_gid=CAESEC077aiw5W9YZalE7OyKkS8&google_cver=1&google_push=AYg5qPIs8CiTV39bvYOX22hcly9OwSb-Hvl_BchJwHxLgriyE5m4e9wZfjNhj8uTtsC-0b7A0jnMibjCgkxJcgU26jwRm4Q63PPukf4 HTTP 302
https://pixel.advertising.com/ups/58202/sync?gdpr=&gdpr_consent=&redir=true&google_gid=CAESEC077aiw5W9YZalE7OyKkS8&google_cver=1&google_push=AYg5qPIs8CiTV39bvYOX22hcly9OwSb-Hvl_BchJwHxLgriyE5m4e9wZfjNhj8uTtsC-0b7A0jnMibjCgkxJcgU26jwRm4Q63PPukf4&verify=true HTTP 302
https://ups.analytics.yahoo.com/ups/58202/sync?gdpr=&gdpr_consent=&redir=true&google_gid=CAESEC077aiw5W9YZalE7OyKkS8&google_cver=1&google_push=AYg5qPIs8CiTV39bvYOX22hcly9OwSb-Hvl_BchJwHxLgriyE5m4e9wZfjNhj8uTtsC-0b7A0jnMibjCgkxJcgU26jwRm4Q63PPukf4&apid=UPb2487cca-8040-11ec-93aa-064c62b4fd54 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=oath_eb&google_hm=VVBiMjQ4N2NjYS04MDQwLTExZWMtOTNhYS0wNjRjNjJiNGZkNTQ%3D&google_push=AYg5qPIs8CiTV39bvYOX22hcly9OwSb-Hvl_BchJwHxLgriyE5m4e9wZfjNhj8uTtsC-0b7A0jnMibjCgkxJcgU26jwRm4Q63PPukf4

Request Chain 329

https://ad29.ad-srv.net/request.php?zone=h7gx4wfffrt8&nw=11&renderingType=javascript&namespace=3e55839b25&subid=&uid=10ec926617f012b5&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=300x250&scrollPos=0x0&extData[]=&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=&documentReferer=http%3A%2F%2Fwww.tranquilforrestt3.xyz%2F&ancestorOrigins=http%3A%2F%2Fwww.tranquilforrestt3.xyz&random=78920043140&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0 HTTP 302
https://ad29.ad-srv.net/request.php?zone=h7gx4wfffrt8&nw=11&renderingType=javascript&namespace=3e55839b25&subid=&uid=10ec926617f012b5&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=300x250&scrollPos=0x0&extData[]=&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=&documentReferer=http%3A%2F%2Fwww.tranquilforrestt3.xyz%2F&ancestorOrigins=http%3A%2F%2Fwww.tranquilforrestt3.xyz&random=78920043140&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0&uidRedirect=1

Request Chain 343

https://sb.scorecardresearch.com/b?c1=2&c2=6683813&ns__t=1643377590541&ns_c=UTF-8&c8=LIVE%20updates%2C%20Latest%20News%2C%20Breaking%20News%2C%20Bollywood%2C%20Business%20and%20Political%20News%20%E2%80%93%20Firstpost&c7=http%3A%2F%2Fwww.tranquilforrestt3.xyz%2F&c9= HTTP 302
https://sb.scorecardresearch.com/b2?c1=2&c2=6683813&ns__t=1643377590541&ns_c=UTF-8&c8=LIVE%20updates%2C%20Latest%20News%2C%20Breaking%20News%2C%20Bollywood%2C%20Business%20and%20Political%20News%20%E2%80%93%20Firstpost&c7=http%3A%2F%2Fwww.tranquilforrestt3.xyz%2F&c9=

Request Chain 345

https://sb.scorecardresearch.com/c2/6683813/cs.js HTTP 302
https://sb.scorecardresearch.com/internal-c2/default/cs.js

Request Chain 346

https://www.awin1.com/cshow.php?s=2470208&v=11354&q=371931&r=473322&pv=1&pref1=18911400155074200383832011853029 HTTP 302
https://www.zenaps.com/cshow.php?pvr=b2bd3790-8040-11ec-b99f-2231db894da9&v=11354&r=473322&q=371931&s=2470208&viewref=18911400155074200383832011853029&pv=1 HTTP 302
https://www.conrad.de/ztpv.php?awc=11354_473322_1643377590_b2bd3790-8040-11ec-b99f-2231db894da9&insert=AW

Request Chain 347

https://www.awin1.com/cshow.php?s=2481850&v=14172&q=372911&r=473322&pv=1&pref1=18911400155074200383832011853029 HTTP 302
https://htlp.emp.de/

Request Chain 352

https://pv.medialead.de/trck/epv/69250fcfc588cf5d8ffbc24dca91a6f6&subid=18911400155074200383832011853029&ctrack=https%3A%2F%2Fad29.ad-srv.net%2Fc%2Fc9etzjkrig2jyjq%3Ftprde%3D HTTP 301
https://pv.medialead.de/trck/epv/69250fcfc588cf5d8ffbc24dca91a6f6?subid=18911400155074200383832011853029&ctrack=https%3A%2F%2Fad29.ad-srv.net%2Fc%2Fc9etzjkrig2jyjq%3Ftprde%3D

Request Chain 353

https://www.awin1.com/cshow.php?s=2470208&v=11354&q=371931&r=473322&pref1=18911400155074200383832011853029 HTTP 302
https://www.zenaps.com/cshow.php?pvr=b2c8a940-8040-11ec-915c-22338470aac8&v=11354&r=473322&q=371931&s=2470208&viewref=18911400155074200383832011853029 HTTP 302
https://asset.conrad.com/media10/isa/160267/c1/-/de/COUPON122_234x60?format=gif

Request Chain 354

https://www.awin1.com/cshow.php?s=2481854&v=14172&q=372905&r=473322&pref1=18911400155074200383832011853029 HTTP 302
https://media.acfrg.com/banner/Affilinet/Logo/EMP/234x60.png

Request Chain 356

https://sync-tm.everesttech.net/upi/pid/5w3jqr4k?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dg8f47s39e399f3fe%26google_hm%3D%24%7BTM_USER_ID_BASE64ENC_URLENC%7D&google_gid=CAESEPkbiGv5Bgh5_RCz9qyKUe8&google_cver=1&google_push=AYg5qPL1-p81HlTPlyd3O3IX1Fnw8u9lN5Ayvg1JcGAHIuGxHDIiuHRrxuUKQWD0jwHoLd6-7mYMTMAYmrzjFFtJ6FnPzBhw4-k HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=WWZQenN3QUI4LV90bHdCQg==&google_gid=CAESEPkbiGv5Bgh5_RCz9qyKUe8&google_cver=1&google_push=AYg5qPL1-p81HlTPlyd3O3IX1Fnw8u9lN5Ayvg1JcGAHIuGxHDIiuHRrxuUKQWD0jwHoLd6-7mYMTMAYmrzjFFtJ6FnPzBhw4-k

Request Chain 357

https://d5p.de17a.com/cookies/google?google_gid=CAESEIt66789R7mzDkel-lfLJ1g&google_cver=1&google_push=AYg5qPJpkbh4_tOE-EDguYNTGlLCvfObwlzy5Q4uvhvlhKi-cb1Gr6tqMASWS1A_ttT_dQTi8xJqK47bQ1bVY6pP6_u4N2ojaGM HTTP 302
https://d5p.de17a.com/cookies/google;c?google_gid=CAESEIt66789R7mzDkel-lfLJ1g&google_cver=1&google_push=AYg5qPJpkbh4_tOE-EDguYNTGlLCvfObwlzy5Q4uvhvlhKi-cb1Gr6tqMASWS1A_ttT_dQTi8xJqK47bQ1bVY6pP6_u4N2ojaGM HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=delta_projects_ab&google_ula=668382&google_push=AYg5qPJpkbh4_tOE-EDguYNTGlLCvfObwlzy5Q4uvhvlhKi-cb1Gr6tqMASWS1A_ttT_dQTi8xJqK47bQ1bVY6pP6_u4N2ojaGM

Request Chain 359

https://s.ad.smaato.net/c/n///-?adNetInit=g&google_gid=CAESEPOKq0H7b7eyPTq7FthKSXg&google_cver=1&google_push=AYg5qPISEWzqC621HB-KUUs-Nwt2zVAbYFVANVXYB66iizMm-zuE0J92RY2l3s77UJMSl7tDL1YDYXtZ5_w3cjVANferyPiTukE HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=smaato&google_push=AYg5qPISEWzqC621HB-KUUs-Nwt2zVAbYFVANVXYB66iizMm-zuE0J92RY2l3s77UJMSl7tDL1YDYXtZ5_w3cjVANferyPiTukE

Request Chain 360

https://onetag-sys.com/sync/i,19/?google_gid=CAESEE_UoJwOMSB1-TI_ttXk6Eg&google_cver=1&google_push=AYg5qPLPAScCM5ZIQbfISSONpQAvDt9eNy59jLiEoybKC5R6y9FL1oxhWDkCvmAX__7K7XzYdC-iSPbIX6ogUvKM53XDZ8r5bPg HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_push=AYg5qPLPAScCM5ZIQbfISSONpQAvDt9eNy59jLiEoybKC5R6y9FL1oxhWDkCvmAX__7K7XzYdC-iSPbIX6ogUvKM53XDZ8r5bPg HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_push=AYg5qPLPAScCM5ZIQbfISSONpQAvDt9eNy59jLiEoybKC5R6y9FL1oxhWDkCvmAX__7K7XzYdC-iSPbIX6ogUvKM53XDZ8r5bPg HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_push=AYg5qPLPAScCM5ZIQbfISSONpQAvDt9eNy59jLiEoybKC5R6y9FL1oxhWDkCvmAX__7K7XzYdC-iSPbIX6ogUvKM53XDZ8r5bPg HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_push=AYg5qPLPAScCM5ZIQbfISSONpQAvDt9eNy59jLiEoybKC5R6y9FL1oxhWDkCvmAX__7K7XzYdC-iSPbIX6ogUvKM53XDZ8r5bPg HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_push=AYg5qPLPAScCM5ZIQbfISSONpQAvDt9eNy59jLiEoybKC5R6y9FL1oxhWDkCvmAX__7K7XzYdC-iSPbIX6ogUvKM53XDZ8r5bPg HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_push=AYg5qPLPAScCM5ZIQbfISSONpQAvDt9eNy59jLiEoybKC5R6y9FL1oxhWDkCvmAX__7K7XzYdC-iSPbIX6ogUvKM53XDZ8r5bPg HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_push=AYg5qPLPAScCM5ZIQbfISSONpQAvDt9eNy59jLiEoybKC5R6y9FL1oxhWDkCvmAX__7K7XzYdC-iSPbIX6ogUvKM53XDZ8r5bPg HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_push=AYg5qPLPAScCM5ZIQbfISSONpQAvDt9eNy59jLiEoybKC5R6y9FL1oxhWDkCvmAX__7K7XzYdC-iSPbIX6ogUvKM53XDZ8r5bPg HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_push=AYg5qPLPAScCM5ZIQbfISSONpQAvDt9eNy59jLiEoybKC5R6y9FL1oxhWDkCvmAX__7K7XzYdC-iSPbIX6ogUvKM53XDZ8r5bPg HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_push=AYg5qPLPAScCM5ZIQbfISSONpQAvDt9eNy59jLiEoybKC5R6y9FL1oxhWDkCvmAX__7K7XzYdC-iSPbIX6ogUvKM53XDZ8r5bPg HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_push=AYg5qPLPAScCM5ZIQbfISSONpQAvDt9eNy59jLiEoybKC5R6y9FL1oxhWDkCvmAX__7K7XzYdC-iSPbIX6ogUvKM53XDZ8r5bPg HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_push=AYg5qPLPAScCM5ZIQbfISSONpQAvDt9eNy59jLiEoybKC5R6y9FL1oxhWDkCvmAX__7K7XzYdC-iSPbIX6ogUvKM53XDZ8r5bPg HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_push=AYg5qPLPAScCM5ZIQbfISSONpQAvDt9eNy59jLiEoybKC5R6y9FL1oxhWDkCvmAX__7K7XzYdC-iSPbIX6ogUvKM53XDZ8r5bPg HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_push=AYg5qPLPAScCM5ZIQbfISSONpQAvDt9eNy59jLiEoybKC5R6y9FL1oxhWDkCvmAX__7K7XzYdC-iSPbIX6ogUvKM53XDZ8r5bPg HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_push=AYg5qPLPAScCM5ZIQbfISSONpQAvDt9eNy59jLiEoybKC5R6y9FL1oxhWDkCvmAX__7K7XzYdC-iSPbIX6ogUvKM53XDZ8r5bPg HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_push=AYg5qPLPAScCM5ZIQbfISSONpQAvDt9eNy59jLiEoybKC5R6y9FL1oxhWDkCvmAX__7K7XzYdC-iSPbIX6ogUvKM53XDZ8r5bPg HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_push=AYg5qPLPAScCM5ZIQbfISSONpQAvDt9eNy59jLiEoybKC5R6y9FL1oxhWDkCvmAX__7K7XzYdC-iSPbIX6ogUvKM53XDZ8r5bPg HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_push=AYg5qPLPAScCM5ZIQbfISSONpQAvDt9eNy59jLiEoybKC5R6y9FL1oxhWDkCvmAX__7K7XzYdC-iSPbIX6ogUvKM53XDZ8r5bPg HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_push=AYg5qPLPAScCM5ZIQbfISSONpQAvDt9eNy59jLiEoybKC5R6y9FL1oxhWDkCvmAX__7K7XzYdC-iSPbIX6ogUvKM53XDZ8r5bPg HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_push=AYg5qPLPAScCM5ZIQbfISSONpQAvDt9eNy59jLiEoybKC5R6y9FL1oxhWDkCvmAX__7K7XzYdC-iSPbIX6ogUvKM53XDZ8r5bPg

Request Chain 361

https://sync.1rx.io/usersync2/rmpssp?sub=google&redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dr1%26google_push%3D%5BRX_SPD%5D%26google_hm%3D%5BRX_UUID_B64_BIN%5D&google_gid=CAESEA5MF_edaDEZEw-Og1xE_NU&google_cver=1&google_push=AYg5qPLVEJRDKPZx3X-lTVjD4I3faKuA38RFDLHCs-MhczEzhdTTw_8y3uVloclI8zU7HHCi3HGErfm01op3zckkU4g1Z7dV6As HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=r1&google_push=AYg5qPLVEJRDKPZx3X-lTVjD4I3faKuA38RFDLHCs-MhczEzhdTTw_8y3uVloclI8zU7HHCi3HGErfm01op3zckkU4g1Z7dV6As&google_hm=

Request Chain 362

https://pixel.advertising.com/ups/58202/sync?gdpr=&gdpr_consent=&redir=true&google_gid=CAESEAtNCbi9kV5b8eA-2IAGC5k&google_cver=1&google_push=AYg5qPKBk0WUbmYDiiK5bG5YKZmUuhAPkY-cYHFTjA_xPJ-RuoyIDlu9LMFcrE3ofFAKvEJWsjNsiP-WCThMwQhiEeGxReiC4_8 HTTP 302
https://ups.analytics.yahoo.com/ups/58202/sync?gdpr=&gdpr_consent=&redir=true&google_gid=CAESEAtNCbi9kV5b8eA-2IAGC5k&google_cver=1&google_push=AYg5qPKBk0WUbmYDiiK5bG5YKZmUuhAPkY-cYHFTjA_xPJ-RuoyIDlu9LMFcrE3ofFAKvEJWsjNsiP-WCThMwQhiEeGxReiC4_8&apid=UPb2487cca-8040-11ec-93aa-064c62b4fd54 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=oath_eb&google_hm=VVBiMjQ4N2NjYS04MDQwLTExZWMtOTNhYS0wNjRjNjJiNGZkNTQ%3D&google_push=AYg5qPKBk0WUbmYDiiK5bG5YKZmUuhAPkY-cYHFTjA_xPJ-RuoyIDlu9LMFcrE3ofFAKvEJWsjNsiP-WCThMwQhiEeGxReiC4_8

393 HTTP transactions
14 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request / Show response
www.tranquilforrestt3.xyz/ 387 KB
46 KB 1378ms
1359ms Document
text/html 2606:4700:3030::6815:da0
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: http://www.tranquilforrestt3.xyz/
Protocol: HTTP/1.1
Server: 2606:4700:3030::6815:da0 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / PHP/5.3.3
Resource Hash: 8d8907b87bf7ba7e6c1d54da79d7da4ce6dcb766c63db0bf7830f1933903a64b

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9

Response headers

Date: Fri, 28 Jan 2022 13:46:24 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
x-powered-by: PHP/5.3.3
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3OrmfQuQPI2GGFNfS9zJ1IXnOFU%2BT14369ggsI6r7si3tVvVl%2FQq5HliS7jDsPP2beTK55bqBmKHMhGu0jGYXTq75hDcYpEL%2F29a1g1n9BS5FxgsFt%2FHMjM30P7b5PnBqxDpB1TepdSQmWkVkOJCRGhu2jZim3RA"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 6d4aaaa8ebc59199-FRA
Content-Encoding: gzip
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 home-fp.css
www.firstpost.com/static/css/ 16 KB
4 KB 194ms
13ms Stylesheet
text/css 184.30.25.162
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.firstpost.com/static/css/home-fp.css?v=6.70

Requested by

Host: www.tranquilforrestt3.xyz
URL: http://www.tranquilforrestt3.xyz/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

184.30.25.162 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

Software

Resource Hash

1a275cf14aba4482a376a1b8656dbadbc30dbbd81a64d22c5210892684ae9144

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www.tranquilforrestt3.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Fri, 28 Jan 2022 13:46:25 GMT
content-encoding: gzip
access-control-max-age: 86400
content-length: 3758
cteonnt-length: 16421
last-modified: Tue, 23 Jun 2020 10:42:22 GMT
x-frame-options: SAMEORIGIN
etag: W/"4025-172e0c58bf7"
vary: Accept-Encoding
access-control-allow-methods: GET,POST
content-type: text/css; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=25842780
access-control-allow-credentials: false
accept-ranges: bytes
access-control-allow-headers: *

GET
H2 200 jquery-3.4.0.min.js Show response
www.firstpost.com/static/js/ 86 KB
33 KB 198ms
17ms Script
application/javascript 184.30.25.162
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.firstpost.com/static/js/jquery-3.4.0.min.js

Requested by

Host: www.tranquilforrestt3.xyz
URL: http://www.tranquilforrestt3.xyz/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

184.30.25.162 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a184-30-25-162.deploy.static.akamaitechnologies.com

Software

Resource Hash

0497a8d2a9bde7db8c0466fae73e347a3258192811ed1108e3e096d5f34ac0e8

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www.tranquilforrestt3.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Fri, 28 Jan 2022 13:46:25 GMT
content-encoding: gzip
ntcoent-length: 88151
access-control-max-age: 86400
content-length: 33604
last-modified: Tue, 23 Jun 2020 08:58:12 GMT
x-frame-options: SAMEORIGIN
etag: W/"15857-172e0663073"
vary: Accept-Encoding
access-control-allow-methods: GET,POST
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=21624243
access-control-allow-credentials: false
accept-ranges: bytes
access-control-allow-headers: *

GET
H2 200 favicon.ico
www.firstpost.com/static/images/ 0
1 KB 26ms
26ms Other
image/x-icon 184.30.25.162
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.firstpost.com/static/images/favicon.ico?v=6.70

Requested by

Host: www.tranquilforrestt3.xyz
URL: http://www.tranquilforrestt3.xyz/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

184.30.25.162 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a184-30-25-162.deploy.static.akamaitechnologies.com

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www.tranquilforrestt3.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Fri, 28 Jan 2022 13:46:25 GMT
last-modified: Tue, 23 Jun 2020 08:58:12 GMT
etag: W/"447-172e066306e"
x-frame-options: SAMEORIGIN
access-control-allow-methods: GET,POST
content-type: image/x-icon
access-control-allow-origin: *
access-control-max-age: 86400
cache-control: public, max-age=0
access-control-allow-credentials: false
accept-ranges: bytes
access-control-allow-headers: *
content-length: 1095

GET
H2 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ 79 KB
27 KB 147ms
52ms Script
text/javascript 142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: www.tranquilforrestt3.xyz
URL: http://www.tranquilforrestt3.xyz/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

a184-30-25-162.deploy.static.akamaitechnologies.com

Software

sffe /

Resource Hash

82af6dfb7e4d8cb99c5e5d868940c20b330036dafebbe9f52223a7ec82a215be

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www.tranquilforrestt3.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Fri, 28 Jan 2022 13:46:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 27133
x-xss-protection: 0
server: sffe
etag: "1115 / 985 of 1000 / last-modified: 1643371812"
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Fri, 28 Jan 2022 13:46:25 GMT

GET
H/1.1 200
OK 0084276cc5ca765622f51f8eb.js Show response
chimpstatic.com/mcjs-connected/js/users/5eea658f179c37d2555573fac/ 50 B
510 B 41ms
11ms Script
application/javascript 104.89.44.137
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://chimpstatic.com/mcjs-connected/js/users/5eea658f179c37d2555573fac/0084276cc5ca765622f51f8eb.js
Requested by: Host: www.tranquilforrestt3.xyz
URL: http://www.tranquilforrestt3.xyz/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 104.89.44.137 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-89-44-137.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: f6e4f5edb3194334a199f0bf80b38d92a0b7388330fbce94c8c0fb2f852c171f

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www.tranquilforrestt3.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Fri, 28 Jan 2022 13:46:25 GMT
Last-Modified: Mon, 10 Aug 2020 13:23:37 GMT
Server: AmazonS3
x-amz-request-id: GNR6XSJK07NH3J3R
ETag: "104d46a3208b40e8ded389332f5a78a3"
Content-Type: application/javascript
Cache-Control: max-age=197
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 50
x-amz-id-2: PkpWuCs5EvqPq8ZdQtodJx45MPtWIIosBbDamLK55yrcH+U1MGGuQBTihRJ2WACYLTUY/8Unls8=
Expires: Fri, 28 Jan 2022 13:49:42 GMT

GET
H/1.1 200
OK adpushup.js Show response
cdn.adpushup.com/42991/ 524 KB
147 KB 66ms
27ms Script
application/javascript 2606:4700::6812:1cad
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: http://cdn.adpushup.com/42991/adpushup.js
Requested by: Host: www.tranquilforrestt3.xyz
URL: http://www.tranquilforrestt3.xyz/
Protocol: HTTP/1.1
Server: 2606:4700::6812:1cad , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d9552e408db002748606315ef824ac084949f712d151c218c48e9f47adf857a3

Request headers

Referer: http://www.tranquilforrestt3.xyz/
Origin: http://www.tranquilforrestt3.xyz
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Fri, 28 Jan 2022 13:46:25 GMT
Content-Encoding: gzip
CF-Cache-Status: HIT
last-modified: Tue, 25 Jan 2022 16:44:55 GMT
Server: cloudflare
Age: 9611
Vary: Accept-Encoding
Content-Type: application/javascript
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=86400
Transfer-Encoding: chunked
Connection: keep-alive
x-cf-geodata: US
CF-RAY: 6d4aaab35b7d696f-FRA
Expires: Sat, 29 Jan 2022 13:46:25 GMT

GET
H2 200 fp-desk-logo.png
www.firstpost.com/static/images/ 3 KB
4 KB 11ms
10ms Image
image/png 184.30.25.162
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.firstpost.com/static/images/fp-desk-logo.png

Requested by

Host: www.tranquilforrestt3.xyz
URL: http://www.tranquilforrestt3.xyz/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

184.30.25.162 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

Software

Resource Hash

63d1837bf0033a10e20387a9aecc5079d1f49e61f72363195173c773657acba4

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www.tranquilforrestt3.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Fri, 28 Jan 2022 13:46:25 GMT
last-modified: Wed, 01 Jul 2020 13:01:39 GMT
etag: W/"d9a-1730a77f17c"
x-frame-options: SAMEORIGIN
access-control-allow-methods: GET,POST
content-type: image/png
access-control-allow-origin: *
access-control-max-age: 86400
cache-control: public, max-age=0
access-control-allow-credentials: false
accept-ranges: bytes
access-control-allow-headers: *
content-length: 3482

GET
H2 200 netrasuraksha_L2_103x25px.jpg
www.firstpost.com/static/images/ 14 KB
14 KB 15ms
15ms Image
image/jpeg 184.30.25.162
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.firstpost.com/static/images/netrasuraksha_L2_103x25px.jpg

Requested by

Host: www.tranquilforrestt3.xyz
URL: http://www.tranquilforrestt3.xyz/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

184.30.25.162 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a184-30-25-162.deploy.static.akamaitechnologies.com

Software

Resource Hash

625096fc6e8bf195b789cf2b4da04e702c005bf8950ba96206c47cde389eabb8

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www.tranquilforrestt3.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Fri, 28 Jan 2022 13:46:25 GMT
last-modified: Tue, 30 Nov 2021 07:06:19 GMT
etag: W/"37b5-17d6faa6d8f"
x-frame-options: SAMEORIGIN
access-control-allow-methods: GET,POST
content-type: image/jpeg
access-control-allow-origin: *
access-control-max-age: 86400
cache-control: public, max-age=0
access-control-allow-credentials: false
accept-ranges: bytes
access-control-allow-headers: *
content-length: 14261

GET
H/1.1 200
OK aksb.min.js Show response
ds-aksb-a.akamaihd.net/ 13 KB
5 KB 71ms
12ms Script
application/x-javascript 2a02:26f0:fb::213:30c3
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: http://ds-aksb-a.akamaihd.net/aksb.min.js
Requested by: Host: www.tranquilforrestt3.xyz
URL: http://www.tranquilforrestt3.xyz/
Protocol: HTTP/1.1
Server: 2a02:26f0:fb::213:30c3 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: 7f06def529e0076b37f65c60085a6b1c65f1bbab0b1f87c72c188018b5094966

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www.tranquilforrestt3.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Fri, 28 Jan 2022 13:46:25 GMT
Content-Encoding: gzip
Last-Modified: Thu, 30 Aug 2018 18:25:26 GMT
Server: AkamaiNetStorage
ETag: "15de19f42b35806faf815298644157e0:1535653526"
Vary: Accept-Encoding
Content-Type: application/x-javascript
Cache-Control: max-age=43200
Connection: keep-alive
Accept-Ranges: bytes
Timing-Allow-Origin: *
Content-Length: 4826

GET
H/1.1 200
OK jquery-2.2.2.min.js Show response
code.jquery.com/ 84 KB
30 KB 64ms
50ms Script
application/javascript 2001:4de0:ac18::1:a:2a
HIGHWINDS3

General

Check archive.org

Show headers Download Go to

Full URL: http://code.jquery.com/jquery-2.2.2.min.js
Requested by: Host: cdn.adpushup.com
URL: http://cdn.adpushup.com/42991/adpushup.js
Protocol: HTTP/1.1
Server: 2001:4de0:ac18::1:a:2a , Netherlands, ASN20446 (HIGHWINDS3, US),
Reverse DNS
Software: nginx /
Resource Hash: dfa729d82a3effadab1000181cb99108f232721e3b0af74cfae4c12704b35a32

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www.tranquilforrestt3.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Fri, 28 Jan 2022 13:46:25 GMT
Content-Encoding: gzip
Last-Modified: Thu, 17 Mar 2016 17:52:17 GMT
Server: nginx
ETag: W/"56eaeed1-14e98"
Vary: Accept-Encoding
X-HW: 1643377585.dop226.am5.t,1643377585.cds302.am5.c
Content-Type: application/javascript; charset=utf-8
Access-Control-Allow-Origin: *
Cache-Control: max-age=315360000, public
Connection: Keep-Alive
Accept-Ranges: bytes
Content-Length: 29880

GET
H/1.1 200
OK social-bg.png
www.tranquilforrestt3.xyz/static/images/ 0
805 B 383ms
376ms Image
text/html 2606:4700:3030::6815:da0
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://www.tranquilforrestt3.xyz/static/images/social-bg.png
Requested by: Host: www.tranquilforrestt3.xyz
URL: http://www.tranquilforrestt3.xyz/
Protocol: HTTP/1.1
Server: 2606:4700:3030::6815:da0 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / PHP/5.3.3
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www.tranquilforrestt3.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Fri, 28 Jan 2022 13:46:25 GMT
Content-Encoding: gzip
CF-Cache-Status: MISS
Last-Modified: Fri, 28 Jan 2022 13:46:25 GMT
Server: cloudflare
x-powered-by: PHP/5.3.3
Vary: Accept-Encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UbmXM7l64z9pbCQIw%2FacUOgznH38UhhkpojabRKmDvdYq04NaWiHgCObwcPzs57UXH7MWUeo6Kxyo5pyjCkjw2Ub%2BkvkCrcjiQizkCBEj%2FgdBY5ax5XZImnaC9LYfIAMi2OjbiHb5iu5KIYlytS4iGw3dFoZkALe"}],"group":"cf-nel","max_age":604800}
Content-Type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
Cache-Control: max-age=14400
Transfer-Encoding: chunked
Connection: keep-alive
CF-RAY: 6d4aaab42aa3901f-FRA
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}

GET
H2 200 1643370208382.jpg
images.firstpost.com/wp-content/uploads/fpranking/ 34 KB
34 KB 111ms
46ms Image
image/webp 2a02:26f0:f7::5c7b:e01c
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.firstpost.com/wp-content/uploads/fpranking/1643370208382.jpg
Requested by: Host: www.tranquilforrestt3.xyz
URL: http://www.tranquilforrestt3.xyz/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:f7::5c7b:e01c Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: Akamai Image Manager /
Resource Hash: 0255968ec0c845a3740e6ddb87730a16e5fec628cf7af58a208062b5b3438d32

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www.tranquilforrestt3.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Fri, 28 Jan 2022 13:46:25 GMT
last-modified: Fri, 28 Jan 2022 11:43:38 GMT
server: Akamai Image Manager
etag: "92bf91-a23b-5d6a2e0d754f3"
content-type: image/webp
access-control-allow-origin: *
cache-control: private, no-transform, max-age=2584536
content-length: 34568
expires: Sun, 27 Feb 2022 11:42:01 GMT

GET
H2 200 pubads_impl_2022012702.js Show response
securepubads.g.doubleclick.net/gpt/ 354 KB
119 KB 41ms
40ms Script
text/javascript 142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022012702.js?31064603

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9c67b64612afd710926c9b3a25bb44a59297f4e099c3629534598697afadff70

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www.tranquilforrestt3.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 27 Jan 2022 17:23:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 73363
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 122111
x-xss-protection: 0
last-modified: Thu, 27 Jan 2022 16:28:17 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Fri, 27 Jan 2023 17:23:42 GMT

GET
H3 200 ppub_config Show response
securepubads.g.doubleclick.net/pagead/ 44 B
84 B 95ms
45ms XHR
application/json 142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/ppub_config?ippd=www.tranquilforrestt3.xyz

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

a184-30-25-162.deploy.static.akamaitechnologies.com

Software

cafe /

Resource Hash

6e4bc925cfa9ec0bb17acbff07a7e6c66f4392ca275b00889449aa67972c1127

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www.tranquilforrestt3.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 28 Jan 2022 13:46:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private, max-age=3600, stale-while-revalidate=3600
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 60
x-xss-protection: 0
expires: Fri, 28 Jan 2022 13:46:25 GMT

GET
BLOB 200
OK bc98cf50-3d97-4d98-b64d-88e2386f6be0
http://www.tranquilforrestt3.xyz/ 4 KB
0 Other
text/plain

General

Check archive.org

Show headers Download Go to

Full URL: blob:http://www.tranquilforrestt3.xyz/bc98cf50-3d97-4d98-b64d-88e2386f6be0
Requested by: Host: www.tranquilforrestt3.xyz
URL: http://www.tranquilforrestt3.xyz/
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 41f36457d5ec5bd7d115c29bea53e0d1ff77de7418837ef39e897f3b7d497e8a

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www.tranquilforrestt3.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Content-Length: 3743

GET
H2 200 fplogo_placeholder_640x362.jpg
www.firstpost.com/static/images/ 4 KB
4 KB 13ms
12ms Image
image/jpeg 184.30.25.162
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.firstpost.com/static/images/fplogo_placeholder_640x362.jpg

Requested by

Host: www.tranquilforrestt3.xyz
URL: http://www.tranquilforrestt3.xyz/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

184.30.25.162 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

Software

Resource Hash

60a40b2138cfd47cd85f899cd3612c34acd3ecd26597b5034a7d65ad62f01687

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www.tranquilforrestt3.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Fri, 28 Jan 2022 13:46:25 GMT
last-modified: Tue, 23 Jun 2020 08:58:12 GMT
etag: W/"ebf-172e066306f"
x-frame-options: SAMEORIGIN
access-control-allow-methods: GET,POST
content-type: image/jpeg
access-control-allow-origin: *
access-control-max-age: 86400
cache-control: public, max-age=0
access-control-allow-credentials: false
accept-ranges: bytes
access-control-allow-headers: *
content-length: 3775

GET
H2 200 fplogo_placeholder_192x104.jpg
www.firstpost.com/static/images/ 2 KB
3 KB 16ms
15ms Image
image/jpeg 184.30.25.162
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.firstpost.com/static/images/fplogo_placeholder_192x104.jpg

Requested by

Host: www.tranquilforrestt3.xyz
URL: http://www.tranquilforrestt3.xyz/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

184.30.25.162 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a184-30-25-162.deploy.static.akamaitechnologies.com

Software

Resource Hash

dba1bb2c05a93eb27a3807b6266c06045effe4507f25fb28644474bcf0c23640

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www.tranquilforrestt3.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Fri, 28 Jan 2022 13:46:25 GMT
last-modified: Tue, 23 Jun 2020 08:58:12 GMT
etag: W/"95b-172e066306f"
x-frame-options: SAMEORIGIN
access-control-allow-methods: GET,POST
content-type: image/jpeg
access-control-allow-origin: *
access-control-max-age: 86400
cache-control: public, max-age=0
access-control-allow-credentials: false
accept-ranges: bytes
access-control-allow-headers: *
content-length: 2395

GET
H/1.1 200
OK email-decode.min.js Show response
www.tranquilforrestt3.xyz/cdn-cgi/scripts/5c5dd728/cloudflare-static/ 1 KB
1 KB 55ms
47ms Script
application/javascript 2606:4700:3030::6815:da0
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

http://www.tranquilforrestt3.xyz/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js

Requested by

Host: www.tranquilforrestt3.xyz
URL: http://www.tranquilforrestt3.xyz/

Protocol

HTTP/1.1

Server

2606:4700:3030::6815:da0 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www.tranquilforrestt3.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Fri, 28 Jan 2022 13:46:25 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Wed, 19 Jan 2022 15:58:45 GMT
Server: cloudflare
ETag: W/"61e83535-4d7"
X-Frame-Options: DENY
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kQSmdgJxBJ7WM9OmwEBE2LWUwZZs%2FSUY3%2FYcjC%2FeHLmZF1F0QLvkjD%2B9R9wC82jBLCZR3xR1BtMc1K2mVYbQsmuVUe5MeuRiO3koALRlPUiT%2BcHnivcr1RWiwlVB4ZicWnuIUnSXOjQ3v0VR4lujRP3eUf50VB4K"}],"group":"cf-nel","max_age":604800}
Content-Type: application/javascript
Cache-Control: max-age=172800, public
CF-RAY: 6d4aaab4d83591cf-FRA
Expires: Sun, 30 Jan 2022 13:46:25 GMT

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
792 B 133ms
45ms Script
application/javascript 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=www.tranquilforrestt3.xyz

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022012702.js?31064603

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www.tranquilforrestt3.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 28 Jan 2022 13:46:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
549 B 136ms
48ms Script
application/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=www.tranquilforrestt3.xyz

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022012702.js?31064603

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www.tranquilforrestt3.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 28 Jan 2022 13:46:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 quantcast.js Show response
cdn.adpushup.com/pbuseridscripts/ 450 B
386 B 22ms
22ms Script
application/javascript 2606:4700::6812:1cad
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.adpushup.com/pbuseridscripts/quantcast.js
Requested by: Host: cdn.adpushup.com
URL: http://cdn.adpushup.com/42991/adpushup.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:1cad , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 26914004d3a8d5ddde2202b642d7936eb61c9f195b5cd3c87e44ef8ad4d57c16

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www.tranquilforrestt3.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Fri, 28 Jan 2022 13:46:25 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Mon, 28 Jun 2021 04:15:23 GMT
server: cloudflare
age: 280281
etag: W/"60d94cdb-1c2"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
cf-ray: 6d4aaab52fdf9061-FRA
expires: Sat, 29 Jan 2022 13:46:25 GMT

POST
H/1.1 200 sync
e3.adpushup.com/AdPushupFeedbackWebService/user/ 70 B
532 B 54ms
16ms Ping
image/png 23.97.225.52
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: http://e3.adpushup.com/AdPushupFeedbackWebService/user/sync
Requested by: Host: cdn.adpushup.com
URL: http://cdn.adpushup.com/42991/adpushup.js
Protocol: HTTP/1.1
Server: 23.97.225.52 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3849fdc1eab88579b20b1b56875d6ef8299c4ad165e03921400ccae69149861

Request headers

Referer: http://www.tranquilforrestt3.xyz/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

Pragma: no-cache
Date: Fri, 28 Jan 2022 13:46:24 GMT
Ap-Cookie-Status: cookies ap_uid and ap_usid not set due to GDPR
Access-Control-Allow-Methods: GET, POST
Content-Type: image/png
Access-Control-Allow-Origin: http://www.tranquilforrestt3.xyz
Cache-Control: no-cache, no-store, must-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
X-Robots-Tag: noindex
Keep-Alive: timeout=20
Content-Length: 70
Expires: 0

GET
H2 200 feedback
e3.adpushup.com/AdPushupFeedbackWebService/ 70 B
279 B 59ms
15ms Image
image/png 23.97.225.52
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://e3.adpushup.com/AdPushupFeedbackWebService/feedback?data=eyJjcmVhdGVkVFMiOjE2NDMzNzc1ODU0NzksInBhY2tldElkIjoiMDAwMEE3RUYtN2FiNTcyYTYtM2E0ZC00NmQwLWE3M2YtZGEwYWI2MDI2MGYxIiwic2l0ZUlkIjo0Mjk5MSwic2l0ZURvbWFpbiI6Imh0dHBzOi8vd3d3LmZpcnN0cG9zdC5jb20vIiwidXJsIjoiaHR0cDovL3d3dy50cmFucXVpbGZvcnJlc3R0My54eXovIiwibW9kZSI6MiwiZXJyb3JDb2RlIjo3LCJyZWZlcnJlciI6IiIsInBsYXRmb3JtIjoiREVTS1RPUCIsImlzR2VuaWVlIjpmYWxzZSwic2VjdGlvbnMiOm51bGx9
Requested by: Host: www.tranquilforrestt3.xyz
URL: http://www.tranquilforrestt3.xyz/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 23.97.225.52 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3849fdc1eab88579b20b1b56875d6ef8299c4ad165e03921400ccae69149861

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www.tranquilforrestt3.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 28 Jan 2022 13:46:24 GMT
access-control-allow-methods: GET, POST
content-type: image/png
access-control-allow-origin: http://www.tranquilforrestt3.xyz
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
x-robots-tag: noindex
content-length: 70
expires: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 493 B
287 B 182ms
181ms XHR
text/plain 142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=1059964830798939&correlator=4292547403341154&output=ldjh&impl=fif&eid=31064603%2C44757101%2C31061167%2C31062931&vrg=2022012702&ptt=17&sc=0&sfv=1-0-38&ecs=20220128&iu_parts=1039154%2CFSTPST_ENG%2CFSTPST_ENG_HOME%2CFSTPST_ENG_HOME_HOME%2CFSTPST_ENG_HP_Shosh_OOP&enc_prev_ius=%2F0%2F1%2F2%2F3%2F4&prev_iu_szs=1x1&ists=1&cust_params=section_name%3DHome%26meta_keywords%3D%26title_name%3DLIVE%252Cupdates%252CLatest%252CNews%252CBreaking%252CNews%252CBollywood%252CBusiness%252Cand%252CPolitical%252CNews%252C%252CFirstpost%26Content_Type%3DNews%26DFP%3Dokay%26page_url%3Dhttps%253A%252F%252Fwww.firstpost.com%26excerpt_description%3DLIVE%2520Updates%2520Get%2520the%2520Latest%2520Breaking%2520News%2520from%2520India%2520and%2520the%2520World%2520Health%2520Politics%2520Arts%2520and%2520Entertainment%2520Sports%2520Business%2520Education%2520Technology%2520and%2520much%2520more%2520%2520Firstpostcom&cookie_enabled=1&bc=23&abxe=1&dt=1643377585484&lmt=1643377585&dlt=1643377584860&idt=579&frm=20&biw=1600&bih=1200&oid=2&adxs=0&adys=114&adks=3683563502&ucis=1&ifi=1&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=http%3A%2F%2Fwww.tranquilforrestt3.xyz%2F&vis=1&scr_x=0&scr_y=0&psz=1600x0&msz=1600x0&ga_vid=336725861.1643377585&ga_sid=1643377585&ga_hid=357645589&ga_fc=false&fws=0&ohw=0&btvi=0&nvt=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022012702.js?31064603

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

6cd3f143d53e17d9b6115cee30c296429badeb0ae36adf33272ec98ebc346afa

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www.tranquilforrestt3.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Fri, 28 Jan 2022 13:46:25 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 257
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: http://www.tranquilforrestt3.xyz
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html Show response
2ee9f9c2d9910c8713dfd6416585c71c.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 6905 6 KB
4 KB 186ms
44ms Document
text/html 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://2ee9f9c2d9910c8713dfd6416585c71c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022012702.js?31064603

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: http://www.tranquilforrestt3.xyz/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 3108
date: Fri, 28 Jan 2022 13:46:25 GMT
expires: Sat, 28 Jan 2023 13:46:25 GMT
cache-control: public, immutable, max-age=31536000
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 55 KB
12 KB 888ms
888ms XHR
text/plain 142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=1059964830798939&correlator=4292547403341154&output=ldjh&impl=fif&eid=31064603%2C44757101%2C31061167%2C31062931&vrg=2022012702&ptt=17&sc=0&sfv=1-0-38&ecs=20220128&iu_parts=1039154%2CFSTPST_ENG%2CFSTPST_ENG_HOME%2CFSTPST_ENG_HOME_HOME%2CFSTPST_ENG_HP_ATF_728&enc_prev_ius=%2F0%2F1%2F2%2F3%2F4&prev_iu_szs=1003x90%7C970x90%7C970x200%7C970x250%7C728x90&cust_params=section_name%3DHome%26meta_keywords%3D%26title_name%3DLIVE%252Cupdates%252CLatest%252CNews%252CBreaking%252CNews%252CBollywood%252CBusiness%252Cand%252CPolitical%252CNews%252C%252CFirstpost%26Content_Type%3DNews%26DFP%3Dokay%26page_url%3Dhttps%253A%252F%252Fwww.firstpost.com%26excerpt_description%3DLIVE%2520Updates%2520Get%2520the%2520Latest%2520Breaking%2520News%2520from%2520India%2520and%2520the%2520World%2520Health%2520Politics%2520Arts%2520and%2520Entertainment%2520Sports%2520Business%2520Education%2520Technology%2520and%2520much%2520more%2520%2520Firstpostcom&cookie_enabled=1&bc=23&abxe=1&dt=1643377585491&lmt=1643377585&dlt=1643377584860&idt=579&frm=20&biw=1600&bih=1200&oid=2&adxs=299&adys=189&adks=3227910684&ucis=2&ifi=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=http%3A%2F%2Fwww.tranquilforrestt3.xyz%2F&vis=1&scr_x=0&scr_y=0&psz=960x150&msz=1003x0&ga_vid=336725861.1643377585&ga_sid=1643377585&ga_hid=357645589&ga_fc=false&fws=0&ohw=0&btvi=0&nvt=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022012702.js?31064603

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

6501ec276a824b18d72dfd57670c69751099ce1a770d9a9e7011213303d90f79

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www.tranquilforrestt3.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Fri, 28 Jan 2022 13:46:26 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12750
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: http://www.tranquilforrestt3.xyz
access-control-expose-headers: x-google-amp-ad-validated-version
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 514 B
302 B 420ms
420ms XHR
text/plain 142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=1059964830798939&correlator=4292547403341154&output=ldjh&impl=fif&eid=31064603%2C44757101%2C31061167%2C31062931&vrg=2022012702&ptt=17&sc=0&sfv=1-0-38&ecs=20220128&iu_parts=1039154%2CFSTPST_ENG%2CFSTPST_ENG_CRICKET%2CFSTPST_ENG_CRICKET_IPL_AL%2CFSTPST_ENG_CRI_IPL_AL_ROS_Strip_1000&enc_prev_ius=%2F0%2F1%2F2%2F3%2F4&prev_iu_szs=1000x35&cust_params=section_name%3DHome%26meta_keywords%3D%26title_name%3DLIVE%252Cupdates%252CLatest%252CNews%252CBreaking%252CNews%252CBollywood%252CBusiness%252Cand%252CPolitical%252CNews%252C%252CFirstpost%26Content_Type%3DNews%26DFP%3Dokay%26page_url%3Dhttps%253A%252F%252Fwww.firstpost.com%26excerpt_description%3DLIVE%2520Updates%2520Get%2520the%2520Latest%2520Breaking%2520News%2520from%2520India%2520and%2520the%2520World%2520Health%2520Politics%2520Arts%2520and%2520Entertainment%2520Sports%2520Business%2520Education%2520Technology%2520and%2520much%2520more%2520%2520Firstpostcom&cookie_enabled=1&bc=23&abxe=1&dt=1643377585493&lmt=1643377585&dlt=1643377584860&idt=579&frm=20&biw=1600&bih=1200&oid=2&adxs=300&adys=294&adks=3404370136&ucis=3&ifi=3&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=http%3A%2F%2Fwww.tranquilforrestt3.xyz%2F&vis=1&scr_x=0&scr_y=0&psz=960x0&msz=1000x0&ga_vid=336725861.1643377585&ga_sid=1643377585&ga_hid=357645589&ga_fc=false&fws=0&ohw=0&btvi=0&nvt=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022012702.js?31064603

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

531254ee3ad154f18293f9af03ba6d6d1fd81ffe8111f2d106ba6a9a2ef7552f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www.tranquilforrestt3.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Fri, 28 Jan 2022 13:46:25 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 272
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: http://www.tranquilforrestt3.xyz
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 486 B
283 B 515ms
515ms XHR
text/plain 142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=1059964830798939&correlator=4292547403341154&output=ldjh&impl=fif&eid=31064603%2C44757101%2C31061167%2C31062931&vrg=2022012702&ptt=17&sc=0&sfv=1-0-38&ecs=20220128&iu_parts=1039154%2CFSTPST_ENG%2CFSTPST_ENG_HOME%2CFSTPST_ENG_HOME_HOME%2CFSTPST_ENG_HP_Skin_OOP&enc_prev_ius=%2F0%2F1%2F2%2F3%2F4&prev_iu_szs=1x1&ists=1&cust_params=section_name%3DHome%26meta_keywords%3D%26title_name%3DLIVE%252Cupdates%252CLatest%252CNews%252CBreaking%252CNews%252CBollywood%252CBusiness%252Cand%252CPolitical%252CNews%252C%252CFirstpost%26Content_Type%3DNews%26DFP%3Dokay%26page_url%3Dhttps%253A%252F%252Fwww.firstpost.com%26excerpt_description%3DLIVE%2520Updates%2520Get%2520the%2520Latest%2520Breaking%2520News%2520from%2520India%2520and%2520the%2520World%2520Health%2520Politics%2520Arts%2520and%2520Entertainment%2520Sports%2520Business%2520Education%2520Technology%2520and%2520much%2520more%2520%2520Firstpostcom&cookie_enabled=1&bc=23&abxe=1&dt=1643377585495&lmt=1643377585&dlt=1643377584860&idt=579&frm=20&biw=1600&bih=1200&oid=2&adxs=0&adys=114&adks=3377337110&ucis=4&ifi=4&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=http%3A%2F%2Fwww.tranquilforrestt3.xyz%2F&vis=1&scr_x=0&scr_y=0&psz=1600x0&msz=1600x0&ga_vid=336725861.1643377585&ga_sid=1643377585&ga_hid=357645589&ga_fc=false&fws=0&ohw=0&btvi=0&nvt=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022012702.js?31064603

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

a184-30-25-162.deploy.static.akamaitechnologies.com

Software

cafe /

Resource Hash

9e8edf41bb73d73bbf4f6a3798be2da6dc67ad7668977b2424030c06b42c5e4c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www.tranquilforrestt3.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Fri, 28 Jan 2022 13:46:25 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 253
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: http://www.tranquilforrestt3.xyz
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK quant.js Show response
edge.quantserve.com/ 24 KB
10 KB 40ms
8ms Script
application/javascript 2620:116:800d:21:36a9:ecb:e518:b308
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: http://edge.quantserve.com/quant.js
Requested by: Host: cdn.adpushup.com
URL: https://cdn.adpushup.com/pbuseridscripts/quantcast.js
Protocol: HTTP/1.1
Server: 2620:116:800d:21:36a9:ecb:e518:b308 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 487fce51fd801415c362f3f9f2df43c445a4b9ba38f9b6d49dfc898dc85ede94

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www.tranquilforrestt3.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Fri, 28 Jan 2022 13:46:25 GMT
Content-Encoding: gzip
Etag: "FMCWFRCBdbNj8Eh2c0G78Q=="
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: private, max-age=604800
Transfer-Encoding: chunked
Cross-Origin-Resource-Policy: cross-origin
Connection: keep-alive
Accept-Ranges: bytes
Expires: Fri, 04 Feb 2022 13:46:25 GMT

GET
H2

200

rules-p-54Nt-1NAaEEe0.js Show response
rules.quantcount.com/
Redirect Chain

http://rules.quantcount.com/rules-p-54Nt-1NAaEEe0.js
https://rules.quantcount.com/rules-p-54Nt-1NAaEEe0.js

2 B
345 B

25ms
7ms

Script
application/javascript

2600:9000:223c:3400:6:44e3:f8c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://rules.quantcount.com/rules-p-54Nt-1NAaEEe0.js
Requested by: Host: www.tranquilforrestt3.xyz
URL: http://www.tranquilforrestt3.xyz/
Protocol: H2
Server: 2600:9000:223c:3400:6:44e3:f8c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www.tranquilforrestt3.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Fri, 28 Jan 2022 12:53:28 GMT
via: 1.1 0baa339c02d06988c65d8623d1b3c6ec.cloudfront.net (CloudFront)
server: AmazonS3
age: 3177
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=3600
cross-origin-resource-policy: cross-origin
x-cache: Hit from cloudfront
x-amz-cf-pop: FRA56-P2
content-length: 2
x-amz-cf-id: lNcfC1SmlwM_-xsrW8dcGbsjelkpZKP3-LBU_AkTOFALWlFgw-0h3w==

Redirect headers

Date: Fri, 28 Jan 2022 13:46:25 GMT
Via: 1.1 0c688bb347bc402edc1209f13e04d88c.cloudfront.net (CloudFront)
Server: CloudFront
X-Amz-Cf-Pop: FRA56-P2
X-Cache: Redirect from cloudfront
Content-Type: text/html
Location: https://rules.quantcount.com/rules-p-54Nt-1NAaEEe0.js
Connection: keep-alive
Content-Length: 183
X-Amz-Cf-Id: a3F1vux4nZv8TrAXulDV8PVZsFtAqVpW-SWLV_4t-459d0yASz1A9A==

GET
H2

200

pixel;r=457442145;rf=0;a=p-54Nt-1NAaEEe0;url=http%3A%2F%2Fwww.tranquilforrestt3.xyz%2F;uh=e51ed67dfb8d91dc24b15e2ace0c3bc33bc53c3e1dfb09200d6c2f8387d67ea6;uht=2;fpan=1;fpa=P0-418850482-164337758559...
pixel.quantserve.com/
Redirect Chain

http://pixel.quantserve.com/pixel;r=457442145;rf=0;a=p-54Nt-1NAaEEe0;url=http%3A%2F%2Fwww.tranquilforrestt3.xyz%2F;uh=e51ed67dfb8d91dc24b15e2ace0c3bc33bc53c3e1dfb09200d6c2f8387d67ea6;uht=2;fpan=1;f...
https://pixel.quantserve.com/pixel;r=457442145;rf=0;a=p-54Nt-1NAaEEe0;url=http%3A%2F%2Fwww.tranquilforrestt3.xyz%2F;uh=e51ed67dfb8d91dc24b15e2ace0c3bc33bc53c3e1dfb09200d6c2f8387d67ea6;uht=2;fpan=1;...

35 B
372 B

287ms
95ms

Image
image/gif

2620:116:800b:21:d7a4:3372:2f4a:f3b0
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pixel.quantserve.com/pixel;r=457442145;rf=0;a=p-54Nt-1NAaEEe0;url=http%3A%2F%2Fwww.tranquilforrestt3.xyz%2F;uh=e51ed67dfb8d91dc24b15e2ace0c3bc33bc53c3e1dfb09200d6c2f8387d67ea6;uht=2;fpan=1;fpa=P0-418850482-1643377585596;pbc=;ns=0;ce=1;qjs=1;qv=92a3679b-20211110211611;cm=;gdpr=0;ref=;d=tranquilforrestt3.xyz;je=0;sr=1600x1200x24;dst=0;et=1643377585596;tzo=0;ogl=title.LIVE%20updates%252C%20Latest%20News%252C%20Breaking%20News%252C%20Bollywood%252C%20Business%20and%20Political%20News%2Cdescription.LIVE%20Updates%3A%20Get%20the%20Latest%20Breaking%20News%20from%20India%20and%20the%20World%252C%20Health%252C%20Pol%2Clocale.en_US%2Csite_name.Firstpost%2Ctype.website%2Cimage.https%3A%2F%2Fwww%252Efirstpost%252Ecom%2Fstatic%2Fimages%2Ffp-logo%252Epng%2Curl.https%3A%2F%2Fwww%252Efirstpost%252Ecom

Requested by

Host: www.tranquilforrestt3.xyz
URL: http://www.tranquilforrestt3.xyz/

Protocol

Server

2620:116:800b:21:d7a4:3372:2f4a:f3b0 , United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

Software

Resource Hash

a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www.tranquilforrestt3.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 28 Jan 2022 13:46:26 GMT
strict-transport-security: max-age=86400
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
cache-control: private, no-cache, no-store, proxy-revalidate
content-type: image/gif
content-length: 35
expires: Fri, 04 Aug 1978 12:00:00 GMT

Redirect headers

Location: https://pixel.quantserve.com/pixel;r=457442145;rf=0;a=p-54Nt-1NAaEEe0;url=http%3A%2F%2Fwww.tranquilforrestt3.xyz%2F;uh=e51ed67dfb8d91dc24b15e2ace0c3bc33bc53c3e1dfb09200d6c2f8387d67ea6;uht=2;fpan=1;fpa=P0-418850482-1643377585596;pbc=;ns=0;ce=1;qjs=1;qv=92a3679b-20211110211611;cm=;gdpr=0;ref=;d=tranquilforrestt3.xyz;je=0;sr=1600x1200x24;dst=0;et=1643377585596;tzo=0;ogl=title.LIVE%20updates%252C%20Latest%20News%252C%20Breaking%20News%252C%20Bollywood%252C%20Business%20and%20Political%20News%2Cdescription.LIVE%20Updates%3A%20Get%20the%20Latest%20Breaking%20News%20from%20India%20and%20the%20World%252C%20Health%252C%20Pol%2Clocale.en_US%2Csite_name.Firstpost%2Ctype.website%2Cimage.https%3A%2F%2Fwww%252Efirstpost%252Ecom%2Fstatic%2Fimages%2Ffp-logo%252Epng%2Curl.https%3A%2F%2Fwww%252Efirstpost%252Ecom
Date: Fri, 28 Jan 2022 13:46:25 GMT
Cache-Control: private, no-transform, max-age=86400
Connection: keep-alive
Content-Length: 0
Expires: Sat, 29 Jan 2022 13:46:25 GMT

GET
H/1.1 200
OK photo-icon-small.png
www.tranquilforrestt3.xyz/static/images/ 0
809 B 355ms
355ms Image
text/html 2606:4700:3030::6815:da0
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://www.tranquilforrestt3.xyz/static/images/photo-icon-small.png
Requested by: Host: www.tranquilforrestt3.xyz
URL: http://www.tranquilforrestt3.xyz/
Protocol: HTTP/1.1
Server: 2606:4700:3030::6815:da0 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / PHP/5.3.3
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www.tranquilforrestt3.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Fri, 28 Jan 2022 13:46:26 GMT
Content-Encoding: gzip
CF-Cache-Status: MISS
Last-Modified: Fri, 28 Jan 2022 13:46:26 GMT
Server: cloudflare
x-powered-by: PHP/5.3.3
Vary: Accept-Encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4KAWZpJkFfQt%2Bbqe%2F6vTK2yVRiBLrdx5m167rrEncjd9LxIUJ1y6YdcPV4RqUKFYjo1lnGIGvnidOCJOIqjYDm4TFCg06wT%2F%2FULuUcMzC2IFYlYP8dvluDkCEpSycNe1S4N8evxSUzd%2BnbgqyM4uepLN8OG2AypD"}],"group":"cf-nel","max_age":604800}
Content-Type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
Cache-Control: max-age=14400
Transfer-Encoding: chunked
Connection: keep-alive
CF-RAY: 6d4aaab69822901f-FRA
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}

GET
H/1.1 200
OK classic-10_7.css
cdn-images.mailchimp.com/embedcode/ 4 KB
2 KB 42ms
7ms Stylesheet
text/css 18.66.127.89
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: http://cdn-images.mailchimp.com/embedcode/classic-10_7.css
Requested by: Host: www.tranquilforrestt3.xyz
URL: http://www.tranquilforrestt3.xyz/
Protocol: HTTP/1.1
Server: 18.66.127.89 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-127-89.fra60.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 613b1a7b4e9e279b4bcceed16041478402a795ac76653535589480190b3aa1c0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www.tranquilforrestt3.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Thu, 27 Jan 2022 22:59:29 GMT
Content-Encoding: gzip
Last-Modified: Thu, 17 Dec 2015 16:52:30 GMT
Server: AmazonS3
Age: 111081
ETag: W/"ae0fc9b84c30cada1784022044962394"
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Content-Type: text/css
Via: 1.1 f884e2c0a4bd6c75faee34aade3f091e.cloudfront.net (CloudFront)
Connection: keep-alive
Transfer-Encoding: chunked
X-Amz-Cf-Pop: FRA60-P2
X-Amz-Cf-Id: 1wiFMnnv2hrMpgXibEsY97k-V45EPc2xXA6WgpqMYajnMiypQatBOA==

GET
H3 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
122 B 97ms
48ms Script
application/javascript 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=www.tranquilforrestt3.xyz

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022012702.js?31064603

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www.tranquilforrestt3.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 28 Jan 2022 13:46:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
122 B 113ms
65ms Script
application/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=www.tranquilforrestt3.xyz

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022012702.js?31064603

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www.tranquilforrestt3.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 28 Jan 2022 13:46:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 news18_crypto.gif
www.firstpost.com/static/images/ 16 KB
16 KB 12ms
11ms Image
image/gif 184.30.25.162
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.firstpost.com/static/images/news18_crypto.gif

Requested by

Host: www.tranquilforrestt3.xyz
URL: http://www.tranquilforrestt3.xyz/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

184.30.25.162 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

Software

Resource Hash

c86395c84a095f7c7a08c14455fd53b980802d4c4560f6dd3631c66a5912fe50

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www.tranquilforrestt3.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Fri, 28 Jan 2022 13:46:25 GMT
last-modified: Wed, 27 Oct 2021 11:04:01 GMT
etag: W/"40c2-17cc16bd14d"
x-frame-options: SAMEORIGIN
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin: *
access-control-max-age: 86400
cache-control: public, max-age=0
access-control-allow-credentials: false
accept-ranges: bytes
access-control-allow-headers: *
content-length: 16578

GET
H2 200 mobile-detect.min.js Show response
cdnjs.cloudflare.com/ajax/libs/mobile-detect/1.4.4/ 38 KB
14 KB 40ms
16ms Script
application/javascript 2606:4700::6810:125e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/mobile-detect/1.4.4/mobile-detect.min.js

Requested by

Host: www.tranquilforrestt3.xyz
URL: http://www.tranquilforrestt3.xyz/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:125e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ebd21fd785e33300ae6571194031810c2e87373fb139b681888b2423d78a562b

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www.tranquilforrestt3.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Fri, 28 Jan 2022 13:46:25 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 273841
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 13867
timing-allow-origin: *
last-modified: Mon, 04 May 2020 16:13:25 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03f25-981e"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ifwrzgE9d1Rt4I8i9F%2BLe3aVJMiHxeS2tBo5Rma5AXxGn3GVQYn4mClBj4uEN1%2FbW2p9nug3f2qQj%2FSEMCWwSB%2Fk789ec2auSZjwB92k8qpKRZxcNx0pilSq8V7OkHc7u3T4ea1jw6kozvrrtz382Hp7"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=30672000
accept-ranges: bytes
cf-ray: 6d4aaab79b32928d-FRA
expires: Wed, 18 Jan 2023 13:46:25 GMT

GET
H2 200 fp-logo.png
www.firstpost.com/static/images/ 1 KB
2 KB 15ms
14ms Image
image/png 184.30.25.162
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.firstpost.com/static/images/fp-logo.png

Requested by

Host: www.tranquilforrestt3.xyz
URL: http://www.tranquilforrestt3.xyz/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

184.30.25.162 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a184-30-25-162.deploy.static.akamaitechnologies.com

Software

Resource Hash

8389b20c82fb8ca21eebe5bba0fdeeccaf254bb4af457b5803325ad57f29b65b

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www.tranquilforrestt3.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Fri, 28 Jan 2022 13:46:25 GMT
last-modified: Wed, 17 Jun 2020 09:37:38 GMT
etag: W/"52c-172c1a421b2"
x-frame-options: SAMEORIGIN
access-control-allow-methods: GET,POST
content-type: image/png
access-control-allow-origin: *
access-control-max-age: 86400
cache-control: public, max-age=0
access-control-allow-credentials: false
accept-ranges: bytes
access-control-allow-headers: *
content-length: 1324

GET
H2 200 footer-fp.css
www.firstpost.com/static/css/ 3 KB
1016 B 21ms
21ms Stylesheet
text/css 184.30.25.162
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.firstpost.com/static/css/footer-fp.css

Requested by

Host: www.tranquilforrestt3.xyz
URL: http://www.tranquilforrestt3.xyz/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

184.30.25.162 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a184-30-25-162.deploy.static.akamaitechnologies.com

Software

Resource Hash

46e288e234f9dac46bfcec1d4104a9e34f1dd4346f548210c019a0fafe32f15f

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www.tranquilforrestt3.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Fri, 28 Jan 2022 13:46:25 GMT
content-encoding: gzip
ntcoent-length: 2574
access-control-max-age: 86400
content-length: 694
last-modified: Wed, 24 Mar 2021 16:42:08 GMT
x-frame-options: SAMEORIGIN
etag: W/"a0e-178651d648c"
vary: Accept-Encoding
access-control-allow-methods: GET,POST
content-type: text/css; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=6817131
access-control-allow-credentials: false
accept-ranges: bytes
access-control-allow-headers: *

GET
H2 200 glide.min.js Show response
www.firstpost.com/static/js/ 23 KB
7 KB 26ms
26ms Script
application/javascript 184.30.25.162
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.firstpost.com/static/js/glide.min.js

Requested by

Host: www.tranquilforrestt3.xyz
URL: http://www.tranquilforrestt3.xyz/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

184.30.25.162 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a184-30-25-162.deploy.static.akamaitechnologies.com

Software

Resource Hash

0a735025df348cfb880f2790451abbf9682dfbef8a9747592ede044cd9b1308c

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www.tranquilforrestt3.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Fri, 28 Jan 2022 13:46:25 GMT
content-encoding: gzip
access-control-max-age: 86400
content-length: 7276
cteonnt-length: 23265
last-modified: Wed, 17 Jun 2020 09:37:38 GMT
x-frame-options: SAMEORIGIN
etag: W/"5ae1-172c1a421ad"
vary: Accept-Encoding
access-control-allow-methods: GET,POST
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=21624331
access-control-allow-credentials: false
accept-ranges: bytes
access-control-allow-headers: *

GET
H2 200 main-fp.js Show response
www.firstpost.com/static/js/ 5 KB
2 KB 30ms
30ms Script
application/javascript 184.30.25.162
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.firstpost.com/static/js/main-fp.js?v=6.70

Requested by

Host: www.tranquilforrestt3.xyz
URL: http://www.tranquilforrestt3.xyz/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

184.30.25.162 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a184-30-25-162.deploy.static.akamaitechnologies.com

Software

Resource Hash

ed779bc318612f67d6203cde82c96a8350d3c50c1c532778ce39eb3d64a1486e

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www.tranquilforrestt3.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Fri, 28 Jan 2022 13:46:25 GMT
content-encoding: gzip
access-control-max-age: 86400
content-length: 1530
cteonnt-length: 4666
last-modified: Tue, 04 May 2021 15:20:00 GMT
x-frame-options: SAMEORIGIN
etag: W/"123a-17937f6efce"
vary: Accept-Encoding
access-control-allow-methods: GET,POST
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=25842720
access-control-allow-credentials: false
accept-ranges: bytes
access-control-allow-headers: *

GET
H2 200 ipl2021.js Show response
www.firstpost.com/static/js/ 491 B
500 B 41ms
41ms Script
application/javascript 184.30.25.162
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.firstpost.com/static/js/ipl2021.js

Requested by

Host: www.tranquilforrestt3.xyz
URL: http://www.tranquilforrestt3.xyz/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

184.30.25.162 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a184-30-25-162.deploy.static.akamaitechnologies.com

Software

Resource Hash

b79435c6056eae4c409d008c70b290a3286df0525c52ba2789d4f0f70d551ecd

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www.tranquilforrestt3.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Fri, 28 Jan 2022 13:46:25 GMT
content-encoding: gzip
ntcoent-length: 491
access-control-max-age: 86400
content-length: 168
last-modified: Thu, 08 Apr 2021 15:13:40 GMT
x-frame-options: SAMEORIGIN
etag: W/"1eb-178b20bc949"
vary: Accept-Encoding
access-control-allow-methods: GET,POST
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=6054532
access-control-allow-credentials: false
accept-ranges: bytes
access-control-allow-headers: *

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 18 KB
9 KB 480ms
479ms XHR
text/plain 142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=1059964830798939&correlator=4292547403341154&output=ldjh&impl=fif&eid=31064603%2C44757101%2C31061167%2C31062931&vrg=2022012702&ptt=17&sc=0&sfv=1-0-38&ecs=20220128&iu_parts=1039154%2CFSTPST_ENG%2CFSTPST_ENG_HOME%2CFSTPST_ENG_HOME_HOME%2CFSTPST_ENG_HP_PG_1x1&enc_prev_ius=%2F0%2F1%2F2%2F3%2F4&prev_iu_szs=1x1&cust_params=section_name%3DHome%26meta_keywords%3D%26title_name%3DLIVE%252Cupdates%252CLatest%252CNews%252CBreaking%252CNews%252CBollywood%252CBusiness%252Cand%252CPolitical%252CNews%252C%252CFirstpost%26Content_Type%3DNews%26DFP%3Dokay%26page_url%3Dhttps%253A%252F%252Fwww.firstpost.com%26excerpt_description%3DLIVE%2520Updates%2520Get%2520the%2520Latest%2520Breaking%2520News%2520from%2520India%2520and%2520the%2520World%2520Health%2520Politics%2520Arts%2520and%2520Entertainment%2520Sports%2520Business%2520Education%2520Technology%2520and%2520much%2520more%2520%2520Firstpostcom&cookie=ID%3Ddd7f9f765f793e43-2227887b2fcd00d9%3AT%3D1643377585%3AS%3DALNI_MZhE9l6AIh0YIk5s5br3oPXJLW9Ug&bc=23&abxe=1&dt=1643377585847&lmt=1643377585&dlt=1643377584860&idt=579&frm=20&biw=1600&bih=1200&oid=2&adxs=980&adys=604&adks=1724937709&ucis=5&ifi=5&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=http%3A%2F%2Fwww.tranquilforrestt3.xyz%2F&vis=1&scr_x=0&scr_y=0&psz=300x0&msz=300x0&psts=AGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=336725861.1643377585&ga_sid=1643377585&ga_hid=357645589&ga_fc=false&fws=0&ohw=0&btvi=0&nvt=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022012702.js?31064603

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

bf20d1ee95dd49fcf523bbb2b4ed4b3977e82d4a40c5bbae54ace50b8a2f20f5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www.tranquilforrestt3.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Fri, 28 Jan 2022 13:46:26 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8736
x-xss-protection: 0
google-lineitem-id: 5737636020
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: 138355763909
content-type: text/plain; charset=UTF-8
access-control-allow-origin: http://www.tranquilforrestt3.xyz
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 65 KB
32 KB 994ms
991ms XHR
text/plain 142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=1059964830798939&correlator=4292547403341154&output=ldjh&impl=fif&eid=31064603%2C44757101%2C31061167%2C31062931&vrg=2022012702&ptt=17&sc=0&sfv=1-0-38&ecs=20220128&iu_parts=1039154%2CFSTPST_ENG%2CFSTPST_ENG_HOME%2CFSTPST_ENG_HOME_HOME%2CFSTPST_ENG_HP_ATF_300&enc_prev_ius=%2F0%2F1%2F2%2F3%2F4&prev_iu_szs=300x250&cust_params=section_name%3DHome%26meta_keywords%3D%26title_name%3DLIVE%252Cupdates%252CLatest%252CNews%252CBreaking%252CNews%252CBollywood%252CBusiness%252Cand%252CPolitical%252CNews%252C%252CFirstpost%26Content_Type%3DNews%26DFP%3Dokay%26page_url%3Dhttps%253A%252F%252Fwww.firstpost.com%26excerpt_description%3DLIVE%2520Updates%2520Get%2520the%2520Latest%2520Breaking%2520News%2520from%2520India%2520and%2520the%2520World%2520Health%2520Politics%2520Arts%2520and%2520Entertainment%2520Sports%2520Business%2520Education%2520Technology%2520and%2520much%2520more%2520%2520Firstpostcom&cookie=ID%3Ddd7f9f765f793e43-2227887b2fcd00d9%3AT%3D1643377585%3AS%3DALNI_MZhE9l6AIh0YIk5s5br3oPXJLW9Ug&bc=23&abxe=1&dt=1643377585854&lmt=1643377585&dlt=1643377584860&idt=579&frm=20&biw=1600&bih=1200&oid=2&adxs=980&adys=449&adks=117222648&ucis=6&ifi=6&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=http%3A%2F%2Fwww.tranquilforrestt3.xyz%2F&vis=1&scr_x=0&scr_y=0&psz=300x250&msz=300x0&psts=AGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=336725861.1643377585&ga_sid=1643377585&ga_hid=357645589&ga_fc=false&fws=0&ohw=0&btvi=0&nvt=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022012702.js?31064603

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

74912392b3aed8f230ed39b70a9bb94cb834fc96b0982423fa33fccddff2180f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www.tranquilforrestt3.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Fri, 28 Jan 2022 13:46:26 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 32752
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: http://www.tranquilforrestt3.xyz
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 4RHoJWfJ9AY Show response
www.youtube.com/embed/ Frame E7E4 59 KB
24 KB 215ms
125ms Document
text/html 2a00:1450:4001:80e::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/embed/4RHoJWfJ9AY?autoplay=1&mute=1&rel=0

Requested by

Host: www.tranquilforrestt3.xyz
URL: http://www.tranquilforrestt3.xyz/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

1197eb4db8a644cbb04b126df30f4a3c6048c583060f85176b3ed3498c557928

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: http://www.tranquilforrestt3.xyz/

Response headers

content-type: text/html; charset=utf-8
x-content-type-options: nosniff
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Fri, 28 Jan 2022 13:46:26 GMT
strict-transport-security: max-age=31536000
cross-origin-opener-policy-report-only: same-origin; report-to="ATmXEA_aXV-idIZ-e5x1JSbJUg8hfAx2dSl3lQ"
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
report-to: {"group":"ATmXEA_aXV-idIZ-e5x1JSbJUg8hfAx2dSl3lQ","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/encsid_ATmXEA_aXV-idIZ-e5x1JSbJUg8hfAx2dSl3lQ"}]}
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657?hl=de for more info."
content-encoding: br
server: ESF
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 TvMY7lARVF0 Show response
www.youtube.com/embed/ Frame 6886 60 KB
25 KB 176ms
89ms Document
text/html 2a00:1450:4001:80e::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/embed/TvMY7lARVF0?autoplay=1&mute=1&rel=0

Requested by

Host: www.tranquilforrestt3.xyz
URL: http://www.tranquilforrestt3.xyz/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

a3386f8e0d0af0130fb56e9f8e5a64e260db23c306c2698704037ba45ab1787a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: http://www.tranquilforrestt3.xyz/

Response headers

content-type: text/html; charset=utf-8
x-content-type-options: nosniff
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Fri, 28 Jan 2022 13:46:26 GMT
strict-transport-security: max-age=31536000
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
report-to: {"group":"ATmXEA_aXV-idIZ-e5x1JSbJUg8hfAx2dSl3lQ","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/encsid_ATmXEA_aXV-idIZ-e5x1JSbJUg8hfAx2dSl3lQ"}]}
cross-origin-opener-policy-report-only: same-origin; report-to="ATmXEA_aXV-idIZ-e5x1JSbJUg8hfAx2dSl3lQ"
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657?hl=de for more info."
content-encoding: br
server: ESF
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H/1.1 200
OK playfair-display-v20-latin-700.woff2
www.tranquilforrestt3.xyz/static/fonts/ 0
813 B 362ms
362ms Font
text/html 2606:4700:3030::6815:da0
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: http://www.tranquilforrestt3.xyz/static/fonts/playfair-display-v20-latin-700.woff2
Requested by: Host: www.tranquilforrestt3.xyz
URL: http://www.tranquilforrestt3.xyz/
Protocol: HTTP/1.1
Server: 2606:4700:3030::6815:da0 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / PHP/5.3.3
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: http://www.tranquilforrestt3.xyz/
Origin: http://www.tranquilforrestt3.xyz
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Fri, 28 Jan 2022 13:46:26 GMT
Content-Encoding: gzip
CF-Cache-Status: MISS
Last-Modified: Fri, 28 Jan 2022 13:46:26 GMT
Server: cloudflare
x-powered-by: PHP/5.3.3
Vary: Accept-Encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=iU4IQgHdClTmTM5%2BZC2mGjAtoOe6GYgULzBs7r0H9nClfRxfu%2FyMCHgGgIgYU2MN%2FPMWPjOJ7vpifzdXt8904r%2Bh1g29p9LgfNniGMONw88QET%2Bi0vbiiEyVSZbL8jB%2BfVggFrpKGUnVCtU46b%2BWnDzzedqPJnoi"}],"group":"cf-nel","max_age":604800}
Content-Type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
Cache-Control: max-age=14400
Transfer-Encoding: chunked
Connection: keep-alive
CF-RAY: 6d4aaab7e9669199-FRA
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 19 KB
10 KB 1262ms
1261ms XHR
text/plain 142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=1059964830798939&correlator=4292547403341154&output=ldjh&impl=fif&eid=31064603%2C44757101%2C31061167%2C31062931&vrg=2022012702&ptt=17&sc=0&sfv=1-0-38&ecs=20220128&iu_parts=1039154%2CFSTPST_ENG%2CFSTPST_ENG_HOME%2CFSTPST_ENG_HOME_HOME%2CFSTPST_ENG_HP_BTF2_300&enc_prev_ius=%2F0%2F1%2F2%2F3%2F4&prev_iu_szs=300x250&cust_params=section_name%3DHome%26meta_keywords%3D%26title_name%3DLIVE%252Cupdates%252CLatest%252CNews%252CBreaking%252CNews%252CBollywood%252CBusiness%252Cand%252CPolitical%252CNews%252C%252CFirstpost%26Content_Type%3DNews%26DFP%3Dokay%26page_url%3Dhttps%253A%252F%252Fwww.firstpost.com%26excerpt_description%3DLIVE%2520Updates%2520Get%2520the%2520Latest%2520Breaking%2520News%2520from%2520India%2520and%2520the%2520World%2520Health%2520Politics%2520Arts%2520and%2520Entertainment%2520Sports%2520Business%2520Education%2520Technology%2520and%2520much%2520more%2520%2520Firstpostcom&cookie=ID%3Ddd7f9f765f793e43-2227887b2fcd00d9%3AT%3D1643377585%3AS%3DALNI_MZhE9l6AIh0YIk5s5br3oPXJLW9Ug&bc=23&abxe=1&dt=1643377585919&lmt=1643377585&dlt=1643377584860&idt=579&frm=20&biw=1600&bih=1200&oid=2&adxs=980&adys=847&adks=4016406289&ucis=7&ifi=7&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=http%3A%2F%2Fwww.tranquilforrestt3.xyz%2F&vis=1&scr_x=0&scr_y=0&psz=300x0&msz=300x0&psts=AGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=336725861.1643377585&ga_sid=1643377585&ga_hid=357645589&ga_fc=false&fws=0&ohw=0&btvi=0&nvt=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022012702.js?31064603

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

fc5f48f5732cad04280b4dbc3c601c735444b62a4523abd869f18c25270e6542

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www.tranquilforrestt3.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Fri, 28 Jan 2022 13:46:27 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10221
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: http://www.tranquilforrestt3.xyz
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 74 KB
23 KB 2420ms
2419ms XHR
text/plain 142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=1059964830798939&correlator=4292547403341154&output=ldjh&impl=fif&eid=31064603%2C44757101%2C31061167%2C31062931&vrg=2022012702&ptt=17&sc=0&sfv=1-0-38&ecs=20220128&iu_parts=1039154%2CFSTPST_ENG%2CFSTPST_ENG_HOME%2CFSTPST_ENG_HOME_HOME%2CFSTPST_ENG_HP_BTF_300&enc_prev_ius=%2F0%2F1%2F2%2F3%2F4&prev_iu_szs=300x600%7C300x250&cust_params=section_name%3DHome%26meta_keywords%3D%26title_name%3DLIVE%252Cupdates%252CLatest%252CNews%252CBreaking%252CNews%252CBollywood%252CBusiness%252Cand%252CPolitical%252CNews%252C%252CFirstpost%26Content_Type%3DNews%26DFP%3Dokay%26page_url%3Dhttps%253A%252F%252Fwww.firstpost.com%26excerpt_description%3DLIVE%2520Updates%2520Get%2520the%2520Latest%2520Breaking%2520News%2520from%2520India%2520and%2520the%2520World%2520Health%2520Politics%2520Arts%2520and%2520Entertainment%2520Sports%2520Business%2520Education%2520Technology%2520and%2520much%2520more%2520%2520Firstpostcom&cookie=ID%3Ddfd37931a2813920-22a7f45f2fcd00ab%3AT%3D1643377585%3AS%3DALNI_MZWoyf3Gv503sSTSYle1gRTJPi0ug&bc=23&abxe=1&dt=1643377585938&lmt=1643377585&dlt=1643377584860&idt=579&frm=20&biw=1600&bih=1200&oid=2&adxs=980&adys=3213&adks=2386970382&ucis=8&ifi=8&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=http%3A%2F%2Fwww.tranquilforrestt3.xyz%2F&vis=1&scr_x=0&scr_y=0&psz=300x250&msz=300x250&psts=AGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=336725861.1643377585&ga_sid=1643377585&ga_hid=357645589&ga_fc=false&fws=512&ohw=0&btvi=1&nvt=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022012702.js?31064603

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8c9952f8c303a819481d5bcb54e30f653f3bb497ec8e7f9d82c40f27dc213a9a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www.tranquilforrestt3.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Fri, 28 Jan 2022 13:46:28 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 23579
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: http://www.tranquilforrestt3.xyz
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 40 KB
10 KB 1531ms
1531ms XHR
text/plain 142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=1059964830798939&correlator=4292547403341154&output=ldjh&impl=fif&eid=31064603%2C44757101%2C31061167%2C31062931&vrg=2022012702&ptt=17&sc=0&sfv=1-0-38&ecs=20220128&iu_parts=1039154%2CFSTPST_ENG%2CFSTPST_ENG_HOME%2CFSTPST_ENG_HOME_HOME%2CFSTPST_ENG_HP_BTF1_300&enc_prev_ius=%2F0%2F1%2F2%2F3%2F4&prev_iu_szs=300x250&cust_params=section_name%3DHome%26meta_keywords%3D%26title_name%3DLIVE%252Cupdates%252CLatest%252CNews%252CBreaking%252CNews%252CBollywood%252CBusiness%252Cand%252CPolitical%252CNews%252C%252CFirstpost%26Content_Type%3DNews%26DFP%3Dokay%26page_url%3Dhttps%253A%252F%252Fwww.firstpost.com%26excerpt_description%3DLIVE%2520Updates%2520Get%2520the%2520Latest%2520Breaking%2520News%2520from%2520India%2520and%2520the%2520World%2520Health%2520Politics%2520Arts%2520and%2520Entertainment%2520Sports%2520Business%2520Education%2520Technology%2520and%2520much%2520more%2520%2520Firstpostcom&cookie=ID%3Ddfd37931a2813920-22a7f45f2fcd00ab%3AT%3D1643377585%3AS%3DALNI_MZWoyf3Gv503sSTSYle1gRTJPi0ug&bc=23&abxe=1&dt=1643377585942&lmt=1643377585&dlt=1643377584860&idt=579&frm=20&biw=1600&bih=1200&oid=2&adxs=980&adys=2621&adks=4118621902&ucis=9&ifi=9&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=http%3A%2F%2Fwww.tranquilforrestt3.xyz%2F&vis=1&scr_x=0&scr_y=0&psz=300x13619&msz=300x250&psts=AGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=336725861.1643377585&ga_sid=1643377585&ga_hid=357645589&ga_fc=false&fws=0&ohw=0&btvi=2&nvt=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022012702.js?31064603

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a64e7e430e4ae1befb9f93e2f95fbc1577085ef9665c61f64fddd2a05841486

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www.tranquilforrestt3.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Fri, 28 Jan 2022 13:46:27 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10234
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: http://www.tranquilforrestt3.xyz
access-control-expose-headers: x-google-amp-ad-validated-version
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 28 KB
12 KB 1900ms
1899ms XHR
text/plain 142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=1059964830798939&correlator=4292547403341154&output=ldjh&impl=fif&eid=31064603%2C44757101%2C31061167%2C31062931&vrg=2022012702&ptt=17&sc=0&sfv=1-0-38&ecs=20220128&iu_parts=1039154%2CFSTPST_ENG%2CFSTPST_ENG_HOME%2CFSTPST_ENG_HOME_HOME%2CFSTPST_ENG_HP_ATF_SLUG_300&enc_prev_ius=%2F0%2F1%2F2%2F3%2F4&prev_iu_szs=300x100&cust_params=section_name%3DHome%26meta_keywords%3D%26title_name%3DLIVE%252Cupdates%252CLatest%252CNews%252CBreaking%252CNews%252CBollywood%252CBusiness%252Cand%252CPolitical%252CNews%252C%252CFirstpost%26Content_Type%3DNews%26DFP%3Dokay%26page_url%3Dhttps%253A%252F%252Fwww.firstpost.com%26excerpt_description%3DLIVE%2520Updates%2520Get%2520the%2520Latest%2520Breaking%2520News%2520from%2520India%2520and%2520the%2520World%2520Health%2520Politics%2520Arts%2520and%2520Entertainment%2520Sports%2520Business%2520Education%2520Technology%2520and%2520much%2520more%2520%2520Firstpostcom&cookie=ID%3Ddfd37931a2813920-22a7f45f2fcd00ab%3AT%3D1643377585%3AS%3DALNI_MZWoyf3Gv503sSTSYle1gRTJPi0ug&bc=23&abxe=1&dt=1643377585946&lmt=1643377585&dlt=1643377584860&idt=579&frm=20&biw=1600&bih=1200&oid=2&adxs=980&adys=2089&adks=2037703818&ucis=a&ifi=10&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=http%3A%2F%2Fwww.tranquilforrestt3.xyz%2F&vis=1&scr_x=0&scr_y=0&psz=300x0&msz=300x0&psts=AGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=336725861.1643377585&ga_sid=1643377585&ga_hid=357645589&ga_fc=false&fws=0&ohw=0&btvi=3&nvt=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022012702.js?31064603

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e6663c39f76a519af2a24755faeaa813b87c7ecc5578d224fd526d5e6b609c6d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www.tranquilforrestt3.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Fri, 28 Jan 2022 13:46:27 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11946
x-xss-protection: 0
google-lineitem-id: 5424924640
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: 138317323236
content-type: text/plain; charset=UTF-8
access-control-allow-origin: http://www.tranquilforrestt3.xyz
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 20 KB
10 KB 2742ms
2742ms XHR
text/plain 142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=1059964830798939&correlator=4292547403341154&output=ldjh&impl=fif&eid=31064603%2C44757101%2C31061167%2C31062931&vrg=2022012702&ptt=17&sc=0&sfv=1-0-38&ecs=20220128&iu_parts=1039154%2CFSTPST_ENG%2CFSTPST_ENG_HOME%2CFSTPST_ENG_HOME_HOME%2CFSTPST_ENG_HP_MTF_300&enc_prev_ius=%2F0%2F1%2F2%2F3%2F4&prev_iu_szs=300x600%7C300x250%7C300x1050&cust_params=section_name%3DHome%26meta_keywords%3D%26title_name%3DLIVE%252Cupdates%252CLatest%252CNews%252CBreaking%252CNews%252CBollywood%252CBusiness%252Cand%252CPolitical%252CNews%252C%252CFirstpost%26Content_Type%3DNews%26DFP%3Dokay%26page_url%3Dhttps%253A%252F%252Fwww.firstpost.com%26excerpt_description%3DLIVE%2520Updates%2520Get%2520the%2520Latest%2520Breaking%2520News%2520from%2520India%2520and%2520the%2520World%2520Health%2520Politics%2520Arts%2520and%2520Entertainment%2520Sports%2520Business%2520Education%2520Technology%2520and%2520much%2520more%2520%2520Firstpostcom&cookie=ID%3Ddfd37931a2813920-22a7f45f2fcd00ab%3AT%3D1643377585%3AS%3DALNI_MZWoyf3Gv503sSTSYle1gRTJPi0ug&bc=23&abxe=1&dt=1643377585949&lmt=1643377585&dlt=1643377584860&idt=579&frm=20&biw=1600&bih=1200&oid=2&adxs=980&adys=2059&adks=3822305294&ucis=b&ifi=11&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=http%3A%2F%2Fwww.tranquilforrestt3.xyz%2F&vis=1&scr_x=0&scr_y=0&psz=300x0&msz=300x0&psts=AGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=336725861.1643377585&ga_sid=1643377585&ga_hid=357645589&ga_fc=false&fws=0&ohw=0&btvi=4&nvt=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022012702.js?31064603

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

dcd5bb03ae3dc3909bb32515440fb5d3c00eac0a358339be6b7787415441fea4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www.tranquilforrestt3.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Fri, 28 Jan 2022 13:46:28 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10114
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: http://www.tranquilforrestt3.xyz
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 20 KB
10 KB 3121ms
3120ms XHR
text/plain 142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=1059964830798939&correlator=4292547403341154&output=ldjh&impl=fif&eid=31064603%2C44757101%2C31061167%2C31062931&vrg=2022012702&ptt=17&sc=0&sfv=1-0-38&ecs=20220128&iu_parts=1039154%2CFSTPST_ENG%2CFSTPST_ENG_HOME%2CFSTPST_ENG_HOME_HOME%2CFSTPST_ENG_HP_BTF3_300&enc_prev_ius=%2F0%2F1%2F2%2F3%2F4&prev_iu_szs=300x250&cust_params=section_name%3DHome%26meta_keywords%3D%26title_name%3DLIVE%252Cupdates%252CLatest%252CNews%252CBreaking%252CNews%252CBollywood%252CBusiness%252Cand%252CPolitical%252CNews%252C%252CFirstpost%26Content_Type%3DNews%26DFP%3Dokay%26page_url%3Dhttps%253A%252F%252Fwww.firstpost.com%26excerpt_description%3DLIVE%2520Updates%2520Get%2520the%2520Latest%2520Breaking%2520News%2520from%2520India%2520and%2520the%2520World%2520Health%2520Politics%2520Arts%2520and%2520Entertainment%2520Sports%2520Business%2520Education%2520Technology%2520and%2520much%2520more%2520%2520Firstpostcom&cookie=ID%3Ddfd37931a2813920-22a7f45f2fcd00ab%3AT%3D1643377585%3AS%3DALNI_MZWoyf3Gv503sSTSYle1gRTJPi0ug&bc=23&abxe=1&dt=1643377585951&lmt=1643377585&dlt=1643377584860&idt=579&frm=20&biw=1600&bih=1200&oid=2&adxs=980&adys=2119&adks=2760616747&ucis=c&ifi=12&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=http%3A%2F%2Fwww.tranquilforrestt3.xyz%2F&vis=1&scr_x=0&scr_y=0&psz=300x0&msz=300x0&psts=AGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=336725861.1643377585&ga_sid=1643377585&ga_hid=357645589&ga_fc=false&fws=0&ohw=0&btvi=5&nvt=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022012702.js?31064603

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

a184-30-25-162.deploy.static.akamaitechnologies.com

Software

cafe /

Resource Hash

308edf96116c2d70ee4b8df5128500297fa7e44c9b87840c6f37914a8778e4a6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www.tranquilforrestt3.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Fri, 28 Jan 2022 13:46:29 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10358
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: http://www.tranquilforrestt3.xyz
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 playfair-display-v20-latin-700.woff2
www.firstpost.com/static/fonts/ 28 KB
28 KB 33ms
13ms Font
font/woff2 184.30.25.162
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.firstpost.com/static/fonts/playfair-display-v20-latin-700.woff2

Requested by

Host: www.firstpost.com
URL: https://www.firstpost.com/static/css/footer-fp.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

184.30.25.162 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

Software

Resource Hash

96fd67368d276f5ed7398504abbc024b01d1d1d413f789c9bf0dcde9a76ca63c

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://www.firstpost.com/static/css/footer-fp.css
Origin: http://www.tranquilforrestt3.xyz
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Fri, 28 Jan 2022 13:46:26 GMT
last-modified: Tue, 23 Jun 2020 08:58:12 GMT
etag: W/"6f30-172e0663065"
x-frame-options: SAMEORIGIN
access-control-allow-methods: GET,POST
content-type: font/woff2
access-control-allow-origin: *
access-control-max-age: 86400
cache-control: public, max-age=0
access-control-allow-credentials: false
accept-ranges: bytes
access-control-allow-headers: *
content-length: 28464

GET
H2 200 1643370972334.jpg
images.firstpost.com/wp-content/uploads/fpranking/ 7 KB
8 KB 69ms
68ms Image
image/jpeg 2a02:26f0:f7::5c7b:e01c
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.firstpost.com/wp-content/uploads/fpranking/1643370972334.jpg
Requested by: Host: www.tranquilforrestt3.xyz
URL: http://www.tranquilforrestt3.xyz/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:f7::5c7b:e01c Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: Akamai Image Manager /
Resource Hash: 694697eed5032b2898d2d7dfe3f93187ce58a95cde11d377592fbde5a68f9b5b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www.tranquilforrestt3.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Fri, 28 Jan 2022 13:46:26 GMT
last-modified: Fri, 28 Jan 2022 11:56:22 GMT
server: Akamai Image Manager
etag: "92bfc8-1d57-5d6a30e6d0851"
content-type: image/jpeg
access-control-allow-origin: *
cache-control: private, no-transform, max-age=2585446
content-length: 7511
expires: Sun, 27 Feb 2022 11:57:12 GMT

GET
H2 200 1643374745803.jpg
images.firstpost.com/wp-content/uploads/fpranking/ 16 KB
16 KB 69ms
68ms Image
image/jpeg 2a02:26f0:f7::5c7b:e01c
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.firstpost.com/wp-content/uploads/fpranking/1643374745803.jpg
Requested by: Host: www.tranquilforrestt3.xyz
URL: http://www.tranquilforrestt3.xyz/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:f7::5c7b:e01c Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: Akamai Image Manager /
Resource Hash: c245ca08f45430934d678a327c9041f2dd6ec3002be19e3041146820d03d4a10

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www.tranquilforrestt3.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Fri, 28 Jan 2022 13:46:26 GMT
x-check-cacheable: YES
server: Akamai Image Manager
etag: "92c093-3fdf-5d6a3ef4812f3"
x-serial: 141
content-type: image/jpeg
access-control-allow-origin: *
cache-control: private, no-transform, max-age=2589087
last-modified: Fri, 28 Jan 2022 12:59:20 GMT
content-length: 16351
expires: Sun, 27 Feb 2022 12:57:53 GMT

GET
H2 200 1643374745968.jpg
images.firstpost.com/wp-content/uploads/fpranking/ 13 KB
14 KB 44ms
43ms Image
image/webp 2a02:26f0:f7::5c7b:e01c
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.firstpost.com/wp-content/uploads/fpranking/1643374745968.jpg
Requested by: Host: www.tranquilforrestt3.xyz
URL: http://www.tranquilforrestt3.xyz/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:f7::5c7b:e01c Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: Akamai Image Manager /
Resource Hash: c3f72c13598f6c052b8be6b6be1589a9e0c1078d174b93b07b29d9e425c4f6a7

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www.tranquilforrestt3.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Fri, 28 Jan 2022 13:46:26 GMT
x-check-cacheable: YES
server: Akamai Image Manager
etag: "92c095-588d-5d6a3ef490033"
x-serial: 109
content-type: image/webp
access-control-allow-origin: *
cache-control: private, no-transform, max-age=2589135
last-modified: Fri, 28 Jan 2022 12:59:18 GMT
content-length: 13630
expires: Sun, 27 Feb 2022 12:58:41 GMT

GET
H2 200 1643366504441.jpg
images.firstpost.com/wp-content/uploads/fpranking/ 37 KB
37 KB 46ms
45ms Image
image/webp 2a02:26f0:f7::5c7b:e01c
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.firstpost.com/wp-content/uploads/fpranking/1643366504441.jpg
Requested by: Host: www.tranquilforrestt3.xyz
URL: http://www.tranquilforrestt3.xyz/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:f7::5c7b:e01c Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: Akamai Image Manager /
Resource Hash: 4b9bad484ae7ef7628a9164a73353befd0497d77df2412a8bcce26073cd2c0d2

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www.tranquilforrestt3.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Fri, 28 Jan 2022 13:46:26 GMT
last-modified: Fri, 28 Jan 2022 10:41:55 GMT
server: Akamai Image Manager
etag: "92bdd7-bb82-5d6a2041d9669"
content-type: image/webp
access-control-allow-origin: *
cache-control: private, no-transform, max-age=2580983
content-length: 37966
expires: Sun, 27 Feb 2022 10:42:49 GMT

GET
H/1.1 200
OK TAPI-AFP.jpg
images.firstpost.com/wp-content/uploads/2022/01/ 27 KB
27 KB 1217ms
1211ms Image
image/webp 2a02:26f0:f7::5c7b:e01c
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://images.firstpost.com/wp-content/uploads/2022/01/TAPI-AFP.jpg?impolicy=website&width=640&height=362
Requested by: Host: www.tranquilforrestt3.xyz
URL: http://www.tranquilforrestt3.xyz/
Protocol: HTTP/1.1
Server: 2a02:26f0:f7::5c7b:e01c Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: Akamai Image Manager /
Resource Hash: a643e3c6280ef46ce724f4a90a4699477c995a897e02830f669cca9aa8d43a82

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www.tranquilforrestt3.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Fri, 28 Jan 2022 13:46:27 GMT
X-Check-Cacheable: YES
Server: Akamai Image Manager
ETag: "92c078-11b44-5d6a3c4d11c03"
X-Serial: 770
Content-Type: image/webp
Access-Control-Allow-Origin: *
Cache-Control: private, no-transform, max-age=2590080
Last-Modified: Fri, 28 Jan 2022 13:14:01 GMT
Connection: keep-alive
Content-Length: 27584
Expires: Sun, 27 Feb 2022 13:14:27 GMT

GET
H3 200 www-player-webp.css
www.youtube.com/s/player/495d0f2b/ Frame 6886 340 KB
47 KB 106ms
57ms Stylesheet
text/css 2a00:1450:4001:80e::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/495d0f2b/www-player-webp.css

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/TvMY7lARVF0?autoplay=1&mute=1&rel=0

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

59e623fb78cdfb931ce91f7d2b52fd78f3051ddfcc12ff164dc42e766cd51d3c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.youtube.com/embed/TvMY7lARVF0?autoplay=1&mute=1&rel=0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 27 Jan 2022 16:56:59 GMT
content-encoding: br
x-content-type-options: nosniff
age: 74967
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 47680
x-xss-protection: 0
last-modified: Thu, 27 Jan 2022 01:14:49 GMT
server: sffe
vary: Accept-Encoding, Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: text/css
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Fri, 27 Jan 2023 16:56:59 GMT

GET
H2 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v18/ Frame 6886 15 KB
16 KB 130ms
39ms Font
font/woff2 2a00:1450:4001:80e::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/TvMY7lARVF0?autoplay=1&mute=1&rel=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.youtube.com/
Origin: https://www.youtube.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 25 Jan 2022 11:18:05 GMT
x-content-type-options: nosniff
age: 268101
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15344
x-xss-protection: 0
last-modified: Mon, 16 Oct 2017 17:32:55 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Wed, 25 Jan 2023 11:18:05 GMT

GET
H3 200 www-embed-player.js Show response
www.youtube.com/s/player/495d0f2b/www-embed-player.vflset/ Frame 6886 272 KB
84 KB 182ms
141ms Script
text/javascript 2a00:1450:4001:80e::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/495d0f2b/www-embed-player.vflset/www-embed-player.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/TvMY7lARVF0?autoplay=1&mute=1&rel=0

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6e1a64a841a7b050a878fcdf203634dd56456d0f869eecd28adb6fbf13ba29d4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.youtube.com/embed/TvMY7lARVF0?autoplay=1&mute=1&rel=0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 27 Jan 2022 16:56:52 GMT
content-encoding: br
x-content-type-options: nosniff
age: 74974
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 85839
x-xss-protection: 0
last-modified: Thu, 27 Jan 2022 01:14:49 GMT
server: sffe
vary: Accept-Encoding, Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Fri, 27 Jan 2023 16:56:52 GMT

GET
H3 200 base.js Show response
www.youtube.com/s/player/495d0f2b/player_ias.vflset/de_DE/ Frame 6886 2 MB
534 KB 166ms
125ms Script
text/javascript 2a00:1450:4001:80e::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/495d0f2b/player_ias.vflset/de_DE/base.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/TvMY7lARVF0?autoplay=1&mute=1&rel=0

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c209fa187d4db456c8a122677a9946b89aca10889d31db77c6b1166d0de6a0f8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.youtube.com/embed/TvMY7lARVF0?autoplay=1&mute=1&rel=0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 27 Jan 2022 16:57:40 GMT
content-encoding: br
x-content-type-options: nosniff
age: 74926
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 546412
x-xss-protection: 0
last-modified: Thu, 27 Jan 2022 01:14:49 GMT
server: sffe
vary: Accept-Encoding, Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Fri, 27 Jan 2023 16:57:40 GMT

GET
H3 200 fetch-polyfill.js Show response
www.youtube.com/s/player/495d0f2b/fetch-polyfill.vflset/ Frame 6886 8 KB
3 KB 159ms
119ms Script
text/javascript 2a00:1450:4001:80e::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/495d0f2b/fetch-polyfill.vflset/fetch-polyfill.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/TvMY7lARVF0?autoplay=1&mute=1&rel=0

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

de6c4ffa2bd9fd283610e28d0db2ec48607aab39d213a51aef248673a0a7e980

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.youtube.com/embed/TvMY7lARVF0?autoplay=1&mute=1&rel=0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 27 Jan 2022 16:56:52 GMT
content-encoding: br
x-content-type-options: nosniff
age: 74974
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/youtube
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2830
x-xss-protection: 0
last-modified: Thu, 27 Jan 2022 01:14:49 GMT
server: sffe
vary: Accept-Encoding, Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Fri, 27 Jan 2023 16:56:52 GMT

GET
H3 200 www-player-webp.css
www.youtube.com/s/player/495d0f2b/ Frame E7E4 340 KB
47 KB 56ms
41ms Stylesheet
text/css 2a00:1450:4001:80e::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/495d0f2b/www-player-webp.css

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/4RHoJWfJ9AY?autoplay=1&mute=1&rel=0

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

59e623fb78cdfb931ce91f7d2b52fd78f3051ddfcc12ff164dc42e766cd51d3c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.youtube.com/embed/4RHoJWfJ9AY?autoplay=1&mute=1&rel=0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 27 Jan 2022 16:56:59 GMT
content-encoding: br
x-content-type-options: nosniff
age: 74967
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 47680
x-xss-protection: 0
last-modified: Thu, 27 Jan 2022 01:14:49 GMT
server: sffe
vary: Accept-Encoding, Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: text/css
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Fri, 27 Jan 2023 16:56:59 GMT

GET
H2 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v18/ Frame E7E4 15 KB
15 KB 107ms
49ms Font
font/woff2 2a00:1450:4001:80e::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/4RHoJWfJ9AY?autoplay=1&mute=1&rel=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.youtube.com/
Origin: https://www.youtube.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 25 Jan 2022 11:18:05 GMT
x-content-type-options: nosniff
age: 268101
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15344
x-xss-protection: 0
last-modified: Mon, 16 Oct 2017 17:32:55 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Wed, 25 Jan 2023 11:18:05 GMT

GET
H3 200 www-embed-player.js Show response
www.youtube.com/s/player/495d0f2b/www-embed-player.vflset/ Frame E7E4 272 KB
84 KB 135ms
132ms Script
text/javascript 2a00:1450:4001:80e::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/495d0f2b/www-embed-player.vflset/www-embed-player.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/4RHoJWfJ9AY?autoplay=1&mute=1&rel=0

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6e1a64a841a7b050a878fcdf203634dd56456d0f869eecd28adb6fbf13ba29d4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.youtube.com/embed/4RHoJWfJ9AY?autoplay=1&mute=1&rel=0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 27 Jan 2022 16:56:52 GMT
content-encoding: br
x-content-type-options: nosniff
age: 74974
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 85839
x-xss-protection: 0
last-modified: Thu, 27 Jan 2022 01:14:49 GMT
server: sffe
vary: Accept-Encoding, Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Fri, 27 Jan 2023 16:56:52 GMT

GET
H3 200 base.js Show response
www.youtube.com/s/player/495d0f2b/player_ias.vflset/de_DE/ Frame E7E4 2 MB
534 KB 123ms
120ms Script
text/javascript 2a00:1450:4001:80e::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/495d0f2b/player_ias.vflset/de_DE/base.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/4RHoJWfJ9AY?autoplay=1&mute=1&rel=0

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c209fa187d4db456c8a122677a9946b89aca10889d31db77c6b1166d0de6a0f8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.youtube.com/embed/4RHoJWfJ9AY?autoplay=1&mute=1&rel=0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 27 Jan 2022 16:57:40 GMT
content-encoding: br
x-content-type-options: nosniff
age: 74926
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 546412
x-xss-protection: 0
last-modified: Thu, 27 Jan 2022 01:14:49 GMT
server: sffe
vary: Accept-Encoding, Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Fri, 27 Jan 2023 16:57:40 GMT

GET
H3 200 fetch-polyfill.js Show response
www.youtube.com/s/player/495d0f2b/fetch-polyfill.vflset/ Frame E7E4 8 KB
3 KB 42ms
40ms Script
text/javascript 2a00:1450:4001:80e::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/495d0f2b/fetch-polyfill.vflset/fetch-polyfill.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/4RHoJWfJ9AY?autoplay=1&mute=1&rel=0

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

de6c4ffa2bd9fd283610e28d0db2ec48607aab39d213a51aef248673a0a7e980

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.youtube.com/embed/4RHoJWfJ9AY?autoplay=1&mute=1&rel=0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 27 Jan 2022 16:56:52 GMT
content-encoding: br
x-content-type-options: nosniff
age: 74974
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/youtube
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2830
x-xss-protection: 0
last-modified: Thu, 27 Jan 2022 01:14:49 GMT
server: sffe
vary: Accept-Encoding, Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Fri, 27 Jan 2023 16:56:52 GMT

GET
H/1.1 200
OK playfair-display-v20-latin-700.woff
www.tranquilforrestt3.xyz/static/fonts/ 0
809 B 326ms
326ms Font
text/html 2606:4700:3030::6815:da0
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: http://www.tranquilforrestt3.xyz/static/fonts/playfair-display-v20-latin-700.woff
Requested by: Host: www.tranquilforrestt3.xyz
URL: http://www.tranquilforrestt3.xyz/
Protocol: HTTP/1.1
Server: 2606:4700:3030::6815:da0 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / PHP/5.3.3
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: http://www.tranquilforrestt3.xyz/
Origin: http://www.tranquilforrestt3.xyz
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Fri, 28 Jan 2022 13:46:26 GMT
Content-Encoding: gzip
CF-Cache-Status: MISS
Last-Modified: Fri, 28 Jan 2022 13:46:26 GMT
Server: cloudflare
x-powered-by: PHP/5.3.3
Vary: Accept-Encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Kh5t9kXYTst8Iryu28jrsP%2Bbk85U9YIA6Lnw%2F%2F9ZONqvaTT7p2egFd%2BH6E8mSblI4Mq6Cv7GCWtm7yAkxDUghe1KXdIAYRRSBtfd1GwPvcqItdRwxwX4YANa8GGIW35rn%2FDWd1xKqS5dhVhshOCf8cFIgmWNi0KN"}],"group":"cf-nel","max_age":604800}
Content-Type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
Cache-Control: max-age=14400
Transfer-Encoding: chunked
Connection: keep-alive
CF-RAY: 6d4aaaba3f2d9199-FRA
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame C69C 0
0 80ms
80ms Fetch
image/gif 142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjss8p-OV00nDjGVCwU-URiv5hFouxbmuyychDqb8R4hUhJRMs3B3QraNy8wUqRI5VR3Cmm1GYGG8s12y3qXMckLcOjAQ4soP257DPPeUb8Z6TLNDYQFqZi3H_89qot9KJlS0huzTDITXZR2YHZQVV22essGCefgt9QGHAo3nxrb3kIoKBgy5C5ns-x62TSn7AQ0heqC2k8pAqwMLMxvJtpSURAANburoQrBeYSFFMhRAIQ5exLq_bzbwkGTXJ8rii6RrXNMjkFBLn-W8nht1AouPKgk8Yyx4PrTZamY5dEf64Y9IQMsoko2BF8p9Up84vEMCw6MGDdxoMW4FASkoMvxCqPOKD0Oufn43yyMrtLEP05z8zsj5X7yD0W9IeaxWCpBR4NQaLKIZNC9lB9eM&sig=Cg0ArKJSzA6eP3HF_sa6EAE&uach_m=[UACH]&urlfix=1&adurl=

Requested by

Host: www.tranquilforrestt3.xyz
URL: http://www.tranquilforrestt3.xyz/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www.tranquilforrestt3.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 28 Jan 2022 13:46:26 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H2 200 2c9f986e7a86b9c1017a8a9217f10099 Show response
tags-b.performoo.com/tag/vastos/ Frame C69C 4 KB
2 KB 632ms
368ms Script
text/javascript 185.93.1.242
CDN77 ^_^

General

Check archive.org

Show headers Download Go to

Full URL: https://tags-b.performoo.com/tag/vastos/2c9f986e7a86b9c1017a8a9217f10099
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022012702.js?31064603
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 185.93.1.242 , United States, ASN60068 (CDN77 ^_^, GB),
Reverse DNS: edge-463.bunnyinfra.net
Software: Performoo-IL1-463 /
Resource Hash: beb7400e2aa94e1d8da219811ef2a9ae9a0c8ee64ebe79b94ef855a8aa6c0d34

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www.tranquilforrestt3.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Fri, 28 Jan 2022 13:46:26 GMT
content-encoding: gzip
cdn-edgestorageid: 463
access-control-allow-origin: *
cdn-cachedat: 01/28/2022 13:46:26
cdn-pullzone: 285781
server: Performoo-IL1-463
cdn-proxyver: 1.02
cdn-requestpullcode: 200
vary: Accept-Encoding
content-type: text/javascript
cdn-cache: EXPIRED
cdn-uid: aa892386-1221-42f5-b6f5-50fb97e14687
cache-control: public, max-age=180
cdn-requestid: 7ccb72bec050da09696c81cb6ce42a7c
cdn-requestcountrycode: DE
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame C69C 123 KB
38 KB 156ms
61ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022012702.js?31064603

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

84bf5ffcfd8b3a1240721c90836f1167532b716566165a51ca920c9e657a75d4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www.tranquilforrestt3.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Fri, 28 Jan 2022 13:46:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 38288
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1643200382015849"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Fri, 28 Jan 2022 13:46:26 GMT

GET
H2 200 amp4ads-v0.mjs Show response
cdn.ampproject.org/rtv/012111152338000/ Frame F12A 190 KB
55 KB 167ms
37ms Script
text/javascript 2a00:1450:4001:810::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012111152338000/amp4ads-v0.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022012702.js?31064603

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

14b52d5e44212b22f6de0be5caeeb5bba561a29fd91bf6076bf1ad6d45ecae6f

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www.tranquilforrestt3.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 442133
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 55581
x-xss-protection: 0
server: sffe
date: Sun, 23 Jan 2022 10:57:33 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "8559bae154d80579"
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Mon, 23 Jan 2023 10:57:33 GMT

GET
H2 200 amp-ad-exit-0.1.mjs Show response
cdn.ampproject.org/rtv/012111152338000/v0/ Frame F12A 13 KB
5 KB 228ms
97ms Script
text/javascript 2a00:1450:4001:810::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012111152338000/v0/amp-ad-exit-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022012702.js?31064603

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4e46e56dce46d21c527e164d6749fb5ff0101f400aede06a8711196da9e5c619

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www.tranquilforrestt3.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 240398
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4994
x-xss-protection: 0
server: sffe
date: Tue, 25 Jan 2022 18:59:48 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "b314c3eb801664ba"
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Wed, 25 Jan 2023 18:59:48 GMT

GET
H2 200 amp-analytics-0.1.mjs Show response
cdn.ampproject.org/rtv/012111152338000/v0/ Frame F12A 89 KB
28 KB 231ms
101ms Script
text/javascript 2a00:1450:4001:810::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012111152338000/v0/amp-analytics-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022012702.js?31064603

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

279249ed963fcd87e6321b024c0194248dd1b44af5353e134071cdfff953967b

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www.tranquilforrestt3.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 442133
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 28443
x-xss-protection: 0
server: sffe
date: Sun, 23 Jan 2022 10:57:33 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "976e6f5df80f4e35"
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Mon, 23 Jan 2023 10:57:33 GMT

GET
H2 200 amp-fit-text-0.1.mjs Show response
cdn.ampproject.org/rtv/012111152338000/v0/ Frame F12A 5 KB
2 KB 252ms
122ms Script
text/javascript 2a00:1450:4001:810::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012111152338000/v0/amp-fit-text-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022012702.js?31064603

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

63697d88ab7b6e34e76e5990b867c706cb4346c27ec1c5a034c4d91dfb136778

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www.tranquilforrestt3.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 442133
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1727
x-xss-protection: 0
server: sffe
date: Sun, 23 Jan 2022 10:57:33 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "423ab13fb6ff63c9"
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Mon, 23 Jan 2023 10:57:33 GMT

GET
H2 200 amp-form-0.1.mjs Show response
cdn.ampproject.org/rtv/012111152338000/v0/ Frame F12A 40 KB
13 KB 247ms
117ms Script
text/javascript 2a00:1450:4001:810::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012111152338000/v0/amp-form-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022012702.js?31064603

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ffd015b1bb0125d07c39cbfcdee6a8e2b604b55ea1936cf550fe1f9fbdbf2ae4

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www.tranquilforrestt3.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 442133
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12843
x-xss-protection: 0
server: sffe
date: Sun, 23 Jan 2022 10:57:33 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "08cf721d9e54e414"
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Mon, 23 Jan 2023 10:57:33 GMT

GET
H2 200 css
fonts.googleapis.com/ Frame F12A 8 KB
1 KB 141ms
48ms Stylesheet
text/css 2a00:1450:4001:830::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022012702.js?31064603

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

f93d0298dd39f7dff18566a5b2754067e26c0182b469fd6b24e5d63429fef88b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www.tranquilforrestt3.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Fri, 28 Jan 2022 12:13:32 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Fri, 28 Jan 2022 13:46:26 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Fri, 28 Jan 2022 13:46:26 GMT

GET
H2 200 en.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame F12A 2 KB
3 KB 153ms
42ms Image
image/png 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/en.png

Requested by

Host: www.tranquilforrestt3.xyz
URL: http://www.tranquilforrestt3.xyz/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www.tranquilforrestt3.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Fri, 28 Jan 2022 09:41:38 GMT
x-content-type-options: nosniff
server: cafe
age: 14688
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
etag: 14819457070020093239
vary: Accept-Encoding
content-type: image/png
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2502
x-xss-protection: 0
expires: Sat, 29 Jan 2022 09:41:38 GMT

GET
H2 200 icon.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame F12A 295 B
757 B 152ms
41ms Image
image/png 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/icon.png

Requested by

Host: www.tranquilforrestt3.xyz
URL: http://www.tranquilforrestt3.xyz/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www.tranquilforrestt3.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Fri, 28 Jan 2022 09:53:05 GMT
x-content-type-options: nosniff
server: cafe
age: 14001
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
etag: 426692510519060060
vary: Accept-Encoding
content-type: image/png
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 295
x-xss-protection: 0
expires: Sat, 29 Jan 2022 09:53:05 GMT

GET
H/1.1 204
No Content l
www.google.com/ads/measurement/ Frame F12A 0
0 89ms
46ms Image
text/html 2a00:1450:4001:812::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://www.google.com/ads/measurement/l?ebcid=ALh7CaTe307bbuagofPig4zu2sykQHQ9faa-qw7TSQQM-fAFkXSMFAqO2QcBqQftPjVK4ZUq6qhiSIXd9NKvdk-T4g06YjP6kw
Requested by: Host: www.tranquilforrestt3.xyz
URL: http://www.tranquilforrestt3.xyz/
Protocol: HTTP/1.1
Server: 2a00:1450:4001:812::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www.tranquilforrestt3.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

GET
H3 200 adview
securepubads.g.doubleclick.net/pagead/ Frame F12A 0
0 117ms
116ms Image
text/html 142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=Cg0bhsfPzYfvSO4aWgAfB84zoBey06opoqp3NnscPt9qivcABEAEg_-fIHmCV4pCCoAegAbvMt6QCyAEJqQLBb9eze62yPuACAKgDAcgDCqoE7QFP0Pu_oVFeU7YGMa3DTSX0rbjQ-AzPUA_CLFBsXSTQrIj6jt_fbD4FSYS3vATWdrR4so2OSWfLlg3umKi4XBD7G7SqkWX0skgbG2SHYfa5fs41bXNPvXGVyMe8Jh0avLQbGaGrlq7QhVl4rQG4Ewe7Hva2-EOe0x_Gi0qvxjL2nri_5WfboWSHpoaq1iZDjjp3g5Tqt6VV79civnDwe5yorDaOIPPYWVgrG7FBLXZv6UyCIh-5ntrAWkL-bu2IrCWEmfuzAsF1L6fqKRo_khNSaCM1kHc6ATPyV82tNpM5m9hauKdOnq8Ru_KRWZTABPvL-4PfA-AEAZIFBAgEGAGSBQQIBRgEoAYugAeV5cnbAagHjs4bqAeT2BuoB-6WsQKoB_6esQKoB9XJG6gHpr4b2AcA8gcEEM73DNIICQiI4YAQEAEYHYAKA8gLAbgTiCfYEwzQFQGAFwGyFx4KHAgAEhRwdWItMjE5MjAwMjUzNjE3MDE1ORiC8Qc&sigh=B6gu3Q3WcBo&uach_m=[UACH]&template_id=5000&uap=UACH(platform)&uapv=UACH(platformVersion)&uaa=UACH(architecture)&uam=UACH(model)&uafv=UACH(uaFullVersion)&uab=UACH(bitness)
Requested by: Host: www.tranquilforrestt3.xyz
URL: http://www.tranquilforrestt3.xyz/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 142.250.185.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra16s49-in-f2.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www.tranquilforrestt3.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

GET
H2 200 id Show response
googleads.g.doubleclick.net/pagead/ Frame 6886 113 B
723 B 127ms
44ms XHR
application/json 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/id

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/495d0f2b/www-embed-player.vflset/www-embed-player.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b5b2e6ff19fae0c9b59027aa9198c5092081af0a54298ce8584401e81a2a4dc6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.youtube.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Fri, 28 Jan 2022 13:46:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 133
x-xss-protection: 0
pragma: no-cache
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: https://www.youtube.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ad_status.js Show response
static.doubleclick.net/instream/ Frame 6886 29 B
587 B 127ms
39ms Script
text/javascript 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.doubleclick.net/instream/ad_status.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/495d0f2b/www-embed-player.vflset/www-embed-player.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

eed0dc1fdb5d97ed188ae16fd5e1024a5bb744af47340346be2146300a6c54b9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.youtube.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Fri, 28 Jan 2022 13:44:18 GMT
x-content-type-options: nosniff
age: 128
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 29
x-xss-protection: 0
last-modified: Thu, 12 Dec 2013 23:40:16 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 28 Jan 2022 13:59:18 GMT

GET
H2 200 id Show response
googleads.g.doubleclick.net/pagead/ Frame E7E4 113 B
202 B 103ms
44ms XHR
application/json 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/id

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/495d0f2b/www-embed-player.vflset/www-embed-player.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8c1b02f891b42fd2363f1ea27bdab0e5d7f31b5871bd3d20411d113491c1e220

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.youtube.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Fri, 28 Jan 2022 13:46:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 133
x-xss-protection: 0
pragma: no-cache
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: https://www.youtube.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ad_status.js Show response
static.doubleclick.net/instream/ Frame E7E4 29 B
89 B 99ms
40ms Script
text/javascript 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.doubleclick.net/instream/ad_status.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/495d0f2b/www-embed-player.vflset/www-embed-player.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

eed0dc1fdb5d97ed188ae16fd5e1024a5bb744af47340346be2146300a6c54b9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.youtube.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Fri, 28 Jan 2022 13:44:18 GMT
x-content-type-options: nosniff
age: 128
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 29
x-xss-protection: 0
last-modified: Thu, 12 Dec 2013 23:40:16 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 28 Jan 2022 13:59:18 GMT

GET
H2 200 kDg6Lbd3CvKlWQQisK9E_YOMULM3q2FbhY7L1SjDSWw.js Show response
www.google.com/js/th/ Frame 6886 35 KB
14 KB 125ms
40ms Script
text/javascript 2a00:1450:4001:812::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/js/th/kDg6Lbd3CvKlWQQisK9E_YOMULM3q2FbhY7L1SjDSWw.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/495d0f2b/player_ias.vflset/de_DE/base.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

90383a2db7770af2a5590422b0af44fd838c50b337ab615b858ecbd528c3496c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.youtube.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Fri, 28 Jan 2022 11:15:31 GMT
content-encoding: br
x-content-type-options: nosniff
age: 9055
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13294
x-xss-protection: 0
last-modified: Wed, 12 Jan 2022 16:00:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sat, 28 Jan 2023 11:15:31 GMT

GET
H3 200 embed.js Show response
www.youtube.com/s/player/495d0f2b/player_ias.vflset/de_DE/ Frame 6886 26 KB
7 KB 42ms
41ms Script
text/javascript 2a00:1450:4001:80e::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/495d0f2b/player_ias.vflset/de_DE/embed.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/495d0f2b/player_ias.vflset/de_DE/base.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

98b07d86cfbf0838199a30ec5d4d5c33050562238bf6ff05627ebee7db819e17

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.youtube.com/embed/TvMY7lARVF0?autoplay=1&mute=1&rel=0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 27 Jan 2022 16:57:41 GMT
content-encoding: br
x-content-type-options: nosniff
age: 74925
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7617
x-xss-protection: 0
last-modified: Thu, 27 Jan 2022 01:14:49 GMT
server: sffe
vary: Accept-Encoding, Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Fri, 27 Jan 2023 16:57:41 GMT

POST
H3 200 player Show response
www.youtube.com/youtubei/v1/ Frame 6886 62 KB
19 KB 195ms
195ms XHR
application/json 2a00:1450:4001:80e::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/youtubei/v1/player?key=AIzaSyAO_FJ2SlqU8Q4STEHLGCilw_Y9_11qcW8

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/495d0f2b/player_ias.vflset/de_DE/base.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

9c88a3a9024fd71b98c4276b98885bcac8d606bcc1dac3a1b326707663f6f69b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.youtube.com/embed/TvMY7lARVF0?autoplay=1&mute=1&rel=0
X-Youtube-Client-Name: 56
X-Youtube-Client-Version: 1.20220126.01.00
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
X-Goog-Visitor-Id: CgtuYVY4ZTI4ckZjRSiy58-PBg%3D%3D
Content-Type: application/json

Response headers

date: Fri, 28 Jan 2022 13:46:26 GMT
content-encoding: br
x-content-type-options: nosniff
server: ESF
x-frame-options: SAMEORIGIN
vary: Origin, X-Origin, Referer
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
cache-control: private
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19073
x-xss-protection: 0
expires: Fri, 28 Jan 2022 13:46:26 GMT

GET
H2 200 kDg6Lbd3CvKlWQQisK9E_YOMULM3q2FbhY7L1SjDSWw.js Show response
www.google.com/js/th/ Frame E7E4 35 KB
13 KB 79ms
48ms Script
text/javascript 2a00:1450:4001:812::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/js/th/kDg6Lbd3CvKlWQQisK9E_YOMULM3q2FbhY7L1SjDSWw.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/495d0f2b/player_ias.vflset/de_DE/base.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

90383a2db7770af2a5590422b0af44fd838c50b337ab615b858ecbd528c3496c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.youtube.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Fri, 28 Jan 2022 11:15:31 GMT
content-encoding: br
x-content-type-options: nosniff
age: 9055
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13294
x-xss-protection: 0
last-modified: Wed, 12 Jan 2022 16:00:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sat, 28 Jan 2023 11:15:31 GMT

GET
H3 200 embed.js Show response
www.youtube.com/s/player/495d0f2b/player_ias.vflset/de_DE/ Frame E7E4 26 KB
7 KB 39ms
39ms Script
text/javascript 2a00:1450:4001:80e::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/495d0f2b/player_ias.vflset/de_DE/embed.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/495d0f2b/player_ias.vflset/de_DE/base.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

98b07d86cfbf0838199a30ec5d4d5c33050562238bf6ff05627ebee7db819e17

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.youtube.com/embed/4RHoJWfJ9AY?autoplay=1&mute=1&rel=0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 27 Jan 2022 16:57:41 GMT
content-encoding: br
x-content-type-options: nosniff
age: 74925
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7617
x-xss-protection: 0
last-modified: Thu, 27 Jan 2022 01:14:49 GMT
server: sffe
vary: Accept-Encoding, Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Fri, 27 Jan 2023 16:57:41 GMT

POST
H3 200 player Show response
www.youtube.com/youtubei/v1/ Frame E7E4 92 KB
21 KB 134ms
134ms XHR
application/json 2a00:1450:4001:80e::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/youtubei/v1/player?key=AIzaSyAO_FJ2SlqU8Q4STEHLGCilw_Y9_11qcW8

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/495d0f2b/player_ias.vflset/de_DE/base.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

d1a8a98d8e49a88dc79df7ab02a47f512cfc70dd63f423dbae0b36c3a1534c69

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.youtube.com/embed/4RHoJWfJ9AY?autoplay=1&mute=1&rel=0
X-Youtube-Client-Name: 56
X-Youtube-Client-Version: 1.20220126.01.00
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
X-Goog-Visitor-Id: Cgs2WXRvVC1QT0Mwdyiy58-PBg%3D%3D
Content-Type: application/json

Response headers

date: Fri, 28 Jan 2022 13:46:26 GMT
content-encoding: br
x-content-type-options: nosniff
server: ESF
x-frame-options: SAMEORIGIN
vary: Origin, X-Origin, Referer
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
cache-control: private
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 21244
x-xss-protection: 0
expires: Fri, 28 Jan 2022 13:46:26 GMT

GET
DATA 200
OK truncated
/ Frame E7E4 175 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 67ea46bc3d15351067faccb3613bd833dd3f15137a4b4a09f2e873fd41d024d2

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 AKedOLQLjk8HHVRgox2vWh9gcODagUNtyHTQXiZv2niO=s68-c-k-c0x00ffffff-no-rj
yt3.ggpht.com/ytc/ Frame E7E4 1 KB
2 KB 125ms
37ms Image
image/jpeg 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://yt3.ggpht.com/ytc/AKedOLQLjk8HHVRgox2vWh9gcODagUNtyHTQXiZv2niO=s68-c-k-c0x00ffffff-no-rj

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/4RHoJWfJ9AY?autoplay=1&mute=1&rel=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

2cdc7f661d12ab30226c44bafc74a8f4a171b1ac4a7e2137a915482aa8910588

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.youtube.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Fri, 28 Jan 2022 11:39:41 GMT
x-content-type-options: nosniff
age: 7605
content-disposition: inline;filename="unnamed.jpg"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1451
x-xss-protection: 0
server: fife
etag: "v14"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Thu, 18 Nov 2021 15:50:10 GMT

GET
DATA 200
OK truncated
/ Frame E7E4 268 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: ad42e8a35d2104ef1e5ac594d0332cb386e20be762761ce2d5f28554dddf0f40

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame 6886 175 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 67ea46bc3d15351067faccb3613bd833dd3f15137a4b4a09f2e873fd41d024d2

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 AKedOLQLjk8HHVRgox2vWh9gcODagUNtyHTQXiZv2niO=s68-c-k-c0x00ffffff-no-rj
yt3.ggpht.com/ytc/ Frame 6886 1 KB
1 KB 117ms
39ms Image
image/jpeg 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://yt3.ggpht.com/ytc/AKedOLQLjk8HHVRgox2vWh9gcODagUNtyHTQXiZv2niO=s68-c-k-c0x00ffffff-no-rj

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/TvMY7lARVF0?autoplay=1&mute=1&rel=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

2cdc7f661d12ab30226c44bafc74a8f4a171b1ac4a7e2137a915482aa8910588

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.youtube.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Fri, 28 Jan 2022 11:39:41 GMT
x-content-type-options: nosniff
age: 7605
content-disposition: inline;filename="unnamed.jpg"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1451
x-xss-protection: 0
server: fife
etag: "v14"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Thu, 18 Nov 2021 15:50:10 GMT

GET
DATA 200
OK truncated
/ Frame 6886 268 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: ad42e8a35d2104ef1e5ac594d0332cb386e20be762761ce2d5f28554dddf0f40

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Content-Type: image/png

GET
H/1.1 200
OK playfair-display-v20-latin-700.ttf
www.tranquilforrestt3.xyz/static/fonts/ 0
815 B 334ms
333ms Font
text/html 2606:4700:3030::6815:da0
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: http://www.tranquilforrestt3.xyz/static/fonts/playfair-display-v20-latin-700.ttf
Requested by: Host: www.tranquilforrestt3.xyz
URL: http://www.tranquilforrestt3.xyz/
Protocol: HTTP/1.1
Server: 2606:4700:3030::6815:da0 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / PHP/5.3.3
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: http://www.tranquilforrestt3.xyz/
Origin: http://www.tranquilforrestt3.xyz
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Fri, 28 Jan 2022 13:46:26 GMT
Content-Encoding: gzip
CF-Cache-Status: MISS
Last-Modified: Fri, 28 Jan 2022 13:46:26 GMT
Server: cloudflare
x-powered-by: PHP/5.3.3
Vary: Accept-Encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=DyCOmDO7VrH8IUY975wMcI%2Fcjf%2FZWqoYUtG8jgtM32XnTa7yxp%2BTJQ0J8Ik7Ux0%2F8E57qDAt%2FCCemyjOBYAJIxZXH2v95nhUnh2jvqY7CYKMaR3flYD4w0mUGQwlN%2FR9tkU6WxBgBedHzkx1Y%2FWDWFlt7o5Jb%2Bwf"}],"group":"cf-nel","max_age":604800}
Content-Type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
Cache-Control: max-age=14400
Transfer-Encoding: chunked
Connection: keep-alive
CF-RAY: 6d4aaabcacae9199-FRA
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}

GET
H3 200 downsize_200k_v1
tpc.googlesyndication.com/simgad/5710084888091192939/ Frame F12A 21 KB
22 KB 90ms
40ms Image
image/jpeg 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/5710084888091192939/downsize_200k_v1?w=600&h=314

Requested by

Host: www.tranquilforrestt3.xyz
URL: http://www.tranquilforrestt3.xyz/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e0c694cb9e15c07c2d92102ccabbc54aded05b5675f65e9f852d50202bbce4bf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www.tranquilforrestt3.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 25 Jan 2022 11:56:09 GMT
x-content-type-options: nosniff
age: 265817
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 21996
x-xss-protection: 0
last-modified: Mon, 27 Dec 2021 09:34:19 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Wed, 25 Jan 2023 11:56:09 GMT

GET
DATA 200
OK truncated
/ Frame F12A 206 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 44eefef34507164f4234b958d8f6906488a2521071379498041568bae9499b2e

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www.tranquilforrestt3.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ Frame F12A 209 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: d7779d95203bed5280ee3281f856607f95ac5df680547356656c7109d7d0a6a6

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www.tranquilforrestt3.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ Frame F12A 209 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 86136938407b91e900aeaeedbfccede12c9ec30387f4b793b4ad774e5991ffbc

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www.tranquilforrestt3.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 4UasrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RPjIUvQ.woff2
fonts.gstatic.com/s/googlesans/v41/ Frame F12A 28 KB
28 KB 87ms
39ms Font
font/woff2 2a00:1450:4001:80e::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/googlesans/v41/4UasrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RPjIUvQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

05e2888e835d97fe6e4cfb256f62f47d5dccf6d9ac202ea9d82a6bc2b1716c1d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: http://www.tranquilforrestt3.xyz
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 25 Jan 2022 18:12:51 GMT
x-content-type-options: nosniff
age: 243215
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 28196
x-xss-protection: 0
last-modified: Tue, 18 Jan 2022 17:53:50 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Wed, 25 Jan 2023 18:12:51 GMT

GET
H3 204 generate_204
www.youtube.com/ Frame 6886 0
9 B 39ms
38ms Image
text/plain 2a00:1450:4001:80e::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.youtube.com/generate_204?jTyPMA
Requested by: Host: www.youtube.com
URL: https://www.youtube.com/embed/TvMY7lARVF0?autoplay=1&mute=1&rel=0
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:80e::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.youtube.com/embed/TvMY7lARVF0?autoplay=1&mute=1&rel=0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Fri, 28 Jan 2022 13:46:26 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0

POST
H3 204 qoe
www.youtube.com/api/stats/ Frame 6886 0
19 B 49ms
49ms Ping
text/html 2a00:1450:4001:80e::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/api/stats/qoe?fmt=396&afmt=251&cpn=MzsjtoIXAbgRTkG9&el=embedded&ns=yt&fexp=23983296%2C24001373%2C24002022%2C24002025%2C24002922%2C24004644%2C24007246%2C24080738%2C24082661%2C24106566%2C24125207%2C24129402%2C24135310%2C24141079%2C24146770&cl=424458613&seq=1&docid=TvMY7lARVF0&ei=svPzYfPWJcu8x_APiKutyAU&event=streamingstats&plid=AAXWpKlJpq8CgYn5&referrer=https%3A%2F%2Fwww.youtube.com%2Fembed%2FTvMY7lARVF0%3Fautoplay%3D1%26mute%3D1%26rel%3D0&cbr=Chrome&cbrver=97.0.4692.71&c=WEB_EMBEDDED_PLAYER&cver=1.20220126.01.00&cplayer=UNIPLAYER&cos=Windows&cosver=10.0&cplatform=DESKTOP&vps=0.000:N,0.006:B,0.276:B,0.276:B&cmt=0.006:0.000,0.276:0.000&afs=0.276:251::i&vfs=0.276:396:396::r&view=0.276:300:250&bwe=0.276:130000&bat=0.276:1:1&vis=0.276:0&bh=0.276:0.000

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/495d0f2b/player_ias.vflset/de_DE/base.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Video Stats Server /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.youtube.com/embed/TvMY7lARVF0?autoplay=1&mute=1&rel=0
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Fri, 28 Jan 2022 13:46:26 GMT
x-content-type-options: nosniff
server: Video Stats Server
x-frame-options: SAMEORIGIN
content-type: text/html; charset=UTF-8
access-control-allow-origin: https://www.youtube.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK videoplayback Show response
rr4---sn-5hnekn7d.googlevideo.com/ Frame 6886 93 KB
94 KB 112ms
15ms XHR
video/mp4 2a00:1450:400e:1::9
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://rr4---sn-5hnekn7d.googlevideo.com/videoplayback?expire=1643399186&ei=svPzYfPWJcu8x_APiKutyAU&ip=2a03%3A1b20%3A6%3Af011%3A%3A5e&id=o-AL3wTGwWKNbjJTkrjhflecK629aFoy7vY3lIMYGWKxhC&itag=396&aitags=133%2C134%2C135%2C136%2C137%2C160%2C242%2C243%2C244%2C278%2C394%2C395%2C396%2C397&source=youtube&requiressl=yes&mh=Wa&mm=31%2C29&mn=sn-5hnekn7d%2Csn-5hne6nsy&ms=au%2Crdu&mv=m&mvi=4&pl=48&initcwndbps=1653750&vprv=1&mime=video%2Fmp4&ns=hP-kvHtvtRLTj6Kh5qfEHDkG&gir=yes&clen=7952670&dur=200.840&lmt=1625403255363056&mt=1643377277&fvip=4&keepalive=yes&fexp=24001373%2C24007246&c=WEB_EMBEDDED_PLAYER&txp=5531432&n=23PZ7T0nZdSa8g&sparams=expire%2Cei%2Cip%2Cid%2Caitags%2Csource%2Crequiressl%2Cvprv%2Cmime%2Cns%2Cgir%2Cclen%2Cdur%2Clmt&sig=AOq0QJ8wRQIhANCusBX-zpLVXquC73SPwamsLR3HJ1T1DNK_T0hpDrgdAiAMym2mP7MfNkbt9nOlTmzzzCEBD8zz60dx7UnuU6JHKg%3D%3D&lsparams=mh%2Cmm%2Cmn%2Cms%2Cmv%2Cmvi%2Cpl%2Cinitcwndbps&lsig=AG3C_xAwRQIhAOEdbmAhtsZaGgA-3mU_n3vAvBlHjAzmdS1xjp7ZI06PAiBIXCpcrjzLvjCr6lZngoKgDl1vu5bufRXd4fPHk8obOQ%3D%3D&alr=yes&cpn=MzsjtoIXAbgRTkG9&cver=1.20220126.01.00&range=0-95545&rn=1&rbuf=0

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/495d0f2b/player_ias.vflset/de_DE/base.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400e:1::9 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

gvs 1.0 /

Resource Hash

2490c084a5b6dc67ff1a932592c2da57ead54da0599321ad8d7272b9eaa91d27

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.youtube.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Fri, 28 Jan 2022 13:46:26 GMT
X-Restrict-Formats-Hint: None
Cross-Origin-Resource-Policy: cross-origin
Connection: keep-alive
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
Content-Length: 95546
Last-Modified: Sun, 04 Jul 2021 12:54:15 GMT
Server: gvs 1.0
Vary: Origin
Content-Type: video/mp4
Access-Control-Allow-Origin: https://www.youtube.com
Access-Control-Expose-Headers: Client-Protocol, Content-Length, Content-Type, X-Bandwidth-Est, X-Bandwidth-Est2, X-Bandwidth-Est3, X-Bandwidth-App-Limited, X-Bandwidth-Est-App-Limited, X-Bandwidth-Est-Comp, X-Bandwidth-Avg, X-Head-Time-Millis, X-Head-Time-Sec, X-Head-Seqnum, X-Response-Itag, X-Restrict-Formats-Hint, X-Sequence-Num, X-Segment-Lmt, X-Walltime-Ms
Cache-Control: private, max-age=21300
Access-Control-Allow-Credentials: true
Accept-Ranges: bytes
Timing-Allow-Origin: https://www.youtube.com
X-Content-Type-Options: nosniff
Expires: Fri, 28 Jan 2022 13:46:26 GMT

GET
H/1.1 200
OK videoplayback Show response
rr4---sn-5hnekn7d.googlevideo.com/ Frame 6886 65 KB
66 KB 112ms
15ms XHR
audio/webm 2a00:1450:400e:1::9
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://rr4---sn-5hnekn7d.googlevideo.com/videoplayback?expire=1643399186&ei=svPzYfPWJcu8x_APiKutyAU&ip=2a03%3A1b20%3A6%3Af011%3A%3A5e&id=o-AL3wTGwWKNbjJTkrjhflecK629aFoy7vY3lIMYGWKxhC&itag=251&source=youtube&requiressl=yes&mh=Wa&mm=31%2C29&mn=sn-5hnekn7d%2Csn-5hne6nsy&ms=au%2Crdu&mv=m&mvi=4&pl=48&initcwndbps=1653750&vprv=1&mime=audio%2Fwebm&ns=hP-kvHtvtRLTj6Kh5qfEHDkG&gir=yes&clen=3452870&dur=200.861&lmt=1623499696404952&mt=1643377277&fvip=4&keepalive=yes&fexp=24001373%2C24007246&c=WEB_EMBEDDED_PLAYER&txp=5532434&n=23PZ7T0nZdSa8g&sparams=expire%2Cei%2Cip%2Cid%2Citag%2Csource%2Crequiressl%2Cvprv%2Cmime%2Cns%2Cgir%2Cclen%2Cdur%2Clmt&sig=AOq0QJ8wRQIgfDxLgvk5zlKx9J86b7Vdt-DoSjEc9ub3j7XCr8NPppYCIQDm6RYQAapDuntBLhBHvGm719whTbA8vGRcmRInbpsIfw%3D%3D&lsparams=mh%2Cmm%2Cmn%2Cms%2Cmv%2Cmvi%2Cpl%2Cinitcwndbps&lsig=AG3C_xAwRQIhAOEdbmAhtsZaGgA-3mU_n3vAvBlHjAzmdS1xjp7ZI06PAiBIXCpcrjzLvjCr6lZngoKgDl1vu5bufRXd4fPHk8obOQ%3D%3D&alr=yes&cpn=MzsjtoIXAbgRTkG9&cver=1.20220126.01.00&range=0-66155&rn=2&rbuf=0

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/495d0f2b/player_ias.vflset/de_DE/base.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400e:1::9 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

gvs 1.0 /

Resource Hash

7cac57b8a5a82dd76a02acfee7b40c1740aa89c7b558d9b7c758047ec6a5ea14

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.youtube.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Fri, 28 Jan 2022 13:46:26 GMT
X-Content-Type-Options: nosniff
Cross-Origin-Resource-Policy: cross-origin
Connection: keep-alive
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
Content-Length: 66156
Last-Modified: Sat, 12 Jun 2021 12:08:16 GMT
Server: gvs 1.0
Vary: Origin
Content-Type: audio/webm
Access-Control-Allow-Origin: https://www.youtube.com
Access-Control-Expose-Headers: Client-Protocol, Content-Length, Content-Type, X-Bandwidth-Est, X-Bandwidth-Est2, X-Bandwidth-Est3, X-Bandwidth-App-Limited, X-Bandwidth-Est-App-Limited, X-Bandwidth-Est-Comp, X-Bandwidth-Avg, X-Head-Time-Millis, X-Head-Time-Sec, X-Head-Seqnum, X-Response-Itag, X-Restrict-Formats-Hint, X-Sequence-Num, X-Segment-Lmt, X-Walltime-Ms
Cache-Control: private, max-age=21300
Access-Control-Allow-Credentials: true
Accept-Ranges: bytes
Timing-Allow-Origin: https://www.youtube.com
Expires: Fri, 28 Jan 2022 13:46:26 GMT

GET
H3 200 remote.js Show response
www.youtube.com/s/player/495d0f2b/player_ias.vflset/de_DE/ Frame 6886 97 KB
30 KB 41ms
40ms Script
text/javascript 2a00:1450:4001:80e::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/495d0f2b/player_ias.vflset/de_DE/remote.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/495d0f2b/player_ias.vflset/de_DE/base.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1c842e4ccea31d3a660dd88c047ffc5fc67b77beefacf5f449bfe801050d3500

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.youtube.com/embed/TvMY7lARVF0?autoplay=1&mute=1&rel=0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 27 Jan 2022 16:57:40 GMT
content-encoding: br
x-content-type-options: nosniff
age: 74926
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 30819
x-xss-protection: 0
last-modified: Thu, 27 Jan 2022 01:14:49 GMT
server: sffe
vary: Accept-Encoding, Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Fri, 27 Jan 2023 16:57:40 GMT

GET
H3 200 endscreen.js Show response
www.youtube.com/s/player/495d0f2b/player_ias.vflset/de_DE/ Frame 6886 26 KB
7 KB 43ms
43ms Script
text/javascript 2a00:1450:4001:80e::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/495d0f2b/player_ias.vflset/de_DE/endscreen.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/495d0f2b/player_ias.vflset/de_DE/base.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

19e093a9d5884a4bc3246b12030ce5fabf8c911150aac450633fc964d23259a5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.youtube.com/embed/TvMY7lARVF0?autoplay=1&mute=1&rel=0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 27 Jan 2022 16:59:00 GMT
content-encoding: br
x-content-type-options: nosniff
age: 74846
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7228
x-xss-protection: 0
last-modified: Thu, 27 Jan 2022 01:14:49 GMT
server: sffe
vary: Accept-Encoding, Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Fri, 27 Jan 2023 16:59:00 GMT

POST
H3 200 next Show response
www.youtube.com/youtubei/v1/ Frame 6886 64 KB
5 KB 498ms
498ms XHR
application/json 2a00:1450:4001:80e::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/youtubei/v1/next?key=AIzaSyAO_FJ2SlqU8Q4STEHLGCilw_Y9_11qcW8

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/495d0f2b/player_ias.vflset/de_DE/base.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

82e41399ec9a632caed13b32dc8f1113a17af1762f3aec727635e3233061f46d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.youtube.com/embed/TvMY7lARVF0?autoplay=1&mute=1&rel=0
X-Youtube-Client-Name: 56
X-Youtube-Client-Version: 1.20220126.01.00
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
X-Goog-Visitor-Id: CgtuYVY4ZTI4ckZjRSiy58-PBg%3D%3D
Content-Type: application/json

Response headers

date: Fri, 28 Jan 2022 13:46:27 GMT
content-encoding: br
x-content-type-options: nosniff
server: ESF
x-frame-options: SAMEORIGIN
vary: Origin, X-Origin, Referer
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
cache-control: private
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4974
x-xss-protection: 0
expires: Fri, 28 Jan 2022 13:46:27 GMT

POST
H3 204 qoe
www.youtube.com/api/stats/ Frame E7E4 0
19 B 108ms
108ms Ping
text/html 2a00:1450:4001:80e::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/api/stats/qoe?fmt=396&afmt=251&cpn=EV2uXV7Bgoqk5hfv&el=embedded&ns=yt&fexp=23983296%2C24001373%2C24002022%2C24002025%2C24002923%2C24004644%2C24007246%2C24080738%2C24082662%2C24106566%2C24125207%2C24126630%2C24129402%2C24135310%2C24141079%2C24146770%2C24154885&cl=424458613&seq=1&docid=4RHoJWfJ9AY&ei=svPzYZOuKIOAx_AP8paWmAI&event=streamingstats&plid=AAXWpKlJXvmBiFtT&referrer=https%3A%2F%2Fwww.youtube.com%2Fembed%2F4RHoJWfJ9AY%3Fautoplay%3D1%26mute%3D1%26rel%3D0&cbr=Chrome&cbrver=97.0.4692.71&c=WEB_EMBEDDED_PLAYER&cver=1.20220126.01.00&cplayer=UNIPLAYER&cos=Windows&cosver=10.0&cplatform=DESKTOP&vps=0.000:N,0.004:B,0.248:B,0.248:B&cmt=0.004:0.000,0.248:0.000&afs=0.248:251::i&vfs=0.248:396:396::r&view=0.248:300:250&bwe=0.248:130000&bat=0.248:1:1&vis=0.248:0&bh=0.248:0.000

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/495d0f2b/player_ias.vflset/de_DE/base.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Video Stats Server /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.youtube.com/embed/4RHoJWfJ9AY?autoplay=1&mute=1&rel=0
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Fri, 28 Jan 2022 13:46:26 GMT
x-content-type-options: nosniff
server: Video Stats Server
x-frame-options: SAMEORIGIN
content-type: text/html; charset=UTF-8
access-control-allow-origin: https://www.youtube.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK videoplayback Show response
rr5---sn-5hneknee.googlevideo.com/ Frame E7E4 83 KB
84 KB 120ms
16ms XHR
video/mp4 2a00:1450:400e:8::a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://rr5---sn-5hneknee.googlevideo.com/videoplayback?expire=1643399186&ei=svPzYZOuKIOAx_AP8paWmAI&ip=2a03%3A1b20%3A6%3Af011%3A%3A5e&id=o-ALYzR9UnvBqOdTZ7vdr7t9JDXmbRGlvzl-tIOjbDZr7R&itag=396&aitags=133%2C134%2C135%2C136%2C137%2C160%2C242%2C243%2C244%2C247%2C248%2C278%2C394%2C395%2C396%2C397%2C398%2C399&source=youtube&requiressl=yes&mh=0t&mm=31%2C26&mn=sn-5hneknee%2Csn-5goeen7y&ms=au%2Conr&mv=m&mvi=5&pl=48&initcwndbps=1653750&vprv=1&mime=video%2Fmp4&ns=ues1O0_LrWBr8o0-fUdzKHgG&gir=yes&clen=47035824&dur=1393.480&lmt=1607955256840004&mt=1643377277&fvip=5&keepalive=yes&fexp=24001373%2C24007246&c=WEB_EMBEDDED_PLAYER&txp=5531432&n=gCFGimhN151Y2w&sparams=expire%2Cei%2Cip%2Cid%2Caitags%2Csource%2Crequiressl%2Cvprv%2Cmime%2Cns%2Cgir%2Cclen%2Cdur%2Clmt&sig=AOq0QJ8wRAIgW2LrpQIGJ9-olKUizHL7BwAS1FdFDJ6QAyoMpEfDY2ICIDnOj2JRfShvHb6kvdOIxGgIf7Q8S8Ox44c6W4sWh-Xz&lsparams=mh%2Cmm%2Cmn%2Cms%2Cmv%2Cmvi%2Cpl%2Cinitcwndbps&lsig=AG3C_xAwRQIhALBbxIfXlV8QRFSHE5Am1s-xGTFrTtpv24mUu1cs3TDMAiAQ_0qhwTkzOXXH277XQxACinLU_zzCsiuihAcyXsyN4A%3D%3D&alr=yes&cpn=EV2uXV7Bgoqk5hfv&cver=1.20220126.01.00&range=0-84642&rn=1&rbuf=0

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/495d0f2b/player_ias.vflset/de_DE/base.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400e:8::a , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

gvs 1.0 /

Resource Hash

a271e80c498786e8bc755d47b2844f35cb408e4cbb369b77d40d06781998d36c

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.youtube.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Fri, 28 Jan 2022 13:46:26 GMT
X-Restrict-Formats-Hint: None
Cross-Origin-Resource-Policy: cross-origin
Connection: keep-alive
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
Content-Length: 84643
Last-Modified: Mon, 14 Dec 2020 14:14:16 GMT
Server: gvs 1.0
Vary: Origin
Content-Type: video/mp4
Access-Control-Allow-Origin: https://www.youtube.com
Access-Control-Expose-Headers: Client-Protocol, Content-Length, Content-Type, X-Bandwidth-Est, X-Bandwidth-Est2, X-Bandwidth-Est3, X-Bandwidth-App-Limited, X-Bandwidth-Est-App-Limited, X-Bandwidth-Est-Comp, X-Bandwidth-Avg, X-Head-Time-Millis, X-Head-Time-Sec, X-Head-Seqnum, X-Response-Itag, X-Restrict-Formats-Hint, X-Sequence-Num, X-Segment-Lmt, X-Walltime-Ms
Cache-Control: private, max-age=21300
Access-Control-Allow-Credentials: true
Accept-Ranges: bytes
Timing-Allow-Origin: https://www.youtube.com
X-Content-Type-Options: nosniff
Expires: Fri, 28 Jan 2022 13:46:26 GMT

GET
H/1.1 200
OK videoplayback Show response
rr5---sn-5hneknee.googlevideo.com/ Frame E7E4 67 KB
68 KB 120ms
16ms XHR
audio/webm 2a00:1450:400e:8::a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://rr5---sn-5hneknee.googlevideo.com/videoplayback?expire=1643399186&ei=svPzYZOuKIOAx_AP8paWmAI&ip=2a03%3A1b20%3A6%3Af011%3A%3A5e&id=o-ALYzR9UnvBqOdTZ7vdr7t9JDXmbRGlvzl-tIOjbDZr7R&itag=251&source=youtube&requiressl=yes&mh=0t&mm=31%2C26&mn=sn-5hneknee%2Csn-5goeen7y&ms=au%2Conr&mv=m&mvi=5&pl=48&initcwndbps=1653750&vprv=1&mime=audio%2Fwebm&ns=ues1O0_LrWBr8o0-fUdzKHgG&gir=yes&clen=20496903&dur=1393.501&lmt=1607943462301037&mt=1643377277&fvip=5&keepalive=yes&fexp=24001373%2C24007246&c=WEB_EMBEDDED_PLAYER&txp=5532434&n=gCFGimhN151Y2w&sparams=expire%2Cei%2Cip%2Cid%2Citag%2Csource%2Crequiressl%2Cvprv%2Cmime%2Cns%2Cgir%2Cclen%2Cdur%2Clmt&sig=AOq0QJ8wRgIhAKP74N2IBnnG5HXTd9RnsOXMYYqJdREhUssPQn5WvbicAiEA9ktjKgc6DA9ggnUzMO8hbRN-v0yft5n7tb3dTLETpGU%3D&lsparams=mh%2Cmm%2Cmn%2Cms%2Cmv%2Cmvi%2Cpl%2Cinitcwndbps&lsig=AG3C_xAwRQIhALBbxIfXlV8QRFSHE5Am1s-xGTFrTtpv24mUu1cs3TDMAiAQ_0qhwTkzOXXH277XQxACinLU_zzCsiuihAcyXsyN4A%3D%3D&alr=yes&cpn=EV2uXV7Bgoqk5hfv&cver=1.20220126.01.00&range=0-68203&rn=2&rbuf=0

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/495d0f2b/player_ias.vflset/de_DE/base.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400e:8::a , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

gvs 1.0 /

Resource Hash

ea48d86004e248e342ddc9c849f9614624c0daeca0aa3afbcf9b6efdef7f96e9

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.youtube.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Fri, 28 Jan 2022 13:46:26 GMT
X-Content-Type-Options: nosniff
Cross-Origin-Resource-Policy: cross-origin
Connection: keep-alive
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
Content-Length: 68204
Last-Modified: Mon, 14 Dec 2020 10:57:42 GMT
Server: gvs 1.0
Vary: Origin
Content-Type: audio/webm
Access-Control-Allow-Origin: https://www.youtube.com
Access-Control-Expose-Headers: Client-Protocol, Content-Length, Content-Type, X-Bandwidth-Est, X-Bandwidth-Est2, X-Bandwidth-Est3, X-Bandwidth-App-Limited, X-Bandwidth-Est-App-Limited, X-Bandwidth-Est-Comp, X-Bandwidth-Avg, X-Head-Time-Millis, X-Head-Time-Sec, X-Head-Seqnum, X-Response-Itag, X-Restrict-Formats-Hint, X-Sequence-Num, X-Segment-Lmt, X-Walltime-Ms
Cache-Control: private, max-age=21300
Access-Control-Allow-Credentials: true
Accept-Ranges: bytes
Timing-Allow-Origin: https://www.youtube.com
Expires: Fri, 28 Jan 2022 13:46:26 GMT

GET
H3 200 remote.js Show response
www.youtube.com/s/player/495d0f2b/player_ias.vflset/de_DE/ Frame E7E4 97 KB
30 KB 39ms
39ms Script
text/javascript 2a00:1450:4001:80e::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/495d0f2b/player_ias.vflset/de_DE/remote.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/495d0f2b/player_ias.vflset/de_DE/base.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1c842e4ccea31d3a660dd88c047ffc5fc67b77beefacf5f449bfe801050d3500

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.youtube.com/embed/4RHoJWfJ9AY?autoplay=1&mute=1&rel=0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 27 Jan 2022 16:57:40 GMT
content-encoding: br
x-content-type-options: nosniff
age: 74926
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 30819
x-xss-protection: 0
last-modified: Thu, 27 Jan 2022 01:14:49 GMT
server: sffe
vary: Accept-Encoding, Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Fri, 27 Jan 2023 16:57:40 GMT

GET
H3 200 captions.js Show response
www.youtube.com/s/player/495d0f2b/player_ias.vflset/de_DE/ Frame E7E4 64 KB
24 KB 43ms
43ms Script
text/javascript 2a00:1450:4001:80e::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/495d0f2b/player_ias.vflset/de_DE/captions.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/495d0f2b/player_ias.vflset/de_DE/base.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7f66b68e9378ea68ec94ed3452924f92218ead27df125c733b572408bd88c370

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.youtube.com/embed/4RHoJWfJ9AY?autoplay=1&mute=1&rel=0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 27 Jan 2022 16:59:00 GMT
content-encoding: br
x-content-type-options: nosniff
age: 74846
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 24496
x-xss-protection: 0
last-modified: Thu, 27 Jan 2022 01:14:49 GMT
server: sffe
vary: Accept-Encoding, Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Fri, 27 Jan 2023 16:59:00 GMT

GET
H3 200 endscreen.js Show response
www.youtube.com/s/player/495d0f2b/player_ias.vflset/de_DE/ Frame E7E4 26 KB
7 KB 42ms
42ms Script
text/javascript 2a00:1450:4001:80e::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/495d0f2b/player_ias.vflset/de_DE/endscreen.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/495d0f2b/player_ias.vflset/de_DE/base.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

19e093a9d5884a4bc3246b12030ce5fabf8c911150aac450633fc964d23259a5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.youtube.com/embed/4RHoJWfJ9AY?autoplay=1&mute=1&rel=0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 27 Jan 2022 16:59:00 GMT
content-encoding: br
x-content-type-options: nosniff
age: 74846
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7228
x-xss-protection: 0
last-modified: Thu, 27 Jan 2022 01:14:49 GMT
server: sffe
vary: Accept-Encoding, Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Fri, 27 Jan 2023 16:59:00 GMT

POST
H3 200 next Show response
www.youtube.com/youtubei/v1/ Frame E7E4 30 KB
3 KB 310ms
310ms XHR
application/json 2a00:1450:4001:80e::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/youtubei/v1/next?key=AIzaSyAO_FJ2SlqU8Q4STEHLGCilw_Y9_11qcW8

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/495d0f2b/player_ias.vflset/de_DE/base.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

f17c25d0419f95ec79dc54e6a02a3820ec98cec29426175cfbd30e55e78a2f21

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.youtube.com/embed/4RHoJWfJ9AY?autoplay=1&mute=1&rel=0
X-Youtube-Client-Name: 56
X-Youtube-Client-Version: 1.20220126.01.00
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
X-Goog-Visitor-Id: Cgs2WXRvVC1QT0Mwdyiy58-PBg%3D%3D
Content-Type: application/json

Response headers

date: Fri, 28 Jan 2022 13:46:27 GMT
content-encoding: br
x-content-type-options: nosniff
server: ESF
x-frame-options: SAMEORIGIN
vary: Origin, X-Origin, Referer
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
cache-control: private
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3261
x-xss-protection: 0
expires: Fri, 28 Jan 2022 13:46:27 GMT

GET
H3 204 generate_204
www.youtube.com/ Frame E7E4 0
9 B 41ms
40ms Image
text/plain 2a00:1450:4001:80e::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.youtube.com/generate_204?lBgNFw
Requested by: Host: www.tranquilforrestt3.xyz
URL: http://www.tranquilforrestt3.xyz/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:80e::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.youtube.com/embed/4RHoJWfJ9AY?autoplay=1&mute=1&rel=0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Fri, 28 Jan 2022 13:46:26 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0

GET
H3 200 container.html Show response
2ee9f9c2d9910c8713dfd6416585c71c.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame D234 6 KB
3 KB 88ms
40ms Document
text/html 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://2ee9f9c2d9910c8713dfd6416585c71c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022012702.js?31064603

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: http://www.tranquilforrestt3.xyz/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 3108
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 28 Jan 2022 13:46:25 GMT
expires: Sat, 28 Jan 2023 13:46:25 GMT
cache-control: public, immutable, max-age=31536000
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
content-type: text/html
age: 2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 cast_sender.js Show response
www.gstatic.com/cv/js/sender/v1/ Frame 6886 4 KB
3 KB 143ms
58ms Script
text/javascript 2a00:1450:4001:803::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/cv/js/sender/v1/cast_sender.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/495d0f2b/player_ias.vflset/de_DE/base.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ee147e859ad0f09aa50367974e38ab53e7c7054c4a51d400a7f45b0eb251454f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.youtube.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Fri, 28 Jan 2022 13:46:27 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/cloudview
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2007
x-xss-protection: 0
last-modified: Tue, 16 Feb 2021 23:57:06 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="cloudview"
vary: Accept-Encoding
report-to: {"group":"cloudview","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/cloudview"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Fri, 28 Jan 2022 13:46:27 GMT

GET
H3 200 videoplayback Show response
rr4---sn-5hnekn7d.googlevideo.com/ Frame 6886 92 KB
92 KB 31ms
14ms XHR
video/mp4 2a00:1450:400e:1::9
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/495d0f2b/player_ias.vflset/de_DE/base.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400e:1::9 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

gvs 1.0 /

Resource Hash

42516e62b070c78ff92349a2c9e50c22217e83340cea43d212ac0fcc3752600a

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.youtube.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Fri, 28 Jan 2022 13:46:27 GMT
x-restrict-formats-hint: None
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 94334
client-protocol: quic
last-modified: Sun, 04 Jul 2021 12:54:15 GMT
server: gvs 1.0
vary: Origin
content-type: video/mp4
access-control-allow-origin: https://www.youtube.com
access-control-expose-headers: Client-Protocol, Content-Length, Content-Type, X-Bandwidth-Est, X-Bandwidth-Est2, X-Bandwidth-Est3, X-Bandwidth-App-Limited, X-Bandwidth-Est-App-Limited, X-Bandwidth-Est-Comp, X-Bandwidth-Avg, X-Head-Time-Millis, X-Head-Time-Sec, X-Head-Seqnum, X-Response-Itag, X-Restrict-Formats-Hint, X-Sequence-Num, X-Segment-Lmt, X-Walltime-Ms
cache-control: private, max-age=21299
access-control-allow-credentials: true
accept-ranges: bytes
timing-allow-origin: https://www.youtube.com
x-content-type-options: nosniff
expires: Fri, 28 Jan 2022 13:46:27 GMT

GET
H2 200 cast_sender.js Show response
www.gstatic.com/cv/js/sender/v1/ Frame E7E4 4 KB
2 KB 132ms
77ms Script
text/javascript 2a00:1450:4001:803::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/cv/js/sender/v1/cast_sender.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/495d0f2b/player_ias.vflset/de_DE/base.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ee147e859ad0f09aa50367974e38ab53e7c7054c4a51d400a7f45b0eb251454f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.youtube.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Fri, 28 Jan 2022 13:46:27 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/cloudview
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2007
x-xss-protection: 0
last-modified: Tue, 16 Feb 2021 23:57:06 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="cloudview"
vary: Accept-Encoding
report-to: {"group":"cloudview","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/cloudview"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Fri, 28 Jan 2022 13:46:27 GMT

GET
H2 200 tcInitVast.js Show response
yaas-b-s.performoo.com/ 5 KB
3 KB 389ms
111ms Script
application/javascript 185.93.1.244
CDN77 ^_^

General

Check archive.org

Show headers Download Go to

Full URL: https://yaas-b-s.performoo.com/tcInitVast.js
Requested by: Host: tags-b.performoo.com
URL: https://tags-b.performoo.com/tag/vastos/2c9f986e7a86b9c1017a8a9217f10099
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 185.93.1.244 , United States, ASN60068 (CDN77 ^_^, GB),
Reverse DNS: unn-185-93-1-244.datapacket.com
Software: Performoo-IL1-845 /
Resource Hash: df453024c980855fe76b9b3c4beef92583f4e889013b006ffa3add64efb640e2

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www.tranquilforrestt3.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Fri, 28 Jan 2022 13:46:27 GMT
content-encoding: gzip
cdn-edgestorageid: 617
x-amz-request-id: QPC799NYN8JERB9M
cdn-cachedat: 01/19/2022 06:03:55
cdn-pullzone: 633974
x-amz-id-2: zpJVNhAbCjhxVyE3pHLJWPJIxfKYviFRvjR+mHQcstJWkbODbyiotTb81O0Ge2js2vqvS9dji/g=
server: Performoo-IL1-845
last-modified: Wed, 19 Jan 2022 12:01:51 GMT
cdn-proxyver: 1.02
cdn-requestpullcode: 200
etag: "a31531e7921ebaf7ab8d56e755797618"
vary: Accept-Encoding, Accept-Encoding
content-type: application/javascript
cdn-cache: HIT
cdn-uid: aa892386-1221-42f5-b6f5-50fb97e14687
cache-control: public, max-age=3600
cdn-requestid: 1dd363ac7c4f9441754bae59e1671f50
cdn-requestcountrycode: DE
cdn-status: 200
cdn-requestpullsuccess: True

GET
DATA 200
OK truncated
/ Frame C69C 216 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e94ff81d7c10f5fa6742b3600b2680726d7e76147cedff530047dcc4b25fef59

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www.tranquilforrestt3.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame C69C 0
0 72ms
71ms Fetch
image/gif 142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsvc65IAf6Du8eTJVjDzrRS81c-i8rgnSGmCAWQHTNrIrbpdUyNtV8d-V4nnplu4aZI9JpHngVFvc4zN6AXBi9ablI-GyfVN4AodgCjWwelSHkrK-3pV4DGxIDfskmjrOKCx9xEsmjG0-Wf3rJ1C4RslWg0APww7L4o6Nb8XWVBU0TyNEE1zFx-hkgSlJzDcpX0sUErltXIP1VP6gOfu0ViZUIagJ5Q6ftjT7k2vJLjz3Xv2CGZynCRN_MAd-rA7oRUsVib-Kdp0bwVe1_LFfITfPogz007BdU3VyfJnc7trcv_Cw4S7tIzXSDdJRd6fmYoskHFZKEoENZdizIJTrRwHV3z5SnS8aVNeF0TrZa0SfYwXZRaXRsmLysvWNL_SZyKv2uBmSCs5dUXL3sXz0Y0&sig=Cg0ArKJSzOYmNC_JmM6qEAE&uach_m=[UACH]&urlfix=1&adurl=

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www.tranquilforrestt3.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 28 Jan 2022 13:46:27 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe
expires: Fri, 28 Jan 2022 13:46:27 GMT

GET
H3 204 playback
www.youtube.com/api/stats/ Frame 6886 0
17 B 49ms
48ms Image
text/html 2a00:1450:4001:80e::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.youtube.com/api/stats/playback?ns=yt&el=embedded&cpn=MzsjtoIXAbgRTkG9&ver=2&cmt=0.017&fmt=396&fs=0&rt=0.492&euri=http%3A%2F%2Fwww.tranquilforrestt3.xyz%2F&lact=513&cl=424458613&mos=1&volume=100&cbr=Chrome&cbrver=97.0.4692.71&c=WEB_EMBEDDED_PLAYER&cver=1.20220126.01.00&cplayer=UNIPLAYER&cos=Windows&cosver=10.0&cplatform=DESKTOP&autoplay=1&hl=de_DE&cr=DE&len=200.861&fexp=23983296%2C24001373%2C24002022%2C24002025%2C24002922%2C24004644%2C24007246%2C24080738%2C24082661%2C24106566%2C24125207%2C24129402%2C24135310%2C24141079%2C24146770&rtn=5&afmt=251&size=300%3A250&inview=0&muted=1&docid=TvMY7lARVF0&ei=svPzYfPWJcu8x_APiKutyAU&plid=AAXWpKlJpq8CgYn5&referrer=https%3A%2F%2Fwww.youtube.com%2Fembed%2FTvMY7lARVF0%3Fautoplay%3D1%26mute%3D1%26rel%3D0&of=7DzUxE-coiZ-eDS7U4rf7w&vm=CAEQARgEOjJBS1JhaHdETzd6ZEwxNGhEamhSZGJYRUFfbFM5ejdUYmZTTVlBbzVpLVI4VExWam90UWJLQVBta0tESUN0YVdpaEVqODJSV0tJNkNzVm1EMVYtV3Z3MmdlYkNPSG00bnlsS0l5N21jR0xoT1R3RHdSMXFTV3ExQzZSeVVsNE9n

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/TvMY7lARVF0?autoplay=1&mute=1&rel=0

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Video Stats Server /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.youtube.com/embed/TvMY7lARVF0?autoplay=1&mute=1&rel=0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 28 Jan 2022 13:46:27 GMT
x-content-type-options: nosniff
server: Video Stats Server
x-frame-options: SAMEORIGIN
content-type: text/html; charset=UTF-8
cache-control: no-cache, must-revalidate
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 ptracking
www.youtube.com/ Frame 6886 0
19 B 47ms
47ms Image
text/html 2a00:1450:4001:80e::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.youtube.com/ptracking?html5=1&video_id=TvMY7lARVF0&cpn=MzsjtoIXAbgRTkG9&ei=svPzYfPWJcu8x_APiKutyAU&ptk=youtube_single&oid=wGq9EMhqo84lGVb-4GwMyQ&ptchn=z8QaiQxApLq8sLNcszYyJw&pltype=content

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/TvMY7lARVF0?autoplay=1&mute=1&rel=0

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Video Stats Server /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.youtube.com/embed/TvMY7lARVF0?autoplay=1&mute=1&rel=0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 28 Jan 2022 13:46:27 GMT
x-content-type-options: nosniff
server: Video Stats Server
x-frame-options: SAMEORIGIN
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
cache-control: no-cache, must-revalidate
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 videoplayback Show response
rr5---sn-5hneknee.googlevideo.com/ Frame E7E4 79 KB
79 KB 34ms
15ms XHR
video/mp4 2a00:1450:400e:8::a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/495d0f2b/player_ias.vflset/de_DE/base.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400e:8::a , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

gvs 1.0 /

Resource Hash

a6f49ff03333d6d97c94fd1516805a2946f1dc56d284528151c33aaf3cc8c761

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.youtube.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Fri, 28 Jan 2022 13:46:27 GMT
x-restrict-formats-hint: None
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 80503
client-protocol: quic
last-modified: Mon, 14 Dec 2020 14:14:16 GMT
server: gvs 1.0
vary: Origin
content-type: video/mp4
access-control-allow-origin: https://www.youtube.com
access-control-expose-headers: Client-Protocol, Content-Length, Content-Type, X-Bandwidth-Est, X-Bandwidth-Est2, X-Bandwidth-Est3, X-Bandwidth-App-Limited, X-Bandwidth-Est-App-Limited, X-Bandwidth-Est-Comp, X-Bandwidth-Avg, X-Head-Time-Millis, X-Head-Time-Sec, X-Head-Seqnum, X-Response-Itag, X-Restrict-Formats-Hint, X-Sequence-Num, X-Segment-Lmt, X-Walltime-Ms
cache-control: private, max-age=21299
access-control-allow-credentials: true
accept-ranges: bytes
timing-allow-origin: https://www.youtube.com
x-content-type-options: nosniff
expires: Fri, 28 Jan 2022 13:46:27 GMT

GET
H3 200 videoplayback Show response
rr4---sn-5hnekn7d.googlevideo.com/ Frame 6886 64 KB
64 KB 15ms
14ms XHR
audio/webm 2a00:1450:400e:1::9
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://rr4---sn-5hnekn7d.googlevideo.com/videoplayback?expire=1643399186&ei=svPzYfPWJcu8x_APiKutyAU&ip=2a03%3A1b20%3A6%3Af011%3A%3A5e&id=o-AL3wTGwWKNbjJTkrjhflecK629aFoy7vY3lIMYGWKxhC&itag=251&source=youtube&requiressl=yes&mh=Wa&mm=31%2C29&mn=sn-5hnekn7d%2Csn-5hne6nsy&ms=au%2Crdu&mv=m&mvi=4&pl=48&initcwndbps=1653750&vprv=1&mime=audio%2Fwebm&ns=hP-kvHtvtRLTj6Kh5qfEHDkG&gir=yes&clen=3452870&dur=200.861&lmt=1623499696404952&mt=1643377277&fvip=4&keepalive=yes&fexp=24001373%2C24007246&c=WEB_EMBEDDED_PLAYER&txp=5532434&n=23PZ7T0nZdSa8g&sparams=expire%2Cei%2Cip%2Cid%2Citag%2Csource%2Crequiressl%2Cvprv%2Cmime%2Cns%2Cgir%2Cclen%2Cdur%2Clmt&sig=AOq0QJ8wRQIgfDxLgvk5zlKx9J86b7Vdt-DoSjEc9ub3j7XCr8NPppYCIQDm6RYQAapDuntBLhBHvGm719whTbA8vGRcmRInbpsIfw%3D%3D&lsparams=mh%2Cmm%2Cmn%2Cms%2Cmv%2Cmvi%2Cpl%2Cinitcwndbps&lsig=AG3C_xAwRQIhAOEdbmAhtsZaGgA-3mU_n3vAvBlHjAzmdS1xjp7ZI06PAiBIXCpcrjzLvjCr6lZngoKgDl1vu5bufRXd4fPHk8obOQ%3D%3D&alr=yes&cpn=MzsjtoIXAbgRTkG9&cver=1.20220126.01.00&range=66156-131691&rn=4&rbuf=3656

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/495d0f2b/player_ias.vflset/de_DE/base.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400e:1::9 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

gvs 1.0 /

Resource Hash

add349d8b41d6548519736b5218d3970c0c2695751640b4b87a79705e3a42b74

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.youtube.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Fri, 28 Jan 2022 13:46:27 GMT
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 65536
client-protocol: quic
last-modified: Sat, 12 Jun 2021 12:08:16 GMT
server: gvs 1.0
vary: Origin
content-type: audio/webm
access-control-allow-origin: https://www.youtube.com
access-control-expose-headers: Client-Protocol, Content-Length, Content-Type, X-Bandwidth-Est, X-Bandwidth-Est2, X-Bandwidth-Est3, X-Bandwidth-App-Limited, X-Bandwidth-Est-App-Limited, X-Bandwidth-Est-Comp, X-Bandwidth-Avg, X-Head-Time-Millis, X-Head-Time-Sec, X-Head-Seqnum, X-Response-Itag, X-Restrict-Formats-Hint, X-Sequence-Num, X-Segment-Lmt, X-Walltime-Ms
cache-control: private, max-age=21299
access-control-allow-credentials: true
accept-ranges: bytes
timing-allow-origin: https://www.youtube.com
expires: Fri, 28 Jan 2022 13:46:27 GMT

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame DF32 624 B
297 B 109ms
59ms Document
text/html 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CP-aJhCrhNkCGNWZ6L8BMAE&v=APEucNVhYmXZhNxfyWb2uzWnoSdtV5lwPC879RsMfjSVUhmHOpKBXQD2MPBYw7v9bUPOsrdGejYU-3WrDeJTKgAFpkY4sM-Y98GgG7Z4-rhn9zUtBYrAlX57Y0P1iPU8GssTjWFwQwqIvudbFa2bgSWoN4jcadX424wON5iryHJRNGxjE5yP9dE

Requested by

Host: 2ee9f9c2d9910c8713dfd6416585c71c.safeframe.googlesyndication.com
URL: https://2ee9f9c2d9910c8713dfd6416585c71c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://2ee9f9c2d9910c8713dfd6416585c71c.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
date: Fri, 28 Jan 2022 13:46:27 GMT
server: cafe
cache-control: private
content-length: 276
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 abg_lite_fy2019.js Show response
pagead2.googlesyndication.com/pagead/js/r20220126/r20110914/ Frame D234 18 KB
8 KB 163ms
51ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20220126/r20110914/abg_lite_fy2019.js

Requested by

Host: www.tranquilforrestt3.xyz
URL: http://www.tranquilforrestt3.xyz/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

2193054ab8a2bc36f5ef0b90c4d53dd5626e14b0123a2972066e2ed1fd44459d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://2ee9f9c2d9910c8713dfd6416585c71c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Fri, 28 Jan 2022 13:12:52 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 2015
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7644
x-xss-protection: 0
server: cafe
etag: 6659623896352890502
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 11 Feb 2022 13:12:52 GMT

GET
H2 200 omrhp_fy2019.js Show response
pagead2.googlesyndication.com/pagead/js/r20220126/r20110914/elements/html/ Frame D234 6 KB
3 KB 176ms
64ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20220126/r20110914/elements/html/omrhp_fy2019.js

Requested by

Host: www.tranquilforrestt3.xyz
URL: http://www.tranquilforrestt3.xyz/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

2d0744b54be7eab148245653f8fad2e4a0e8875b886bcacbb2c70741872eda55

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://2ee9f9c2d9910c8713dfd6416585c71c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Fri, 28 Jan 2022 12:01:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 6313
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2626
x-xss-protection: 0
server: cafe
etag: 8548655983161038638
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 11 Feb 2022 12:01:14 GMT

POST
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame D234 0
571 B 195ms
84ms Ping
image/gif 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjstwoN4jVTzqP8dIfdFwoe9zceTE-j-UD0HKEJEpP0vS5KqwWcNLX4ZjbcYdMvkOZRRYGnNYs8VjhEur5WrgUUF6YDF5umd8zVfKrp68xsEk13Re0RNfm3HZbR0LAfpWRPkgZdt20oW29a8Fiia8CIr1VKxSGSk4fObAuwTYc6biiaLCCKdP75quQZBYn62266BSCbPY5-q6eqZ1aQN4bpKo-rvIWAmqIZbI5xq4pXg7uOsep1JgdJI-5T2P9DSV8BnjJPM5YDCEzh_VTJUIvVrLEFEwmzfIflo26m5h2sa4XHL4H90iwWCJzLkz7l3HUE9FTtEvz_uMccGHhj-lJhMH67LayWRA3ycJjc0ltVLiKeJIee_sU9_iB2f9KjFECOnPGv2qJHLyrm-IEYyhujF9NetDmmL3N4tj92JAbYnQjwTjOMXQHHFHp5Pzhlnuq_6Q1iWoupY-UoAQJ30HbFJQpxp1Isg5X_353HM89Pe53juEvvTpDYcV2_epIZzv3AXrHA2FYRTOd8Kag3WC-mm-dTjZjM-MBIRwetYRYTOrW41FJmyUmoqwrV6UKEwd1KPXNwsve-RiuCK1f4A-JUHvk9GX7DvXDkV4Ugl1RikFQ3pyA-Avk8Bl9MjCno_1DZaOyooq4uSjI3EEr5xKRfWrtXh7eU-CmigfIxhVHgzRVp8Na9yJH50rU0ze0rbrQLcy_v-ftfxKhdn7FtxR9EyrUi43N85Yxo7OK2YDBf0qZCPT7MdB6fN3jTLDHXy7lKtF46fPDznhmR_1VlGUlkXyykpvAamctb1s4AMOHfrAWRn-IuQwEYzkP0N6GZPSrpp57WJ_p8YOOkBT3c4fp6aZvGr5M0Gh9r5aU-k9Epan4gpBaz_AFXwsaTpFQ_-syKDQ-HDH0y4I1LGsun__Ot2amzU6K_stMAaFtE3N_fPCIERx1xpIIyHJCep5dNXnZ6llaU7X1VeH7__Wh57s-Vege39UNVfb5YeXHRvPhlcBwWxR1hu_TUt7fksk2ehDOpDaBTKKsTVT5LVaSdyuJ-B9c9F7OWO1LZuv4v1mB87NkSgbYAI9BuljoQyXUV6pgL2bRXFHiWVotkgFHWqA1nBNsvVBQS8yqiTfYlpiEYCs8LQxaHij3a1jPu_QiD6YgJwNAxT17bAJ4uBUATXD5eByVsF-HFGeZ2oCqFqYPtoSIVm8GE9hRGQAYSqJaUqlrblgpreL5Y39nttvJoMqtocgFO3FyibbIDlOoE7YLuxwq5HQypwRWNemdXoaGH9S7g&sai=AMfl-YS5yWoDPt6nNVeEe0-npigkgXK-5uf1kkWIr2qO2UcNS83FiDHs3K6_vTss5X7ahKC8pGft5JQUiLfPFzcTRIIK3HpH492uPJbJDOt3zPAtEvK655PLGLNsorh_abAYUxClX1KrFL_ML9leL4IBnY0dZK3yBOhgbSh18ns7We23ORLn8NeDSku97jHA5vvmyWexcxfvXR-_GIUCArW7PWonDoeam98c-tyUscTPxPKEHfTb4bWD4aXPM9g2MYsbTEsZPigCdGvqb6ubEzlps5Mi9IkEN66RPqrYDWPQFA8Q&sig=Cg0ArKJSzE1X1xBOi4r2EAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=1&cbvp=1&cstd=0&cisv=r20220126.99137&adurl=

Requested by

Host: www.tranquilforrestt3.xyz
URL: http://www.tranquilforrestt3.xyz/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://2ee9f9c2d9910c8713dfd6416585c71c.safeframe.googlesyndication.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
date: Fri, 28 Jan 2022 13:46:27 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame D234 41 KB
15 KB 39ms
39ms Script
text/javascript 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: www.tranquilforrestt3.xyz
URL: http://www.tranquilforrestt3.xyz/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://2ee9f9c2d9910c8713dfd6416585c71c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Fri, 28 Jan 2022 11:11:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 9302
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 28 Jan 2023 11:11:25 GMT

GET
H2 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame D234 42 B
173 B 199ms
89ms Image
image/gif 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-BVp4OA6WJ9QMKyRj4xxs9zG4UurwBWsIqcDXt8IZ1vb7qbwFj2nTqE8hJ4z7s63vHehdBKIYrrMt8xKALSyVORIuVkEBZFBVwH5mGXSB-ym4lao0c

Requested by

Host: 2ee9f9c2d9910c8713dfd6416585c71c.safeframe.googlesyndication.com
URL: https://2ee9f9c2d9910c8713dfd6416585c71c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://2ee9f9c2d9910c8713dfd6416585c71c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 28 Jan 2022 13:46:27 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK /
servedby.flashtalking.com/imp/2/166460;6098942;201;pixel;Madvertise;madvertiseDERONRunofSiteAdBundleMediumRectangle25112021WMHauptlinkZPCC/ Frame D234 42 B
419 B 101ms
38ms Image
image/gif 209.197.3.19
HIGHWINDS3

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://servedby.flashtalking.com/imp/2/166460;6098942;201;pixel;Madvertise;madvertiseDERONRunofSiteAdBundleMediumRectangle25112021WMHauptlinkZPCC/?gdpr=&gdpr_consent=&cachebuster=1643377586297105
Requested by: Host: 2ee9f9c2d9910c8713dfd6416585c71c.safeframe.googlesyndication.com
URL: https://2ee9f9c2d9910c8713dfd6416585c71c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 209.197.3.19 , United States, ASN20446 (HIGHWINDS3, US),
Reverse DNS: vip0x013.map2.ssl.hwcdn.net
Software: prod-xre-app2.frk11 /
Resource Hash: 47043e4823a6c21a8881de789b4185355330b5804629d23f6b43dd93f5265292

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://2ee9f9c2d9910c8713dfd6416585c71c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 28 Jan 2022 13:46:27 GMT
Server: prod-xre-app2.frk11
X-HW: 1643377587.dop016.am5.t,1643377587.cds226.am5.shn,1643377587.dop016.am5.t,1643377587.cds272.am5.sc,1643377587.cds272.am5.p
Content-Type: image/gif
Cache-Control: no-cache, no-store
Connection: Keep-Alive
Content-Length: 42
Expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220126/r20110914/client/ Frame D234 2 KB
1 KB 49ms
49ms Script
text/javascript 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220126/r20110914/client/window_focus_fy2019.js

Requested by

Host: 2ee9f9c2d9910c8713dfd6416585c71c.safeframe.googlesyndication.com
URL: https://2ee9f9c2d9910c8713dfd6416585c71c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

144822a1b5316a4e9a06ffbf5802b8c1cbbc0a3f230d81b98f362f7fe4c128c8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://2ee9f9c2d9910c8713dfd6416585c71c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Fri, 28 Jan 2022 13:37:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 531
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1205
x-xss-protection: 0
server: cafe
etag: 18074202747124231361
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 11 Feb 2022 13:37:36 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame D234 123 KB
37 KB 108ms
60ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 2ee9f9c2d9910c8713dfd6416585c71c.safeframe.googlesyndication.com
URL: https://2ee9f9c2d9910c8713dfd6416585c71c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

84bf5ffcfd8b3a1240721c90836f1167532b716566165a51ca920c9e657a75d4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://2ee9f9c2d9910c8713dfd6416585c71c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Fri, 28 Jan 2022 13:46:27 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 38288
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1643200382015849"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Fri, 28 Jan 2022 13:46:27 GMT

GET
H3 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220126/r20110914/client/ Frame D234 14 KB
6 KB 41ms
41ms Script
text/javascript 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220126/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: 2ee9f9c2d9910c8713dfd6416585c71c.safeframe.googlesyndication.com
URL: https://2ee9f9c2d9910c8713dfd6416585c71c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a0e123a11c5b411021d5bd8ab3926fe6d726b29ca2bb83e6066dae93a9ba326a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://2ee9f9c2d9910c8713dfd6416585c71c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Fri, 28 Jan 2022 13:39:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 408
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6123
x-xss-protection: 0
server: cafe
etag: 15358646999216992880
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 11 Feb 2022 13:39:39 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame D234 0
0 105ms
54ms Image
text/html 2a00:1450:4001:812::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaSAYsiJyh3RuWLmU1oZmU6l_Qx2v8UdjVqEFOmJ2tGUGazmge7V2KvwyW7SQHoFJJ8ifOaxuLxVUpSW9jMW5N_d1mqhJg
Requested by: Host: 2ee9f9c2d9910c8713dfd6416585c71c.safeframe.googlesyndication.com
URL: https://2ee9f9c2d9910c8713dfd6416585c71c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:812::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://2ee9f9c2d9910c8713dfd6416585c71c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

GET
H2 200 4247955302277616276
s0.2mdn.net/simgad/ Frame D234 18 KB
19 KB 164ms
55ms Image
image/jpeg 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/simgad/4247955302277616276

Requested by

Host: 2ee9f9c2d9910c8713dfd6416585c71c.safeframe.googlesyndication.com
URL: https://2ee9f9c2d9910c8713dfd6416585c71c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

fb56c7709da10e0efcc26bbd3952c834ebfc48be574872acba8e413813f7e696

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://2ee9f9c2d9910c8713dfd6416585c71c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 24 Jan 2022 13:29:26 GMT
x-content-type-options: nosniff
age: 346621
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 18731
x-xss-protection: 0
last-modified: Fri, 14 Jan 2022 14:14:34 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 24 Jan 2023 13:29:26 GMT

GET
H3 200 videoplayback Show response
rr4---sn-5hnekn7d.googlevideo.com/ Frame 6886 224 KB
224 KB 15ms
14ms XHR
video/mp4 2a00:1450:400e:1::9
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/495d0f2b/player_ias.vflset/de_DE/base.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400e:1::9 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

gvs 1.0 /

Resource Hash

e5c90a130f24286688b061d36422e753360753c2d3ceabfbdcdaee423b99a04a

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.youtube.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Fri, 28 Jan 2022 13:46:27 GMT
x-restrict-formats-hint: None
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 229553
client-protocol: quic
last-modified: Sun, 04 Jul 2021 12:54:15 GMT
server: gvs 1.0
vary: Origin
content-type: video/mp4
access-control-allow-origin: https://www.youtube.com
access-control-expose-headers: Client-Protocol, Content-Length, Content-Type, X-Bandwidth-Est, X-Bandwidth-Est2, X-Bandwidth-Est3, X-Bandwidth-App-Limited, X-Bandwidth-Est-App-Limited, X-Bandwidth-Est-Comp, X-Bandwidth-Avg, X-Head-Time-Millis, X-Head-Time-Sec, X-Head-Seqnum, X-Response-Itag, X-Restrict-Formats-Hint, X-Sequence-Num, X-Segment-Lmt, X-Walltime-Ms
cache-control: private, max-age=21299
access-control-allow-credentials: true
accept-ranges: bytes
timing-allow-origin: https://www.youtube.com
x-content-type-options: nosniff
expires: Fri, 28 Jan 2022 13:46:27 GMT

GET
H3 204 playback
www.youtube.com/api/stats/ Frame E7E4 0
17 B 49ms
48ms Image
text/html 2a00:1450:4001:80e::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.youtube.com/api/stats/playback?ns=yt&el=embedded&cpn=EV2uXV7Bgoqk5hfv&ver=2&cmt=0.006&fmt=396&fs=0&rt=0.489&euri=http%3A%2F%2Fwww.tranquilforrestt3.xyz%2F&lact=507&cl=424458613&mos=1&volume=100&cbr=Chrome&cbrver=97.0.4692.71&c=WEB_EMBEDDED_PLAYER&cver=1.20220126.01.00&cplayer=UNIPLAYER&cos=Windows&cosver=10.0&cplatform=DESKTOP&autoplay=1&hl=de_DE&cr=DE&len=1393.501&fexp=23983296%2C24001373%2C24002022%2C24002025%2C24002923%2C24004644%2C24007246%2C24080738%2C24082662%2C24106566%2C24125207%2C24126630%2C24129402%2C24135310%2C24141079%2C24146770%2C24154885&rtn=9&afmt=251&size=300%3A250&inview=0&muted=1&docid=4RHoJWfJ9AY&ei=svPzYZOuKIOAx_AP8paWmAI&plid=AAXWpKlJXvmBiFtT&referrer=https%3A%2F%2Fwww.youtube.com%2Fembed%2F4RHoJWfJ9AY%3Fautoplay%3D1%26mute%3D1%26rel%3D0&of=zp8oC3u0UkjzfUA-b4fcmw&vm=CAEQARgEOjJBS1JhaHdDRUpHZDUwUTJnbWx1dFozNlFqNlpfeTZ0bFBEX3FBVS02R3RPR2hMaHJ2QWJLQVBta0tESWRxVE42OE5YOVVzV1dCNllzQm9NQUx1LWZiRzFUQUVrZU5EVkY0bHh3c1RMYlRaS0thZjlhZnYyT0tLaC1ZZ1p1b29V

Requested by

Host: www.tranquilforrestt3.xyz
URL: http://www.tranquilforrestt3.xyz/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Video Stats Server /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.youtube.com/embed/4RHoJWfJ9AY?autoplay=1&mute=1&rel=0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 28 Jan 2022 13:46:27 GMT
x-content-type-options: nosniff
server: Video Stats Server
x-frame-options: SAMEORIGIN
content-type: text/html; charset=UTF-8
cache-control: no-cache, must-revalidate
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 ptracking
www.youtube.com/ Frame E7E4 0
19 B 48ms
47ms Image
text/html 2a00:1450:4001:80e::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.youtube.com/ptracking?html5=1&video_id=4RHoJWfJ9AY&cpn=EV2uXV7Bgoqk5hfv&ei=svPzYZOuKIOAx_AP8paWmAI&ptk=youtube_single&oid=wGq9EMhqo84lGVb-4GwMyQ&ptchn=z8QaiQxApLq8sLNcszYyJw&pltype=content

Requested by

Host: www.tranquilforrestt3.xyz
URL: http://www.tranquilforrestt3.xyz/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Video Stats Server /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.youtube.com/embed/4RHoJWfJ9AY?autoplay=1&mute=1&rel=0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 28 Jan 2022 13:46:27 GMT
x-content-type-options: nosniff
server: Video Stats Server
x-frame-options: SAMEORIGIN
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
cache-control: no-cache, must-revalidate
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 videoplayback Show response
rr5---sn-5hneknee.googlevideo.com/ Frame E7E4 70 KB
70 KB 15ms
15ms XHR
audio/webm 2a00:1450:400e:8::a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://rr5---sn-5hneknee.googlevideo.com/videoplayback?expire=1643399186&ei=svPzYZOuKIOAx_AP8paWmAI&ip=2a03%3A1b20%3A6%3Af011%3A%3A5e&id=o-ALYzR9UnvBqOdTZ7vdr7t9JDXmbRGlvzl-tIOjbDZr7R&itag=251&source=youtube&requiressl=yes&mh=0t&mm=31%2C26&mn=sn-5hneknee%2Csn-5goeen7y&ms=au%2Conr&mv=m&mvi=5&pl=48&initcwndbps=1653750&vprv=1&mime=audio%2Fwebm&ns=ues1O0_LrWBr8o0-fUdzKHgG&gir=yes&clen=20496903&dur=1393.501&lmt=1607943462301037&mt=1643377277&fvip=5&keepalive=yes&fexp=24001373%2C24007246&c=WEB_EMBEDDED_PLAYER&txp=5532434&n=gCFGimhN151Y2w&sparams=expire%2Cei%2Cip%2Cid%2Citag%2Csource%2Crequiressl%2Cvprv%2Cmime%2Cns%2Cgir%2Cclen%2Cdur%2Clmt&sig=AOq0QJ8wRgIhAKP74N2IBnnG5HXTd9RnsOXMYYqJdREhUssPQn5WvbicAiEA9ktjKgc6DA9ggnUzMO8hbRN-v0yft5n7tb3dTLETpGU%3D&lsparams=mh%2Cmm%2Cmn%2Cms%2Cmv%2Cmvi%2Cpl%2Cinitcwndbps&lsig=AG3C_xAwRQIhALBbxIfXlV8QRFSHE5Am1s-xGTFrTtpv24mUu1cs3TDMAiAQ_0qhwTkzOXXH277XQxACinLU_zzCsiuihAcyXsyN4A%3D%3D&alr=yes&cpn=EV2uXV7Bgoqk5hfv&cver=1.20220126.01.00&range=68204-140185&rn=4&rbuf=3969

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/495d0f2b/player_ias.vflset/de_DE/base.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400e:8::a , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

gvs 1.0 /

Resource Hash

34ffe5a744c7939ab600715acd5b9955a3161871bdd9f290377156ba92a6a413

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.youtube.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Fri, 28 Jan 2022 13:46:27 GMT
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 71982
client-protocol: quic
last-modified: Mon, 14 Dec 2020 10:57:42 GMT
server: gvs 1.0
vary: Origin
content-type: audio/webm
access-control-allow-origin: https://www.youtube.com
access-control-expose-headers: Client-Protocol, Content-Length, Content-Type, X-Bandwidth-Est, X-Bandwidth-Est2, X-Bandwidth-Est3, X-Bandwidth-App-Limited, X-Bandwidth-Est-App-Limited, X-Bandwidth-Est-Comp, X-Bandwidth-Avg, X-Head-Time-Millis, X-Head-Time-Sec, X-Head-Seqnum, X-Response-Itag, X-Restrict-Formats-Hint, X-Sequence-Num, X-Segment-Lmt, X-Walltime-Ms
cache-control: private, max-age=21299
access-control-allow-credentials: true
accept-ranges: bytes
timing-allow-origin: https://www.youtube.com
expires: Fri, 28 Jan 2022 13:46:27 GMT

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 8BE5 22 KB
8 KB 46ms
46ms Document
text/html 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://2ee9f9c2d9910c8713dfd6416585c71c.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
timing-allow-origin: *
content-length: 8395
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 28 Jan 2022 11:12:02 GMT
expires: Sat, 28 Jan 2023 11:12:02 GMT
cache-control: public, max-age=31536000
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
content-type: text/html
age: 9265
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 videoplayback Show response
rr4---sn-5hnekn7d.googlevideo.com/ Frame 6886 144 KB
144 KB 15ms
14ms XHR
audio/webm 2a00:1450:400e:1::9
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://rr4---sn-5hnekn7d.googlevideo.com/videoplayback?expire=1643399186&ei=svPzYfPWJcu8x_APiKutyAU&ip=2a03%3A1b20%3A6%3Af011%3A%3A5e&id=o-AL3wTGwWKNbjJTkrjhflecK629aFoy7vY3lIMYGWKxhC&itag=251&source=youtube&requiressl=yes&mh=Wa&mm=31%2C29&mn=sn-5hnekn7d%2Csn-5hne6nsy&ms=au%2Crdu&mv=m&mvi=4&pl=48&initcwndbps=1653750&vprv=1&mime=audio%2Fwebm&ns=hP-kvHtvtRLTj6Kh5qfEHDkG&gir=yes&clen=3452870&dur=200.861&lmt=1623499696404952&mt=1643377277&fvip=4&keepalive=yes&fexp=24001373%2C24007246&c=WEB_EMBEDDED_PLAYER&txp=5532434&n=23PZ7T0nZdSa8g&sparams=expire%2Cei%2Cip%2Cid%2Citag%2Csource%2Crequiressl%2Cvprv%2Cmime%2Cns%2Cgir%2Cclen%2Cdur%2Clmt&sig=AOq0QJ8wRQIgfDxLgvk5zlKx9J86b7Vdt-DoSjEc9ub3j7XCr8NPppYCIQDm6RYQAapDuntBLhBHvGm719whTbA8vGRcmRInbpsIfw%3D%3D&lsparams=mh%2Cmm%2Cmn%2Cms%2Cmv%2Cmvi%2Cpl%2Cinitcwndbps&lsig=AG3C_xAwRQIhAOEdbmAhtsZaGgA-3mU_n3vAvBlHjAzmdS1xjp7ZI06PAiBIXCpcrjzLvjCr6lZngoKgDl1vu5bufRXd4fPHk8obOQ%3D%3D&alr=yes&cpn=MzsjtoIXAbgRTkG9&cver=1.20220126.01.00&range=131692-279519&rn=6&rbuf=7312

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/495d0f2b/player_ias.vflset/de_DE/base.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400e:1::9 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

gvs 1.0 /

Resource Hash

8ac4d199076de820554a1f3ae2ac4c5ed4565d1a5c986ae7f0c7ec1b2634028f

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.youtube.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Fri, 28 Jan 2022 13:46:27 GMT
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 147828
client-protocol: quic
last-modified: Sat, 12 Jun 2021 12:08:16 GMT
server: gvs 1.0
vary: Origin
content-type: audio/webm
access-control-allow-origin: https://www.youtube.com
access-control-expose-headers: Client-Protocol, Content-Length, Content-Type, X-Bandwidth-Est, X-Bandwidth-Est2, X-Bandwidth-Est3, X-Bandwidth-App-Limited, X-Bandwidth-Est-App-Limited, X-Bandwidth-Est-Comp, X-Bandwidth-Avg, X-Head-Time-Millis, X-Head-Time-Sec, X-Head-Seqnum, X-Response-Itag, X-Restrict-Formats-Hint, X-Sequence-Num, X-Segment-Lmt, X-Walltime-Ms
cache-control: private, max-age=21299
access-control-allow-credentials: true
accept-ranges: bytes
timing-allow-origin: https://www.youtube.com
expires: Fri, 28 Jan 2022 13:46:27 GMT

GET
H3 200 videoplayback Show response
rr5---sn-5hneknee.googlevideo.com/ Frame E7E4 173 KB
173 KB 18ms
18ms XHR
video/mp4 2a00:1450:400e:8::a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/495d0f2b/player_ias.vflset/de_DE/base.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400e:8::a , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

gvs 1.0 /

Resource Hash

7167b76e941f5df932b84d524ad1f87f7f37f368341fa63aa0139dd8094736e8

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.youtube.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Fri, 28 Jan 2022 13:46:27 GMT
x-restrict-formats-hint: None
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 177263
client-protocol: quic
last-modified: Mon, 14 Dec 2020 14:14:16 GMT
server: gvs 1.0
vary: Origin
content-type: video/mp4
access-control-allow-origin: https://www.youtube.com
access-control-expose-headers: Client-Protocol, Content-Length, Content-Type, X-Bandwidth-Est, X-Bandwidth-Est2, X-Bandwidth-Est3, X-Bandwidth-App-Limited, X-Bandwidth-Est-App-Limited, X-Bandwidth-Est-Comp, X-Bandwidth-Avg, X-Head-Time-Millis, X-Head-Time-Sec, X-Head-Seqnum, X-Response-Itag, X-Restrict-Formats-Hint, X-Sequence-Num, X-Segment-Lmt, X-Walltime-Ms
cache-control: private, max-age=21299
access-control-allow-credentials: true
accept-ranges: bytes
timing-allow-origin: https://www.youtube.com
x-content-type-options: nosniff
expires: Fri, 28 Jan 2022 13:46:27 GMT

GET
H3 200 videoplayback Show response
rr4---sn-5hnekn7d.googlevideo.com/ Frame 6886 422 KB
422 KB 16ms
16ms XHR
video/mp4 2a00:1450:400e:1::9
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/495d0f2b/player_ias.vflset/de_DE/base.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400e:1::9 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

gvs 1.0 /

Resource Hash

19ca98c7d6dd2a8529fd02178a57cb043bc948fc9a533c87261c6ada07f9e704

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.youtube.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Fri, 28 Jan 2022 13:46:27 GMT
x-restrict-formats-hint: None
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 432099
client-protocol: quic
last-modified: Sun, 04 Jul 2021 12:54:15 GMT
server: gvs 1.0
vary: Origin
content-type: video/mp4
access-control-allow-origin: https://www.youtube.com
access-control-expose-headers: Client-Protocol, Content-Length, Content-Type, X-Bandwidth-Est, X-Bandwidth-Est2, X-Bandwidth-Est3, X-Bandwidth-App-Limited, X-Bandwidth-Est-App-Limited, X-Bandwidth-Est-Comp, X-Bandwidth-Avg, X-Head-Time-Millis, X-Head-Time-Sec, X-Head-Seqnum, X-Response-Itag, X-Restrict-Formats-Hint, X-Sequence-Num, X-Segment-Lmt, X-Walltime-Ms
cache-control: private, max-age=21299
access-control-allow-credentials: true
accept-ranges: bytes
timing-allow-origin: https://www.youtube.com
x-content-type-options: nosniff
expires: Fri, 28 Jan 2022 13:46:27 GMT

GET
H3 200 container.html Show response
2ee9f9c2d9910c8713dfd6416585c71c.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame B576 6 KB
3 KB 61ms
60ms Document
text/html 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://2ee9f9c2d9910c8713dfd6416585c71c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022012702.js?31064603

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: http://www.tranquilforrestt3.xyz/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 3108
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 28 Jan 2022 13:46:25 GMT
expires: Sat, 28 Jan 2023 13:46:25 GMT
cache-control: public, immutable, max-age=31536000
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
content-type: text/html
age: 2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 videoplayback Show response
rr5---sn-5hneknee.googlevideo.com/ Frame E7E4 148 KB
148 KB 20ms
20ms XHR
audio/webm 2a00:1450:400e:8::a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://rr5---sn-5hneknee.googlevideo.com/videoplayback?expire=1643399186&ei=svPzYZOuKIOAx_AP8paWmAI&ip=2a03%3A1b20%3A6%3Af011%3A%3A5e&id=o-ALYzR9UnvBqOdTZ7vdr7t9JDXmbRGlvzl-tIOjbDZr7R&itag=251&source=youtube&requiressl=yes&mh=0t&mm=31%2C26&mn=sn-5hneknee%2Csn-5goeen7y&ms=au%2Conr&mv=m&mvi=5&pl=48&initcwndbps=1653750&vprv=1&mime=audio%2Fwebm&ns=ues1O0_LrWBr8o0-fUdzKHgG&gir=yes&clen=20496903&dur=1393.501&lmt=1607943462301037&mt=1643377277&fvip=5&keepalive=yes&fexp=24001373%2C24007246&c=WEB_EMBEDDED_PLAYER&txp=5532434&n=gCFGimhN151Y2w&sparams=expire%2Cei%2Cip%2Cid%2Citag%2Csource%2Crequiressl%2Cvprv%2Cmime%2Cns%2Cgir%2Cclen%2Cdur%2Clmt&sig=AOq0QJ8wRgIhAKP74N2IBnnG5HXTd9RnsOXMYYqJdREhUssPQn5WvbicAiEA9ktjKgc6DA9ggnUzMO8hbRN-v0yft5n7tb3dTLETpGU%3D&lsparams=mh%2Cmm%2Cmn%2Cms%2Cmv%2Cmvi%2Cpl%2Cinitcwndbps&lsig=AG3C_xAwRQIhALBbxIfXlV8QRFSHE5Am1s-xGTFrTtpv24mUu1cs3TDMAiAQ_0qhwTkzOXXH277XQxACinLU_zzCsiuihAcyXsyN4A%3D%3D&alr=yes&cpn=EV2uXV7Bgoqk5hfv&cver=1.20220126.01.00&range=140186-291229&rn=6&rbuf=8328

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/495d0f2b/player_ias.vflset/de_DE/base.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400e:8::a , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

gvs 1.0 /

Resource Hash

2600c1174be6aa80e85f5feba1e935a31e0abd1a93254f4c8a870bc05dcf661b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.youtube.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Fri, 28 Jan 2022 13:46:27 GMT
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 151044
client-protocol: quic
last-modified: Mon, 14 Dec 2020 10:57:42 GMT
server: gvs 1.0
vary: Origin
content-type: audio/webm
access-control-allow-origin: https://www.youtube.com
access-control-expose-headers: Client-Protocol, Content-Length, Content-Type, X-Bandwidth-Est, X-Bandwidth-Est2, X-Bandwidth-Est3, X-Bandwidth-App-Limited, X-Bandwidth-Est-App-Limited, X-Bandwidth-Est-Comp, X-Bandwidth-Avg, X-Head-Time-Millis, X-Head-Time-Sec, X-Head-Seqnum, X-Response-Itag, X-Restrict-Formats-Hint, X-Sequence-Num, X-Segment-Lmt, X-Walltime-Ms
cache-control: private, max-age=21299
access-control-allow-credentials: true
accept-ranges: bytes
timing-allow-origin: https://www.youtube.com
expires: Fri, 28 Jan 2022 13:46:27 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame DF32
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEMO_oTo6ItujaHZqt6EDqQE&google_cver=1

43 B
894 B

15ms
14ms

Image
image/gif

2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEMO_oTo6ItujaHZqt6EDqQE&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CP-aJhCrhNkCGNWZ6L8BMAE&v=APEucNVhYmXZhNxfyWb2uzWnoSdtV5lwPC879RsMfjSVUhmHOpKBXQD2MPBYw7v9bUPOsrdGejYU-3WrDeJTKgAFpkY4sM-Y98GgG7Z4-rhn9zUtBYrAlX57Y0P1iPU8GssTjWFwQwqIvudbFa2bgSWoN4jcadX424wON5iryHJRNGxjE5yP9dE
Protocol: HTTP/1.1
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 28 Jan 2022 13:46:27 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Fri, 28 Jan 2022 13:46:27 GMT

Redirect headers

pragma: no-cache
date: Fri, 28 Jan 2022 13:46:27 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEMO_oTo6ItujaHZqt6EDqQE&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame DF32
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YfPzs1KMxDHDRFBvdH2Q9QAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEMO_oTo6ItujaHZqt6EDqQE&google_cver=1

43 B
894 B

36ms
23ms

Image
image/gif

2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEMO_oTo6ItujaHZqt6EDqQE&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CP-aJhCrhNkCGNWZ6L8BMAE&v=APEucNVhYmXZhNxfyWb2uzWnoSdtV5lwPC879RsMfjSVUhmHOpKBXQD2MPBYw7v9bUPOsrdGejYU-3WrDeJTKgAFpkY4sM-Y98GgG7Z4-rhn9zUtBYrAlX57Y0P1iPU8GssTjWFwQwqIvudbFa2bgSWoN4jcadX424wON5iryHJRNGxjE5yP9dE
Protocol: HTTP/1.1
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 28 Jan 2022 13:46:27 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Fri, 28 Jan 2022 13:46:27 GMT

Redirect headers

pragma: no-cache
date: Fri, 28 Jan 2022 13:46:27 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEMO_oTo6ItujaHZqt6EDqQE&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

setuid
ib.adnxs.com/ Frame DF32
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEDDo0YkupafgKDZV1Z8H86I&google_cver=1

43 B
1007 B

89ms
76ms

Image
image/gif

37.252.172.36
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=101&code=CAESEDDo0YkupafgKDZV1Z8H86I&google_cver=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CP-aJhCrhNkCGNWZ6L8BMAE&v=APEucNVhYmXZhNxfyWb2uzWnoSdtV5lwPC879RsMfjSVUhmHOpKBXQD2MPBYw7v9bUPOsrdGejYU-3WrDeJTKgAFpkY4sM-Y98GgG7Z4-rhn9zUtBYrAlX57Y0P1iPU8GssTjWFwQwqIvudbFa2bgSWoN4jcadX424wON5iryHJRNGxjE5yP9dE

Protocol

HTTP/1.1

Server

37.252.172.36 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

Software

nginx/1.17.9 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 28 Jan 2022 13:46:27 GMT
X-Proxy-Origin: 185.213.155.165; 185.213.155.165; 692.bm-nginx-loadbalancer.mgmt.fra1; adnxs.com
AN-X-Request-Uuid: a164b5ad-6559-4adb-af36-8566d1098f97
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Fri, 28 Jan 2022 13:46:27 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://ib.adnxs.com/setuid?entity=101&code=CAESEDDo0YkupafgKDZV1Z8H86I&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 290
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame DF32
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NTYxNDY2NzE0Mjc4MTE3NDQ3

170 B
188 B

97ms
50ms

Image
image/png

142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NTYxNDY2NzE0Mjc4MTE3NDQ3

Requested by

Protocol

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 28 Jan 2022 13:46:27 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Fri, 28 Jan 2022 13:46:27 GMT
X-Proxy-Origin: 185.213.155.165; 185.213.155.165; 692.bm-nginx-loadbalancer.mgmt.fra1; adnxs.com
AN-X-Request-Uuid: 9fd25f12-122b-4abb-afed-c9795935019d
Server: nginx/1.17.9
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NTYxNDY2NzE0Mjc4MTE3NDQ3
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 mfFJ-W--rqivV8WG4WyPQ8vKEq2pdH_2ou3EKTspk_8.js Show response
pagead2.googlesyndication.com/bg/ Frame 8BE5 35 KB
14 KB 59ms
59ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/mfFJ-W--rqivV8WG4WyPQ8vKEq2pdH_2ou3EKTspk_8.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

99f149f96fbeaea8af57c586e16c8f43cbca12ada9747ff6a2edc4293b2993ff

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 27 Jan 2022 20:35:23 GMT
content-encoding: br
x-content-type-options: nosniff
age: 61864
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13575
x-xss-protection: 0
last-modified: Mon, 24 Jan 2022 14:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 27 Jan 2023 20:35:23 GMT

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame BF3F 1 KB
749 B 106ms
46ms Document
text/html 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: 2ee9f9c2d9910c8713dfd6416585c71c.safeframe.googlesyndication.com
URL: https://2ee9f9c2d9910c8713dfd6416585c71c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://2ee9f9c2d9910c8713dfd6416585c71c.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 724
x-xss-protection: 0
date: Fri, 28 Jan 2022 05:53:44 GMT
expires: Sat, 29 Jan 2022 05:53:44 GMT
cache-control: public, max-age=86400
age: 28363
etag: 48472445140208031
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
DATA 200
OK truncated
/ Frame D234 213 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 6414f5c2d0aadbd966737fe6f521150a0c47639f768ca26b1f84d6124293469c

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 videoplayback Show response
rr5---sn-5hneknee.googlevideo.com/ Frame E7E4 351 KB
351 KB 15ms
15ms XHR
video/mp4 2a00:1450:400e:8::a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/495d0f2b/player_ias.vflset/de_DE/base.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400e:8::a , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

gvs 1.0 /

Resource Hash

a04eafa6d6fc81cf9997505edbde6a6d6c6c1345bdb7b038d529610cb3dd4b7b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.youtube.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Fri, 28 Jan 2022 13:46:27 GMT
x-restrict-formats-hint: None
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 359410
client-protocol: quic
last-modified: Mon, 14 Dec 2020 14:14:16 GMT
server: gvs 1.0
vary: Origin
content-type: video/mp4
access-control-allow-origin: https://www.youtube.com
access-control-expose-headers: Client-Protocol, Content-Length, Content-Type, X-Bandwidth-Est, X-Bandwidth-Est2, X-Bandwidth-Est3, X-Bandwidth-App-Limited, X-Bandwidth-Est-App-Limited, X-Bandwidth-Est-Comp, X-Bandwidth-Avg, X-Head-Time-Millis, X-Head-Time-Sec, X-Head-Seqnum, X-Response-Itag, X-Restrict-Formats-Hint, X-Sequence-Num, X-Segment-Lmt, X-Walltime-Ms
cache-control: private, max-age=21299
access-control-allow-credentials: true
accept-ranges: bytes
timing-allow-origin: https://www.youtube.com
x-content-type-options: nosniff
expires: Fri, 28 Jan 2022 13:46:27 GMT

POST
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame D234 0
23 B 127ms
76ms Ping
image/gif 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: www.tranquilforrestt3.xyz
URL: http://www.tranquilforrestt3.xyz/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://2ee9f9c2d9910c8713dfd6416585c71c.safeframe.googlesyndication.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

timing-allow-origin: *
date: Fri, 28 Jan 2022 13:46:27 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 696A 624 B
297 B 62ms
61ms Document
text/html 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhCn9EsYtKK9lQEwAQ&v=APEucNWMlo6nYPP70q6qj1ktz8xOm6YhjKPYrlbbVi5ast-SukW5cIb4o18tunreLQ6s5a_kU9K_Jxucm-OgM7OFaT4Zlw8xd94WDu7sEyF8vkX4NNeezK2_6VS42XtbU7pZTlt3nOObB6tAxaBH4xDzmTomXl2uQVde7vE1GuahzaI5cTuXP3Q

Requested by

Host: 2ee9f9c2d9910c8713dfd6416585c71c.safeframe.googlesyndication.com
URL: https://2ee9f9c2d9910c8713dfd6416585c71c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://2ee9f9c2d9910c8713dfd6416585c71c.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
date: Fri, 28 Jan 2022 13:46:27 GMT
server: cafe
cache-control: private
content-length: 276
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame B576 24 KB
14 KB 75ms
75ms Script
text/javascript 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-AMxCWDodZR6-nXBa9JKCCKzQgn7FOC8R1cKfmjW7Fn8GuLBLQCjx2TQkEzQet2iL3_QTCm9Fw9490KIc0Thiu0NDwXcIXt3yBTCTswxLcRZRHi59tBOY6wwU0ghrqlc7OgQzHUarmxhNYCHBXtN3_mhayzVw&cry=1&dbm_d=AKAmf-B237NPEHC5iHuFjWVLof9a3T3ImxKmD2ac-oVo0eUKykxn5QyrVCCAO7QPcT-CBZnpoLxCYE0wLiEIhi6QyiMShrTTVp_pbZf9bX7RxWfGdXLZdCBfjPPKL5BUeKqCUE8JqwVKNqUPT7RTMO1SSthqJJo17ptEQdGYiN0L-rpe1Hr1IgKRYWAN4NpnM6Su89SxH_blXD7zJDYnL0I94hjBIpcXiGZxvkBLzQLHZgXJ11iauFy-camHcP8lKV82aGyBFBrkGEQu-KhZZV8pJ0MnAjxg2uouzChfLfOBvNFXtSAs7z0SkXTAz77zQNOjp-787LW0SGUJk68K9ey6748zGplH3L3zy9NLpe0Y0lC-Px3qv_sfxDBxNpmHLD-xNi_QHlAsu-smXLszqw_SS-1MK_2my0kBIRpKpJW2ayA8wuxJ6vixq7Jn1FpuJx1J2pZM5MkutEeISnfAKLVhEX4whheQfGbTTu6b1qBlM677gvuZbHDGlgahoMMij3zTJ26CQVFy1FFZLQCGxT5vCSfOojalgAbbHy9xrZ7W3l-Pn8KmksBROVsBZSfsnyqwUZf0wZxLoyzF7-wx0SeR8evcJfAdefcX4y0hoW0-isW22B-7R-Q8MM8vXi8hiGsMvsWUJQV9YnJE5TOSegNHIP5Jvc98wAUebLXgA08o3l0lWzHv5TJwGz9vqh6AU8JBSJnAG7DaZpVzDpN9Dmips8auHzbkn1JX62syOAokF8XkX517NKzkQP1pURhZNLdOGtSij000vJ_TJ2x2CWcmgS4BQT2vHt0wvPMA67zqfuoWaRaz16MLcDxqiqUc2djlnZlyiEndOhLLxh53iBehq-CiocYwc4uJvxMAq9XKmf-gXuVIX6o9vxMtGCJ7xqhLRHNYUqwMMeBswMAsaSn_fCb5cKKSQYQcjzJ7ZF9cHQm-lzZDNlvyhm05n3WB7fmioNRM92KjBp7awaA06Hv7VQpl14B6u7jmnMM2yy1vnv8kOVw3svHBUYh7ebY2M7Ro1A8veCZCkueSF-6vdl29_OVBNO3GaW1F5YsEwkEX60W__Q9VLv1OWamDnSOtY05EczmAeiUGU-pwM06X6xPptErUj2lfuGhTQ_vfFQaj90Hv7ZAey-VDOm5xWPwrZ1rHfl90TOseO-If4GHDB70cxPBsArpJb0xezHFw7utSzgZ5NzccjNVuqtQNLyZ9VnMNZQkUt8OSW_7QmF6ihKPBbNr7wqzasSgpS3xBe5xwIDOLKssSWI6pS4GkUBBm1Jsnc9htrOYjWwxtgyY01da1_F-2s-oG0XtNuplC8wmnUfRkOLZE1hN4NwIGLCnypHfZEwSVRmUIVaalfc4QTp7U2zv4TPnfqvzOvsBHShHYMZXxtJfQTglznyiKXzQITwJf-4StWjUgwEWRtopdvJOsmSxYUBB1wt2Lnw7MrVBtymD8kaXapNDhszvMMChfgmelei9P0xfeKlqGKxVb2-olP883YXbVBBh6YBUWvegoklFmC0MJhWi-jjLhaCMJqJq8XGKRMmIketT_V1DOsq3kHGebMymNI0PXou3QgZ3T4TMTzmg8SHripCYTOHh2LZdb4DiuMZqRA38noMXpylFlsHteIrt63wrxVH0QH70tNfxuhtQJ7pA1GqzshhtubgwUpOXoMWZTiFXEvr7WOOc3_7AuhtIg0i06lCWeJt_Jn1a2rfDkNpUZCIsykpOhv3GIzMMXWrhp0WmJNvDpF5EEenEQL9gw9ajIWq_JjJ5Ws29VSkCxHPEJfXldep8-geWZWeaT0Q9x8Lcr69xPGAhlMu7jjFCpNdwhY_RCj6o8LcqzdW7S1w9eDbRquj5KTZJA_mW7W6pg2zvegdrsO5ENZDfpaepzsjvfVzgM7dBJro2P06HxMvJ9lo1oYlejM0sSi-1d5_z5_ZgWH2US2hKmxUHlLF9p5d2z06aZkJOdF60DBMJWr33tpLv8FUIbgbWKWDWG_A4moAyPgYWspCMvaCaem3mH6I0scz5XNLHcMN1lsFlvvl6JSsTLdcuAwZ12TglDlCoFFbg0SnX2lSIeysS6uvD13f-s8n0TiMR6mBEAK-VjmxlC84TMAqJw_SQxo1PHuzQislZqYu_nR-RDGcJi4STwE75tS2exwbHTOyx5hubLzvETARZkW7KxwLnkFGM6QwU34gFtp23xIrrAXHpSOn4hwzTZmYwRoCx4BDoJXWlyNx3Kutf_xIdzdDjJtcegzSJ2mdDKBALZPcgo8d3qwmfz9P452aDHQ93WOGstl4h42u_A4X-aeqGiqRJkF1vVWuyt8x2NPEctfpGtdP6sBjfkRg7sIPseMLesDU2ktTTvZzKzdQd__DbNyssCetpLTVaKtqkOGu7ZY6jg5bzllcn6K3S5kIXxNFHdtIoUrhFTeUBGx6WFgywK2Fcx6zoqVWcrzow15SGHmBn6bWzv89hughKM3WkOW7fjx55OSzFDgd2bimGaJzrCiMTGvHRpGtxUnlMjSbnL5PYtOFabcyuSaNEMxVGp4IcixsBtnYqB7Rr1vH6QXI0LYTcHCwmlASWeWQ0XZvRh7XcdeCuK-PYps4F3rKPOHZEqO4IuTatqJ645zQ3t7YGi_6KP0obOMCiC3P9_0awDwdMRKixfYldlajyF_VgFmvgTH4HYhRLeKRZcQZ8FMxKzjD0PDJ7J_fvap_JjnTnrSUlsCgW85IHseWaeNC1fXJeoHdAHUIhAf6zH7Qc65pM2qPSUVmugH0scaxBW95QOoewLzCIk6TA4-_55ZAxACesHdTAL7fZ9z7fNSA_hnkkOBTNhgiuTncr4Xigh5T5TE4qwUisc5xRNW4sKad300meh23TYALlVkfDWG9XjA37j331dlkITH_MSosDRYDC6gXZIVYItJIrfPSLIVlLoIyqh0tpZn5jMdEbJXxNh8mJy9IR8v2f0398QTKuYfgj-Nnf5rv7bB715_yTcNLmcmcuHjvYBTn0a_zt_5i3F84UmqGCFKWq1qumNC3Abd7wvbbS4BuSCeHvu5MIRBVWVQMTV5JVQPx6OxD5HearYPqvEPjT-R3ENuAI9EVxqtIXJfiWpexyM4yXDF4MwMR2hk0exJhjwbnPH7tygC5uYblE0jKNE6TJ_c_N3&cid=CAASEuRoY00iCdPLvO2BEKKVJ0t2gA&rfl=1%2Chttp%253A%252F%252Fwww.tranquilforrestt3.xyz%252F%240

Requested by

Host: www.tranquilforrestt3.xyz
URL: http://www.tranquilforrestt3.xyz/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

05c709bd60bfd795d01fc88e200b5987ba17281fe8a201a1fefcf4712a1d4d5d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://2ee9f9c2d9910c8713dfd6416585c71c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 28 Jan 2022 13:46:27 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 14368
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame B576 42 B
63 B 78ms
70ms Image
image/gif 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-DeQ_dUnua7ygNxKy_-5nY4a8BGaiS2CzKvIygtutA3sNPA8xX9MZ0DgGAIeFizvLRCOSZNHlRB0ZlAOyroSFbt_Ng3i5DJ2iX9EXviXOjf3BXXDMA

Requested by

Host: 2ee9f9c2d9910c8713dfd6416585c71c.safeframe.googlesyndication.com
URL: https://2ee9f9c2d9910c8713dfd6416585c71c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://2ee9f9c2d9910c8713dfd6416585c71c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 28 Jan 2022 13:46:27 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220126/r20110914/client/ Frame B576 2 KB
1 KB 50ms
50ms Script
text/javascript 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220126/r20110914/client/window_focus_fy2019.js

Requested by

Host: 2ee9f9c2d9910c8713dfd6416585c71c.safeframe.googlesyndication.com
URL: https://2ee9f9c2d9910c8713dfd6416585c71c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

144822a1b5316a4e9a06ffbf5802b8c1cbbc0a3f230d81b98f362f7fe4c128c8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://2ee9f9c2d9910c8713dfd6416585c71c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Fri, 28 Jan 2022 13:37:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 531
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1205
x-xss-protection: 0
server: cafe
etag: 18074202747124231361
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 11 Feb 2022 13:37:36 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame B576 123 KB
37 KB 63ms
62ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 2ee9f9c2d9910c8713dfd6416585c71c.safeframe.googlesyndication.com
URL: https://2ee9f9c2d9910c8713dfd6416585c71c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

84bf5ffcfd8b3a1240721c90836f1167532b716566165a51ca920c9e657a75d4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://2ee9f9c2d9910c8713dfd6416585c71c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Fri, 28 Jan 2022 13:46:27 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 38288
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1643200382015849"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Fri, 28 Jan 2022 13:46:27 GMT

GET
H3 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220126/r20110914/client/ Frame B576 14 KB
6 KB 51ms
50ms Script
text/javascript 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220126/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: 2ee9f9c2d9910c8713dfd6416585c71c.safeframe.googlesyndication.com
URL: https://2ee9f9c2d9910c8713dfd6416585c71c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a0e123a11c5b411021d5bd8ab3926fe6d726b29ca2bb83e6066dae93a9ba326a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://2ee9f9c2d9910c8713dfd6416585c71c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Fri, 28 Jan 2022 13:39:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 408
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6123
x-xss-protection: 0
server: cafe
etag: 15358646999216992880
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 11 Feb 2022 13:39:39 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame B576 0
0 58ms
57ms Image
text/html 2a00:1450:4001:812::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaRzWOclAqZILqR3TDWHeDRe8Gn1zfVvaxHZYw3kgjAMJz-aW0YxlqSkvKnTokrcTocpMVFTRas03lurx_gqmmEbRhmu6Q
Requested by: Host: 2ee9f9c2d9910c8713dfd6416585c71c.safeframe.googlesyndication.com
URL: https://2ee9f9c2d9910c8713dfd6416585c71c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:812::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://2ee9f9c2d9910c8713dfd6416585c71c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20220126/r20110914/ Frame B576 23 KB
9 KB 36ms
36ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20220126/r20110914/abg_lite.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-AMxCWDodZR6-nXBa9JKCCKzQgn7FOC8R1cKfmjW7Fn8GuLBLQCjx2TQkEzQet2iL3_QTCm9Fw9490KIc0Thiu0NDwXcIXt3yBTCTswxLcRZRHi59tBOY6wwU0ghrqlc7OgQzHUarmxhNYCHBXtN3_mhayzVw&cry=1&dbm_d=AKAmf-B237NPEHC5iHuFjWVLof9a3T3ImxKmD2ac-oVo0eUKykxn5QyrVCCAO7QPcT-CBZnpoLxCYE0wLiEIhi6QyiMShrTTVp_pbZf9bX7RxWfGdXLZdCBfjPPKL5BUeKqCUE8JqwVKNqUPT7RTMO1SSthqJJo17ptEQdGYiN0L-rpe1Hr1IgKRYWAN4NpnM6Su89SxH_blXD7zJDYnL0I94hjBIpcXiGZxvkBLzQLHZgXJ11iauFy-camHcP8lKV82aGyBFBrkGEQu-KhZZV8pJ0MnAjxg2uouzChfLfOBvNFXtSAs7z0SkXTAz77zQNOjp-787LW0SGUJk68K9ey6748zGplH3L3zy9NLpe0Y0lC-Px3qv_sfxDBxNpmHLD-xNi_QHlAsu-smXLszqw_SS-1MK_2my0kBIRpKpJW2ayA8wuxJ6vixq7Jn1FpuJx1J2pZM5MkutEeISnfAKLVhEX4whheQfGbTTu6b1qBlM677gvuZbHDGlgahoMMij3zTJ26CQVFy1FFZLQCGxT5vCSfOojalgAbbHy9xrZ7W3l-Pn8KmksBROVsBZSfsnyqwUZf0wZxLoyzF7-wx0SeR8evcJfAdefcX4y0hoW0-isW22B-7R-Q8MM8vXi8hiGsMvsWUJQV9YnJE5TOSegNHIP5Jvc98wAUebLXgA08o3l0lWzHv5TJwGz9vqh6AU8JBSJnAG7DaZpVzDpN9Dmips8auHzbkn1JX62syOAokF8XkX517NKzkQP1pURhZNLdOGtSij000vJ_TJ2x2CWcmgS4BQT2vHt0wvPMA67zqfuoWaRaz16MLcDxqiqUc2djlnZlyiEndOhLLxh53iBehq-CiocYwc4uJvxMAq9XKmf-gXuVIX6o9vxMtGCJ7xqhLRHNYUqwMMeBswMAsaSn_fCb5cKKSQYQcjzJ7ZF9cHQm-lzZDNlvyhm05n3WB7fmioNRM92KjBp7awaA06Hv7VQpl14B6u7jmnMM2yy1vnv8kOVw3svHBUYh7ebY2M7Ro1A8veCZCkueSF-6vdl29_OVBNO3GaW1F5YsEwkEX60W__Q9VLv1OWamDnSOtY05EczmAeiUGU-pwM06X6xPptErUj2lfuGhTQ_vfFQaj90Hv7ZAey-VDOm5xWPwrZ1rHfl90TOseO-If4GHDB70cxPBsArpJb0xezHFw7utSzgZ5NzccjNVuqtQNLyZ9VnMNZQkUt8OSW_7QmF6ihKPBbNr7wqzasSgpS3xBe5xwIDOLKssSWI6pS4GkUBBm1Jsnc9htrOYjWwxtgyY01da1_F-2s-oG0XtNuplC8wmnUfRkOLZE1hN4NwIGLCnypHfZEwSVRmUIVaalfc4QTp7U2zv4TPnfqvzOvsBHShHYMZXxtJfQTglznyiKXzQITwJf-4StWjUgwEWRtopdvJOsmSxYUBB1wt2Lnw7MrVBtymD8kaXapNDhszvMMChfgmelei9P0xfeKlqGKxVb2-olP883YXbVBBh6YBUWvegoklFmC0MJhWi-jjLhaCMJqJq8XGKRMmIketT_V1DOsq3kHGebMymNI0PXou3QgZ3T4TMTzmg8SHripCYTOHh2LZdb4DiuMZqRA38noMXpylFlsHteIrt63wrxVH0QH70tNfxuhtQJ7pA1GqzshhtubgwUpOXoMWZTiFXEvr7WOOc3_7AuhtIg0i06lCWeJt_Jn1a2rfDkNpUZCIsykpOhv3GIzMMXWrhp0WmJNvDpF5EEenEQL9gw9ajIWq_JjJ5Ws29VSkCxHPEJfXldep8-geWZWeaT0Q9x8Lcr69xPGAhlMu7jjFCpNdwhY_RCj6o8LcqzdW7S1w9eDbRquj5KTZJA_mW7W6pg2zvegdrsO5ENZDfpaepzsjvfVzgM7dBJro2P06HxMvJ9lo1oYlejM0sSi-1d5_z5_ZgWH2US2hKmxUHlLF9p5d2z06aZkJOdF60DBMJWr33tpLv8FUIbgbWKWDWG_A4moAyPgYWspCMvaCaem3mH6I0scz5XNLHcMN1lsFlvvl6JSsTLdcuAwZ12TglDlCoFFbg0SnX2lSIeysS6uvD13f-s8n0TiMR6mBEAK-VjmxlC84TMAqJw_SQxo1PHuzQislZqYu_nR-RDGcJi4STwE75tS2exwbHTOyx5hubLzvETARZkW7KxwLnkFGM6QwU34gFtp23xIrrAXHpSOn4hwzTZmYwRoCx4BDoJXWlyNx3Kutf_xIdzdDjJtcegzSJ2mdDKBALZPcgo8d3qwmfz9P452aDHQ93WOGstl4h42u_A4X-aeqGiqRJkF1vVWuyt8x2NPEctfpGtdP6sBjfkRg7sIPseMLesDU2ktTTvZzKzdQd__DbNyssCetpLTVaKtqkOGu7ZY6jg5bzllcn6K3S5kIXxNFHdtIoUrhFTeUBGx6WFgywK2Fcx6zoqVWcrzow15SGHmBn6bWzv89hughKM3WkOW7fjx55OSzFDgd2bimGaJzrCiMTGvHRpGtxUnlMjSbnL5PYtOFabcyuSaNEMxVGp4IcixsBtnYqB7Rr1vH6QXI0LYTcHCwmlASWeWQ0XZvRh7XcdeCuK-PYps4F3rKPOHZEqO4IuTatqJ645zQ3t7YGi_6KP0obOMCiC3P9_0awDwdMRKixfYldlajyF_VgFmvgTH4HYhRLeKRZcQZ8FMxKzjD0PDJ7J_fvap_JjnTnrSUlsCgW85IHseWaeNC1fXJeoHdAHUIhAf6zH7Qc65pM2qPSUVmugH0scaxBW95QOoewLzCIk6TA4-_55ZAxACesHdTAL7fZ9z7fNSA_hnkkOBTNhgiuTncr4Xigh5T5TE4qwUisc5xRNW4sKad300meh23TYALlVkfDWG9XjA37j331dlkITH_MSosDRYDC6gXZIVYItJIrfPSLIVlLoIyqh0tpZn5jMdEbJXxNh8mJy9IR8v2f0398QTKuYfgj-Nnf5rv7bB715_yTcNLmcmcuHjvYBTn0a_zt_5i3F84UmqGCFKWq1qumNC3Abd7wvbbS4BuSCeHvu5MIRBVWVQMTV5JVQPx6OxD5HearYPqvEPjT-R3ENuAI9EVxqtIXJfiWpexyM4yXDF4MwMR2hk0exJhjwbnPH7tygC5uYblE0jKNE6TJ_c_N3&cid=CAASEuRoY00iCdPLvO2BEKKVJ0t2gA&rfl=1%2Chttp%253A%252F%252Fwww.tranquilforrestt3.xyz%252F%240

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

86c9bc6e94cf6e6929e61f1f50ea415ebad2b900498f56e23d2e76876bd67474

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://2ee9f9c2d9910c8713dfd6416585c71c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Fri, 28 Jan 2022 13:46:17 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 10
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9288
x-xss-protection: 0
server: cafe
etag: 5602277676122011250
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 11 Feb 2022 13:46:17 GMT

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame B576 41 KB
15 KB 40ms
40ms Script
text/javascript 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://2ee9f9c2d9910c8713dfd6416585c71c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Fri, 28 Jan 2022 11:11:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 9302
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 28 Jan 2023 11:11:25 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 696A
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEMO_oTo6ItujaHZqt6EDqQE&google_cver=1

43 B
894 B

20ms
20ms

Image
image/gif

2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEMO_oTo6ItujaHZqt6EDqQE&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhCn9EsYtKK9lQEwAQ&v=APEucNWMlo6nYPP70q6qj1ktz8xOm6YhjKPYrlbbVi5ast-SukW5cIb4o18tunreLQ6s5a_kU9K_Jxucm-OgM7OFaT4Zlw8xd94WDu7sEyF8vkX4NNeezK2_6VS42XtbU7pZTlt3nOObB6tAxaBH4xDzmTomXl2uQVde7vE1GuahzaI5cTuXP3Q
Protocol: HTTP/1.1
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 28 Jan 2022 13:46:27 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Fri, 28 Jan 2022 13:46:27 GMT

Redirect headers

pragma: no-cache
date: Fri, 28 Jan 2022 13:46:27 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEMO_oTo6ItujaHZqt6EDqQE&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 696A
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YfPzs1KMxDHDRFBvdH2Q9QAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEMO_oTo6ItujaHZqt6EDqQE&google_cver=1

43 B
894 B

14ms
14ms

Image
image/gif

2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEMO_oTo6ItujaHZqt6EDqQE&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhCn9EsYtKK9lQEwAQ&v=APEucNWMlo6nYPP70q6qj1ktz8xOm6YhjKPYrlbbVi5ast-SukW5cIb4o18tunreLQ6s5a_kU9K_Jxucm-OgM7OFaT4Zlw8xd94WDu7sEyF8vkX4NNeezK2_6VS42XtbU7pZTlt3nOObB6tAxaBH4xDzmTomXl2uQVde7vE1GuahzaI5cTuXP3Q
Protocol: HTTP/1.1
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 28 Jan 2022 13:46:27 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Fri, 28 Jan 2022 13:46:27 GMT

Redirect headers

pragma: no-cache
date: Fri, 28 Jan 2022 13:46:27 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEMO_oTo6ItujaHZqt6EDqQE&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

setuid
ib.adnxs.com/ Frame 696A
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEDDo0YkupafgKDZV1Z8H86I&google_cver=1

43 B
1007 B

27ms
27ms

Image
image/gif

37.252.172.36
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=101&code=CAESEDDo0YkupafgKDZV1Z8H86I&google_cver=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhCn9EsYtKK9lQEwAQ&v=APEucNWMlo6nYPP70q6qj1ktz8xOm6YhjKPYrlbbVi5ast-SukW5cIb4o18tunreLQ6s5a_kU9K_Jxucm-OgM7OFaT4Zlw8xd94WDu7sEyF8vkX4NNeezK2_6VS42XtbU7pZTlt3nOObB6tAxaBH4xDzmTomXl2uQVde7vE1GuahzaI5cTuXP3Q

Protocol

HTTP/1.1

Server

37.252.172.36 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

Software

nginx/1.17.9 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 28 Jan 2022 13:46:27 GMT
X-Proxy-Origin: 185.213.155.165; 185.213.155.165; 692.bm-nginx-loadbalancer.mgmt.fra1; adnxs.com
AN-X-Request-Uuid: 8f3baf0b-6e54-4090-b7b5-c5aedb788ede
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Fri, 28 Jan 2022 13:46:27 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://ib.adnxs.com/setuid?entity=101&code=CAESEDDo0YkupafgKDZV1Z8H86I&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 290
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 696A
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NTYxNDY2NzE0Mjc4MTE3NDQ3

170 B
188 B

49ms
49ms

Image
image/png

142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NTYxNDY2NzE0Mjc4MTE3NDQ3

Requested by

Protocol

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 28 Jan 2022 13:46:27 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Fri, 28 Jan 2022 13:46:27 GMT
X-Proxy-Origin: 185.213.155.165; 185.213.155.165; 692.bm-nginx-loadbalancer.mgmt.fra1; adnxs.com
AN-X-Request-Uuid: b7a3b2cd-31f3-45d0-9afa-1bef6cb61104
Server: nginx/1.17.9
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NTYxNDY2NzE0Mjc4MTE3NDQ3
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 bundle.tracing.min.js Show response
browser.sentry-cdn.com/6.13.3/ 97 KB
30 KB 27ms
8ms Script
application/javascript 2a04:4e42:600::729
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://browser.sentry-cdn.com/6.13.3/bundle.tracing.min.js

Requested by

Host: yaas-b-s.performoo.com
URL: https://yaas-b-s.performoo.com/tcInitVast.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:600::729 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Fastly /

Resource Hash

9a23bcfebbb41b77798d74c7c2743f7648ad51cdc73a1826098d7949ef28fe8e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www.tranquilforrestt3.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Fri, 28 Jan 2022 13:46:27 GMT
content-encoding: gzip
last-modified: Wed, 06 Oct 2021 15:28:04 GMT
server: Fastly
age: 6767779
etag: "cf9a94f6d7a5aee7f7b7bc844e42341f"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
strict-transport-security: max-age=31536000; includeSubDomains
accept-ranges: bytes
content-length: 30256
expires: Fri, 11 Nov 2022 05:50:08 GMT

GET
H2 200 capture
trac-b.performoo.com/ 26 B
176 B 615ms
187ms Image
image/gif 13.127.45.111
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://trac-b.performoo.com/capture?cat1=0&action=Init&ed=jCsxHFDKTlmnRFXDB49wPz6bo2KZ4Qd/g+DXKvd0aGGOhdjhq7kFRcjJaqYcbmj3gsuz7Qgb1aox3P0bxCaDApLghd0kjFHj1xoMV030qDKicis7OkJmt6x+BPK+q1TodOGBBmtIxmyyib3iUuKfmyB+DzM+OwZR3IwHxklc/L1lVKuTWQz6HGhQtsWwHaba&srcURL=www.tranquilforrestt3.xyz&purl=http%3A%2F%2Fwww.tranquilforrestt3.xyz%2F&event=adtag
Requested by: Host: www.tranquilforrestt3.xyz
URL: http://www.tranquilforrestt3.xyz/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.127.45.111 Mumbai, India, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-13-127-45-111.ap-south-1.compute.amazonaws.com
Software: /
Resource Hash: 3b7b8a4b411ddf8db9bacc2f3aabf406f8e4c0c087829b336ca331c40adfdff1

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www.tranquilforrestt3.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 28 Jan 2022 13:46:27 GMT
cache-control: no-store
expires: 0
content-encoding: gzip
content-type: image/gif

GET
H2 200 dpixel
cms.quantserve.com/ Frame BF3F 35 B
363 B 31ms
9ms Image
image/gif 2620:116:800d:21:36a9:ecb:e518:b308
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cms.quantserve.com/dpixel?a=p-n5vvLvRdjg0ek&eid=0&qc_google_push=&google_gid=CAESEKUgpq_f1KWXlCq4K1uQ3Y0&google_cver=1&google_push=AYg5qPLdD2W0dJIkhMu_eFDdA8-uM5XljoQikVEzOMgodeLDGbuMV_2YtU7xD5X1qe8qFX7qbFrMC6o3GR24JAZSMpNm1IAfiRE

Requested by

Host: 2ee9f9c2d9910c8713dfd6416585c71c.safeframe.googlesyndication.com
URL: https://2ee9f9c2d9910c8713dfd6416585c71c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:116:800d:21:36a9:ecb:e518:b308 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 28 Jan 2022 13:46:27 GMT
strict-transport-security: max-age=86400
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
cache-control: private, no-cache, no-store, proxy-revalidate
content-type: image/gif
content-length: 35
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame BF3F
Redirect Chain

https://sync-tm.everesttech.net/upi/pid/5w3jqr4k?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dg8f47s39e399f3fe%26google_hm%3D%24%7BTM_USER_ID_BASE64ENC_URLENC%7D&google_gid=CAESE...
https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=&google_cver=1&google_gid=CAESECCDTzpGAzqNPnLxw6XgtLQ&google_push=AYg5qPLkTbZofUhugjPo2e7ekTbZ2_bnX7htk21P87hALOIEvnbmtuU-UB...

170 B
188 B

49ms
49ms

Image
image/png

142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=&google_cver=1&google_gid=CAESECCDTzpGAzqNPnLxw6XgtLQ&google_push=AYg5qPLkTbZofUhugjPo2e7ekTbZ2_bnX7htk21P87hALOIEvnbmtuU-UB4Y2Yy_fWkiO3AnMO2CNYCdctUen73q0Z1JPJpVh-I

Requested by

Host: www.tranquilforrestt3.xyz
URL: http://www.tranquilforrestt3.xyz/

Protocol

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 28 Jan 2022 13:46:27 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Fri, 28 Jan 2022 13:46:27 GMT
via: 1.1 varnish
server: Jetty(9.4.35.v20201120)
x-timer: S1643377587.480743,VS0,VE93
x-served-by: cache-hhn4034-HHN
x-cache: MISS
p3p: CP="NOI DSP COR LAW PSAo PSDo IVAo IVDo OUR BUS UNI DEM"
location: https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=&google_cver=1&google_gid=CAESECCDTzpGAzqNPnLxw6XgtLQ&google_push=AYg5qPLkTbZofUhugjPo2e7ekTbZ2_bnX7htk21P87hALOIEvnbmtuU-UB4Y2Yy_fWkiO3AnMO2CNYCdctUen73q0Z1JPJpVh-I
cache-control: no-cache
accept-ranges: bytes
access-control-allow-origin: *
content-length: 0
x-cache-hits: 0

GET
H/1.1 403
Forbidden gg_pixel
sync.adaptv.advertising.com/ Frame BF3F 14 B
14 B 473ms
119ms Image
text/plain 54.156.164.26
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.adaptv.advertising.com/gg_pixel?google_gid=CAESENQYuMj-cvuNb6tGJbKS0nY&google_cver=1&google_push=AYg5qPJCN7ZLnFO_3XHbCLAwr1Wk0NXe8DeV6RlYPsapX_SE8_bcQjH_QJlCX9P_Rle72g6Trqr5VP5PVsdqTqTOGngEoIjVYBQ
Requested by: Host: 2ee9f9c2d9910c8713dfd6416585c71c.safeframe.googlesyndication.com
URL: https://2ee9f9c2d9910c8713dfd6416585c71c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.156.164.26 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-156-164-26.compute-1.amazonaws.com
Software: ribs2.0 /
Resource Hash: 0db80e4ae35fcf307507f9ced66fe9ccb3147c1ea12a60ea034092e6aa3ebf40

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Server: ribs2.0
Connection: keep-alive
Content-Length: 14
Content-Type: text/plain

GET
H2 200 dds
rtb.openx.net/sync/ Frame BF3F 43 B
350 B 54ms
21ms Image
image/gif 35.227.252.103
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb.openx.net/sync/dds?google_gid=CAESELoqeym_DVOCJLZf7NnA1Sk&google_cver=1&google_push=AYg5qPKOaZok6lbx4M8UcwFMhkhiHPd_ph_vHhMDZz0z6PSW0U-kgY5jUde-D_z0zCt3MtDhKEW0MOfhcloaQZcjlq3Q91mejQ
Requested by: Host: 2ee9f9c2d9910c8713dfd6416585c71c.safeframe.googlesyndication.com
URL: https://2ee9f9c2d9910c8713dfd6416585c71c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.227.252.103 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 103.252.227.35.bc.googleusercontent.com
Software: Cowboy /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 28 Jan 2022 13:46:27 GMT
via: 1.1 google
server: Cowboy
vary: Origin
p3p: CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin: null
access-control-expose-headers
cache-control: private, max-age=0, no-cache, must-revalidate
access-control-allow-credentials: true
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
x-request-id: amsip5cundqt1cfn582beskhtsqh1dnr

GET

pixel
cm.g.doubleclick.net/ Frame BF3F
Redirect Chain

https://onetag-sys.com/sync/i,19/?google_gid=CAESEPfDveB504t_ude3fpbD8ho&google_cver=1&google_push=AYg5qPLXyJHmvoejTuV1S6ale7WpKLs_Qs08W-KlurNQ_9K8Frp56yGpdbAhtA4ivQ0TPXmd-qTXOVnXDuBIzPqzMYDQMdSPJqw
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_push=AYg5qPLXyJHmvoejTuV1S6ale7WpKLs_Qs08W-KlurNQ_9K8Frp56yGpdbAhtA4ivQ0TPXmd-qTXOVnXDuBIzPqzMYDQMdSPJqw
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_push=AYg5qPLXyJHmvoejTuV1S6ale7WpKLs_Qs08W-KlurNQ_9K8Frp56yGpdbAhtA4ivQ0TPXmd-qTXOVnXDuBIzPqzMYDQMdSPJqw
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_push=AYg5qPLXyJHmvoejTuV1S6ale7WpKLs_Qs08W-KlurNQ_9K8Frp56yGpdbAhtA4ivQ0TPXmd-qTXOVnXDuBIzPqzMYDQMdSPJqw
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_push=AYg5qPLXyJHmvoejTuV1S6ale7WpKLs_Qs08W-KlurNQ_9K8Frp56yGpdbAhtA4ivQ0TPXmd-qTXOVnXDuBIzPqzMYDQMdSPJqw
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_push=AYg5qPLXyJHmvoejTuV1S6ale7WpKLs_Qs08W-KlurNQ_9K8Frp56yGpdbAhtA4ivQ0TPXmd-qTXOVnXDuBIzPqzMYDQMdSPJqw
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_push=AYg5qPLXyJHmvoejTuV1S6ale7WpKLs_Qs08W-KlurNQ_9K8Frp56yGpdbAhtA4ivQ0TPXmd-qTXOVnXDuBIzPqzMYDQMdSPJqw
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_push=AYg5qPLXyJHmvoejTuV1S6ale7WpKLs_Qs08W-KlurNQ_9K8Frp56yGpdbAhtA4ivQ0TPXmd-qTXOVnXDuBIzPqzMYDQMdSPJqw
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_push=AYg5qPLXyJHmvoejTuV1S6ale7WpKLs_Qs08W-KlurNQ_9K8Frp56yGpdbAhtA4ivQ0TPXmd-qTXOVnXDuBIzPqzMYDQMdSPJqw
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_push=AYg5qPLXyJHmvoejTuV1S6ale7WpKLs_Qs08W-KlurNQ_9K8Frp56yGpdbAhtA4ivQ0TPXmd-qTXOVnXDuBIzPqzMYDQMdSPJqw
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_push=AYg5qPLXyJHmvoejTuV1S6ale7WpKLs_Qs08W-KlurNQ_9K8Frp56yGpdbAhtA4ivQ0TPXmd-qTXOVnXDuBIzPqzMYDQMdSPJqw
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_push=AYg5qPLXyJHmvoejTuV1S6ale7WpKLs_Qs08W-KlurNQ_9K8Frp56yGpdbAhtA4ivQ0TPXmd-qTXOVnXDuBIzPqzMYDQMdSPJqw
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_push=AYg5qPLXyJHmvoejTuV1S6ale7WpKLs_Qs08W-KlurNQ_9K8Frp56yGpdbAhtA4ivQ0TPXmd-qTXOVnXDuBIzPqzMYDQMdSPJqw
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_push=AYg5qPLXyJHmvoejTuV1S6ale7WpKLs_Qs08W-KlurNQ_9K8Frp56yGpdbAhtA4ivQ0TPXmd-qTXOVnXDuBIzPqzMYDQMdSPJqw
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_push=AYg5qPLXyJHmvoejTuV1S6ale7WpKLs_Qs08W-KlurNQ_9K8Frp56yGpdbAhtA4ivQ0TPXmd-qTXOVnXDuBIzPqzMYDQMdSPJqw
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_push=AYg5qPLXyJHmvoejTuV1S6ale7WpKLs_Qs08W-KlurNQ_9K8Frp56yGpdbAhtA4ivQ0TPXmd-qTXOVnXDuBIzPqzMYDQMdSPJqw
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_push=AYg5qPLXyJHmvoejTuV1S6ale7WpKLs_Qs08W-KlurNQ_9K8Frp56yGpdbAhtA4ivQ0TPXmd-qTXOVnXDuBIzPqzMYDQMdSPJqw
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_push=AYg5qPLXyJHmvoejTuV1S6ale7WpKLs_Qs08W-KlurNQ_9K8Frp56yGpdbAhtA4ivQ0TPXmd-qTXOVnXDuBIzPqzMYDQMdSPJqw
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_push=AYg5qPLXyJHmvoejTuV1S6ale7WpKLs_Qs08W-KlurNQ_9K8Frp56yGpdbAhtA4ivQ0TPXmd-qTXOVnXDuBIzPqzMYDQMdSPJqw
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_push=AYg5qPLXyJHmvoejTuV1S6ale7WpKLs_Qs08W-KlurNQ_9K8Frp56yGpdbAhtA4ivQ0TPXmd-qTXOVnXDuBIzPqzMYDQMdSPJqw
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_push=AYg5qPLXyJHmvoejTuV1S6ale7WpKLs_Qs08W-KlurNQ_9K8Frp56yGpdbAhtA4ivQ0TPXmd-qTXOVnXDuBIzPqzMYDQMdSPJqw

0
0

GET
H2 204 pub
cs.chocolateplatform.com/ Frame BF3F 0
122 B 326ms
101ms Image
text/plain 35.212.101.174
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cs.chocolateplatform.com/pub?pid=ebda&google_gid=CAESEFneBjN1_FHUbqGOav94MJQ&google_cver=1&google_push=AYg5qPKSyGnWr29jucWCNQ-eORlDCLDCZlQxJ6-AavpagB6s5FDzA41iNHJeXO5Z4AgiHXv60OkEefe0247pH7D9KWFVirfMNy4
Requested by: Host: 2ee9f9c2d9910c8713dfd6416585c71c.safeframe.googlesyndication.com
URL: https://2ee9f9c2d9910c8713dfd6416585c71c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.212.101.174 Washington, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 174.101.212.35.bc.googleusercontent.com
Software: Chocolate Cookie Sync Powered by Vdopia /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Fri, 28 Jan 2022 13:46:26 GMT
via: 1.1 google
server: Chocolate Cookie Sync Powered by Vdopia
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame BF3F
Redirect Chain

https://ups.analytics.yahoo.com/ups/58281/sync?redir=true&google_gid=CAESEBwyxzelZwPGVFaHUQ4dL-U&google_cver=1&google_push=AYg5qPKzdoL2ZAPSrokMll6es3TSlmbmOA9OedmljnVMeKd6J4FOiZpWNNvDkgaSk5kvwYLp8t...
https://ups.analytics.yahoo.com/ups/58281/sync?redir=true&google_gid=CAESEBwyxzelZwPGVFaHUQ4dL-U&google_cver=1&google_push=AYg5qPKzdoL2ZAPSrokMll6es3TSlmbmOA9OedmljnVMeKd6J4FOiZpWNNvDkgaSk5kvwYLp8t...
https://cm.g.doubleclick.net/pixel?google_nid=oath__display__app_eb_&google_hm=eS15VWkyR2daRTJ1SGl6VkZOSTVkUDJlVjNUUlhMYzRYaX5B&google_push=AYg5qPKzdoL2ZAPSrokMll6es3TSlmbmOA9OedmljnVMeKd6J4FOiZpWN...

170 B
188 B

61ms
61ms

Image
image/png

142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=oath__display__app_eb_&google_hm=eS15VWkyR2daRTJ1SGl6VkZOSTVkUDJlVjNUUlhMYzRYaX5B&google_push=AYg5qPKzdoL2ZAPSrokMll6es3TSlmbmOA9OedmljnVMeKd6J4FOiZpWNNvDkgaSk5kvwYLp8tjsxIk9vjlqo35uuRaIRbzfIMQ

Requested by

Host: 2ee9f9c2d9910c8713dfd6416585c71c.safeframe.googlesyndication.com
URL: https://2ee9f9c2d9910c8713dfd6416585c71c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 28 Jan 2022 13:46:27 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=oath__display__app_eb_&google_hm=eS15VWkyR2daRTJ1SGl6VkZOSTVkUDJlVjNUUlhMYzRYaX5B&google_push=AYg5qPKzdoL2ZAPSrokMll6es3TSlmbmOA9OedmljnVMeKd6J4FOiZpWNNvDkgaSk5kvwYLp8tjsxIk9vjlqo35uuRaIRbzfIMQ
date: Fri, 28 Jan 2022 13:46:27 GMT
server: ATS/9.1.0.33
age: 0
content-length: 0
strict-transport-security: max-age=31536000
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame BF3F 0
12 B 73ms
47ms Image
text/html 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13JcqLgzsIwJ6axRSJuNql7GIsqXEqKyGaYe9TjFWhMuRnv9I1_thP0_BibkRfyCZ2JWRImeaA

Requested by

Host: 2ee9f9c2d9910c8713dfd6416585c71c.safeframe.googlesyndication.com
URL: https://2ee9f9c2d9910c8713dfd6416585c71c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

static.88-198-250-30.clients.your-server.de

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Fri, 28 Jan 2022 13:46:27 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H2 200 main.js Show response
yaas-b-s.performoo.com/ 231 KB
73 KB 155ms
155ms Script
application/javascript 185.93.1.244
CDN77 ^_^

General

Check archive.org

Show headers Download Go to

Full URL: https://yaas-b-s.performoo.com/main.js
Requested by: Host: yaas-b-s.performoo.com
URL: https://yaas-b-s.performoo.com/tcInitVast.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 185.93.1.244 , United States, ASN60068 (CDN77 ^_^, GB),
Reverse DNS: unn-185-93-1-244.datapacket.com
Software: Performoo-IL1-845 /
Resource Hash: f7b30a6ac99440a8368e9e517712266cf058f84fa97d2bbf3ac2c248a8a2ec38

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www.tranquilforrestt3.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Fri, 28 Jan 2022 13:46:27 GMT
content-encoding: gzip
cdn-edgestorageid: 617
x-amz-request-id: QPC0ZR2E5A08FNNW
cdn-cachedat: 01/19/2022 06:03:55
cdn-pullzone: 633974
x-amz-id-2: JM7G6+C3FYNsxfZfW/9N5QVBotANbX6h0ACfZ0rg7YJvAr70dMC9JVpxGtKM6U0aOQFN3Q2Uv78=
server: Performoo-IL1-845
last-modified: Wed, 19 Jan 2022 12:01:51 GMT
cdn-proxyver: 1.02
cdn-requestpullcode: 200
etag: "233f82430cbc7bed0f38c70b0733365b"
vary: Accept-Encoding, Accept-Encoding
content-type: application/javascript
cdn-cache: HIT
cdn-uid: aa892386-1221-42f5-b6f5-50fb97e14687
cache-control: public, max-age=3600
cdn-requestid: ba4c169339419830bb42553a32046790
cdn-requestcountrycode: DE
cdn-status: 200
cdn-requestpullsuccess: True

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 8BE5 0
20 B 73ms
73ms Image
image/gif 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=Be1losvPzYZGREsvk7gP9ioLgAwAAAAA4AeAEAg&bg=!v7ylvPjNAAY6OBv_Ojg7ACkAdvg8WhzpdzLyqWi2tVXe-riAK8G1g66BV92ocG4VrCYDfJe3pRxQyQIAAACFUgAAAAJoAQcKADFT2RyCo99sLj8gR5D7E5g2MUwutGeRDfBi4uFw5Zm25ht8Q24md1NOv0pFaC0WjjZCmQM0cN0UboRRBuU-5fW_LL7f98PhWL9ZWumdU-zJv-bP0zAk3ytWxOgHqS7SnKZDtdRKZx7hLOzOOLiUAqIw6U-J9gaVQOJGySFHSqYBh4VCEsjRDA_FjxklM6xgbX-hA7UFndU4jtocfPyN4BzUyLApCEWFpVGa7B8OlsLU-jtyWDJlD-dd2j_MPGqWK53dnT3fDG6QtxBPu8GDLbuG0jsOhNtol0uINwa3mgaorOEgGoIGB4tth0Ta9SR5jMtAFdAynUN6a59_Xcc-9ACNYqFCgQX-2OWJtIfGzVyFY6QujQBtQ-XirkbFOlYgL3Ki1DxF6tKIkMcEuupfroxTM4QXhcnAqZk-xU7UTecrcW8MSXAXsLaPXY6AG-fDcoQM2M8jcIXZ3qs1Wn0Wk9Ys-NKRV3QYxbhz4nS12wzNtMcaAqxMNpTZA9dQDssNFoHeIwJkmet5PGGbeiLgvq83xcRc7J68rEveIqCiZY3KT33aBTDDROBcPb9_pL-7VCdyJKculAQQgZKxj-1pyGEvKQbtenzZvONNpZQQcaJV3wEN0lfxMF8YCKVR4hQZXS7sybcUvk7oeINB0LbVcxYMpFTNaBy2C6mqvaMMwGKOviuB89se-kGOgtp8NkDOI0YnCKqELDJw3IEcOzFDFt-SW4y8iivLYZUPo8igClSdEw6jyEFGH-QDMW7maqIZtK7U69Vwxtft2KcwxrAPu9QFt5m_1ttxL19aERW_SFXafAnh5mZdIP3I7XOdeWB_GjczM5jvbY1RRt_LbC_UbUpHQdQ6oUAubL1AfbDwMVYbJYFfsCPo41zwmD7S2st126luFYb23imTyaiCplcLBIS27ukDRHnt1a5HBrM16X5EXzdKWsM8DtfK5F36vxnSuJl5042se8Ny3QO5-_HZULyTiLI7xY5ZerOfC9Lq8eAUdCZcVAHZK4I1h3xK_R-cyNiEL6cNwTz8mulSmmlYNN0NQI7_pFrzfxpvwWz2cJoTI_m9ceVQtSQMWgEX0Lx8nZiUvbHbGhe1qJu4kV6KbwW4lKkxUjXmg1zmXmCDEw-NDj939XNSqDarjjM8Wmic94v1mh90ErrUQg

Requested by

Host: 2ee9f9c2d9910c8713dfd6416585c71c.safeframe.googlesyndication.com
URL: https://2ee9f9c2d9910c8713dfd6416585c71c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 28 Jan 2022 13:46:27 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK npoee1nv94vs Show response
hal9000.redintelligence.net/zone/ Frame B576 11 KB
4 KB 52ms
13ms Script
text/html 78.46.23.46
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal9000.redintelligence.net/zone/npoee1nv94vs?subid=&gdpr=-1&gdpr_consent=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCI5v5svPzYYHeMND5-gbno6mABbXN-YNXzN65q-UM8C4QASD_58geYJXikIKgB8gBCakC0TMiCJ2vsj6oAwGqBO8BT9DhdVczv9428O2_BjiEAI5UHAvw4T5twSgOskDGRcX5FJakUo1LV3mpquOtPxobXENgKmeXZ4bFgGp0qWOXtQA2jnjAmR6rGhsNr968dGAHUYum_QMmUaNV80ahQ9uXKZR0b2m6MGEZw-MuFJgLbTSREfHbW2zparqCPlJi8Zv2ICBLAeb6y9vjB6EvT_jFzOMks_tyGEYujr412pvAtg6H7NCeVgZim4vDssg4ipjwwWfA4B6MltDH16BYMQc38ezFPPblDnIwOurQzzPfpxwxoRr0vLGhJyGfwwTvDxUMKRoybAcMZrjml9B9UVPABKqd_L7PAeAEA5AGAaAGTYAH6-foXqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB9XJG6gHpr4bqAfz0RuoB5bYG6gHqpuxAqgH35-xAtgHANIICQiA4YAQEAEYHYAKA5gLAcgLAYAMAbAT3JnrDdATANgTA9gUAdAVAYAXAQ%26ae%3D1%26num%3D1%26cid%3DCAASEuRoY00iCdPLvO2BEKKVJ0t2gA%26sig%3DAOD64_0PsSyQgGvdpCxxU-auyoz4EAFBNw%26client%3Dca-pub-2192002536170159%26dbm_c%3DAKAmf-BHAySTd6h5rL_a7Ybk3bYicod7IMbe_uyfqEd_6BoeqW7IV5IMXzy10y6_ZZyHmYYrDNyYS2lAvCXtXBnz6-KV7FtmuZq2sXL5fAB_VUhYVopp1OhBkKCyUwhSPrAGldBoEjGq94yIXOoaT7yEPX99c2Wpgg%26cry%3D1%26dbm_d%3DAKAmf-AbF5PMg6K-0EeroMqKLvwXIvSVO8cFD_Y45IY9DfyO3sUWtcTO8rncjC8OlA6nqibMjgDsHjPF7H0zmRSezeRkoMcWO8QAadzmxplWaZdlmiXmfu3pOhrI2NIiVEMLkwQQObBjGFn5jukvNvvVWu2Gf07PMlrGZnPqHOrjLnip4hcLXn7NKd3uWKjZ1qQn-vOvrJDDDvi8u5KepaUztE6ILJg3wuPumoz07xWh-s9boVj_-fiZjA_Fn3xZqEmELV_O6VzVP1pYfRNw-WCeQClr7UY-idICbC4BGj2DmB_xoY3cli71lpHCk7TCffklAU4T3rhj8YQ262VR12aReeXPqILsPF46kD82vpGFp50cqBEq6fH_Eg7QBb7_HdmP6FoUYB9-e_oAie0g1MCetiB-VB6JQQ%26adurl%3D
Requested by: Host: 2ee9f9c2d9910c8713dfd6416585c71c.safeframe.googlesyndication.com
URL: https://2ee9f9c2d9910c8713dfd6416585c71c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 78.46.23.46 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.46.23.46.78.clients.your-server.de
Software: Apache /
Resource Hash: b81593904e2e9bebf227a41a57a6374234285318ab47e332b214201259278062

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://2ee9f9c2d9910c8713dfd6416585c71c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Fri, 28 Jan 2022 13:46:27 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 3860
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 81CA 22 KB
8 KB 39ms
39ms Document
text/html 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://2ee9f9c2d9910c8713dfd6416585c71c.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
timing-allow-origin: *
content-length: 8395
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 28 Jan 2022 11:12:02 GMT
expires: Sat, 28 Jan 2023 11:12:02 GMT
cache-control: public, max-age=31536000
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
content-type: text/html
age: 9265
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 amp4ads-v0.mjs Show response
cdn.ampproject.org/rtv/012111152338000/ Frame D604 190 KB
54 KB 123ms
41ms Script
text/javascript 2a00:1450:4001:810::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012111152338000/amp4ads-v0.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022012702.js?31064603

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

14b52d5e44212b22f6de0be5caeeb5bba561a29fd91bf6076bf1ad6d45ecae6f

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www.tranquilforrestt3.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 442134
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 55581
x-xss-protection: 0
server: sffe
date: Sun, 23 Jan 2022 10:57:33 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "8559bae154d80579"
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Mon, 23 Jan 2023 10:57:33 GMT

GET
H3 200 amp-ad-exit-0.1.mjs Show response
cdn.ampproject.org/rtv/012111152338000/v0/ Frame D604 13 KB
5 KB 201ms
118ms Script
text/javascript 2a00:1450:4001:810::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012111152338000/v0/amp-ad-exit-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022012702.js?31064603

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4e46e56dce46d21c527e164d6749fb5ff0101f400aede06a8711196da9e5c619

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www.tranquilforrestt3.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 240399
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4994
x-xss-protection: 0
server: sffe
date: Tue, 25 Jan 2022 18:59:48 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "b314c3eb801664ba"
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Wed, 25 Jan 2023 18:59:48 GMT

GET
H3 200 amp-analytics-0.1.mjs Show response
cdn.ampproject.org/rtv/012111152338000/v0/ Frame D604 89 KB
28 KB 187ms
105ms Script
text/javascript 2a00:1450:4001:810::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012111152338000/v0/amp-analytics-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022012702.js?31064603

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

279249ed963fcd87e6321b024c0194248dd1b44af5353e134071cdfff953967b

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www.tranquilforrestt3.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 442134
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 28443
x-xss-protection: 0
server: sffe
date: Sun, 23 Jan 2022 10:57:33 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "976e6f5df80f4e35"
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Mon, 23 Jan 2023 10:57:33 GMT

GET
H3 200 amp-fit-text-0.1.mjs Show response
cdn.ampproject.org/rtv/012111152338000/v0/ Frame D604 5 KB
2 KB 185ms
103ms Script
text/javascript 2a00:1450:4001:810::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012111152338000/v0/amp-fit-text-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022012702.js?31064603

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

63697d88ab7b6e34e76e5990b867c706cb4346c27ec1c5a034c4d91dfb136778

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www.tranquilforrestt3.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 442134
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1727
x-xss-protection: 0
server: sffe
date: Sun, 23 Jan 2022 10:57:33 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "423ab13fb6ff63c9"
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Mon, 23 Jan 2023 10:57:33 GMT

GET
H3 200 amp-form-0.1.mjs Show response
cdn.ampproject.org/rtv/012111152338000/v0/ Frame D604 40 KB
13 KB 174ms
92ms Script
text/javascript 2a00:1450:4001:810::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012111152338000/v0/amp-form-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022012702.js?31064603

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ffd015b1bb0125d07c39cbfcdee6a8e2b604b55ea1936cf550fe1f9fbdbf2ae4

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www.tranquilforrestt3.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 442134
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12843
x-xss-protection: 0
server: sffe
date: Sun, 23 Jan 2022 10:57:33 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "08cf721d9e54e414"
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Mon, 23 Jan 2023 10:57:33 GMT

GET
H3 200 en.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame D604 2 KB
2 KB 39ms
38ms Image
image/png 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/en.png

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022012702.js?31064603

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www.tranquilforrestt3.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Fri, 28 Jan 2022 09:41:38 GMT
x-content-type-options: nosniff
server: cafe
age: 14689
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
etag: 14819457070020093239
vary: Accept-Encoding
content-type: image/png
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2502
x-xss-protection: 0
expires: Sat, 29 Jan 2022 09:41:38 GMT

GET
H3 200 icon.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame D604 295 B
319 B 40ms
39ms Image
image/png 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/icon.png

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022012702.js?31064603

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www.tranquilforrestt3.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Fri, 28 Jan 2022 09:53:05 GMT
x-content-type-options: nosniff
server: cafe
age: 14002
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
etag: 426692510519060060
vary: Accept-Encoding
content-type: image/png
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 295
x-xss-protection: 0
expires: Sat, 29 Jan 2022 09:53:05 GMT

GET
DATA 200
OK truncated
/ Frame D604 212 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 55bd306d4e648bbe2026b01e71eab0fd1ab0cc5c9bf169fccc4cc4d341ffd33d

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www.tranquilforrestt3.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 16857967711407135551
tpc.googlesyndication.com/daca_images/simgad/ Frame D604 42 KB
42 KB 41ms
40ms Image
image/png 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/daca_images/simgad/16857967711407135551

Requested by

Host: www.tranquilforrestt3.xyz
URL: http://www.tranquilforrestt3.xyz/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d54c351f8c6164c30019bbf2be3b07b0ab1ee177f1f16454dc62c146e8166808

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www.tranquilforrestt3.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 27 Jan 2022 08:08:13 GMT
x-content-type-options: nosniff
age: 106694
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42963
x-xss-protection: 0
last-modified: Fri, 08 Oct 2021 19:17:59 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Fri, 27 Jan 2023 08:08:13 GMT

GET
H/1.1 204
No Content l
www.google.com/ads/measurement/ Frame D604 0
0 86ms
47ms Image
text/html 2a00:1450:4001:812::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://www.google.com/ads/measurement/l?ebcid=ALh7CaQUJJifW-pkho_5Zjt8Z58zpAYFPivttV4X_vsKeBaRIs7su5aYOg2YK_47K7JfLZQNp1dIlEVGdk6Bq5rL0pdIfVjw1g
Requested by: Host: www.tranquilforrestt3.xyz
URL: http://www.tranquilforrestt3.xyz/
Protocol: HTTP/1.1
Server: 2a00:1450:4001:812::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www.tranquilforrestt3.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

GET
H3 200 adview
securepubads.g.doubleclick.net/pagead/ Frame D604 0
0 117ms
116ms Image
text/html 142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=Cud3zs_PzYf77B5WigQeTqrKgBcrmiYZos7660dkO_9jWqrwBEAEg_-fIHmCV4pCCoAegAZju6qEDyAECqQLBb9eze62yPuACAKgDAcgDCKoE7AFP0PetnzzI5IRh8sBLjaOkcwCZyYqZQ5NBcIGGbMT4bSwDvck59d-s5iUx9IcqMXvdXJavPMsF3omXdEgOVvSJ_2TPmZob7tbCXBhkmVSCvICzQsUs4AKpj-JgOBVEQYjKtBolq5oIMzz0RgIdMhu81rqaGxm0WiGWTH6R33l3zTJN1nhxZK-pYYzZYY5Ui9ww8eOOpESGZvvt017UsC3KdLNh9Yj1cmsd_wQyBQEsLQMX5Tnl1qkQltulv-F7DrbMKHLQS_pPI0s8RygG3Aj3gVDgG8yOcxgzVDc6yZwEFp1ypua2G1SML24Mh8AEsNma3ucD4AQBkgUECAQYAZIFBAgFGASgBgKAB9CRlV6oB47OG6gHk9gbqAfulrECqAf-nrECqAfVyRuoB6a-G9gHAfIHBBCLjALSCAkIgOGAEBABGB2ACgPICwHYEw3QFQGYFgGAFwGyFx4KHAgAEhRwdWItMjE5MjAwMjUzNjE3MDE1ORiC8Qc&sigh=8jyxaLeJR3E&uach_m=[UACH]&uap=UACH(platform)&uapv=UACH(platformVersion)&uaa=UACH(architecture)&uam=UACH(model)&uafv=UACH(uaFullVersion)&uab=UACH(bitness)
Requested by: Host: www.tranquilforrestt3.xyz
URL: http://www.tranquilforrestt3.xyz/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 142.250.185.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra16s49-in-f2.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www.tranquilforrestt3.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

GET
H3 200 oVIaA8DHLQK8xPwSs1vijU2jqi1uqHC3deFYmTpVz9A.js Show response
pagead2.googlesyndication.com/bg/ Frame 81CA 35 KB
13 KB 37ms
37ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/oVIaA8DHLQK8xPwSs1vijU2jqi1uqHC3deFYmTpVz9A.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a1521a03c0c72d02bcc4fc12b35be28d4da3aa2d6ea870b775e158993a55cfd0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Fri, 28 Jan 2022 10:36:53 GMT
content-encoding: br
x-content-type-options: nosniff
age: 11374
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13582
x-xss-protection: 0
last-modified: Mon, 24 Jan 2022 14:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sat, 28 Jan 2023 10:36:53 GMT

GET
H/1.1

200
OK

request.php Show response
hal90003.redintelligence.net/ Frame B576
Redirect Chain

https://hal90003.redintelligence.net/request.php?zone=npoee1nv94vs&nw=20&renderingType=javascript&namespace=6d54706880&subid=&uid=b428444764c4ff02&screenSize=1600x1200&screenSizeAvail=1600x1200&cli...
https://hal90003.redintelligence.net/request.php?zone=npoee1nv94vs&nw=20&renderingType=javascript&namespace=6d54706880&subid=&uid=b428444764c4ff02&screenSize=1600x1200&screenSizeAvail=1600x1200&cli...

4 KB
2 KB

104ms
82ms

Script
application/x-javascript

138.201.63.117
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal90003.redintelligence.net/request.php?zone=npoee1nv94vs&nw=20&renderingType=javascript&namespace=6d54706880&subid=&uid=b428444764c4ff02&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=300x250&scrollPos=0x0&extData[]=&envData=&gdpr=-1&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCI5v5svPzYYHeMND5-gbno6mABbXN-YNXzN65q-UM8C4QASD_58geYJXikIKgB8gBCakC0TMiCJ2vsj6oAwGqBO8BT9DhdVczv9428O2_BjiEAI5UHAvw4T5twSgOskDGRcX5FJakUo1LV3mpquOtPxobXENgKmeXZ4bFgGp0qWOXtQA2jnjAmR6rGhsNr968dGAHUYum_QMmUaNV80ahQ9uXKZR0b2m6MGEZw-MuFJgLbTSREfHbW2zparqCPlJi8Zv2ICBLAeb6y9vjB6EvT_jFzOMks_tyGEYujr412pvAtg6H7NCeVgZim4vDssg4ipjwwWfA4B6MltDH16BYMQc38ezFPPblDnIwOurQzzPfpxwxoRr0vLGhJyGfwwTvDxUMKRoybAcMZrjml9B9UVPABKqd_L7PAeAEA5AGAaAGTYAH6-foXqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB9XJG6gHpr4bqAfz0RuoB5bYG6gHqpuxAqgH35-xAtgHANIICQiA4YAQEAEYHYAKA5gLAcgLAYAMAbAT3JnrDdATANgTA9gUAdAVAYAXAQ%26ae%3D1%26num%3D1%26cid%3DCAASEuRoY00iCdPLvO2BEKKVJ0t2gA%26sig%3DAOD64_0PsSyQgGvdpCxxU-auyoz4EAFBNw%26client%3Dca-pub-2192002536170159%26dbm_c%3DAKAmf-BHAySTd6h5rL_a7Ybk3bYicod7IMbe_uyfqEd_6BoeqW7IV5IMXzy10y6_ZZyHmYYrDNyYS2lAvCXtXBnz6-KV7FtmuZq2sXL5fAB_VUhYVopp1OhBkKCyUwhSPrAGldBoEjGq94yIXOoaT7yEPX99c2Wpgg%26cry%3D1%26dbm_d%3DAKAmf-AbF5PMg6K-0EeroMqKLvwXIvSVO8cFD_Y45IY9DfyO3sUWtcTO8rncjC8OlA6nqibMjgDsHjPF7H0zmRSezeRkoMcWO8QAadzmxplWaZdlmiXmfu3pOhrI2NIiVEMLkwQQObBjGFn5jukvNvvVWu2Gf07PMlrGZnPqHOrjLnip4hcLXn7NKd3uWKjZ1qQn-vOvrJDDDvi8u5KepaUztE6ILJg3wuPumoz07xWh-s9boVj_-fiZjA_Fn3xZqEmELV_O6VzVP1pYfRNw-WCeQClr7UY-idICbC4BGj2DmB_xoY3cli71lpHCk7TCffklAU4T3rhj8YQ262VR12aReeXPqILsPF46kD82vpGFp50cqBEq6fH_Eg7QBb7_HdmP6FoUYB9-e_oAie0g1MCetiB-VB6JQQ%26adurl%3D&documentReferer=http%3A%2F%2Fwww.tranquilforrestt3.xyz%2F&ancestorOrigins=http%3A%2F%2Fwww.tranquilforrestt3.xyz&random=9015614728628&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0&uidRedirect=1
Requested by: Host: 2ee9f9c2d9910c8713dfd6416585c71c.safeframe.googlesyndication.com
URL: https://2ee9f9c2d9910c8713dfd6416585c71c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: HTTP/1.1
Server: 138.201.63.117 Neulussheim, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.117.63.201.138.clients.your-server.de
Software: Apache /
Resource Hash: 1c340e12fd339deae1b8494c5e7e2b2a0ef75eb76e9b8adb0f62c6893fd6f25a

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://2ee9f9c2d9910c8713dfd6416585c71c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 28 Jan 2022 13:46:27 GMT
Content-Encoding: gzip
Server: Apache
Vary: Accept-Encoding
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
X-NEORY-SubId: 62201000133746800710616011853003
Connection: close
Content-Type: application/x-javascript; charset=utf-8
Content-Length: 1315
Expires: Fri, 28 Jan 2022 13:46:27 +0100

Redirect headers

Pragma: no-cache
Date: Fri, 28 Jan 2022 13:46:27 GMT
Server: Apache
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Location: request.php?zone=npoee1nv94vs&nw=20&renderingType=javascript&namespace=6d54706880&subid=&uid=b428444764c4ff02&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=300x250&scrollPos=0x0&extData[]=&envData=&gdpr=-1&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCI5v5svPzYYHeMND5-gbno6mABbXN-YNXzN65q-UM8C4QASD_58geYJXikIKgB8gBCakC0TMiCJ2vsj6oAwGqBO8BT9DhdVczv9428O2_BjiEAI5UHAvw4T5twSgOskDGRcX5FJakUo1LV3mpquOtPxobXENgKmeXZ4bFgGp0qWOXtQA2jnjAmR6rGhsNr968dGAHUYum_QMmUaNV80ahQ9uXKZR0b2m6MGEZw-MuFJgLbTSREfHbW2zparqCPlJi8Zv2ICBLAeb6y9vjB6EvT_jFzOMks_tyGEYujr412pvAtg6H7NCeVgZim4vDssg4ipjwwWfA4B6MltDH16BYMQc38ezFPPblDnIwOurQzzPfpxwxoRr0vLGhJyGfwwTvDxUMKRoybAcMZrjml9B9UVPABKqd_L7PAeAEA5AGAaAGTYAH6-foXqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB9XJG6gHpr4bqAfz0RuoB5bYG6gHqpuxAqgH35-xAtgHANIICQiA4YAQEAEYHYAKA5gLAcgLAYAMAbAT3JnrDdATANgTA9gUAdAVAYAXAQ%26ae%3D1%26num%3D1%26cid%3DCAASEuRoY00iCdPLvO2BEKKVJ0t2gA%26sig%3DAOD64_0PsSyQgGvdpCxxU-auyoz4EAFBNw%26client%3Dca-pub-2192002536170159%26dbm_c%3DAKAmf-BHAySTd6h5rL_a7Ybk3bYicod7IMbe_uyfqEd_6BoeqW7IV5IMXzy10y6_ZZyHmYYrDNyYS2lAvCXtXBnz6-KV7FtmuZq2sXL5fAB_VUhYVopp1OhBkKCyUwhSPrAGldBoEjGq94yIXOoaT7yEPX99c2Wpgg%26cry%3D1%26dbm_d%3DAKAmf-AbF5PMg6K-0EeroMqKLvwXIvSVO8cFD_Y45IY9DfyO3sUWtcTO8rncjC8OlA6nqibMjgDsHjPF7H0zmRSezeRkoMcWO8QAadzmxplWaZdlmiXmfu3pOhrI2NIiVEMLkwQQObBjGFn5jukvNvvVWu2Gf07PMlrGZnPqHOrjLnip4hcLXn7NKd3uWKjZ1qQn-vOvrJDDDvi8u5KepaUztE6ILJg3wuPumoz07xWh-s9boVj_-fiZjA_Fn3xZqEmELV_O6VzVP1pYfRNw-WCeQClr7UY-idICbC4BGj2DmB_xoY3cli71lpHCk7TCffklAU4T3rhj8YQ262VR12aReeXPqILsPF46kD82vpGFp50cqBEq6fH_Eg7QBb7_HdmP6FoUYB9-e_oAie0g1MCetiB-VB6JQQ%26adurl%3D&documentReferer=http%3A%2F%2Fwww.tranquilforrestt3.xyz%2F&ancestorOrigins=http%3A%2F%2Fwww.tranquilforrestt3.xyz&random=9015614728628&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0&uidRedirect=1
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 0
Expires: Fri, 28 Jan 2022 13:46:27 +0100

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 81CA 0
20 B 74ms
74ms Image
image/gif 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BF504s_PzYc3lFNXd7_UPxKihoAYAAAAAOAHgBAI&bg=!R0SlRADNAAY6OBv_Ojg7ACkAdvg8WvoGaOi1Owd4QEkek3OKU8lkSTYMZqtU5JmPAge6ixGp05TceAIAAAA-UgAAAAJoAQcKAFlEXbetmwT24DBGv4xN8U-tARVNNZPNePpOBBq2wouUOi62xbDsOn7vUIj55TgazOaRaFxBLJ4DFlwKPnCZmfOQZVevOIpROR_XO6VHOJ81ypZM09Ajr2-wGJkDD_ydyVuhyfQPlt_jD8M--iTbd9N1H09F7bjkr1oEye99t8ouU0xxDkS-Dh8Hogg8_JaDrcZFjICdqcvPPaPGQNY0wFmGEb_FHQtukkdl8oYyYNJ4ATe5KU6W9KGDKMMTc5QnxznqB2lMG1_hDTWDOluELjdHKojh4nXwZplc6LmhKU-cBVdmUjEfxzCE0hzzTv_nFFEL4YNY2MrFalUqjeu9StEneZFdzNS5T2T3XM4gvbDvGMi9oWAwD508cFi1OtuqsWQTS9DuU44IusWA026zFVzDvLnhZQH1eAEyVI8f_pjkYTJ8D2rZo6JN5dTMEX790kCw015L0Wua3k4BSbeW4pDnkaEx9Mn3bYSIGYZ9QcnW1szZ9YWtzCBk489bfRn-Cj0wZT61c0TxKYTh8fNzJ-4W0DsspXJpqF12IogipguoIVAIvZSIQPqnZYPWpTjAJyaolb6AQzGaabemBoPqUhLmYh_tRCPFpTJeusTK2zgtjS16mRhhIRppoF8Vb0kqSan3h7ZfNCMRU8fERVYKY9b0Je19tYPDOg7ly57728dLzgZShtO2rnmbh1EXYvD7F_MVU3txSdfgVxapsZ17WufY010sio5rLsNZa3Me5ps_yBYBbm6StYwGAlCXQNvNi0DWTcfxuekAPLPL9SWFwqPomCbYV2NrUijZT-NoWWpmdpfv4KgaZbgfp0gJ1NOc0sXvfwNyU37sFfRiPfqYiHRQ7R7J6sr7HIzc9pp8OG3-BeCVfXk2_X7OpNWwvECC_rTDdQGeJgUXNAZ_oj0jw5IvRx9djxFv6oTHSq_QMw0BZgzqW_CX-1VMKVV_pFxgS6LbSX30QBgNAcCBghejUEm9zUGZotjvQUP4jrfWgSzWGXxqqY_56Mx5t5eMJlK9CKsSIbEia5blPWDiBGx27jQLKGft5pMDAE4AQFVpLtUKzsfCiT10yOpvXzWgtBCFXeD5xZMKa9zp0iy90UW_amkpJGtNWdqAzrEGHB4RdZLOzJOfG5ljGJNU7s7T2X0WUnQxELIGx3VtC5c-Rw

Requested by

Host: 2ee9f9c2d9910c8713dfd6416585c71c.safeframe.googlesyndication.com
URL: https://2ee9f9c2d9910c8713dfd6416585c71c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 28 Jan 2022 13:46:27 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

si
googleads.g.doubleclick.net/pagead/drt/ Frame D604
Redirect Chain

http://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

0
0

118ms
117ms

Image
text/html

2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Requested by: Host: www.tranquilforrestt3.xyz
URL: http://www.tranquilforrestt3.xyz/
Protocol: H3
Server: 2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Redirect headers

Date: Fri, 28 Jan 2022 13:46:27 GMT
X-Content-Type-Options: nosniff
Server: cafe
Content-Type: text/html; charset=UTF-8
Location: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Cache-Control: private
Content-Length: 0
X-XSS-Protection: 0

GET
H2

200

view.aspx Show response
pb.media01.eu/ Frame 51D6
Redirect Chain

https://pv.medialead.de/trck/epv/e99aace94e6e5873881d3400993e1e7e?subid=62201000133746800710616011853003&t=htlp
https://pb.media01.eu/view.aspx?trackid=529D4F146E3238B0FD87AE72E1190AD4&dt_subid1=52180&dt_subid2=62201000133746800710616011853003&actionid=879111&produktid=ratenkredit&dt_url=

0
628 B

408ms
370ms

Document
text/html

88.198.250.30
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://pb.media01.eu/view.aspx?trackid=529D4F146E3238B0FD87AE72E1190AD4&dt_subid1=52180&dt_subid2=62201000133746800710616011853003&actionid=879111&produktid=ratenkredit&dt_url=

Requested by

Host: hal90003.redintelligence.net
URL: https://hal90003.redintelligence.net/request.php?zone=npoee1nv94vs&nw=20&renderingType=javascript&namespace=6d54706880&subid=&uid=b428444764c4ff02&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=300x250&scrollPos=0x0&extData[]=&envData=&gdpr=-1&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCI5v5svPzYYHeMND5-gbno6mABbXN-YNXzN65q-UM8C4QASD_58geYJXikIKgB8gBCakC0TMiCJ2vsj6oAwGqBO8BT9DhdVczv9428O2_BjiEAI5UHAvw4T5twSgOskDGRcX5FJakUo1LV3mpquOtPxobXENgKmeXZ4bFgGp0qWOXtQA2jnjAmR6rGhsNr968dGAHUYum_QMmUaNV80ahQ9uXKZR0b2m6MGEZw-MuFJgLbTSREfHbW2zparqCPlJi8Zv2ICBLAeb6y9vjB6EvT_jFzOMks_tyGEYujr412pvAtg6H7NCeVgZim4vDssg4ipjwwWfA4B6MltDH16BYMQc38ezFPPblDnIwOurQzzPfpxwxoRr0vLGhJyGfwwTvDxUMKRoybAcMZrjml9B9UVPABKqd_L7PAeAEA5AGAaAGTYAH6-foXqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB9XJG6gHpr4bqAfz0RuoB5bYG6gHqpuxAqgH35-xAtgHANIICQiA4YAQEAEYHYAKA5gLAcgLAYAMAbAT3JnrDdATANgTA9gUAdAVAYAXAQ%26ae%3D1%26num%3D1%26cid%3DCAASEuRoY00iCdPLvO2BEKKVJ0t2gA%26sig%3DAOD64_0PsSyQgGvdpCxxU-auyoz4EAFBNw%26client%3Dca-pub-2192002536170159%26dbm_c%3DAKAmf-BHAySTd6h5rL_a7Ybk3bYicod7IMbe_uyfqEd_6BoeqW7IV5IMXzy10y6_ZZyHmYYrDNyYS2lAvCXtXBnz6-KV7FtmuZq2sXL5fAB_VUhYVopp1OhBkKCyUwhSPrAGldBoEjGq94yIXOoaT7yEPX99c2Wpgg%26cry%3D1%26dbm_d%3DAKAmf-AbF5PMg6K-0EeroMqKLvwXIvSVO8cFD_Y45IY9DfyO3sUWtcTO8rncjC8OlA6nqibMjgDsHjPF7H0zmRSezeRkoMcWO8QAadzmxplWaZdlmiXmfu3pOhrI2NIiVEMLkwQQObBjGFn5jukvNvvVWu2Gf07PMlrGZnPqHOrjLnip4hcLXn7NKd3uWKjZ1qQn-vOvrJDDDvi8u5KepaUztE6ILJg3wuPumoz07xWh-s9boVj_-fiZjA_Fn3xZqEmELV_O6VzVP1pYfRNw-WCeQClr7UY-idICbC4BGj2DmB_xoY3cli71lpHCk7TCffklAU4T3rhj8YQ262VR12aReeXPqILsPF46kD82vpGFp50cqBEq6fH_Eg7QBb7_HdmP6FoUYB9-e_oAie0g1MCetiB-VB6JQQ%26adurl%3D&documentReferer=http%3A%2F%2Fwww.tranquilforrestt3.xyz%2F&ancestorOrigins=http%3A%2F%2Fwww.tranquilforrestt3.xyz&random=9015614728628&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

88.198.250.30 , Germany, ASN24940 (HETZNER-AS, DE),

Reverse DNS

Software

Microsoft-IIS/10.0 / ASP.NET

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://2ee9f9c2d9910c8713dfd6416585c71c.safeframe.googlesyndication.com/

Response headers

cache-control: no-cache, must-revalidate
pragma: no-cache
content-type: text/html; charset=UTF-8
expires: Mon, 26 Jul 1997 05:00:00 GMT
last-modified: Fri, 28 Jan 2022 02:46:27 GMT
server: Microsoft-IIS/10.0
p3p: policyref="https://pb.media01.eu/pb.media01.eu/p3p.xml", CP="NOI NID PSA OUR BUS NAV STA"
access-control-allow-origin: *
access-control-allow-credentials: true
x-xss-protection: 1; mode=block
access-control-allow-methods: GET,POST
access-control-allow-headers: Content-Type, Content-Range, Content-Disposition, Content-Description, X-XSRF-TOKEN, X-Location
x-aspnet-version: 4.0.30319
x-powered-by: ASP.NET
date: Fri, 28 Jan 2022 13:46:27 GMT
content-length: 0

Redirect headers

Server: nginx/1.17.5
Date: Fri, 28 Jan 2022 13:46:27 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Keep-Alive: timeout=20
X-Powered-By: PHP/7.2.21
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET,PUT,POST,DELETE,OPTIONS
Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Range, Content-Disposition, Content-Type, Authorization
Access-Control-Allow-Credentials: true
Location: https://pb.media01.eu/view.aspx?trackid=529D4F146E3238B0FD87AE72E1190AD4&dt_subid1=52180&dt_subid2=62201000133746800710616011853003&actionid=879111&produktid=ratenkredit&dt_url=
Strict-Transport-Security: max-age=63072000;includeSubdomains;preload max-age=15768000
X-IPLB-Request-ID: B9D59BA5:DB56_91EFC182:01BB_61F3F3B3_11DE5474:297EA
X-IPLB-Instance: 40028
Cache-control: private

GET
H2 200 / Show response
adv.office-partner.de/ Frame EF04 930 B
931 B 114ms
8ms Document
text/html 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to

Full URL: https://adv.office-partner.de/?utm_source=webgains&utm_campaign=webgains
Requested by: Host: hal90003.redintelligence.net
URL: https://hal90003.redintelligence.net/request.php?zone=npoee1nv94vs&nw=20&renderingType=javascript&namespace=6d54706880&subid=&uid=b428444764c4ff02&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=300x250&scrollPos=0x0&extData[]=&envData=&gdpr=-1&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCI5v5svPzYYHeMND5-gbno6mABbXN-YNXzN65q-UM8C4QASD_58geYJXikIKgB8gBCakC0TMiCJ2vsj6oAwGqBO8BT9DhdVczv9428O2_BjiEAI5UHAvw4T5twSgOskDGRcX5FJakUo1LV3mpquOtPxobXENgKmeXZ4bFgGp0qWOXtQA2jnjAmR6rGhsNr968dGAHUYum_QMmUaNV80ahQ9uXKZR0b2m6MGEZw-MuFJgLbTSREfHbW2zparqCPlJi8Zv2ICBLAeb6y9vjB6EvT_jFzOMks_tyGEYujr412pvAtg6H7NCeVgZim4vDssg4ipjwwWfA4B6MltDH16BYMQc38ezFPPblDnIwOurQzzPfpxwxoRr0vLGhJyGfwwTvDxUMKRoybAcMZrjml9B9UVPABKqd_L7PAeAEA5AGAaAGTYAH6-foXqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB9XJG6gHpr4bqAfz0RuoB5bYG6gHqpuxAqgH35-xAtgHANIICQiA4YAQEAEYHYAKA5gLAcgLAYAMAbAT3JnrDdATANgTA9gUAdAVAYAXAQ%26ae%3D1%26num%3D1%26cid%3DCAASEuRoY00iCdPLvO2BEKKVJ0t2gA%26sig%3DAOD64_0PsSyQgGvdpCxxU-auyoz4EAFBNw%26client%3Dca-pub-2192002536170159%26dbm_c%3DAKAmf-BHAySTd6h5rL_a7Ybk3bYicod7IMbe_uyfqEd_6BoeqW7IV5IMXzy10y6_ZZyHmYYrDNyYS2lAvCXtXBnz6-KV7FtmuZq2sXL5fAB_VUhYVopp1OhBkKCyUwhSPrAGldBoEjGq94yIXOoaT7yEPX99c2Wpgg%26cry%3D1%26dbm_d%3DAKAmf-AbF5PMg6K-0EeroMqKLvwXIvSVO8cFD_Y45IY9DfyO3sUWtcTO8rncjC8OlA6nqibMjgDsHjPF7H0zmRSezeRkoMcWO8QAadzmxplWaZdlmiXmfu3pOhrI2NIiVEMLkwQQObBjGFn5jukvNvvVWu2Gf07PMlrGZnPqHOrjLnip4hcLXn7NKd3uWKjZ1qQn-vOvrJDDDvi8u5KepaUztE6ILJg3wuPumoz07xWh-s9boVj_-fiZjA_Fn3xZqEmELV_O6VzVP1pYfRNw-WCeQClr7UY-idICbC4BGj2DmB_xoY3cli71lpHCk7TCffklAU4T3rhj8YQ262VR12aReeXPqILsPF46kD82vpGFp50cqBEq6fH_Eg7QBb7_HdmP6FoUYB9-e_oAie0g1MCetiB-VB6JQQ%26adurl%3D&documentReferer=http%3A%2F%2Fwww.tranquilforrestt3.xyz%2F&ancestorOrigins=http%3A%2F%2Fwww.tranquilforrestt3.xyz&random=9015614728628&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),
Reverse DNS
Software: keycdn-engine /
Resource Hash: 384179ee8fb1fd393558e28ea811532ea776e8cd69f9e94f379ddefb78948bd7

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://2ee9f9c2d9910c8713dfd6416585c71c.safeframe.googlesyndication.com/

Response headers

server: keycdn-engine
date: Fri, 28 Jan 2022 13:46:27 GMT
content-type: text/html
content-length: 552
x-accel-version: 0.01
last-modified: Thu, 06 May 2021 15:37:28 GMT
etag: "3a2-5c1ab16b3be00-gzip"
vary: Accept-Encoding
content-encoding: gzip
expires: Fri, 04 Feb 2022 13:46:27 GMT
cache-control: max-age=604800
link: <https://adv-srv.office-partner.de/?utm_source=webgains&utm_campaign=webgains>; rel="canonical"
x-cache: HIT
x-edge-location: defr
access-control-allow-origin: *
accept-ranges: bytes

GET
H/1.1 200
OK link.html Show response
track.webgains.com/ Frame B576 1 KB
2 KB 254ms
132ms Script
text/html 46.236.13.147
PULSANT-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://track.webgains.com/link.html?wglinkid=2513145&wgcampaignid=99582&js=1&viewref=62201000133746800710616011853003&nw=1
Requested by: Host: www.tranquilforrestt3.xyz
URL: http://www.tranquilforrestt3.xyz/
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_CBC
Server: 46.236.13.147 , United Kingdom, ASN12703 (PULSANT-AS, GB),
Reverse DNS: 46-236-13-147.servers.dedipower.net
Software: Apache /
Resource Hash: cf1f351054ea1b90bf89adfb7550b8ac8606f7fb3ae2a2351b4605f3e2ceca6e

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://2ee9f9c2d9910c8713dfd6416585c71c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 28 Jan 2022 13:46:27 GMT
Last-Modified: Fri, 28 Jan 2022 13:46:27 GMT
Server: Apache
P3P: policyref="http://www.webgains.com/w3c/p3p.xml", CP="NON DSP COR NID ADM DEV CURi OUR NOR COM NAV"
X-WG-cache: hit
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: close
Content-Type: text/html;charset=utf-8
Content-Length: 1233
Expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H3

200

activityi;dc_pre=CKCL6crK1PUCFZjRUQodftkObw;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=2558020600155.462 Show response
5994599.fls.doubleclick.net/ Frame 0210
Redirect Chain

https://5994599.fls.doubleclick.net/activityi;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=2558020600155.462?
https://5994599.fls.doubleclick.net/activityi;dc_pre=CKCL6crK1PUCFZjRUQodftkObw;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=2558020600155.462?

391 B
346 B

106ms
57ms

Document
text/html

142.250.185.198
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://5994599.fls.doubleclick.net/activityi;dc_pre=CKCL6crK1PUCFZjRUQodftkObw;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=2558020600155.462?

Requested by

Host: www.tranquilforrestt3.xyz
URL: http://www.tranquilforrestt3.xyz/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.198 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f6.1e100.net

Software

cafe /

Resource Hash

db5b389225ba5031b158a4162ebac963cee2734923aed60828bf579af7330a6e

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
Strict-Transport-Security	max-age=21600
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://2ee9f9c2d9910c8713dfd6416585c71c.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
date: Fri, 28 Jan 2022 13:46:27 GMT
expires: Fri, 28 Jan 2022 13:46:27 GMT
cache-control: private, max-age=0
strict-transport-security: max-age=21600
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 322
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

Redirect headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
date: Fri, 28 Jan 2022 13:46:27 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
follow-only-when-prerender-shown: 1
strict-transport-security: max-age=21600
location: https://5994599.fls.doubleclick.net/activityi;dc_pre=CKCL6crK1PUCFZjRUQodftkObw;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=2558020600155.462?
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
server: cafe
content-length: 0
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H/1.1 200
OK request_content.php Show response
hal90003.redintelligence.net/ Frame 94BC 7 KB
2 KB 37ms
14ms Document
text/html 138.201.63.117
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal90003.redintelligence.net/request_content.php?s=62201000133746800710616011853003&a=db988fd1
Requested by: Host: hal90003.redintelligence.net
URL: https://hal90003.redintelligence.net/request.php?zone=npoee1nv94vs&nw=20&renderingType=javascript&namespace=6d54706880&subid=&uid=b428444764c4ff02&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=300x250&scrollPos=0x0&extData[]=&envData=&gdpr=-1&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCI5v5svPzYYHeMND5-gbno6mABbXN-YNXzN65q-UM8C4QASD_58geYJXikIKgB8gBCakC0TMiCJ2vsj6oAwGqBO8BT9DhdVczv9428O2_BjiEAI5UHAvw4T5twSgOskDGRcX5FJakUo1LV3mpquOtPxobXENgKmeXZ4bFgGp0qWOXtQA2jnjAmR6rGhsNr968dGAHUYum_QMmUaNV80ahQ9uXKZR0b2m6MGEZw-MuFJgLbTSREfHbW2zparqCPlJi8Zv2ICBLAeb6y9vjB6EvT_jFzOMks_tyGEYujr412pvAtg6H7NCeVgZim4vDssg4ipjwwWfA4B6MltDH16BYMQc38ezFPPblDnIwOurQzzPfpxwxoRr0vLGhJyGfwwTvDxUMKRoybAcMZrjml9B9UVPABKqd_L7PAeAEA5AGAaAGTYAH6-foXqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB9XJG6gHpr4bqAfz0RuoB5bYG6gHqpuxAqgH35-xAtgHANIICQiA4YAQEAEYHYAKA5gLAcgLAYAMAbAT3JnrDdATANgTA9gUAdAVAYAXAQ%26ae%3D1%26num%3D1%26cid%3DCAASEuRoY00iCdPLvO2BEKKVJ0t2gA%26sig%3DAOD64_0PsSyQgGvdpCxxU-auyoz4EAFBNw%26client%3Dca-pub-2192002536170159%26dbm_c%3DAKAmf-BHAySTd6h5rL_a7Ybk3bYicod7IMbe_uyfqEd_6BoeqW7IV5IMXzy10y6_ZZyHmYYrDNyYS2lAvCXtXBnz6-KV7FtmuZq2sXL5fAB_VUhYVopp1OhBkKCyUwhSPrAGldBoEjGq94yIXOoaT7yEPX99c2Wpgg%26cry%3D1%26dbm_d%3DAKAmf-AbF5PMg6K-0EeroMqKLvwXIvSVO8cFD_Y45IY9DfyO3sUWtcTO8rncjC8OlA6nqibMjgDsHjPF7H0zmRSezeRkoMcWO8QAadzmxplWaZdlmiXmfu3pOhrI2NIiVEMLkwQQObBjGFn5jukvNvvVWu2Gf07PMlrGZnPqHOrjLnip4hcLXn7NKd3uWKjZ1qQn-vOvrJDDDvi8u5KepaUztE6ILJg3wuPumoz07xWh-s9boVj_-fiZjA_Fn3xZqEmELV_O6VzVP1pYfRNw-WCeQClr7UY-idICbC4BGj2DmB_xoY3cli71lpHCk7TCffklAU4T3rhj8YQ262VR12aReeXPqILsPF46kD82vpGFp50cqBEq6fH_Eg7QBb7_HdmP6FoUYB9-e_oAie0g1MCetiB-VB6JQQ%26adurl%3D&documentReferer=http%3A%2F%2Fwww.tranquilforrestt3.xyz%2F&ancestorOrigins=http%3A%2F%2Fwww.tranquilforrestt3.xyz&random=9015614728628&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.63.117 Neulussheim, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.117.63.201.138.clients.your-server.de
Software: Apache /
Resource Hash: c0c45149c460dd911e4a9cf7a4180d1b7ff5e3f8efcd6daa794fa1bec0dff44a

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://2ee9f9c2d9910c8713dfd6416585c71c.safeframe.googlesyndication.com/

Response headers

Date: Fri, 28 Jan 2022 13:46:27 GMT
Server: Apache
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Expires: Fri, 28 Jan 2022 13:46:27 +0100
Pragma: no-cache
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 2050
Connection: close
Content-Type: text/html; charset=utf-8

GET
H/1.1

200
OK

native.png
ad-server.eu/wm/pb/ Frame B576
Redirect Chain

https://medialead.de/trck/eview/e99aace94e6e5873881d3400993e1e7e?subid=62201000133746800710616011853003
https://pv.medialead.de/trck/eview/e99aace94e6e5873881d3400993e1e7e?subid=62201000133746800710616011853003
https://ad-server.eu/wm/pb/native.png

68 B
312 B

155ms
30ms

Image
image/png

54.76.176.197
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ad-server.eu/wm/pb/native.png
Requested by: Host: 2ee9f9c2d9910c8713dfd6416585c71c.safeframe.googlesyndication.com
URL: https://2ee9f9c2d9910c8713dfd6416585c71c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: HTTP/1.1
Server: 54.76.176.197 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-76-176-197.eu-west-1.compute.amazonaws.com
Software: nginx/1.4.6 (Ubuntu) /
Resource Hash: 93ae7d494fad0fb30cbf3ae746a39c4bc7a0f8bbf87fbb587a3f3c01f3c5ce20

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://2ee9f9c2d9910c8713dfd6416585c71c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Fri, 28 Jan 2022 13:51:51 GMT
Last-Modified: Sat, 21 Dec 2019 23:06:59 GMT
Server: nginx/1.4.6 (Ubuntu)
ETag: "5dfea593-44"
Content-Type: image/png
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 68

Redirect headers

Date: Fri, 28 Jan 2022 13:46:27 GMT
Server: nginx/1.17.5
X-IPLB-Request-ID: B9D59BA5:DB74_91EFC182:01BB_61F3F3B3_11E56220:297E8
X-Powered-By: PHP/7.2.21
X-IPLB-Instance: 40028
Strict-Transport-Security: max-age=63072000;includeSubdomains;preload, max-age=15768000
Content-Type: text/html; charset=UTF-8
Location: https://ad-server.eu/wm/pb/native.png
Cache-control: private
Transfer-Encoding: chunked
Keep-Alive: timeout=20

GET
H/1.1 200
OK cshow.php
www.awin1.com/ Frame B576 43 B
702 B 40ms
14ms Image
image/gif 104.111.239.217
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.awin1.com/cshow.php?s=2519595&v=14098&q=379097&r=296283&pref1=62201000133746800710616011853003&pv=1

Requested by

Host: 2ee9f9c2d9910c8713dfd6416585c71c.safeframe.googlesyndication.com
URL: https://2ee9f9c2d9910c8713dfd6416585c71c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

104.111.239.217 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-111-239-217.deploy.static.akamaitechnologies.com

Software

Resource Hash

2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://2ee9f9c2d9910c8713dfd6416585c71c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 28 Jan 2022 13:46:27 GMT
Strict-Transport-Security: max-age=86400
P3P: policyref="http://www.awin1.com/w3c/p3p.xml", CP="NOI NID CURa ADMa PSAa HISa OUR IND UNI PUR COM NAV"
Cache-Control: no-store, no-cache, max-age=0, must-revalidate
Awin-Akamai-Rule-Set: default
Node: Helix
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: 0

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 5E80 1 KB
749 B 36ms
36ms Document
text/html 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: 2ee9f9c2d9910c8713dfd6416585c71c.safeframe.googlesyndication.com
URL: https://2ee9f9c2d9910c8713dfd6416585c71c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://2ee9f9c2d9910c8713dfd6416585c71c.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 724
x-xss-protection: 0
date: Fri, 28 Jan 2022 05:53:44 GMT
expires: Sat, 29 Jan 2022 05:53:44 GMT
cache-control: public, max-age=86400
age: 28363
etag: 48472445140208031
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
DATA 200
OK truncated
/ Frame B576 217 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 39661433237b58535a637703b1e1ea6f31c496e9991d0022c8b8645e6fe23a9a

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 css
fonts.googleapis.com/ Frame 94BC 4 KB
649 B 95ms
48ms Stylesheet
text/css 2a00:1450:4001:830::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Source+Sans+Pro:400,600

Requested by

Host: hal90003.redintelligence.net
URL: https://hal90003.redintelligence.net/request_content.php?s=62201000133746800710616011853003&a=db988fd1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

ad246d47536dacf0256646042ec184678bfc630fcb638d9199bd66cf8cb5e457

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hal90003.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Fri, 28 Jan 2022 12:16:11 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Fri, 28 Jan 2022 13:46:27 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Fri, 28 Jan 2022 13:46:27 GMT

GET
H/1.1 200
OK /
hal9000.redintelligence.net/scale/ Frame 94BC 16 KB
16 KB 37ms
14ms Image
image/png 78.46.23.46
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://hal9000.redintelligence.net/scale/?nw=20&mode=bb&width=120&height=60&url=https://cdn.contentspread.net/24i/advertiser/6383/creativesup/postbank_pool_privatkredit_1200x627.jpg
Requested by: Host: hal90003.redintelligence.net
URL: https://hal90003.redintelligence.net/request_content.php?s=62201000133746800710616011853003&a=db988fd1
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 78.46.23.46 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.46.23.46.78.clients.your-server.de
Software: Apache /
Resource Hash: c4a8e00892a69975772b08ec4fbc25082204066e0a8cfc578af90c061fe2881a

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hal90003.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Fri, 28 Jan 2022 13:46:27 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 16247
Vary: Accept-Encoding
Content-Type: image/png

GET
H/1.1 200
OK /
hal9000.redintelligence.net/scale/ Frame 94BC 16 KB
16 KB 38ms
15ms Image
image/png 78.46.23.46
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://hal9000.redintelligence.net/scale/?nw=20&mode=bb&width=120&height=60&url=https://cdn.contentspread.net/24i/advertiser/30229/creativesup/1200x627_Office-Partner.jpg
Requested by: Host: hal90003.redintelligence.net
URL: https://hal90003.redintelligence.net/request_content.php?s=62201000133746800710616011853003&a=db988fd1
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 78.46.23.46 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.46.23.46.78.clients.your-server.de
Software: Apache /
Resource Hash: b814b56e3d3cbc4cde6169af093d68fa82b5898f1fc7a41f772cc9d37a0a9971

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hal90003.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Fri, 28 Jan 2022 13:46:27 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 16532
Vary: Accept-Encoding
Content-Type: image/png

GET
H/1.1 200
OK /
hal9000.redintelligence.net/scale/ Frame 94BC 17 KB
17 KB 38ms
15ms Image
image/png 78.46.23.46
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://hal9000.redintelligence.net/scale/?nw=20&mode=bb&width=120&height=60&url=https://cdn.contentspread.net/24i/advertiser/3839/creativesup/father_daughter_1200x627.jpg
Requested by: Host: hal90003.redintelligence.net
URL: https://hal90003.redintelligence.net/request_content.php?s=62201000133746800710616011853003&a=db988fd1
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 78.46.23.46 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.46.23.46.78.clients.your-server.de
Software: Apache /
Resource Hash: aa60fc7869615136327d9df5364ddcddd23d48e1c5625f69e1e257e550a41c93

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hal90003.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Fri, 28 Jan 2022 13:46:27 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 16858
Vary: Accept-Encoding
Content-Type: image/png

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 5E80
Redirect Chain

https://sync-tm.everesttech.net/upi/pid/5w3jqr4k?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dg8f47s39e399f3fe%26google_hm%3D%24%7BTM_USER_ID_BASE64ENC_URLENC%7D&google_gid=CAESE...
https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=WWZQenN3QUI4LV90bHdCQg==&google_gid=CAESEBrcyqIPs0GEnckQuxZS9m0&google_cver=1&google_push=AYg5qPJ0kZlRlDtEU8Y32rTobxAbjYGiZn...

170 B
188 B

51ms
50ms

Image
image/png

142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=WWZQenN3QUI4LV90bHdCQg==&google_gid=CAESEBrcyqIPs0GEnckQuxZS9m0&google_cver=1&google_push=AYg5qPJ0kZlRlDtEU8Y32rTobxAbjYGiZn0zvtcCR1jU1Q-VunFvkECaUDOYSFJoSeOuVP1387q0aEL3bVcFrXDy8ryMEzFP3rQG

Requested by

Host: 2ee9f9c2d9910c8713dfd6416585c71c.safeframe.googlesyndication.com
URL: https://2ee9f9c2d9910c8713dfd6416585c71c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 28 Jan 2022 13:46:27 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Fri, 28 Jan 2022 13:46:27 GMT
via: 1.1 varnish
server: Varnish
x-timer: S1643377588.753350,VS0,VE0
x-served-by: cache-hhn4034-HHN
x-cache: HIT
location: https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=WWZQenN3QUI4LV90bHdCQg==&google_gid=CAESEBrcyqIPs0GEnckQuxZS9m0&google_cver=1&google_push=AYg5qPJ0kZlRlDtEU8Y32rTobxAbjYGiZn0zvtcCR1jU1Q-VunFvkECaUDOYSFJoSeOuVP1387q0aEL3bVcFrXDy8ryMEzFP3rQG
cache-control: no-cache
accept-ranges: bytes
content-length: 0
retry-after: 0
x-cache-hits: 0

GET
H2 200 google
match.adsrvr.org/track/cmf/ Frame 5E80 70 B
265 B 104ms
33ms Image
image/gif 3.33.220.150
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.adsrvr.org/track/cmf/google?google_gid=CAESELIvGAmdWAgc6DzS9jmKUHc&google_cver=1&google_push=AYg5qPKzdJweX167W0yYe8G5NXFqGmaCfJ21ubMWbHtyVnF5fi2TC-6KM1z6aYv-Y64rJ5BGWh3QOrerGPqIhlQND0klfoJnXNXOiQ
Requested by: Host: 2ee9f9c2d9910c8713dfd6416585c71c.safeframe.googlesyndication.com
URL: https://2ee9f9c2d9910c8713dfd6416585c71c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.33.220.150 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a12b7a488abeaa9e4.awsglobalaccelerator.com
Software: /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 28 Jan 2022 13:46:27 GMT
cache-control: private,no-cache, must-revalidate
x-aspnet-version: 4.0.30319
content-type: image/gif
content-length: 70
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 5E80
Redirect Chain

https://x.bidswitch.net/sync?ssp=google&google_gid=CAESEJv18qaNJdsIfIVp6ZDG2rE&google_cver=1&google_push=AYg5qPJ-UYDr6dn9xkAfYYweAbVci-wb_o5uJlf36nTFew7KIP_hxykhaUy7UweReoiZG2-_Oqqkgk7BhD5L940VBYAm...
https://x.bidswitch.net/ul_cb/sync?ssp=google&google_gid=CAESEJv18qaNJdsIfIVp6ZDG2rE&google_cver=1&google_push=AYg5qPJ-UYDr6dn9xkAfYYweAbVci-wb_o5uJlf36nTFew7KIP_hxykhaUy7UweReoiZG2-_Oqqkgk7BhD5L94...
https://a.sportradarserving.com/sync?ssp=bidswitch&bidswitch_ssp_id=google
https://a.sportradarserving.com/ul_cb/sync?ssp=bidswitch&bidswitch_ssp_id=google
https://x.bidswitch.net/sync?dsp_id=409&expires=14&user_group=1&user_id=5379e338-2375-4fcd-a4f0-85b485aea059&ssp=google
https://cm.g.doubleclick.net/pixel?google_nid=bdsw&google_push=AYg5qPJ-UYDr6dn9xkAfYYweAbVci-wb_o5uJlf36nTFew7KIP_hxykhaUy7UweReoiZG2-_Oqqkgk7BhD5L940VBYAmyf00-ZOrNw&google_hm=vnw8cRdMQ9udIoxoOCCBiA==

170 B
188 B

50ms
50ms

Image
image/png

142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=bdsw&google_push=AYg5qPJ-UYDr6dn9xkAfYYweAbVci-wb_o5uJlf36nTFew7KIP_hxykhaUy7UweReoiZG2-_Oqqkgk7BhD5L940VBYAmyf00-ZOrNw&google_hm=vnw8cRdMQ9udIoxoOCCBiA==

Requested by

Host: 2ee9f9c2d9910c8713dfd6416585c71c.safeframe.googlesyndication.com
URL: https://2ee9f9c2d9910c8713dfd6416585c71c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 28 Jan 2022 13:46:28 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: //cm.g.doubleclick.net/pixel?google_nid=bdsw&google_push=AYg5qPJ-UYDr6dn9xkAfYYweAbVci-wb_o5uJlf36nTFew7KIP_hxykhaUy7UweReoiZG2-_Oqqkgk7BhD5L940VBYAmyf00-ZOrNw&google_hm=vnw8cRdMQ9udIoxoOCCBiA==
Date: Fri, 28 Jan 2022 13:46:28 GMT
Cache-Control: no-cache, no-store, must-revalidate
Connection: keep-alive
Content-Length: 0

GET
H3 200 dds
rtb.openx.net/sync/ Frame 5E80 43 B
64 B 39ms
22ms Image
image/gif 35.227.252.103
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb.openx.net/sync/dds?google_gid=CAESEFfrAWLCmZVq71UYEakNcRM&google_cver=1&google_push=AYg5qPJKzZYWDmW5aw_PLlEdIQ2n_ys5pcKgV0QKXnhNtP0ZBe8RoNKSmNTDYviZax0Nh_hCwCt1bJjVTTkO68CaZrsaW9ekB910lg
Requested by: Host: 2ee9f9c2d9910c8713dfd6416585c71c.safeframe.googlesyndication.com
URL: https://2ee9f9c2d9910c8713dfd6416585c71c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 35.227.252.103 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 103.252.227.35.bc.googleusercontent.com
Software: Cowboy /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 28 Jan 2022 13:46:27 GMT
via: 1.1 google
server: Cowboy
vary: Origin
p3p: CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin: null
access-control-expose-headers
cache-control: private, max-age=0, no-cache, must-revalidate
access-control-allow-credentials: true
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
x-request-id: 4gcs0ef5ggriit2r407tv7iuvbd7nuco

GET

pixel
cm.g.doubleclick.net/ Frame 5E80
Redirect Chain

https://onetag-sys.com/sync/i,19/?google_gid=CAESEFKpxiVXAdVIlfXjALjW5z8&google_cver=1&google_push=AYg5qPIJUp2q38rwfS9pHxu18qJI_pOv2gVPC3t6cU5kmDeYfqHnOebM0_OHKXSzbjsYkvr9eKnECeJPAXQNVeuVhAITEONigTmz
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_push=AYg5qPIJUp2q38rwfS9pHxu18qJI_pOv2gVPC3t6cU5kmDeYfqHnOebM0_OHKXSzbjsYkvr9eKnECeJPAXQNVeuVhAITEONigTmz
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_push=AYg5qPIJUp2q38rwfS9pHxu18qJI_pOv2gVPC3t6cU5kmDeYfqHnOebM0_OHKXSzbjsYkvr9eKnECeJPAXQNVeuVhAITEONigTmz
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_push=AYg5qPIJUp2q38rwfS9pHxu18qJI_pOv2gVPC3t6cU5kmDeYfqHnOebM0_OHKXSzbjsYkvr9eKnECeJPAXQNVeuVhAITEONigTmz
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_push=AYg5qPIJUp2q38rwfS9pHxu18qJI_pOv2gVPC3t6cU5kmDeYfqHnOebM0_OHKXSzbjsYkvr9eKnECeJPAXQNVeuVhAITEONigTmz
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_push=AYg5qPIJUp2q38rwfS9pHxu18qJI_pOv2gVPC3t6cU5kmDeYfqHnOebM0_OHKXSzbjsYkvr9eKnECeJPAXQNVeuVhAITEONigTmz
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_push=AYg5qPIJUp2q38rwfS9pHxu18qJI_pOv2gVPC3t6cU5kmDeYfqHnOebM0_OHKXSzbjsYkvr9eKnECeJPAXQNVeuVhAITEONigTmz
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_push=AYg5qPIJUp2q38rwfS9pHxu18qJI_pOv2gVPC3t6cU5kmDeYfqHnOebM0_OHKXSzbjsYkvr9eKnECeJPAXQNVeuVhAITEONigTmz
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_push=AYg5qPIJUp2q38rwfS9pHxu18qJI_pOv2gVPC3t6cU5kmDeYfqHnOebM0_OHKXSzbjsYkvr9eKnECeJPAXQNVeuVhAITEONigTmz
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_push=AYg5qPIJUp2q38rwfS9pHxu18qJI_pOv2gVPC3t6cU5kmDeYfqHnOebM0_OHKXSzbjsYkvr9eKnECeJPAXQNVeuVhAITEONigTmz
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_push=AYg5qPIJUp2q38rwfS9pHxu18qJI_pOv2gVPC3t6cU5kmDeYfqHnOebM0_OHKXSzbjsYkvr9eKnECeJPAXQNVeuVhAITEONigTmz
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_push=AYg5qPIJUp2q38rwfS9pHxu18qJI_pOv2gVPC3t6cU5kmDeYfqHnOebM0_OHKXSzbjsYkvr9eKnECeJPAXQNVeuVhAITEONigTmz
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_push=AYg5qPIJUp2q38rwfS9pHxu18qJI_pOv2gVPC3t6cU5kmDeYfqHnOebM0_OHKXSzbjsYkvr9eKnECeJPAXQNVeuVhAITEONigTmz
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_push=AYg5qPIJUp2q38rwfS9pHxu18qJI_pOv2gVPC3t6cU5kmDeYfqHnOebM0_OHKXSzbjsYkvr9eKnECeJPAXQNVeuVhAITEONigTmz
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_push=AYg5qPIJUp2q38rwfS9pHxu18qJI_pOv2gVPC3t6cU5kmDeYfqHnOebM0_OHKXSzbjsYkvr9eKnECeJPAXQNVeuVhAITEONigTmz
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_push=AYg5qPIJUp2q38rwfS9pHxu18qJI_pOv2gVPC3t6cU5kmDeYfqHnOebM0_OHKXSzbjsYkvr9eKnECeJPAXQNVeuVhAITEONigTmz
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_push=AYg5qPIJUp2q38rwfS9pHxu18qJI_pOv2gVPC3t6cU5kmDeYfqHnOebM0_OHKXSzbjsYkvr9eKnECeJPAXQNVeuVhAITEONigTmz
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_push=AYg5qPIJUp2q38rwfS9pHxu18qJI_pOv2gVPC3t6cU5kmDeYfqHnOebM0_OHKXSzbjsYkvr9eKnECeJPAXQNVeuVhAITEONigTmz
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_push=AYg5qPIJUp2q38rwfS9pHxu18qJI_pOv2gVPC3t6cU5kmDeYfqHnOebM0_OHKXSzbjsYkvr9eKnECeJPAXQNVeuVhAITEONigTmz
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_push=AYg5qPIJUp2q38rwfS9pHxu18qJI_pOv2gVPC3t6cU5kmDeYfqHnOebM0_OHKXSzbjsYkvr9eKnECeJPAXQNVeuVhAITEONigTmz
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_push=AYg5qPIJUp2q38rwfS9pHxu18qJI_pOv2gVPC3t6cU5kmDeYfqHnOebM0_OHKXSzbjsYkvr9eKnECeJPAXQNVeuVhAITEONigTmz

0
0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 5E80
Redirect Chain

https://cs.media.net/cksync?type=g&google_gid=CAESEIkMIXsc4rkrr-RIMTj7P3Q&google_cver=1&google_push=AYg5qPJUnZD1lO0vor4tfTnjN9zE2s9LbmrG9gcZ8qP97znbmb2lJw8Cmr86tC3YKkRIHQExsMqKE8vR6EJAiWOrcYDvnWBC3...
https://cm.g.doubleclick.net/pixel?google_nid=media&google_hm=Mjg2Mzc5MTg3ODM5NzMzODAwMFYxMA%3d%3d&mn_hm=Mjg2Mzc5MTg3ODM5NzMzODAwMFYxMA%3d%3d&google_sc=1&google_push=AYg5qPJUnZD1lO0vor4tfTnjN9zE2s9...

170 B
188 B

50ms
50ms

Image
image/png

142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=media&google_hm=Mjg2Mzc5MTg3ODM5NzMzODAwMFYxMA%3d%3d&mn_hm=Mjg2Mzc5MTg3ODM5NzMzODAwMFYxMA%3d%3d&google_sc=1&google_push=AYg5qPJUnZD1lO0vor4tfTnjN9zE2s9LbmrG9gcZ8qP97znbmb2lJw8Cmr86tC3YKkRIHQExsMqKE8vR6EJAiWOrcYDvnWBC3RWBSw&gdpr=&gdpr_consent=

Requested by

Host: 2ee9f9c2d9910c8713dfd6416585c71c.safeframe.googlesyndication.com
URL: https://2ee9f9c2d9910c8713dfd6416585c71c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 28 Jan 2022 13:46:27 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Fri, 28 Jan 2022 13:46:27 GMT
Server: Apache
P3P: CP="NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA", CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA, CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA
Location: https://cm.g.doubleclick.net/pixel?google_nid=media&google_hm=Mjg2Mzc5MTg3ODM5NzMzODAwMFYxMA%3d%3d&mn_hm=Mjg2Mzc5MTg3ODM5NzMzODAwMFYxMA%3d%3d&google_sc=1&google_push=AYg5qPJUnZD1lO0vor4tfTnjN9zE2s9LbmrG9gcZ8qP97znbmb2lJw8Cmr86tC3YKkRIHQExsMqKE8vR6EJAiWOrcYDvnWBC3RWBSw&gdpr=&gdpr_consent=
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: text/html
Content-Length: 154
X-MNET-HL2: E
Expires: Fri, 28 Jan 2022 13:46:27 GMT

GET
H3 200 dot.gif
s0.2mdn.net/ Frame 5E80 43 B
65 B 96ms
48ms Image
image/gif 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/dot.gif?google_gid=CAESEBDmuWBmkRQjpHqmt3BezfU&google_cver=1&google_push=AYg5qPJzQF3GtneKXfwncPB5t9D08QHJ1ZvLOspQmb0i7N6_T7uMlZkh9MFjYrpicqBg-XSEeaK_LAEf6ycEA7kThmS3GYfTcdFt_JI

Requested by

Host: 2ee9f9c2d9910c8713dfd6416585c71c.safeframe.googlesyndication.com
URL: https://2ee9f9c2d9910c8713dfd6416585c71c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Fri, 28 Jan 2022 13:46:27 GMT
x-content-type-options: nosniff
last-modified: Sun, 01 Feb 2009 08:00:00 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/gif
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 43
x-xss-protection: 0
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 29 Jan 2022 13:46:27 GMT

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame 5E80 0
12 B 48ms
47ms Image
text/html 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13LmHNvg3KJFxhGnvsrnxamNO1Qt4-ica341wN9clkTDPOBmX0uRcTJUpVPT6mOv7a6LCUinIg

Requested by

Host: 2ee9f9c2d9910c8713dfd6416585c71c.safeframe.googlesyndication.com
URL: https://2ee9f9c2d9910c8713dfd6416585c71c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Fri, 28 Jan 2022 13:46:27 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H2 200 2c9f986e79f717e00179faee51ba007e Show response
tags-b.performoo.com/player/lnf/ 378 B
690 B 309ms
102ms Fetch
application/json 185.93.1.242
CDN77 ^_^

General

Check archive.org

Show headers Download Go to

Full URL: https://tags-b.performoo.com/player/lnf/2c9f986e79f717e00179faee51ba007e
Requested by: Host: browser.sentry-cdn.com
URL: https://browser.sentry-cdn.com/6.13.3/bundle.tracing.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 185.93.1.242 , United States, ASN60068 (CDN77 ^_^, GB),
Reverse DNS: edge-463.bunnyinfra.net
Software: Performoo-IL1-463 /
Resource Hash: 4b3e2390ddbb0eabe430c605ea3360b518670b18bc07131eb59895bd901aaa0a

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www.tranquilforrestt3.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Fri, 28 Jan 2022 13:46:28 GMT
content-encoding: gzip
cdn-edgestorageid: 463
access-control-allow-origin: *
cdn-cachedat: 01/28/2022 13:45:00
cdn-pullzone: 285781
server: Performoo-IL1-463
cdn-proxyver: 1.02
cdn-requestpullcode: 200
vary: Accept-Encoding
content-type: application/json
cdn-cache: HIT
cdn-uid: aa892386-1221-42f5-b6f5-50fb97e14687
cache-control: public, max-age=180
cdn-requestid: 3611600a792cc1a90cf642500dbd4190
cdn-requestcountrycode: DE
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ Frame EF04 81 KB
32 KB 140ms
49ms Script
application/javascript 2a00:1450:4001:831::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-TBMT2SF

Requested by

Host: adv.office-partner.de
URL: https://adv.office-partner.de/?utm_source=webgains&utm_campaign=webgains

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

c2f71c515be633afa92f4cb0bb3edf13379b3a5c56fd0fc4d9afe0e2bfdb511e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://adv.office-partner.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Fri, 28 Jan 2022 13:46:27 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 32091
x-xss-protection: 0
last-modified: Fri, 28 Jan 2022 12:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Fri, 28 Jan 2022 13:46:27 GMT

GET
H3 200 activeview
pagead2.googlesyndication.com/pcs/ Frame F12A 42 B
64 B 72ms
72ms Image
image/gif 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsuRZkCENTEZEuLLCQvMZrwYMVnZpeez51o6b1dtmAZw9aM5GvtvpXNSAdRDh2OD1eYB7eNR8iA6Odff-X8hIjlxqEVksCHwjhoBLtTz6VRlLq7hNFB2mg&sai=AMfl-YQS1GMhJ_UxNDPomnrZlqjjMEeYoxNxIqVW3x-m5wKbcfOsrzxAJqMa3rqavuOLmuwZyCzetXrxyeNaRRxAsyUWp5gCuST7TwsRENsRptbZxZ3PVnka8ukkX2nOjXJZ&sig=Cg0ArKJSzKjeBOfYNvJWEAE&id=ampim&o=299,114&d=1003,250&ss=1600,1200&bs=1600,1200&mcvt=1000&mtos=0,0,0,1000,1000&tos=0,0,0,1000,0&tfs=457&tls=1457&g=100&h=100&tt=1457&r=v&avms=ampa&uap=&uapv=&uaa=&uam=&uafv=&uab=&adk=3227910684

Requested by

Host: www.tranquilforrestt3.xyz
URL: http://www.tranquilforrestt3.xyz/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www.tranquilforrestt3.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 28 Jan 2022 13:46:27 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK viewability Show response
hal90003.redintelligence.net/ Frame 94BC 0
150 B 37ms
13ms Script
text/html 138.201.63.117
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal90003.redintelligence.net/viewability?s=62201000133746800710616011853003&a=84b2711e&vb=m
Requested by: Host: hal90003.redintelligence.net
URL: https://hal90003.redintelligence.net/request_content.php?s=62201000133746800710616011853003&a=db988fd1
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.63.117 Neulussheim, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.117.63.201.138.clients.your-server.de
Software: Apache /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hal90003.redintelligence.net/request_content.php?s=62201000133746800710616011853003&a=db988fd1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Fri, 28 Jan 2022 13:46:27 GMT
Server: Apache
Connection: close
Content-Length: 0
Content-Type: text/html; charset=UTF-8

GET
H3 200 6xKydSBYKcSV-LCoeQqfX1RYOo3i54rwlxdu.woff2
fonts.gstatic.com/s/sourcesanspro/v18/ Frame 94BC 13 KB
13 KB 43ms
42ms Font
font/woff2 2a00:1450:4001:80e::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/sourcesanspro/v18/6xKydSBYKcSV-LCoeQqfX1RYOo3i54rwlxdu.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Source+Sans+Pro:400,600

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

72dbd696f7961daf9049faacc868865d959f3d126f40d5271f48d5d9a0ccc652

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://hal90003.redintelligence.net
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 25 Jan 2022 20:17:49 GMT
x-content-type-options: nosniff
age: 235718
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13072
x-xss-protection: 0
last-modified: Wed, 10 Nov 2021 18:17:36 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Wed, 25 Jan 2023 20:17:49 GMT

GET
H3 200 6xK3dSBYKcSV-LCoeQqfX1RYOo3qOK7l.woff2
fonts.gstatic.com/s/sourcesanspro/v18/ Frame 94BC 13 KB
13 KB 40ms
40ms Font
font/woff2 2a00:1450:4001:80e::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/sourcesanspro/v18/6xK3dSBYKcSV-LCoeQqfX1RYOo3qOK7l.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Source+Sans+Pro:400,600

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

428f1eb7935944229430ac0fdce0033f05d9b8c1c020b87c681dd7a78ab4dd19

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://hal90003.redintelligence.net
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 26 Jan 2022 11:22:37 GMT
x-content-type-options: nosniff
age: 181430
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13080
x-xss-protection: 0
last-modified: Wed, 10 Nov 2021 18:10:26 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Thu, 26 Jan 2023 11:22:37 GMT

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 2074 0
0 76ms
76ms Fetch
image/gif 142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsuU0lJner1W5YARfKR8bA8T_u5EdtnLbb9XNN4UvaYpQ98GqTzxpC_lEJnoW10SOIMdBXas1TdqXIvye3ZU8chlen-MiFOAMOucyYG2vH6QAikc-WtPWvuxC7lIxBNK3QxdG137vLzeRZhsdUe16FoaP4e68Lek0ZopLDrgjhhrMiVUTXvHhec1OHEeIGmlVd8mQHBkcErA_sP2m6qPSFdWeQ1jI6KKCVp4iK1YJRt7uPvuuGe6mkikhKugTdV9MwGi8-ee5fGRAdo8cnTK17YZlNdNcwfr8eXBs1OiKwrkD627kDHloLF75oIiKInV5vuk5uqFa90DbwPO9Aexf_tPnM-Fo49GmPYjdlv7bN1_qRq_ko99ZNZvSc2AJpnF-ZkY1mBnOl3aCeRMLn7s6gQ&sig=Cg0ArKJSzAAbtzNK4lngEAE&uach_m=[UACH]&adurl=

Requested by

Host: www.tranquilforrestt3.xyz
URL: http://www.tranquilforrestt3.xyz/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www.tranquilforrestt3.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 28 Jan 2022 13:46:27 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H3 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220126/r20110914/client/ Frame 2074 2 KB
1 KB 40ms
39ms Script
text/javascript 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220126/r20110914/client/window_focus_fy2019.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022012702.js?31064603

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

144822a1b5316a4e9a06ffbf5802b8c1cbbc0a3f230d81b98f362f7fe4c128c8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www.tranquilforrestt3.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Fri, 28 Jan 2022 13:37:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 531
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1205
x-xss-protection: 0
server: cafe
etag: 18074202747124231361
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 11 Feb 2022 13:37:36 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 2074 123 KB
37 KB 57ms
57ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022012702.js?31064603

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

84bf5ffcfd8b3a1240721c90836f1167532b716566165a51ca920c9e657a75d4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www.tranquilforrestt3.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Fri, 28 Jan 2022 13:46:27 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 38288
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1643200382015849"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Fri, 28 Jan 2022 13:46:27 GMT

GET
H/1.1 204
No Content l
www.google.com/ads/measurement/ Frame 2074 0
0 49ms
49ms Image
text/html 2a00:1450:4001:812::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://www.google.com/ads/measurement/l?ebcid=ALh7CaQFHx1CvjQIBI1htMiSnu6PvBbILLSG-zveE7n6ciEy9EwNl8vj-u62WNRIo02FtlEWR0-imF_kWxY6T1hOFbt7zk0yGg
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022012702.js?31064603
Protocol: HTTP/1.1
Server: 2a00:1450:4001:812::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www.tranquilforrestt3.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

GET
H3 200 3566283345727926936
tpc.googlesyndication.com/simgad/ Frame 2074 25 KB
25 KB 43ms
42ms Image
image/png 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/3566283345727926936

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022012702.js?31064603

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

264ed2508a59e774d4a456af8c60aaf16fc3e4f311d9398a127e34c884813801

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www.tranquilforrestt3.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Sun, 23 Jan 2022 02:26:55 GMT
x-content-type-options: nosniff
age: 472772
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 25713
x-xss-protection: 0
last-modified: Fri, 17 Jul 2020 12:53:35 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Mon, 23 Jan 2023 02:26:55 GMT

GET
H/1.1 200
OK pwt.js Show response
ads.pubmatic.com/AdServer/js/pwt/113941/3204/ 568 KB
120 KB 26ms
9ms Script
text/javascript 2.18.233.180
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: http://ads.pubmatic.com/AdServer/js/pwt/113941/3204/pwt.js
Requested by: Host: www.tranquilforrestt3.xyz
URL: http://www.tranquilforrestt3.xyz/
Protocol: HTTP/1.1
Server: 2.18.233.180 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-233-180.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: b8eb699fbd9b89223ce438b9f36f552b92e71472868d8eca5d04b4b0f4926d18

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www.tranquilforrestt3.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Fri, 28 Jan 2022 13:46:27 GMT
Content-Encoding: gzip
Last-Modified: Mon, 09 Aug 2021 12:04:17 GMT
Server: Apache/2.2.15 (CentOS)
ETag: "10a169f-8dfa3-5c91f2f456f07"
Vary: Accept-Encoding
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Cache-Control: public, max-age=90642
Connection: keep-alive
Accept-Ranges: bytes
Content-Type: text/javascript
Content-Length: 122558
Expires: Sat, 29 Jan 2022 14:57:09 GMT

GET
H3

200

gpt.js Show response
securepubads.g.doubleclick.net/tag/js/
Redirect Chain

http://securepubads.g.doubleclick.net/tag/js/gpt.js
https://securepubads.g.doubleclick.net/tag/js/gpt.js

79 KB
27 KB

56ms
56ms

Script
text/javascript

142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: www.tranquilforrestt3.xyz
URL: http://www.tranquilforrestt3.xyz/

Protocol

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

148030f212eb7a6d8f6c498beeb77a366ce8c9a3254111476c8923ddf40c55cd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www.tranquilforrestt3.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Fri, 28 Jan 2022 13:46:28 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 27134
x-xss-protection: 0
server: sffe
etag: "1115 / 515 of 1000 / last-modified: 1643371812"
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Fri, 28 Jan 2022 13:46:28 GMT

Redirect headers

Date: Fri, 28 Jan 2022 13:19:44 GMT
X-Content-Type-Options: nosniff
Server: sffe
Age: 1604
Content-Type: text/html; charset=UTF-8
Location: https://securepubads.g.doubleclick.net/tag/js/gpt.js
Cache-Control: public, max-age=1800
Cross-Origin-Resource-Policy: cross-origin
Content-Length: 249
X-XSS-Protection: 0
Expires: Fri, 28 Jan 2022 13:49:44 GMT

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 2074 0
0 71ms
71ms Fetch
image/gif 142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsvSwUsDo-TWT5FMpbzvC2IHEZNwbe9E6RFThsSXOPjf1wJuX2BpwP0I61DIqpHf1kmCLQOtiWZVY8_0fRB_VIaJxE5OUjGr5Oq1sCibP4VNCHl33qg6neHA50cDp_1YSVqAXdzMXAbWnog3tHeaigZDzu450dTW8_fqgSGWNxYNCrodmAtrjtBBlprGmP3WnFnjy3-uBF-Hn0ozFAK1AgECAV9xWMiv5jCEnp4soha__JVbPvsoOdicO33oLnmT1tM1nGV_NpHTVlDNpoSaRdAHMgb3IYypFjo6SrkJJe-Z9mVKUvVU_b-9D52V9l5UWu3llt42gYD9zzcc9MGj5x42XrNWQlB8WSrVZYZoWL52FecMffrZL4oaVfbKxq_s3sZdTDBcsbc__lo4vHeDg5RjcA&sig=Cg0ArKJSzLzYZJnF1oB2EAE&uach_m=[UACH]&adurl=

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

249.195.120.34.bc.googleusercontent.com

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www.tranquilforrestt3.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 28 Jan 2022 13:46:28 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe
expires: Fri, 28 Jan 2022 13:46:28 GMT

GET
DATA 200
OK truncated
/ Frame 2074 210 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 19e79cca6bedd8e9cd713ca02c399d1a9b2e14cecdbefe0929f5bfefa35ab11b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www.tranquilforrestt3.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 dc_pre=CKCL6crK1PUCFZjRUQodftkObw;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=2558020600155.462
adservice.google.com/ddm/fls/z/ Frame 0210 42 B
64 B 76ms
76ms Image
image/gif 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://adservice.google.com/ddm/fls/z/dc_pre=CKCL6crK1PUCFZjRUQodftkObw;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=2558020600155.462

Requested by

Host: 5994599.fls.doubleclick.net
URL: https://5994599.fls.doubleclick.net/activityi;dc_pre=CKCL6crK1PUCFZjRUQodftkObw;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=2558020600155.462?

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://5994599.fls.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
date: Fri, 28 Jan 2022 13:46:28 GMT
content-type: image/gif
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 pvClk.min.js Show response
analytics.webgains.io/ Frame B576 51 KB
51 KB 67ms
9ms Script
application/javascript 18.66.97.25
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.webgains.io/pvClk.min.js
Requested by: Host: track.webgains.com
URL: https://track.webgains.com/link.html?wglinkid=2513145&wgcampaignid=99582&js=1&viewref=62201000133746800710616011853003&nw=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.97.25 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-97-25.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: c6ce2b47cde7cf913a3c34ddce355fa9c75012577dd34c35928add8676cb7fa0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://2ee9f9c2d9910c8713dfd6416585c71c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

x-amz-version-id: wvDglZsFnxZ0eZ1mUErJkFMo1VNidWYJ
via: 1.1 9015971351bc982a04ee209a022bb1f8.cloudfront.net (CloudFront)
last-modified: Tue, 09 Nov 2021 11:05:10 GMT
server: AmazonS3
age: 37582
etag: "ec0ced40cbb5211db06b8a36f209e442"
x-cache: Hit from cloudfront
content-type: application/javascript
date: Fri, 28 Jan 2022 03:20:07 GMT
x-amz-cf-pop: FRA56-P2
accept-ranges: bytes
content-length: 51794
x-amz-cf-id: RE8ZGZcHtEvVT-5-4MTR2m-Gc6wVll-Ab6pdjHjGYwaC2gj9kgvaZw==

GET
H/1.1 200
OK link.html
track.webgains.com/ Frame B576 3 KB
3 KB 80ms
30ms Image
image/png 46.236.13.147
PULSANT-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://track.webgains.com/link.html?wgcampaignid=99582&viewref=36765500162825900951389011853028&wglinkid=2513145
Requested by: Host: 2ee9f9c2d9910c8713dfd6416585c71c.safeframe.googlesyndication.com
URL: https://2ee9f9c2d9910c8713dfd6416585c71c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_CBC
Server: 46.236.13.147 , United Kingdom, ASN12703 (PULSANT-AS, GB),
Reverse DNS: 46-236-13-147.servers.dedipower.net
Software: Apache /
Resource Hash: 232d3fbf590a584138bb563319747dbef0c9e41db91f19ff45d41e785a5f4f98

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://2ee9f9c2d9910c8713dfd6416585c71c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 28 Jan 2022 13:46:28 GMT
Last-Modified: Fri, 28 Jan 2022 13:46:28 GMT
Server: Apache
P3P: policyref="http://www.webgains.com/w3c/p3p.xml", CP="NON DSP COR NID ADM DEV CURi OUR NOR COM NAV"
X-WG-cache: hit
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: close
Content-Type: image/png
Content-Length: 2808
Expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame C69C 42 B
64 B 120ms
73ms Fetch
image/gif 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjst99280RYRsu6P8mEZMRwKtiSq2HrqeT3BC0hRzqKsdvf_epTZmVbq2ChN3I-qNFd_oxSguaQi_EKehna9G19OjcLOY2I7I8mFUMydKxoTSbakrjSKa&sig=Cg0ArKJSzIEin3l3ejRaEAE&id=lidar2&mcvt=1000&p=721,980,722,981&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20220126&bin=7&avms=nio&bs=1600,1200&mc=1&app=0&itpl=19&adk=1724937709&rs=4&la=0&cr=0&vs=4&r=v&rst=1643377586347&rpt=681&isd=0&lsd=0&met=ce&wmsd=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www.tranquilforrestt3.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 28 Jan 2022 13:46:28 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 206 3a1662ddb1303c58bac390aa8db9cb64.mp4
yaas-b-s.performoo.com/ 1 KB
2 KB 147ms
147ms Media
video/mp4 185.93.1.244
CDN77 ^_^

General

Check archive.org

Show headers Download Go to

Full URL: https://yaas-b-s.performoo.com/3a1662ddb1303c58bac390aa8db9cb64.mp4
Requested by: Host: www.tranquilforrestt3.xyz
URL: http://www.tranquilforrestt3.xyz/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 185.93.1.244 , United States, ASN60068 (CDN77 ^_^, GB),
Reverse DNS: unn-185-93-1-244.datapacket.com
Software: Performoo-IL1-845 /
Resource Hash: 60ddc774c7b5fd0c01d169321a444da403d60c0042f6bee01b0c96f6e1535fda

Request headers

Referer: http://www.tranquilforrestt3.xyz/
Accept-Encoding: identity;q=1, *;q=0
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Range: bytes=0-

Response headers

date: Fri, 28 Jan 2022 13:46:28 GMT
cdn-edgestorageid: 617
x-amz-request-id: 2C8SBMD1WFG4MEAS
Content-Range: bytes 0-1492/1493
cdn-cachedat: 01/19/2022 06:03:52
cdn-pullzone: 633974
Content-Length: 1493
x-amz-id-2: RPWYBkPYxshYY51/yKJ2uEDufHySAygwcq9YI66566pZmAYOrINXXM3N+Sqsa9VwcIdKdTyxv14=
server: Performoo-IL1-845
last-modified: Wed, 19 Jan 2022 12:01:56 GMT
cdn-proxyver: 1.02
cdn-requestpullcode: 206
content-type: video/mp4
cdn-cache: HIT
cdn-uid: aa892386-1221-42f5-b6f5-50fb97e14687
cache-control: public, max-age=3600
cdn-requestid: 84893047aee7a84b2966fd8773458474
cdn-requestcountrycode: DE
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 206 3a1662ddb1303c58bac390aa8db9cb64.mp4
yaas-b-s.performoo.com/ 1 KB
2 KB 145ms
145ms Media
video/mp4 185.93.1.244
CDN77 ^_^

General

Check archive.org

Show headers Download Go to

Full URL: https://yaas-b-s.performoo.com/3a1662ddb1303c58bac390aa8db9cb64.mp4
Requested by: Host: www.tranquilforrestt3.xyz
URL: http://www.tranquilforrestt3.xyz/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 185.93.1.244 , United States, ASN60068 (CDN77 ^_^, GB),
Reverse DNS: unn-185-93-1-244.datapacket.com
Software: Performoo-IL1-845 /
Resource Hash: 60ddc774c7b5fd0c01d169321a444da403d60c0042f6bee01b0c96f6e1535fda

Request headers

Referer: http://www.tranquilforrestt3.xyz/
Accept-Encoding: identity;q=1, *;q=0
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Range: bytes=0-

Response headers

date: Fri, 28 Jan 2022 13:46:28 GMT
cdn-edgestorageid: 617
x-amz-request-id: 2C8SBMD1WFG4MEAS
Content-Range: bytes 0-1492/1493
cdn-cachedat: 01/19/2022 06:03:52
cdn-pullzone: 633974
Content-Length: 1493
x-amz-id-2: RPWYBkPYxshYY51/yKJ2uEDufHySAygwcq9YI66566pZmAYOrINXXM3N+Sqsa9VwcIdKdTyxv14=
server: Performoo-IL1-845
last-modified: Wed, 19 Jan 2022 12:01:56 GMT
cdn-proxyver: 1.02
cdn-requestpullcode: 206
content-type: video/mp4
cdn-cache: HIT
cdn-uid: aa892386-1221-42f5-b6f5-50fb97e14687
cache-control: public, max-age=3600
cdn-requestid: b9a1b7ed33f8196bb030325ca2b5eb58
cdn-requestcountrycode: DE
cdn-status: 200
cdn-requestpullsuccess: True

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame D234 42 B
64 B 112ms
112ms Fetch
image/gif 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsvZzeTvhfttwHRyrCQhJogDdN-jNXOXGHi90qjy_UHWtmtigIBfEM-ayDOqMm2hc7_leV1umBlF55n18Vr9SdsSFdZODQBhqpfbXPdhgdYJ5TzD4d__ew&sai=AMfl-YRBLn7D-9qLvfxnr5-eqK4BmQOF6Bxyz-AL3RJteEvFZvt_rTGG0XZ8d8d4GhwpR8jXN2euR8L5VjEbUplqumr_MMnpcJeyb3lEdhehZJgeo0bwq9dG8yG0xDkx&sig=Cg0ArKJSzPfA_lG2XuGtEAE&cid=CAASEuRotvEOTGuzHAC2O7lZ2mHNuQ&id=lidar2&mcvt=1001&p=424,980,692,1280&mtos=0,1001,1001,1001,1001&tos=0,1001,0,0,0&v=20220126&bin=7&avms=nio&bs=0,0&mc=0.93&if=1&app=0&itpl=20&adk=117222648&rs=4&la=0&cr=0&vs=4&r=v&rst=1643377586958&rpt=316&isd=0&lsd=0&met=mue&wmsd=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://2ee9f9c2d9910c8713dfd6416585c71c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 28 Jan 2022 13:46:28 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 429 / Show response
o1026552.ingest.sentry.io/api/5992958/envelope/ 45 B
358 B 101ms
37ms Fetch
application/json 34.120.195.249
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://o1026552.ingest.sentry.io/api/5992958/envelope/?sentry_key=e4d2f0e545d045569801c92950641288&sentry_version=7

Requested by

Host: browser.sentry-cdn.com
URL: https://browser.sentry-cdn.com/6.13.3/bundle.tracing.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

34.120.195.249 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

nginx /

Resource Hash

77e29e7c2ef665fb66daa4adbd5a877ad518b9698c165e1a486813acf9ee84f2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: http://www.tranquilforrestt3.xyz/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

date: Fri, 28 Jan 2022 13:46:28 GMT
via: 1.1 google
server: nginx
vary: Origin
content-type: application/json
access-control-allow-origin: http://www.tranquilforrestt3.xyz
access-control-expose-headers: retry-after, x-sentry-rate-limits, x-sentry-error
x-envoy-upstream-service-time: 1
strict-transport-security: max-age=31536000; includeSubDomains; preload
alt-svc: clear
content-length: 45
x-sentry-rate-limits: 10:transaction:organization:transaction_usage_exceeded
retry-after: 10

GET
H2 200 238.js Show response
yaas-b-s.performoo.com/ 8 KB
3 KB 108ms
106ms Script
application/javascript 185.93.1.244
CDN77 ^_^

General

Check archive.org

Show headers Download Go to

Full URL: https://yaas-b-s.performoo.com/238.js
Requested by: Host: yaas-b-s.performoo.com
URL: https://yaas-b-s.performoo.com/main.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 185.93.1.244 , United States, ASN60068 (CDN77 ^_^, GB),
Reverse DNS: unn-185-93-1-244.datapacket.com
Software: Performoo-IL1-845 /
Resource Hash: a3fb9f00c8a277ab656f35e827d42279e7b5c645ed9e6cb25fe6a84ae75103d8

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www.tranquilforrestt3.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Fri, 28 Jan 2022 13:46:28 GMT
content-encoding: gzip
cdn-edgestorageid: 617
x-amz-request-id: 2C8VTDDJ3S40T5FF
cdn-cachedat: 01/19/2022 06:03:52
cdn-pullzone: 633974
x-amz-id-2: vC9BGSdGj7SGFXOTm1NqyiPIIdJ2cFXyYvJkDGLnmg2FID/xbJDFH+3AIhe+6AnTouTGPCe3Oss=
server: Performoo-IL1-845
last-modified: Wed, 19 Jan 2022 12:01:51 GMT
cdn-proxyver: 1.02
cdn-requestpullcode: 200
etag: "c58655749ec63fbead60491ee6bcb3c1"
vary: Accept-Encoding, Accept-Encoding
content-type: application/javascript
cdn-cache: HIT
cdn-uid: aa892386-1221-42f5-b6f5-50fb97e14687
cache-control: public, max-age=3600
cdn-requestid: c21c7f9022fec983a4ceb62e6ce5ca7e
cdn-requestcountrycode: DE
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 yaasIMA.js Show response
yaas-b-s.performoo.com/ 11 KB
4 KB 110ms
109ms Script
application/javascript 185.93.1.244
CDN77 ^_^

General

Check archive.org

Show headers Download Go to

Full URL: https://yaas-b-s.performoo.com/yaasIMA.js
Requested by: Host: yaas-b-s.performoo.com
URL: https://yaas-b-s.performoo.com/main.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 185.93.1.244 , United States, ASN60068 (CDN77 ^_^, GB),
Reverse DNS: unn-185-93-1-244.datapacket.com
Software: Performoo-IL1-845 /
Resource Hash: ec272ea8e3b5122b7efd62a3d534a8f56630134daa6ee119420a3c633ec3fafa

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www.tranquilforrestt3.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Fri, 28 Jan 2022 13:46:28 GMT
content-encoding: gzip
cdn-edgestorageid: 617
x-amz-request-id: 2C8JXGEDGHAFAWDY
cdn-cachedat: 01/19/2022 06:03:52
cdn-pullzone: 633974
x-amz-id-2: k8K4ug+vvhqDL6LVD3ov/jaoXxQVseOpJJT06OOgrmY9dLTAEG83/MnMV6poAc5tO1O/toVfG34=
server: Performoo-IL1-845
last-modified: Wed, 19 Jan 2022 12:01:51 GMT
cdn-proxyver: 1.02
cdn-requestpullcode: 200
etag: "c64fc08f6f72f26836272b97655d19de"
vary: Accept-Encoding, Accept-Encoding
content-type: application/javascript
cdn-cache: HIT
cdn-uid: aa892386-1221-42f5-b6f5-50fb97e14687
cache-control: public, max-age=3600
cdn-requestid: 9ad5be303c9dfbfb5f71fe2b881b69ce
cdn-requestcountrycode: DE
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 yaasYT.js Show response
yaas-b-s.performoo.com/ 7 KB
3 KB 118ms
117ms Script
application/javascript 185.93.1.244
CDN77 ^_^

General

Check archive.org

Show headers Download Go to

Full URL: https://yaas-b-s.performoo.com/yaasYT.js
Requested by: Host: yaas-b-s.performoo.com
URL: https://yaas-b-s.performoo.com/main.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 185.93.1.244 , United States, ASN60068 (CDN77 ^_^, GB),
Reverse DNS: unn-185-93-1-244.datapacket.com
Software: Performoo-IL1-845 /
Resource Hash: f1abdd2fa5508a0a53a7cfa2132e0d05d827c40ce960c8142524c247c164faf6

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www.tranquilforrestt3.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Fri, 28 Jan 2022 13:46:28 GMT
content-encoding: gzip
cdn-edgestorageid: 845
x-amz-request-id: VG5KC5MWQVZSZ15P
cdn-cachedat: 01/20/2022 08:58:47
cdn-pullzone: 633974
x-amz-id-2: RVKhS0BzMCCEruKzEX319D6ZF0GHD3YEvuB5EgXPiXbjRenQTsrQwm4HarxnDbaWWw2ev7GFuAM=
server: Performoo-IL1-845
last-modified: Wed, 19 Jan 2022 12:01:52 GMT
cdn-proxyver: 1.02
cdn-requestpullcode: 200
etag: "6544e7faa0d70b164271221862fcf118"
vary: Accept-Encoding, Accept-Encoding
content-type: application/javascript
cdn-cache: HIT
cdn-uid: aa892386-1221-42f5-b6f5-50fb97e14687
cache-control: public, max-age=3600
cdn-requestid: 0f74e54e7d6e0feda89cc9657e1a26be
cdn-requestcountrycode: DE
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 yaasFilePlayer.js Show response
yaas-b-s.performoo.com/ 10 KB
4 KB 110ms
110ms Script
application/javascript 185.93.1.244
CDN77 ^_^

General

Check archive.org

Show headers Download Go to

Full URL: https://yaas-b-s.performoo.com/yaasFilePlayer.js
Requested by: Host: yaas-b-s.performoo.com
URL: https://yaas-b-s.performoo.com/main.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 185.93.1.244 , United States, ASN60068 (CDN77 ^_^, GB),
Reverse DNS: unn-185-93-1-244.datapacket.com
Software: Performoo-IL1-845 /
Resource Hash: e4a9949ff0fff91abec2a9364e426ccec0d17755e47a25bcf1263a70037cc398

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www.tranquilforrestt3.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Fri, 28 Jan 2022 13:46:28 GMT
content-encoding: gzip
cdn-edgestorageid: 718
x-amz-request-id: 2C8T2668TAK5H3C5
cdn-cachedat: 01/19/2022 06:03:52
cdn-pullzone: 633974
x-amz-id-2: GyPOtCXlwBgVpJWu4IDMxlYy0W7jmKiPE/Wd/fV4pn8/76ukNMXlgWwmcUVUKIqJE6h0Zb4nkok=
server: Performoo-IL1-845
last-modified: Wed, 19 Jan 2022 12:01:51 GMT
cdn-proxyver: 1.02
cdn-requestpullcode: 200
etag: "d004d917b762746b6e82febf3b73f958"
vary: Accept-Encoding, Accept-Encoding
content-type: application/javascript
cdn-cache: HIT
cdn-uid: aa892386-1221-42f5-b6f5-50fb97e14687
cache-control: public, max-age=3600
cdn-requestid: 27786d017edbefb050df8a99d112c19c
cdn-requestcountrycode: DE
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 capture
trac-b.performoo.com/ 26 B
175 B 188ms
188ms Image
image/gif 13.127.45.111
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://trac-b.performoo.com/capture?attempt=1&type=&action=INIT_VAST&ed=jCsxHFDKTlmnRFXDB49wPz6bo2KZ4Qd/g+DXKvd0aGGOhdjhq7kFRcjJaqYcbmj3gsuz7Qgb1aox3P0bxCaDApLghd0kjFHj1xoMV030qDKicis7OkJmt6x+BPK+q1TodOGBBmtIxmyyib3iUuKfmyB+DzM+OwZR3IwHxklc/L1lVKuTWQz6HGhQtsWwHaba&event=adtag&elapsedSeconds=undefined&srcURL=www.tranquilforrestt3.xyz&purl=http%3A%2F%2Fwww.tranquilforrestt3.xyz%2F&cacheBuster=1643377588508&tzName=Etc/Unknown&tzOffset=0
Requested by: Host: www.tranquilforrestt3.xyz
URL: http://www.tranquilforrestt3.xyz/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.127.45.111 Mumbai, India, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-13-127-45-111.ap-south-1.compute.amazonaws.com
Software: /
Resource Hash: 3b7b8a4b411ddf8db9bacc2f3aabf406f8e4c0c087829b336ca331c40adfdff1

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www.tranquilforrestt3.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 28 Jan 2022 13:46:28 GMT
cache-control: no-store
expires: 0
content-encoding: gzip
content-type: image/gif

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame B576 42 B
64 B 75ms
75ms Fetch
image/gif 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjssp6rRz88i8XrQKt6U0hj5Z-6E-WYuGZEyhCQQEifMKSXb55pfgToVa5D6ji3KiQ1z5VXivxowanPvfmkR0l3p9yevG8aPRGtFUlrC0&sai=AMfl-YT_IpVoROugMu0Q6OyO2IAPOrRrWsp88OlLYGCK-PDSx1_Vjj1b5YLYUbZhOwDGX4FevOaE5i7ZVlljWz415AP0m00NUcO7dUp8vaSwUUe1dPY0tNeLSpaJK_tH&sig=Cg0ArKJSzIjXi8amZhSVEAE&cid=CAASEuRoY00iCdPLvO2BEKKVJ0t2gA&id=lidar2&mcvt=1064&p=965,980,1215,1280&mtos=0,1064,1064,1064,1064&tos=0,1064,0,0,0&v=20220126&bin=7&avms=nio&bs=0,0&mc=0.94&if=1&app=0&itpl=20&adk=4016406289&rs=4&la=0&cr=0&vs=4&r=v&rst=1643377587202&rpt=502&isd=0&lsd=0&met=mue&wmsd=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://2ee9f9c2d9910c8713dfd6416585c71c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 28 Jan 2022 13:46:28 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 tracking-event Show response
api.webgains.io/ Frame B576 16 B
232 B 93ms
93ms Fetch
application/json 54.72.0.164
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://api.webgains.io/tracking-event

Requested by

Host: analytics.webgains.io
URL: https://analytics.webgains.io/pvClk.min.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.72.0.164 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-54-72-0-164.eu-west-1.compute.amazonaws.com

Software

nginx / PHP/7.4.25

Resource Hash

c955e57777ec0d73639dca6748560d00aa5eb8e12f13ebb2ed9656add3908f97

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://2ee9f9c2d9910c8713dfd6416585c71c.safeframe.googlesyndication.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Content-Type: application/json

Response headers

date: Fri, 28 Jan 2022 13:46:28 GMT
x-content-type-options: nosniff
server: nginx
x-powered-by: PHP/7.4.25
x-frame-options: SAMEORIGIN
content-type: application/json
access-control-allow-origin: *
cache-control: no-cache, private
x-xss-protection: 1; mode=block

OPTIONS
H2 204 tracking-event
api.webgains.io/ Frame 0
0 122ms
30ms Preflight 54.72.0.164
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://api.webgains.io/tracking-event
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.72.0.164 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-72-0-164.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Origin: https://2ee9f9c2d9910c8713dfd6416585c71c.safeframe.googlesyndication.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

date: Fri, 28 Jan 2022 13:46:28 GMT
server: nginx
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS

GET
H2 200 ima3.js Show response
imasdk.googleapis.com/js/sdkloader/ 360 KB
120 KB 137ms
50ms Script
text/javascript 2a00:1450:4001:801::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://imasdk.googleapis.com/js/sdkloader/ima3.js

Requested by

Host: yaas-b-s.performoo.com
URL: https://yaas-b-s.performoo.com/main.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

86d06f0e5f9de695408914746ded8bc3455d103eeedcc157750273d2d3ab6c0a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www.tranquilforrestt3.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Fri, 28 Jan 2022 13:46:28 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-doubleclick-instream-static"
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 122261
x-xss-protection: 0
expires: Fri, 28 Jan 2022 13:46:28 GMT

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 12 KB
9 KB 60ms
60ms XHR
application/json 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2022012702&st=env

Requested by

Host: browser.sentry-cdn.com
URL: https://browser.sentry-cdn.com/6.13.3/bundle.tracing.min.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

cfb7f6f16da52baf671d96f91a4d1da64ec4e3c4fee4fdd2d97071eeed8dd5c0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www.tranquilforrestt3.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 28 Jan 2022 13:46:28 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9045
x-xss-protection: 0

GET
H2 206 3a1662ddb1303c58bac390aa8db9cb64.mp4
yaas-b-s.performoo.com/ 1 KB
2 KB 118ms
117ms Media
video/mp4 185.93.1.244
CDN77 ^_^

General

Check archive.org

Show headers Download Go to

Full URL: https://yaas-b-s.performoo.com/3a1662ddb1303c58bac390aa8db9cb64.mp4
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 185.93.1.244 , United States, ASN60068 (CDN77 ^_^, GB),
Reverse DNS: unn-185-93-1-244.datapacket.com
Software: Performoo-IL1-845 /
Resource Hash: 60ddc774c7b5fd0c01d169321a444da403d60c0042f6bee01b0c96f6e1535fda

Request headers

Referer: http://www.tranquilforrestt3.xyz/
Accept-Encoding: identity;q=1, *;q=0
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Range: bytes=0-

Response headers

date: Fri, 28 Jan 2022 13:46:28 GMT
cdn-edgestorageid: 617
x-amz-request-id: 2C8SBMD1WFG4MEAS
Content-Range: bytes 0-1492/1493
cdn-cachedat: 01/19/2022 06:03:52
cdn-pullzone: 633974
Content-Length: 1493
x-amz-id-2: RPWYBkPYxshYY51/yKJ2uEDufHySAygwcq9YI66566pZmAYOrINXXM3N+Sqsa9VwcIdKdTyxv14=
server: Performoo-IL1-845
last-modified: Wed, 19 Jan 2022 12:01:56 GMT
cdn-proxyver: 1.02
cdn-requestpullcode: 206
content-type: video/mp4
cdn-cache: HIT
cdn-uid: aa892386-1221-42f5-b6f5-50fb97e14687
cache-control: public, max-age=3600
cdn-requestid: 8241965657f4a6ad969ed07df07f2354
cdn-requestcountrycode: DE
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 206 3a1662ddb1303c58bac390aa8db9cb64.mp4
yaas-b-s.performoo.com/ 1 KB
2 KB 119ms
118ms Media
video/mp4 185.93.1.244
CDN77 ^_^

General

Check archive.org

Show headers Download Go to

Full URL: https://yaas-b-s.performoo.com/3a1662ddb1303c58bac390aa8db9cb64.mp4
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 185.93.1.244 , United States, ASN60068 (CDN77 ^_^, GB),
Reverse DNS: unn-185-93-1-244.datapacket.com
Software: Performoo-IL1-845 /
Resource Hash: 60ddc774c7b5fd0c01d169321a444da403d60c0042f6bee01b0c96f6e1535fda

Request headers

Referer: http://www.tranquilforrestt3.xyz/
Accept-Encoding: identity;q=1, *;q=0
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Range: bytes=0-

Response headers

date: Fri, 28 Jan 2022 13:46:28 GMT
cdn-edgestorageid: 617
x-amz-request-id: 2C8SBMD1WFG4MEAS
Content-Range: bytes 0-1492/1493
cdn-cachedat: 01/19/2022 06:03:52
cdn-pullzone: 633974
Content-Length: 1493
x-amz-id-2: RPWYBkPYxshYY51/yKJ2uEDufHySAygwcq9YI66566pZmAYOrINXXM3N+Sqsa9VwcIdKdTyxv14=
server: Performoo-IL1-845
last-modified: Wed, 19 Jan 2022 12:01:56 GMT
cdn-proxyver: 1.02
cdn-requestpullcode: 206
content-type: video/mp4
cdn-cache: HIT
cdn-uid: aa892386-1221-42f5-b6f5-50fb97e14687
cache-control: public, max-age=3600
cdn-requestid: 426a051cb4f59532f15ce03231ebb555
cdn-requestcountrycode: DE
cdn-status: 200
cdn-requestpullsuccess: True

GET
H3 200 container.html Show response
2ee9f9c2d9910c8713dfd6416585c71c.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 8059 6 KB
3 KB 40ms
40ms Document
text/html 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://2ee9f9c2d9910c8713dfd6416585c71c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022012702.js?31064603

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: http://www.tranquilforrestt3.xyz/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 3108
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 28 Jan 2022 13:46:25 GMT
expires: Sat, 28 Jan 2023 13:46:25 GMT
cache-control: public, immutable, max-age=31536000
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
content-type: text/html
age: 3
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

POST
H3 200 log_event Show response
www.youtube.com/youtubei/v1/ Frame E7E4 28 B
54 B 72ms
70ms XHR
application/json 2a00:1450:4001:80e::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/youtubei/v1/log_event?alt=json&key=AIzaSyAO_FJ2SlqU8Q4STEHLGCilw_Y9_11qcW8

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/495d0f2b/www-embed-player.vflset/www-embed-player.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

d7d5e54ad1e33d7ab49c664323ced79cb9723ff15e9764cd0edc3e15208e8336

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Content-Type: application/json
X-YouTube-Utc-Offset: 0
X-YouTube-Client-Name: 56
Referer: https://www.youtube.com/embed/4RHoJWfJ9AY?autoplay=1&mute=1&rel=0
X-YouTube-Client-Version: 1.20220126.01.00
X-YouTube-Time-Zone: Etc/Unknown
X-Goog-Visitor-Id: Cgs2WXRvVC1QT0Mwdyiy58-PBg%3D%3D
X-YouTube-Ad-Signals: dt=1643377586363&flash=0&frm=2&u_tz&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&bc=23&bih=-12245933&biw=-12245933&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C300%2C250&vis=1&wgl=true&ca_type=image&bid=ANyPxKqfmq70d4zs21SPl8iQjNs0LKuVKj8p6iaEpjPkck12voAzFzej0YjCbK9well1Mz-LtireGF1Btj7Wto7bbEvAtoxz1w

Response headers

date: Fri, 28 Jan 2022 13:46:28 GMT
content-encoding: br
x-content-type-options: nosniff
server: ESF
x-frame-options: SAMEORIGIN
vary: Origin, X-Origin, Referer
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
cache-control: private
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 31
x-xss-protection: 0
expires: Fri, 28 Jan 2022 13:46:28 GMT

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 20F5 624 B
297 B 51ms
51ms Document
text/html 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CMwDENi0ZBi-yZSTATAB&v=APEucNXQSzvTIZ392WAaSi14fD8QS9jdjmC2lGe0-LlUVdcgHMJMezqQ7TqP47T5-vmxpsqfeE0coLDDedJftfLvpLKSm0pS_h7_RPkcpfvBkxo6zYyufxIm93abcsp3KJVOE8jgvmV5s2ORZjf6uvXZ_7z1e1GHNQtjwebdOlGXL2PfXxTrZvY

Requested by

Host: 2ee9f9c2d9910c8713dfd6416585c71c.safeframe.googlesyndication.com
URL: https://2ee9f9c2d9910c8713dfd6416585c71c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://2ee9f9c2d9910c8713dfd6416585c71c.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
date: Fri, 28 Jan 2022 13:46:28 GMT
server: cafe
cache-control: private
content-length: 276
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 8059 24 KB
14 KB 87ms
87ms Script
text/javascript 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-DSLaj-TK6xl15PhP0dBMxbA1sLAIwaTj-0oVq3u6LkqmNo7eBLdieskiCp59yILT04ZTQtIYy-8WpZsbSlVTDCyovUcj-BuIhVPqga1GYxkGAa9TNtPcmqpAzGXjqmF9bEOhKdj_zWIEY-mYGnv6PcTkqbUA&cry=1&dbm_d=AKAmf-Dx78XLKOzkd-xSr-Ty0TWvxoc9tmbM7mkIGWk6G-mXos_Dk0NG4p-PMpAJbdTEytScNnOy_F4PYgzZ_zqXNxG91LGBDH7QG1-4YbkPAkvCeFQ381KIpXcWaj3ggQUnJqDialsvXUrzpMWh0H5n0ZVWzWY_s14GNwVv3GdvsfeQq0DXpLRUzt1qaw4LSxYUlTfOtGJ-brAcUFbMcKiAf7REoOz7Q2kEYQNoqv40270-kxPQ_PsIttFLzp0j64msDy_2Idym0rce65VZ3B2L1_roR7SlBjrzoP5y8sJKoc8a4N2cY7AtqXtQY0mgd_z8Npt4KtZ6DmDtgx9FU4G9Lo1PqhOEhrm2PGNXHfjS7nyLkftegGSYEgbSq_B9C9cr-Mw-DTAyLholhVTzyG_Qy-KWXcIRTXF58HeENzd5smB3eUiqXYdTGESjRlmBNhET1nCcLX-p1qnFXZHTxxWSn6e05kfDnuQQji_jZTBD4trIpF3zcKWy5JossBIScsZzZA4yFNy546D0T6VxUshOIqE006_5Bd4bSEiABpfh6tGTEexcbi6wc8j3YjeQJcq5q4-Bxn8S-jSWg4flb3BinlbOHoXz56FT5uh6SF5MfauydVIyUByRBTCH_lmJfPGTtLC0Xb7v66wX3J_EzOq45AR8RuGNEb5Wy_0BuCzNeZfqMbSQEPJNn24EaRViD_lpOJIBO9W-812-3h1Hv_UxMwIHJ0xsNdrmSTOMKhl2TAfCujVbrJUstcfhFPvPkD4xiQV7lgFDTZE9g_uWMzYREhoJDXjWxxg6hAuyG-R5pPqZKq3wfMpoKqasY_OWVZxLibYJAV4ANquzLYbP_gzZcY2l7K_hilqO9YEK1bs3gKjRYq-dPmUKp51K2OSwULUctCGlueVfz_AqLJdzqI99zqjXlfEaDwE0LLYnTxaKqD-8MeUUhpk5f96AYS23hjJ8siGIeF7GhmQdwKz76JsNvw5UbkBH4YAKqCj4e1Zudk8HAlPitYRgAJEbFlZfoh-0JeZ1Olyj9vjOqz6VMGJ_a6f-kn9p9OZ8HZMK067BBqb8c0lSr00PjP043Je24xqDD7pz1J5rz3sOFw18_pc13jbpJ63FA6LFag0Z8pjU2SXNm33neeJxuCvipIq0Vi5lFKlRhzwUXP-5db8ElGC-oY6_GHpi9sMD5jRF9HviaVw8IzhuCsKNasIM4K8twBUtllSc0KBjjFov2oQHJUozyZ5QxCIpWFPxI_D_yZN_R70oRB3VZQ3evJkJvp1YKPFw_brlKBOIBjAPmSrpq5BLp-DKMgokPlXRvaGdB7FMZSXQkq3LhWibCuM5jzK5AKHWDdHqZm4kvvZ4svNbJqlfDooZUhVHxRYhyXMHJUkV82gqRBJFcbwcBng_78ZpZfsdeuAHekVLByOTMwTm-vCJEYlfSaLTFPRE30c0EfJqmjK22_3mRUdNJXTgkAkjzn7_IwNNk4Skuw_Ix5xouI6zl5fozRf7r1J1dCn9rANmUSw5V-6fe-wNPRwxnzzGQPD3Zo_IfU-OquIbH8SRXSlsWK94dSkSnbYaVcnMD-u5KplAzxyOFdeZsU1v8ZVZ-1jAiPEq0oz9FFM_wWrBTDVygG0rJq16B0PbNuwltDK5QEeCCrc4UAq1nnpyTXdJG6ZtgDiTAZ2QTCJGbtgRLrA4TEfRQF4xyFY1yosli5DYaVS1g6qMlASwYWHEEAekuCVa886Mx4uKXWo9FfFZLTweMfOvtoym5fKNfuOve1Tic2yLefAfZR6bMcPFZD0OD2-1wbxQDreSGM-v91Ggml6zctmp_AJMRlT2JhJPvjBqYID0hzkrbX8u0RvpK_3cAAXdAwd8PFBcDJWAp7RgHsgQeeby6-CYvwzvTbB9XGCHdOBWAEzucWlXceqFwgYmkkhmh33oGvwkXKvJzpMgFodtq79xW5w9pCtgQoZ-u1VUXDRzJ0pPUTJU-cmul6N0DFZ24E4_ku9rF2bIoSh8LBsBacCDHmWRJ7XIbeC0Xn6_byqEVg85oLnUmCEmwErPYBwVOWPT811RWy7JnHW2Vl5u56LGNEMNXFpni2YFgd0n37PKpXb0nt-3qaUiIeUExqqQK4_AXwFxWZRL_-JYchz98t_3zL7xO2It2r63our_3l6xBMd4353XRZSpsbADFvWU1MPaGxsDrydGK2gO5dq8sW_TB5xJudDaLP1S04RZfQP_t1--q-4b0KUtqLRxS62MOh7WoYg4UmCH4a_OlEBZiW83HjsmiKCqmAUvx1_scA7BgN8C9-xgRgDGZN6HdsDgZaH8S-Zc7-QY80Ji2FX9ww02oXWQ4G9FmQ25nd5Z8vNbpulOwvxXDmoWrVrw8O-RL49Kqa2dnmPYA9JJJp2gZ7wfGwrMjBZmO47ubl96cMU9edZq8zpFZf_mvvgyVg7uPDhTbxIexhMTMtx--2oF7ys8qQzHwXR_SI9KqVVdHiXWJDGLw9y2bhY9cF9pFjubnuPcqUL6nqJ2SUx4Ax8DdUoWkkyo-JUKX-1_GBFvgzM_Aip6jc7PhY4PxQxk38LA17OW4npMMvTR0m9qh51Z-tS048woMhUVjxNS6IgzvOokYyHMDjVgls-blgWmfnIkiIX8A0vP4kbitOatWy3nnKHWAU5gEsThnWKpvJr0q7iOWpyRHyMvrLn2-62r_KmjAwjegC-RJf5ypo6kPCCuWkGMDgOtVvD_SF4qgicpxqV1P8MEVIQDNpMF7yg-dsGySulsbEBjjp8qYLWGtL6YMB6wNn7UWUd99m_8Xxy1gtvw2kStXJZ1KSdnipJe46hYm8naEujWf22LOVQqJu_nmsVfX4yP_tiGsXC3gqmi-H2MtL1kuB0kmIIACuuavYaJ0W5pRrh0x0Xt6Yckz9HaJtzgGzfMXKa9OxMNbslcn0CqrxcdynG4-pXMaSAeAt7zFS0dyujIiXA5ArtudvYCi8AdHwH8Cpm03tvD9_Y5ri9IwJWUeZY&cid=CAASEuRo4GUuMLwVb1TK7AhsgrcewA&rfl=1%2Chttp%253A%252F%252Fwww.tranquilforrestt3.xyz%252F%240

Requested by

Host: www.tranquilforrestt3.xyz
URL: http://www.tranquilforrestt3.xyz/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef029170f0e9665613ab46d8d1be7f56e680f481d85b8106fc6441c9e8c283dc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://2ee9f9c2d9910c8713dfd6416585c71c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 28 Jan 2022 13:46:28 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 14461
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 8059 42 B
63 B 72ms
72ms Image
image/gif 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-DMY6YpNjQTeZtiKMpHRKCFZJWHyTSF-zx6AHwFi5_e6rZVD_SYPk5hbhLfJZeHxDCDVAqH97mZfCoXut4x8iSh44XmBodBpAQ5wfC-CfL177NNPOI

Requested by

Host: 2ee9f9c2d9910c8713dfd6416585c71c.safeframe.googlesyndication.com
URL: https://2ee9f9c2d9910c8713dfd6416585c71c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://2ee9f9c2d9910c8713dfd6416585c71c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 28 Jan 2022 13:46:28 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 / Show response
track.adform.net/adfscript/ Frame 8059 2 KB
2 KB 252ms
22ms Script
text/javascript 37.157.6.241
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://track.adform.net/adfscript/?bn=40760428;click=https://googleads.g.doubleclick.net/dbm/clk?sa=L&ai=CzJ2ftPPzYbPHEan5gAe8u5qgA5W2rOFgtv6-uKwMoIeA7JACEAEg_-fIHmCV4pCCoAegAdPGmJgDyAEJqQLRMyIIna-yPqgDAaoE9QFP0AkV4zSu46DuA_6mE425Kdm0IxZiVUro5GdzL1cobk7b4DEgz4Fp6nvbVKvBpHx2lsP3yAFYcLpl6VfbUr2baQAdahOaGkforoFfu6huh3XFx3iPeyzv5hMPNwqEAx9jxFH2b9leI9DxA150jeWedqfZYMGK80fe_69dEKJA8QLP0xNI8hlL6IJ-I-Z9nvdkRc510BaEEg1I6R7ykn7se1eQZU0HWAuMnLYHtxHSlImPGkzAJyvaeU3-0pLGpok1Bz7zIv9Ngy8l3ObJXseVKfTN7uwgtZpSQWBtSeXGVGvE7E1qo0KMaBZYHjYq7l7ouJsmRcAE94OHuJwD4AQDkAYBoAZNgAeVuednqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgH1ckbqAemvhuoB_PRG6gHltgbqAeqm7ECqAffn7EC2AcA0ggJCIDhgBAQARgdgAoDmAsByAsBgAwBsBOi6egN2BMLiBQC2BQB0BUBgBcB&ae=1&num=1&cid=CAASEuRo4GUuMLwVb1TK7AhsgrcewA&sig=AOD64_1-Q57nuQoJaWadeVrRoV_hUuvsBA&client=ca-pub-2192002536170159&dbm_c=AKAmf-BatbBkxWNSJA2MdcHWgJvrGcmULMI1yeP-R-rWKYIbe70Hm1k0nyfwXzoTUkIu9ckt-BLyyT2MDMMubBGcpi9Dw8NGaoC5EOAvqe2HU9fRp1VVWM7AE9jGO3nMFMSUOemjHjd1NJgGYXFyze6OUFw69LTU1g&cry=1&dbm_d=AKAmf-AZAGFOmpdfO_u6TdDYW8U55P30UYLpNfbyRVjBgAaQ471KqCHvsV9ZOBH9TUai5V1KdQ1E-UvspH6xIhlElvO30x3uo5tjfju9KMeMq3GXqRwRN5eFhHOHcHkH6skfWzLf_cyTDErsFtDAW3iKgtkFF6IzsRKCJgsAqKsEJPWxQZFTQ5js3TGbnmyd-uKEclWC6MW9PHF4AoguoQ9n7jHKngkFSy6bP3QeNiOoEnKkW_IMXMF8U55llWF4An0jss_uR_NTfEkiIjB52JBqb-Y6-THLcLb1YqGyS83-MG67kD6IdBc_GXaxvJmOdoqtnKvIK3A-0Cd3U1U4dwUk9xbzw8T4NikVjKH9hQwX5zUUlUm2gkKrIt5fhdHzy7UfofRZAQlOb0E4t2RCw6dNdPCNqV_7xQ&adurl=

Requested by

Host: 2ee9f9c2d9910c8713dfd6416585c71c.safeframe.googlesyndication.com
URL: https://2ee9f9c2d9910c8713dfd6416585c71c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.6.241 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

e135e343e28c8221d842837acddbe52fcab0e2bc9a58057e2f2c088af41eb65b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://2ee9f9c2d9910c8713dfd6416585c71c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 28 Jan 2022 13:46:29 GMT
content-encoding: gzip
server: nginx
vary: Accept-Encoding
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
strict-transport-security: max-age=31536000; includeSubDomains
content-type: text/javascript; charset=utf-8
content-length: 1990
expires: -1

GET
H3 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220126/r20110914/client/ Frame 8059 2 KB
1 KB 44ms
44ms Script
text/javascript 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220126/r20110914/client/window_focus_fy2019.js

Requested by

Host: 2ee9f9c2d9910c8713dfd6416585c71c.safeframe.googlesyndication.com
URL: https://2ee9f9c2d9910c8713dfd6416585c71c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

144822a1b5316a4e9a06ffbf5802b8c1cbbc0a3f230d81b98f362f7fe4c128c8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://2ee9f9c2d9910c8713dfd6416585c71c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Fri, 28 Jan 2022 13:37:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 532
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1205
x-xss-protection: 0
server: cafe
etag: 18074202747124231361
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 11 Feb 2022 13:37:36 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 8059 123 KB
37 KB 58ms
58ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 2ee9f9c2d9910c8713dfd6416585c71c.safeframe.googlesyndication.com
URL: https://2ee9f9c2d9910c8713dfd6416585c71c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

84bf5ffcfd8b3a1240721c90836f1167532b716566165a51ca920c9e657a75d4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://2ee9f9c2d9910c8713dfd6416585c71c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Fri, 28 Jan 2022 13:46:28 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 38288
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1643200382015849"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Fri, 28 Jan 2022 13:46:28 GMT

GET
H3 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220126/r20110914/client/ Frame 8059 14 KB
6 KB 44ms
44ms Script
text/javascript 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220126/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: 2ee9f9c2d9910c8713dfd6416585c71c.safeframe.googlesyndication.com
URL: https://2ee9f9c2d9910c8713dfd6416585c71c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a0e123a11c5b411021d5bd8ab3926fe6d726b29ca2bb83e6066dae93a9ba326a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://2ee9f9c2d9910c8713dfd6416585c71c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Fri, 28 Jan 2022 13:39:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 409
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6123
x-xss-protection: 0
server: cafe
etag: 15358646999216992880
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 11 Feb 2022 13:39:39 GMT

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
6 KB 52ms
52ms Script
text/javascript 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022012702.js?31064603

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www.tranquilforrestt3.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Fri, 28 Jan 2022 13:46:28 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Fri, 28 Jan 2022 13:46:28 GMT

GET
H/1.1 204
No Content b
ds-aksb-a.akamaihd.net/2/157312/ 0
269 B 10ms
7ms Image
text/html 2a02:26f0:fb::213:30c3
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://ds-aksb-a.akamaihd.net/2/157312/b?dE=12&cS=12&cE=19&rqS=19&rsS=1378&rsE=2336&sS=&dl=1380&di=2481&fp=1669&dlS=2481&dlE=2482&dc=5301&leS=5306&leE=5308&to=&ol=0&cr=0&mt=&mb=&b=257&u=http%3A//www.tranquilforrestt3.xyz/&ua=Mozilla/5.0%20%28Windows%20NT%2010.0%3B%20Win64%3B%20x64%29%20AppleWebKit/537.36%20%28KHTML%2C%20like%20Gecko%29%20Chrome/97.0.4692.71%20Safari/537.36&pl=Linux%20x86_64&us=&gh=23.53.121.5&t=&rid=2b3faa9&r=43962&akM=a&akN=ae&vc=14:17&bpcip=68a8d500&akTX=1&akTI=2b3faa9&ai=377782&pmgn=&pmgi=&pmp=
Protocol: HTTP/1.1
Server: 2a02:26f0:fb::213:30c3 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www.tranquilforrestt3.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 28 Jan 2022 13:46:28 GMT
Content-Type: text/html
Cache-Control: max-age=0, no-cache, no-store, private
Connection: keep-alive
Timing-Allow-Origin: *
Content-Length: 0
Expires: Fri, 28 Jan 2022 13:46:28 GMT

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20220126/r20110914/ Frame 8059 23 KB
9 KB 41ms
41ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20220126/r20110914/abg_lite.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-DSLaj-TK6xl15PhP0dBMxbA1sLAIwaTj-0oVq3u6LkqmNo7eBLdieskiCp59yILT04ZTQtIYy-8WpZsbSlVTDCyovUcj-BuIhVPqga1GYxkGAa9TNtPcmqpAzGXjqmF9bEOhKdj_zWIEY-mYGnv6PcTkqbUA&cry=1&dbm_d=AKAmf-Dx78XLKOzkd-xSr-Ty0TWvxoc9tmbM7mkIGWk6G-mXos_Dk0NG4p-PMpAJbdTEytScNnOy_F4PYgzZ_zqXNxG91LGBDH7QG1-4YbkPAkvCeFQ381KIpXcWaj3ggQUnJqDialsvXUrzpMWh0H5n0ZVWzWY_s14GNwVv3GdvsfeQq0DXpLRUzt1qaw4LSxYUlTfOtGJ-brAcUFbMcKiAf7REoOz7Q2kEYQNoqv40270-kxPQ_PsIttFLzp0j64msDy_2Idym0rce65VZ3B2L1_roR7SlBjrzoP5y8sJKoc8a4N2cY7AtqXtQY0mgd_z8Npt4KtZ6DmDtgx9FU4G9Lo1PqhOEhrm2PGNXHfjS7nyLkftegGSYEgbSq_B9C9cr-Mw-DTAyLholhVTzyG_Qy-KWXcIRTXF58HeENzd5smB3eUiqXYdTGESjRlmBNhET1nCcLX-p1qnFXZHTxxWSn6e05kfDnuQQji_jZTBD4trIpF3zcKWy5JossBIScsZzZA4yFNy546D0T6VxUshOIqE006_5Bd4bSEiABpfh6tGTEexcbi6wc8j3YjeQJcq5q4-Bxn8S-jSWg4flb3BinlbOHoXz56FT5uh6SF5MfauydVIyUByRBTCH_lmJfPGTtLC0Xb7v66wX3J_EzOq45AR8RuGNEb5Wy_0BuCzNeZfqMbSQEPJNn24EaRViD_lpOJIBO9W-812-3h1Hv_UxMwIHJ0xsNdrmSTOMKhl2TAfCujVbrJUstcfhFPvPkD4xiQV7lgFDTZE9g_uWMzYREhoJDXjWxxg6hAuyG-R5pPqZKq3wfMpoKqasY_OWVZxLibYJAV4ANquzLYbP_gzZcY2l7K_hilqO9YEK1bs3gKjRYq-dPmUKp51K2OSwULUctCGlueVfz_AqLJdzqI99zqjXlfEaDwE0LLYnTxaKqD-8MeUUhpk5f96AYS23hjJ8siGIeF7GhmQdwKz76JsNvw5UbkBH4YAKqCj4e1Zudk8HAlPitYRgAJEbFlZfoh-0JeZ1Olyj9vjOqz6VMGJ_a6f-kn9p9OZ8HZMK067BBqb8c0lSr00PjP043Je24xqDD7pz1J5rz3sOFw18_pc13jbpJ63FA6LFag0Z8pjU2SXNm33neeJxuCvipIq0Vi5lFKlRhzwUXP-5db8ElGC-oY6_GHpi9sMD5jRF9HviaVw8IzhuCsKNasIM4K8twBUtllSc0KBjjFov2oQHJUozyZ5QxCIpWFPxI_D_yZN_R70oRB3VZQ3evJkJvp1YKPFw_brlKBOIBjAPmSrpq5BLp-DKMgokPlXRvaGdB7FMZSXQkq3LhWibCuM5jzK5AKHWDdHqZm4kvvZ4svNbJqlfDooZUhVHxRYhyXMHJUkV82gqRBJFcbwcBng_78ZpZfsdeuAHekVLByOTMwTm-vCJEYlfSaLTFPRE30c0EfJqmjK22_3mRUdNJXTgkAkjzn7_IwNNk4Skuw_Ix5xouI6zl5fozRf7r1J1dCn9rANmUSw5V-6fe-wNPRwxnzzGQPD3Zo_IfU-OquIbH8SRXSlsWK94dSkSnbYaVcnMD-u5KplAzxyOFdeZsU1v8ZVZ-1jAiPEq0oz9FFM_wWrBTDVygG0rJq16B0PbNuwltDK5QEeCCrc4UAq1nnpyTXdJG6ZtgDiTAZ2QTCJGbtgRLrA4TEfRQF4xyFY1yosli5DYaVS1g6qMlASwYWHEEAekuCVa886Mx4uKXWo9FfFZLTweMfOvtoym5fKNfuOve1Tic2yLefAfZR6bMcPFZD0OD2-1wbxQDreSGM-v91Ggml6zctmp_AJMRlT2JhJPvjBqYID0hzkrbX8u0RvpK_3cAAXdAwd8PFBcDJWAp7RgHsgQeeby6-CYvwzvTbB9XGCHdOBWAEzucWlXceqFwgYmkkhmh33oGvwkXKvJzpMgFodtq79xW5w9pCtgQoZ-u1VUXDRzJ0pPUTJU-cmul6N0DFZ24E4_ku9rF2bIoSh8LBsBacCDHmWRJ7XIbeC0Xn6_byqEVg85oLnUmCEmwErPYBwVOWPT811RWy7JnHW2Vl5u56LGNEMNXFpni2YFgd0n37PKpXb0nt-3qaUiIeUExqqQK4_AXwFxWZRL_-JYchz98t_3zL7xO2It2r63our_3l6xBMd4353XRZSpsbADFvWU1MPaGxsDrydGK2gO5dq8sW_TB5xJudDaLP1S04RZfQP_t1--q-4b0KUtqLRxS62MOh7WoYg4UmCH4a_OlEBZiW83HjsmiKCqmAUvx1_scA7BgN8C9-xgRgDGZN6HdsDgZaH8S-Zc7-QY80Ji2FX9ww02oXWQ4G9FmQ25nd5Z8vNbpulOwvxXDmoWrVrw8O-RL49Kqa2dnmPYA9JJJp2gZ7wfGwrMjBZmO47ubl96cMU9edZq8zpFZf_mvvgyVg7uPDhTbxIexhMTMtx--2oF7ys8qQzHwXR_SI9KqVVdHiXWJDGLw9y2bhY9cF9pFjubnuPcqUL6nqJ2SUx4Ax8DdUoWkkyo-JUKX-1_GBFvgzM_Aip6jc7PhY4PxQxk38LA17OW4npMMvTR0m9qh51Z-tS048woMhUVjxNS6IgzvOokYyHMDjVgls-blgWmfnIkiIX8A0vP4kbitOatWy3nnKHWAU5gEsThnWKpvJr0q7iOWpyRHyMvrLn2-62r_KmjAwjegC-RJf5ypo6kPCCuWkGMDgOtVvD_SF4qgicpxqV1P8MEVIQDNpMF7yg-dsGySulsbEBjjp8qYLWGtL6YMB6wNn7UWUd99m_8Xxy1gtvw2kStXJZ1KSdnipJe46hYm8naEujWf22LOVQqJu_nmsVfX4yP_tiGsXC3gqmi-H2MtL1kuB0kmIIACuuavYaJ0W5pRrh0x0Xt6Yckz9HaJtzgGzfMXKa9OxMNbslcn0CqrxcdynG4-pXMaSAeAt7zFS0dyujIiXA5ArtudvYCi8AdHwH8Cpm03tvD9_Y5ri9IwJWUeZY&cid=CAASEuRo4GUuMLwVb1TK7AhsgrcewA&rfl=1%2Chttp%253A%252F%252Fwww.tranquilforrestt3.xyz%252F%240

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

86c9bc6e94cf6e6929e61f1f50ea415ebad2b900498f56e23d2e76876bd67474

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://2ee9f9c2d9910c8713dfd6416585c71c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Fri, 28 Jan 2022 13:46:17 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 11
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9288
x-xss-protection: 0
server: cafe
etag: 5602277676122011250
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 11 Feb 2022 13:46:17 GMT

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame 8059 41 KB
15 KB 41ms
41ms Script
text/javascript 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://2ee9f9c2d9910c8713dfd6416585c71c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Fri, 28 Jan 2022 11:11:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 9303
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 28 Jan 2023 11:11:25 GMT

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 336E 13 KB
5 KB 42ms
41ms Document
text/html 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: http://www.tranquilforrestt3.xyz/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-length: 5046
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 28 Jan 2022 13:44:40 GMT
expires: Sat, 28 Jan 2023 13:44:40 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
content-type: text/html
age: 109
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 9275 783 B
535 B 70ms
70ms Document
text/html 2a00:1450:4001:812::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

7fa3cc26595400345dfbd34b60f1d239d1ff69428246470d2b4672333a7c1e3c

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-kZVsjkjbklSy6eYJ8mIdzg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: http://www.tranquilforrestt3.xyz/

Response headers

cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
expires: Fri, 28 Jan 2022 13:46:29 GMT
date: Fri, 28 Jan 2022 13:46:29 GMT
cache-control: private, max-age=300
content-type: text/html; charset=utf-8
content-security-policy: script-src 'report-sample' 'nonce-kZVsjkjbklSy6eYJ8mIdzg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 513
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H/1.1 200
OK viewability Show response
hal90003.redintelligence.net/ Frame 94BC 0
150 B 41ms
13ms Script
text/html 138.201.63.117
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal90003.redintelligence.net/viewability?s=62201000133746800710616011853003&a=84b2711e&vb=v
Requested by: Host: hal90003.redintelligence.net
URL: https://hal90003.redintelligence.net/request_content.php?s=62201000133746800710616011853003&a=db988fd1
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.63.117 Neulussheim, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.117.63.201.138.clients.your-server.de
Software: Apache /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hal90003.redintelligence.net/request_content.php?s=62201000133746800710616011853003&a=db988fd1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Fri, 28 Jan 2022 13:46:28 GMT
Server: Apache
Connection: close
Content-Length: 0
Content-Type: text/html; charset=UTF-8

GET
H/1.1 200
OK bridge3.497.0_en.html Show response
imasdk.googleapis.com/js/core/ Frame 5396 584 KB
191 KB 89ms
48ms Document
text/html 2a00:1450:4001:801::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

http://imasdk.googleapis.com/js/core/bridge3.497.0_en.html

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js

Protocol

HTTP/1.1

Server

2a00:1450:4001:801::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cabaabab26a777959cb28bc1460c059ba210a37745cb57bdc3ddca2f28955c6c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: http://www.tranquilforrestt3.xyz/

Response headers

Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="ads-doubleclick-instream-static"
Report-To: {"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
Content-Length: 194721
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Thu, 27 Jan 2022 03:32:42 GMT
Expires: Fri, 27 Jan 2023 03:32:42 GMT
Cache-Control: public, max-age=31536000
Last-Modified: Thu, 27 Jan 2022 03:18:10 GMT
Content-Type: text/html
Age: 123227

GET
H3 200 client.js Show response
s0.2mdn.net/instream/video/ 44 KB
16 KB 50ms
50ms Script
text/javascript 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/instream/video/client.js

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d0bffc7261df1454c5e05475cda7d9e6647318dc6c3936767e1252bfe8849c54

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www.tranquilforrestt3.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Fri, 28 Jan 2022 13:46:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
cache-control: private, max-age=900
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 16746
x-xss-protection: 0
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 28 Jan 2022 13:46:29 GMT

GET
H/1.1 200
OK bridge3.497.0_en.html Show response
imasdk.googleapis.com/js/core/ Frame 0733 584 KB
191 KB 89ms
49ms Document
text/html 2a00:1450:4001:801::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

http://imasdk.googleapis.com/js/core/bridge3.497.0_en.html

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js

Protocol

HTTP/1.1

Server

2a00:1450:4001:801::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cabaabab26a777959cb28bc1460c059ba210a37745cb57bdc3ddca2f28955c6c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: http://www.tranquilforrestt3.xyz/

Response headers

Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="ads-doubleclick-instream-static"
Report-To: {"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
Content-Length: 194721
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Thu, 27 Jan 2022 03:32:42 GMT
Expires: Fri, 27 Jan 2023 03:32:42 GMT
Cache-Control: public, max-age=31536000
Last-Modified: Thu, 27 Jan 2022 03:18:10 GMT
Content-Type: text/html
Age: 123227

GET
H3 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
122 B 66ms
65ms Script
application/javascript 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=www.tranquilforrestt3.xyz

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www.tranquilforrestt3.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 28 Jan 2022 13:46:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
122 B 65ms
65ms Script
application/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=www.tranquilforrestt3.xyz

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www.tranquilforrestt3.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 28 Jan 2022 13:46:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

POST
H3 200 log_event Show response
www.youtube.com/youtubei/v1/ Frame 6886 28 B
54 B 59ms
57ms XHR
application/json 2a00:1450:4001:80e::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/youtubei/v1/log_event?alt=json&key=AIzaSyAO_FJ2SlqU8Q4STEHLGCilw_Y9_11qcW8

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/495d0f2b/www-embed-player.vflset/www-embed-player.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

d7d5e54ad1e33d7ab49c664323ced79cb9723ff15e9764cd0edc3e15208e8336

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Content-Type: application/json
X-YouTube-Utc-Offset: 0
X-YouTube-Client-Name: 56
Referer: https://www.youtube.com/embed/TvMY7lARVF0?autoplay=1&mute=1&rel=0
X-YouTube-Client-Version: 1.20220126.01.00
X-YouTube-Time-Zone: Etc/Unknown
X-Goog-Visitor-Id: CgtuYVY4ZTI4ckZjRSiy58-PBg%3D%3D
X-YouTube-Ad-Signals: dt=1643377586358&flash=0&frm=2&u_tz&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&bc=23&bih=-12245933&biw=-12245933&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C300%2C250&vis=1&wgl=true&ca_type=image&bid=ANyPxKpW7ZvtrWfCjbFmPRyfIRF93BVdBZgfr-1E7hMh4sJxQtPe07-OCeKavdTwvP4_njH-RUoZsy9hlO9VqImVcDSW2OaEOg

Response headers

date: Fri, 28 Jan 2022 13:46:29 GMT
content-encoding: br
x-content-type-options: nosniff
server: ESF
x-frame-options: SAMEORIGIN
vary: Origin, X-Origin, Referer
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
cache-control: private
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 31
x-xss-protection: 0
expires: Fri, 28 Jan 2022 13:46:29 GMT

GET
H3 200 omweb-v1.js Show response
pagead2.googlesyndication.com/omsdk/releases/live/ Frame CB4A 37 KB
13 KB 42ms
42ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js

Requested by

Host: srcdoc
URL: about:srcdoc

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e2511b147f3cf95f742758d3e2062eac98f5265a859dc07959eb8a32f0a2f528

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www.tranquilforrestt3.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Fri, 28 Jan 2022 12:56:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 2995
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/omsdk-team-release-policy
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12861
x-xss-protection: 0
last-modified: Tue, 26 Oct 2021 20:08:54 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="omsdk-team-release-policy"
vary: Accept-Encoding
report-to: {"group":"omsdk-team-release-policy","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/omsdk-team-release-policy"}]}
content-type: text/javascript
cache-control: public, max-age=3600
accept-ranges: bytes
expires: Fri, 28 Jan 2022 13:56:34 GMT

GET
H3 200 omweb-v1.js Show response
pagead2.googlesyndication.com/omsdk/releases/live/ Frame 1FD8 37 KB
13 KB 42ms
42ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js

Requested by

Host: srcdoc
URL: about:srcdoc

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e2511b147f3cf95f742758d3e2062eac98f5265a859dc07959eb8a32f0a2f528

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www.tranquilforrestt3.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Fri, 28 Jan 2022 12:56:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 2995
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/omsdk-team-release-policy
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12861
x-xss-protection: 0
last-modified: Tue, 26 Oct 2021 20:08:54 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="omsdk-team-release-policy"
vary: Accept-Encoding
report-to: {"group":"omsdk-team-release-policy","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/omsdk-team-release-policy"}]}
content-type: text/javascript
cache-control: public, max-age=3600
accept-ranges: bytes
expires: Fri, 28 Jan 2022 13:56:34 GMT

GET
H3 200 container.html Show response
2ee9f9c2d9910c8713dfd6416585c71c.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 2140 6 KB
3 KB 43ms
42ms Document
text/html 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://2ee9f9c2d9910c8713dfd6416585c71c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022012702.js?31064603

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: http://www.tranquilforrestt3.xyz/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 3108
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 28 Jan 2022 13:46:25 GMT
expires: Sat, 28 Jan 2023 13:46:25 GMT
cache-control: public, immutable, max-age=31536000
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
content-type: text/html
age: 4
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 20F5
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESED3CrVlDuTlQRb4dUbZJ0tg&google_cver=1

43 B
894 B

27ms
26ms

Image
image/gif

2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESED3CrVlDuTlQRb4dUbZJ0tg&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CMwDENi0ZBi-yZSTATAB&v=APEucNXQSzvTIZ392WAaSi14fD8QS9jdjmC2lGe0-LlUVdcgHMJMezqQ7TqP47T5-vmxpsqfeE0coLDDedJftfLvpLKSm0pS_h7_RPkcpfvBkxo6zYyufxIm93abcsp3KJVOE8jgvmV5s2ORZjf6uvXZ_7z1e1GHNQtjwebdOlGXL2PfXxTrZvY
Protocol: HTTP/1.1
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 28 Jan 2022 13:46:29 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Fri, 28 Jan 2022 13:46:29 GMT

Redirect headers

pragma: no-cache
date: Fri, 28 Jan 2022 13:46:29 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESED3CrVlDuTlQRb4dUbZJ0tg&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 20F5
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YfPzs1KMxDHDRFBvdH2Q9QAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESED3CrVlDuTlQRb4dUbZJ0tg&google_cver=1

43 B
894 B

37ms
36ms

Image
image/gif

2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESED3CrVlDuTlQRb4dUbZJ0tg&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CMwDENi0ZBi-yZSTATAB&v=APEucNXQSzvTIZ392WAaSi14fD8QS9jdjmC2lGe0-LlUVdcgHMJMezqQ7TqP47T5-vmxpsqfeE0coLDDedJftfLvpLKSm0pS_h7_RPkcpfvBkxo6zYyufxIm93abcsp3KJVOE8jgvmV5s2ORZjf6uvXZ_7z1e1GHNQtjwebdOlGXL2PfXxTrZvY
Protocol: HTTP/1.1
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 28 Jan 2022 13:46:29 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Fri, 28 Jan 2022 13:46:29 GMT

Redirect headers

pragma: no-cache
date: Fri, 28 Jan 2022 13:46:29 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESED3CrVlDuTlQRb4dUbZJ0tg&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

setuid
ib.adnxs.com/ Frame 20F5
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESECxGEEYzSIwFEYQ7t5-Ew-8&google_cver=1

43 B
1007 B

67ms
65ms

Image
image/gif

37.252.172.36
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=101&code=CAESECxGEEYzSIwFEYQ7t5-Ew-8&google_cver=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CMwDENi0ZBi-yZSTATAB&v=APEucNXQSzvTIZ392WAaSi14fD8QS9jdjmC2lGe0-LlUVdcgHMJMezqQ7TqP47T5-vmxpsqfeE0coLDDedJftfLvpLKSm0pS_h7_RPkcpfvBkxo6zYyufxIm93abcsp3KJVOE8jgvmV5s2ORZjf6uvXZ_7z1e1GHNQtjwebdOlGXL2PfXxTrZvY

Protocol

HTTP/1.1

Server

37.252.172.36 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

Software

nginx/1.17.9 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 28 Jan 2022 13:46:29 GMT
X-Proxy-Origin: 185.213.155.165; 185.213.155.165; 692.bm-nginx-loadbalancer.mgmt.fra1; adnxs.com
AN-X-Request-Uuid: 9d485ff0-67e0-4c5a-b06f-6d992c5d56fa
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Fri, 28 Jan 2022 13:46:29 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://ib.adnxs.com/setuid?entity=101&code=CAESECxGEEYzSIwFEYQ7t5-Ew-8&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 290
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 20F5
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NTYxNDY2NzE0Mjc4MTE3NDQ3

170 B
188 B

62ms
62ms

Image
image/png

142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NTYxNDY2NzE0Mjc4MTE3NDQ3

Requested by

Protocol

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 28 Jan 2022 13:46:29 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Fri, 28 Jan 2022 13:46:29 GMT
X-Proxy-Origin: 185.213.155.165; 185.213.155.165; 692.bm-nginx-loadbalancer.mgmt.fra1; adnxs.com
AN-X-Request-Uuid: 11bcd7c5-8a4a-4963-a136-1793490d22ab
Server: nginx/1.17.9
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NTYxNDY2NzE0Mjc4MTE3NDQ3
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 bootstrap.js Show response
s1.adform.net/stoat/626/s1.adform.net/ Frame 8059 33 KB
16 KB 217ms
36ms Script
text/javascript 37.157.6.236
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL: https://s1.adform.net/stoat/626/s1.adform.net/bootstrap.js
Requested by: Host: track.adform.net
URL: https://track.adform.net/adfscript/?bn=40760428;click=https://googleads.g.doubleclick.net/dbm/clk?sa=L&ai=CzJ2ftPPzYbPHEan5gAe8u5qgA5W2rOFgtv6-uKwMoIeA7JACEAEg_-fIHmCV4pCCoAegAdPGmJgDyAEJqQLRMyIIna-yPqgDAaoE9QFP0AkV4zSu46DuA_6mE425Kdm0IxZiVUro5GdzL1cobk7b4DEgz4Fp6nvbVKvBpHx2lsP3yAFYcLpl6VfbUr2baQAdahOaGkforoFfu6huh3XFx3iPeyzv5hMPNwqEAx9jxFH2b9leI9DxA150jeWedqfZYMGK80fe_69dEKJA8QLP0xNI8hlL6IJ-I-Z9nvdkRc510BaEEg1I6R7ykn7se1eQZU0HWAuMnLYHtxHSlImPGkzAJyvaeU3-0pLGpok1Bz7zIv9Ngy8l3ObJXseVKfTN7uwgtZpSQWBtSeXGVGvE7E1qo0KMaBZYHjYq7l7ouJsmRcAE94OHuJwD4AQDkAYBoAZNgAeVuednqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgH1ckbqAemvhuoB_PRG6gHltgbqAeqm7ECqAffn7EC2AcA0ggJCIDhgBAQARgdgAoDmAsByAsBgAwBsBOi6egN2BMLiBQC2BQB0BUBgBcB&ae=1&num=1&cid=CAASEuRo4GUuMLwVb1TK7AhsgrcewA&sig=AOD64_1-Q57nuQoJaWadeVrRoV_hUuvsBA&client=ca-pub-2192002536170159&dbm_c=AKAmf-BatbBkxWNSJA2MdcHWgJvrGcmULMI1yeP-R-rWKYIbe70Hm1k0nyfwXzoTUkIu9ckt-BLyyT2MDMMubBGcpi9Dw8NGaoC5EOAvqe2HU9fRp1VVWM7AE9jGO3nMFMSUOemjHjd1NJgGYXFyze6OUFw69LTU1g&cry=1&dbm_d=AKAmf-AZAGFOmpdfO_u6TdDYW8U55P30UYLpNfbyRVjBgAaQ471KqCHvsV9ZOBH9TUai5V1KdQ1E-UvspH6xIhlElvO30x3uo5tjfju9KMeMq3GXqRwRN5eFhHOHcHkH6skfWzLf_cyTDErsFtDAW3iKgtkFF6IzsRKCJgsAqKsEJPWxQZFTQ5js3TGbnmyd-uKEclWC6MW9PHF4AoguoQ9n7jHKngkFSy6bP3QeNiOoEnKkW_IMXMF8U55llWF4An0jss_uR_NTfEkiIjB52JBqb-Y6-THLcLb1YqGyS83-MG67kD6IdBc_GXaxvJmOdoqtnKvIK3A-0Cd3U1U4dwUk9xbzw8T4NikVjKH9hQwX5zUUlUm2gkKrIt5fhdHzy7UfofRZAQlOb0E4t2RCw6dNdPCNqV_7xQ&adurl=
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.157.6.236 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software: nginx /
Resource Hash: 3155cd449a2085846e620747cc4f30dbf639cfcf5f4211e1c7224043e8806d45

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://2ee9f9c2d9910c8713dfd6416585c71c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Fri, 28 Jan 2022 13:46:29 GMT
content-encoding: gzip
last-modified: Wed, 26 Jan 2022 13:59:05 GMT
server: nginx
x-cache-status: HIT
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=100000
expires: Sat, 29 Jan 2022 17:08:43 GMT

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 525E 22 KB
8 KB 48ms
47ms Document
text/html 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://2ee9f9c2d9910c8713dfd6416585c71c.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
timing-allow-origin: *
content-length: 8395
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 28 Jan 2022 11:12:02 GMT
expires: Sat, 28 Jan 2023 11:12:02 GMT
cache-control: public, max-age=31536000
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
content-type: text/html
age: 9267
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 9275 0
0 110ms
100ms Image
text/html 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gpt_2022012702&jk=1059964830798939&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 646A 624 B
297 B 71ms
70ms Document
text/html 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CMmp1wIQ19vYAhj50szAATAB&v=APEucNX6rTcN1r1YDNxrldX-KYmN5AvLsiyA7v1HZ68KZaW3V69vvlnmdhCE0XCPEHy1jr4m0p5UxcHxNHlIQYEWj6OXLuMhwVPersF4Z8MVbpVCNtBGpCqfiTbgkcBvRAQ3l3EhVcjUS6yALAzlta1d1bPlB5t8nreWfd3-iaeOHbxsADFujaE

Requested by

Host: 2ee9f9c2d9910c8713dfd6416585c71c.safeframe.googlesyndication.com
URL: https://2ee9f9c2d9910c8713dfd6416585c71c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://2ee9f9c2d9910c8713dfd6416585c71c.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
date: Fri, 28 Jan 2022 13:46:29 GMT
server: cafe
cache-control: private
content-length: 276
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 2140 25 KB
15 KB 87ms
85ms Script
text/javascript 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-Aim2qRF7h3GDIxm38s9mmg3PsjcSap1e7n03HTVYi23tBCTMbpRJHQRAz0z3x8alc8fidqAvYaTlvG11lULMEdHIedd7Cqc9RQOJ8D7vpsrcVrMG575fpqEirpRXFlluiimUw7jaMZiQ86Dl2_pJPYh_0KmQ&cry=1&dbm_d=AKAmf-D0yVial0ZxkrgHoo9nKqmZkRaVycrXkx01d1dp2Qp0bDywEiIAXxHPaOyVtlKbtpxlAYG4HhiCvxtjrrIhKt31dq4uFlmfQqlSps3467FJBk0hSt8QVxo0F2P55B-c0sqVowrX8D8wWkGS8120-N-SqDScOPL_Zc8cTVLKGYbEImktq7pVv4RjVo5gniTZOjTvIFYxW0MjYehP_xSrWSLeKFdBguByvyCjCdDwqU4JikfgZqd6jaMsOXAr6cxcMiuwiCewBh_qtNWRqh3BNcsMbjx8DbqUzJDJu8E8gpbq1_tX5GltbgQ4Z1q5FwUmi0HzJDcvfSHzeoV5PBFA8eTLoupN4W6RCRhZVH3k-o28TjPIiGHPO_TPV46FQ50bwEoiRgaQqAeKmhmopykDbsAK29yfxD5fXhaOl4aIoYO1L0Se0Ql2EU4JN5Yg517i4AN5n9LR_7KylsBrDvaLHP0AmlrqzI3nJ7mjUtt7YHEwSUVDkR-8Sk-PjDwpAgv5VOxpsUXCxGtxvXRl7_dWz1wVXAHzt-kdKbVuE0YAFnvEnOXI4cCcAdSsWF9wcagtOMWFmceISctJnW2U66US_oeABbqpKzG_RzHJUmGEk1PzJJPVFdM1GBjUcPUpmFvurkWY4yRZB8ufR-ktFvwHJ-cy2lIhFrNH5QS3X--cpYCq88Q7ClX8Y8n6eb5Ehu6mtIVYel50Pzq8QRauMV1_CTE4j3cL3nPYILrXQ-gHfLXLKqu0k9QtnP2n94gc0xrXrZIS_ZXQ29FYVb3Z_IBfXPLitYVtVqPrFDz840rxd4FDOcMQOmudSEp-kYtmJ0d5DkrrLFJHW0r-NpTy8kshN5udfco_Fmlxr45Fr4Hb_sGQPQ8snqWsBcQxDD3SAev2Zl5R1jPidrTYGy-9EVXutFV9gm7mF0_F99O98SG_TAH5SN5qHUeDNF1vAYOFzvfZiaQuh4jggaQUBplWj-iAGTzXMLkAKYHvZnt4tTUiFKVe4agWUGvh-gWiebi0Yhbl_bsZnvmg4d8adA1ldPv6phlosfNsdYd6rEg1H9lmbOtdlWfP_qHbw64_QE4pPw4Ux8nEZ79syQGUf5gdND7adof7UyEkNMwXcjDm3aeT-QL-sg7-PthPiaGbLTFTdr7kYJDpwjbpRN4w70qvhe-u94LjTkqBAVIrbx9DFIjAMgTHy6nWzXuYl6_kl5wQKxX1_5qsPqxGQk2zilkv5blKRLTl_PxTiWwNcs7bBvzuDGMQy_Wl_-UAisi04Lbc0scPDAtq_St_IyEjdSIwbeTn68FiuZhz-WA1BpxZa3eQoaDcY1hmqKPaqsBNDni2Xbh3olsk5ES1rvVMCmhjl-cGeRc6m5dTzEv75K7FZ6dc2Mlyn2L09BSFpfH_e8JZQj4mITIFGOJ1zalXlMG62u08TbYD0syPuDsPPPRomcluhuqpXoBRNyUmwrEY5VfLh1PwsZjShdkNUkHMrQSvkUVhM9gogq_VAFUwQzJpVt3t4GOJqSpBK23XFTdDl0elnThJ_i2ouio2PlFTXjNQeNWoqY2CO0fB_pDMz1PwjasGMbDo__-5x7Raz7qBWh8HcA4vommhfjvwkC_JaezaR93evQq2EQh7NpnPT4yiNJiQLR2JVKra25tB1seZxcdYNWJV8lS6wI4DSYVtUE7xePvK4Sby1-HwQ5ibLyRuWfmWk7EiaUWZ8ehJaK01UA0w52tSP1yeY7bZWlUZpfIbyfTSgFTSSxbn20zcTVQYDjBWYxw9PSs3E83_qVhRbD7G0dMseLkRVzCJPndiGrJtIp-8u7PHSJJjatbTNchDAvC-_l-E-y5zfYHkx7MbJa3V-tD33UNzqK0Iim1XDeoEyGIKB_z944EHBjyI5VVpWvYQt5tq30FWngmheIgwn59EDmEoJPu-v_B-lk4Jdv6mh10b_wpG1MBwV_08lpKS5mT8H3WGnAI5g7pwgXR2NFyJjbGEGJJpyIrVi3FGLX830oTzdx0PvjoK0XQSk8n7x6o-AGBBu9thf8Ka_iVSEAh0lwoTh_Bc9G80StQ1Y-8V25ynhwwqo5k9TIYY_52pc9orf5OlOwfvK1q142Ur355qih4zHC-wznmwR1pAOHZwjhCeK4vYbejPWke200jGM_q7H7Ac5-VJPT_AvfDvdmaTHhcO9aWdAFzIUELjZCoxC6TbxaKSV8e1K9i-ZOfRBqcVS2UsdtH9e4rjrX9dcrrPLf3XMPvwGXbSQBJwEnYCjKx6E74Q21Dy8qj0Mf960mSQ97H52WoFGDdW1GCNooJypMY6u2qgAWktnobXldf8lh86eBHrPrtSbPVX_nmAsxJR6NsNl8p3gM49uwgCiCz54hQUITrN2XGSJMlZ-a3ZXNPdlPw7jtCPzmHqLkWKVCt6ALR4uh7UiSIMkbhyG4DLVin2uMtXd3Osajy8rME_UaISmLicR2ydQrrGNZadtNpgCMSVXtJWJ3mOFqYtSKJIiJwykKVah8I2GWx7HEOOgXkjzoVfpiQPoJnqRRFOlCkVjFNImsMj7v-2CvtFh-MbuHn-J4hRKCcouTkOCVKyiYtvzScXUBQmssUvy3HBVNcwb7y9k6Yy3-kWKOKysw1d1G7cuLv_UAZmxGosAy1PSED0VQhJX84p6rOBl-tyfgrImpo65k_OGVewlZJuj6UmdBBmY3-EBu0_Ql-hlIVDhrRND2H-kklRQt3G-9Wzzwdgbfaj5AyL_zKtRDIwiAO827myYubeJzrMYLHKuRle-DKWaFw9DfFG42NnQ2TQWvApmvA_y0F7qRODgvRDLNVzs3nH0xGkwfsAIc311SrTB1wLAi1uXArosiJmmj-6M-Af5bNejTBbLhxtZwDlay8-eCGN8LPTzzNuHtQzbT_LzvuQ3xtTTv9X5J1bX2wUK3oPnbxrBlmdxCDlfcEfd-p_1-c9yLe7yXHQjMDUf0makrkwRipBmkJ4DAOYxArUYHAeGHFW27-LGhqSeD-GulDSRYwp6bKIiRGIVRo-nTWV25KGU5rhbqb_1LWNWR4JfpP_jNLIjyMJxJQ7zM452Jg28VRxrmOp8xmwAlXFMW3CiUbfKuf88-AbSzC0maWIt4nUgC699zakDgDQbTSdnM39i3rpEQgQBb8APzlvgd5oSzKH0AC072tNng&cid=CAASEuRopDbTM2gTyCY_scynhnEM6g&rfl=1%2Chttp%253A%252F%252Fwww.tranquilforrestt3.xyz%252F%240

Requested by

Host: www.tranquilforrestt3.xyz
URL: http://www.tranquilforrestt3.xyz/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

87db3a6cb8d5c5e47c77cdef9ddd6049ecc263e05cd6e7b9737821c961cdf549

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://2ee9f9c2d9910c8713dfd6416585c71c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 28 Jan 2022 13:46:29 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15231
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 2140 42 B
63 B 91ms
85ms Image
image/gif 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-C1sfi16Tm8emj5N5vDEk4KsQZSM3LxocKsd6IKDjkbMfsqZY1UoghCJpUAM_MUQz_PorWbtfRUbrRn1lUHl7EOJvKAMTFxQiyqaMXkOpbu2m6zYyQ

Requested by

Host: 2ee9f9c2d9910c8713dfd6416585c71c.safeframe.googlesyndication.com
URL: https://2ee9f9c2d9910c8713dfd6416585c71c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://2ee9f9c2d9910c8713dfd6416585c71c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 28 Jan 2022 13:46:29 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 adition.js Show response
imagesrv.adition.com/js/ Frame 2140 32 KB
8 KB 111ms
27ms Script
application/javascript 217.79.188.10
MYLOC-AS IP Backb...

General

Check archive.org

Show headers Download Go to

Full URL: https://imagesrv.adition.com/js/adition.js
Requested by: Host: 2ee9f9c2d9910c8713dfd6416585c71c.safeframe.googlesyndication.com
URL: https://2ee9f9c2d9910c8713dfd6416585c71c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 217.79.188.10 , Germany, ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE),
Reverse DNS: imagesrv.adition.com
Software: /
Resource Hash: 70e0a3b2c82384039a2e4b31c305c9ef1f72a59b585acad421c54a6101a25237

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://2ee9f9c2d9910c8713dfd6416585c71c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Fri, 28 Jan 2022 13:46:29 GMT
content-encoding: br
last-modified: Thu, 21 Oct 2021 06:32:42 GMT
etag: "4043560335-br"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
accept-ranges: bytes
content-length: 8355

GET
H2 200 js Show response
ad13.adfarm1.adition.com/ Frame 2140 3 KB
2 KB 112ms
28ms Script
application/x-javascript 217.79.188.54
MYLOC-AS IP Backb...

General

Check archive.org

Show headers Download Go to

Full URL: https://ad13.adfarm1.adition.com/js?wp_id=4285693&gdpr=&gdpr_consent=&kid=2958451&clickurl=https://googleads.g.doubleclick.net/dbm/clk%3Fsa%3DL%26ai%3DCDpxntPPzYdL4J5rjgAezpKjQAa_0o9xn_bHfyp4P8C4QASD_58geYJXikIKgB8gBCakC0TMiCJ2vsj6oAwGqBPYBT9C96LeprJKwgG8p8agF5-dGtUUiy33-BhJtZ_JegbtouEJCbYW0inLh1q1Tu-jxZkWTOu-mYIZH99F_qgp57TkSokbl6yaWgZm39F2_J5UNJXgYKvwD7veqdQgKvVSxG90iXZIOg_DLsKLt8jPL7LCDlZhXLmlo2mPqoWqZ-Sy-_pjnkxGI7ZtYWI_E6LR1nCfE0SjS5xzEVjnnqWiwTSMivsD7zjWu9tjXH58E16pah7mO-n0jhapkKmZt5k3HESJUenoQp3Tbt5C2WYFKIJamGGvr-0vCUW2Zyi-xxdWGBuoSU7ChVLtBOG1wnkBEOnch2FqewAT85M-Y0gLgBAOQBgGgBk2AB6yoy70BqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgH1ckbqAemvhuoB_PRG6gHltgbqAeqm7ECqAffn7EC2AcA0ggJCIDhgBAQARgdgAoDmAsByAsBgAwBsBPdr7EN0BMA2BMD2BQB0BUBgBcB%26ae%3D1%26num%3D1%26cid%3DCAASEuRopDbTM2gTyCY_scynhnEM6g%26sig%3DAOD64_0_f8EsOzsIJ4GaHzUwaKE1uUOgvg%26client%3Dca-pub-2192002536170159%26dbm_c%3DAKAmf-ClKr0TlMYUn6mUneZmqHta0OhNUyDHmREGcjE4s745s4fuWzQRkbk8GihQoWmU1lKAGfSmtlN6LtrObnWHmsauulMjtIW_LcUWOKw-UvTaT0v5iEQ8pTEd52LgV-qBEhGNNLK_KmSB5cSne16kK_BAnw1RIQ%26cry%3D1%26dbm_d%3DAKAmf-DpeVHqv6oGzC8pv3xk24rOQ1HngG7xIjebwrB7MXSFy7QyeaEFaBErmdwRAQemacIc6Ll7w2N178Yj2ur1Ovxs_9xNYGCgUohPbPVfXiMjAdtYujzAT-_avZfNgv_8DbmJriZ3qhmm1QhQKIWsjnD1JeoWqsrb334RwjIa-MohOecS2uNp5KwznAl2D4ZgrFhTFt1NsIesZoPqIlZziR0E7zJGByEaZAVmfQa4YKhTC1H9PUzUX_Gl6XhpIEpiW3JxmdQwzeThPDTtF8rJtOMnrfh4Zi2JMZnmOE5r5gYtqYyuK0DqSCkhfSo50nYWyh0HMPe-tz-cSzD7FDXpUjVDKtdFQbxaSCMgBYf8U54xIOnEApDBSiIThUu_YaTtUT74DiQNkVCAoQ-eSM5rFPBhUjfHcA%26adurl%3D
Requested by: Host: 2ee9f9c2d9910c8713dfd6416585c71c.safeframe.googlesyndication.com
URL: https://2ee9f9c2d9910c8713dfd6416585c71c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 217.79.188.54 , Germany, ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE),
Reverse DNS: aa.adfarm1.adition.com
Software: ADITIONSERVER v1.0 /
Resource Hash: 178f734422f453c72f3b547077b4a14bae5e1cb275f20da8864eb021b12d1e1d

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://2ee9f9c2d9910c8713dfd6416585c71c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Fri, 28 Jan 2022 14:46:29 +0100
content-encoding: gzip
content-type: application/x-javascript
server: ADITIONSERVER v1.0
cache-control: max-age=600
p3p: policyref="https://imagesrv.adition.com/w3c/p3p-ssl.xml",CP="NON DSP ADM DEV PSD IVDo OTPi OUR IND STP PHY PRE NAV UNI"
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H3 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220126/r20110914/client/ Frame 2140 2 KB
1 KB 63ms
57ms Script
text/javascript 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220126/r20110914/client/window_focus_fy2019.js

Requested by

Host: 2ee9f9c2d9910c8713dfd6416585c71c.safeframe.googlesyndication.com
URL: https://2ee9f9c2d9910c8713dfd6416585c71c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

144822a1b5316a4e9a06ffbf5802b8c1cbbc0a3f230d81b98f362f7fe4c128c8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://2ee9f9c2d9910c8713dfd6416585c71c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Fri, 28 Jan 2022 13:37:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 533
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1205
x-xss-protection: 0
server: cafe
etag: 18074202747124231361
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 11 Feb 2022 13:37:36 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 2140 123 KB
37 KB 71ms
64ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 2ee9f9c2d9910c8713dfd6416585c71c.safeframe.googlesyndication.com
URL: https://2ee9f9c2d9910c8713dfd6416585c71c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

84bf5ffcfd8b3a1240721c90836f1167532b716566165a51ca920c9e657a75d4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://2ee9f9c2d9910c8713dfd6416585c71c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Fri, 28 Jan 2022 13:46:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 38288
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1643200382015849"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Fri, 28 Jan 2022 13:46:29 GMT

GET
H3 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220126/r20110914/client/ Frame 2140 14 KB
6 KB 63ms
56ms Script
text/javascript 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220126/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: 2ee9f9c2d9910c8713dfd6416585c71c.safeframe.googlesyndication.com
URL: https://2ee9f9c2d9910c8713dfd6416585c71c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a0e123a11c5b411021d5bd8ab3926fe6d726b29ca2bb83e6066dae93a9ba326a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://2ee9f9c2d9910c8713dfd6416585c71c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Fri, 28 Jan 2022 13:39:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 410
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6123
x-xss-protection: 0
server: cafe
etag: 15358646999216992880
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 11 Feb 2022 13:39:39 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame 2140 0
0 72ms
65ms Image
text/html 2a00:1450:4001:812::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaT53Yn9hY4opai01q6hpH2C29YlBsV5GQ4JcoZCRGCTqLqzuDXTvG7WLODlR8wzL_SVVAvMtwFWaBeP3hBFM_3gEV-y3w
Requested by: Host: 2ee9f9c2d9910c8713dfd6416585c71c.safeframe.googlesyndication.com
URL: https://2ee9f9c2d9910c8713dfd6416585c71c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:812::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://2ee9f9c2d9910c8713dfd6416585c71c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

GET
H3 200 oVIaA8DHLQK8xPwSs1vijU2jqi1uqHC3deFYmTpVz9A.js Show response
pagead2.googlesyndication.com/bg/ Frame 336E 35 KB
13 KB 55ms
49ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/oVIaA8DHLQK8xPwSs1vijU2jqi1uqHC3deFYmTpVz9A.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a1521a03c0c72d02bcc4fc12b35be28d4da3aa2d6ea870b775e158993a55cfd0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Fri, 28 Jan 2022 10:36:53 GMT
content-encoding: br
x-content-type-options: nosniff
age: 11376
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13582
x-xss-protection: 0
last-modified: Mon, 24 Jan 2022 14:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sat, 28 Jan 2023 10:36:53 GMT

GET
H3 200 oVIaA8DHLQK8xPwSs1vijU2jqi1uqHC3deFYmTpVz9A.js Show response
pagead2.googlesyndication.com/bg/ Frame 525E 35 KB
13 KB 52ms
51ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/oVIaA8DHLQK8xPwSs1vijU2jqi1uqHC3deFYmTpVz9A.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a1521a03c0c72d02bcc4fc12b35be28d4da3aa2d6ea870b775e158993a55cfd0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Fri, 28 Jan 2022 10:36:53 GMT
content-encoding: br
x-content-type-options: nosniff
age: 11376
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13582
x-xss-protection: 0
last-modified: Mon, 24 Jan 2022 14:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sat, 28 Jan 2023 10:36:53 GMT

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20220126/r20110914/ Frame 2140 23 KB
9 KB 52ms
52ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20220126/r20110914/abg_lite.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-Aim2qRF7h3GDIxm38s9mmg3PsjcSap1e7n03HTVYi23tBCTMbpRJHQRAz0z3x8alc8fidqAvYaTlvG11lULMEdHIedd7Cqc9RQOJ8D7vpsrcVrMG575fpqEirpRXFlluiimUw7jaMZiQ86Dl2_pJPYh_0KmQ&cry=1&dbm_d=AKAmf-D0yVial0ZxkrgHoo9nKqmZkRaVycrXkx01d1dp2Qp0bDywEiIAXxHPaOyVtlKbtpxlAYG4HhiCvxtjrrIhKt31dq4uFlmfQqlSps3467FJBk0hSt8QVxo0F2P55B-c0sqVowrX8D8wWkGS8120-N-SqDScOPL_Zc8cTVLKGYbEImktq7pVv4RjVo5gniTZOjTvIFYxW0MjYehP_xSrWSLeKFdBguByvyCjCdDwqU4JikfgZqd6jaMsOXAr6cxcMiuwiCewBh_qtNWRqh3BNcsMbjx8DbqUzJDJu8E8gpbq1_tX5GltbgQ4Z1q5FwUmi0HzJDcvfSHzeoV5PBFA8eTLoupN4W6RCRhZVH3k-o28TjPIiGHPO_TPV46FQ50bwEoiRgaQqAeKmhmopykDbsAK29yfxD5fXhaOl4aIoYO1L0Se0Ql2EU4JN5Yg517i4AN5n9LR_7KylsBrDvaLHP0AmlrqzI3nJ7mjUtt7YHEwSUVDkR-8Sk-PjDwpAgv5VOxpsUXCxGtxvXRl7_dWz1wVXAHzt-kdKbVuE0YAFnvEnOXI4cCcAdSsWF9wcagtOMWFmceISctJnW2U66US_oeABbqpKzG_RzHJUmGEk1PzJJPVFdM1GBjUcPUpmFvurkWY4yRZB8ufR-ktFvwHJ-cy2lIhFrNH5QS3X--cpYCq88Q7ClX8Y8n6eb5Ehu6mtIVYel50Pzq8QRauMV1_CTE4j3cL3nPYILrXQ-gHfLXLKqu0k9QtnP2n94gc0xrXrZIS_ZXQ29FYVb3Z_IBfXPLitYVtVqPrFDz840rxd4FDOcMQOmudSEp-kYtmJ0d5DkrrLFJHW0r-NpTy8kshN5udfco_Fmlxr45Fr4Hb_sGQPQ8snqWsBcQxDD3SAev2Zl5R1jPidrTYGy-9EVXutFV9gm7mF0_F99O98SG_TAH5SN5qHUeDNF1vAYOFzvfZiaQuh4jggaQUBplWj-iAGTzXMLkAKYHvZnt4tTUiFKVe4agWUGvh-gWiebi0Yhbl_bsZnvmg4d8adA1ldPv6phlosfNsdYd6rEg1H9lmbOtdlWfP_qHbw64_QE4pPw4Ux8nEZ79syQGUf5gdND7adof7UyEkNMwXcjDm3aeT-QL-sg7-PthPiaGbLTFTdr7kYJDpwjbpRN4w70qvhe-u94LjTkqBAVIrbx9DFIjAMgTHy6nWzXuYl6_kl5wQKxX1_5qsPqxGQk2zilkv5blKRLTl_PxTiWwNcs7bBvzuDGMQy_Wl_-UAisi04Lbc0scPDAtq_St_IyEjdSIwbeTn68FiuZhz-WA1BpxZa3eQoaDcY1hmqKPaqsBNDni2Xbh3olsk5ES1rvVMCmhjl-cGeRc6m5dTzEv75K7FZ6dc2Mlyn2L09BSFpfH_e8JZQj4mITIFGOJ1zalXlMG62u08TbYD0syPuDsPPPRomcluhuqpXoBRNyUmwrEY5VfLh1PwsZjShdkNUkHMrQSvkUVhM9gogq_VAFUwQzJpVt3t4GOJqSpBK23XFTdDl0elnThJ_i2ouio2PlFTXjNQeNWoqY2CO0fB_pDMz1PwjasGMbDo__-5x7Raz7qBWh8HcA4vommhfjvwkC_JaezaR93evQq2EQh7NpnPT4yiNJiQLR2JVKra25tB1seZxcdYNWJV8lS6wI4DSYVtUE7xePvK4Sby1-HwQ5ibLyRuWfmWk7EiaUWZ8ehJaK01UA0w52tSP1yeY7bZWlUZpfIbyfTSgFTSSxbn20zcTVQYDjBWYxw9PSs3E83_qVhRbD7G0dMseLkRVzCJPndiGrJtIp-8u7PHSJJjatbTNchDAvC-_l-E-y5zfYHkx7MbJa3V-tD33UNzqK0Iim1XDeoEyGIKB_z944EHBjyI5VVpWvYQt5tq30FWngmheIgwn59EDmEoJPu-v_B-lk4Jdv6mh10b_wpG1MBwV_08lpKS5mT8H3WGnAI5g7pwgXR2NFyJjbGEGJJpyIrVi3FGLX830oTzdx0PvjoK0XQSk8n7x6o-AGBBu9thf8Ka_iVSEAh0lwoTh_Bc9G80StQ1Y-8V25ynhwwqo5k9TIYY_52pc9orf5OlOwfvK1q142Ur355qih4zHC-wznmwR1pAOHZwjhCeK4vYbejPWke200jGM_q7H7Ac5-VJPT_AvfDvdmaTHhcO9aWdAFzIUELjZCoxC6TbxaKSV8e1K9i-ZOfRBqcVS2UsdtH9e4rjrX9dcrrPLf3XMPvwGXbSQBJwEnYCjKx6E74Q21Dy8qj0Mf960mSQ97H52WoFGDdW1GCNooJypMY6u2qgAWktnobXldf8lh86eBHrPrtSbPVX_nmAsxJR6NsNl8p3gM49uwgCiCz54hQUITrN2XGSJMlZ-a3ZXNPdlPw7jtCPzmHqLkWKVCt6ALR4uh7UiSIMkbhyG4DLVin2uMtXd3Osajy8rME_UaISmLicR2ydQrrGNZadtNpgCMSVXtJWJ3mOFqYtSKJIiJwykKVah8I2GWx7HEOOgXkjzoVfpiQPoJnqRRFOlCkVjFNImsMj7v-2CvtFh-MbuHn-J4hRKCcouTkOCVKyiYtvzScXUBQmssUvy3HBVNcwb7y9k6Yy3-kWKOKysw1d1G7cuLv_UAZmxGosAy1PSED0VQhJX84p6rOBl-tyfgrImpo65k_OGVewlZJuj6UmdBBmY3-EBu0_Ql-hlIVDhrRND2H-kklRQt3G-9Wzzwdgbfaj5AyL_zKtRDIwiAO827myYubeJzrMYLHKuRle-DKWaFw9DfFG42NnQ2TQWvApmvA_y0F7qRODgvRDLNVzs3nH0xGkwfsAIc311SrTB1wLAi1uXArosiJmmj-6M-Af5bNejTBbLhxtZwDlay8-eCGN8LPTzzNuHtQzbT_LzvuQ3xtTTv9X5J1bX2wUK3oPnbxrBlmdxCDlfcEfd-p_1-c9yLe7yXHQjMDUf0makrkwRipBmkJ4DAOYxArUYHAeGHFW27-LGhqSeD-GulDSRYwp6bKIiRGIVRo-nTWV25KGU5rhbqb_1LWNWR4JfpP_jNLIjyMJxJQ7zM452Jg28VRxrmOp8xmwAlXFMW3CiUbfKuf88-AbSzC0maWIt4nUgC699zakDgDQbTSdnM39i3rpEQgQBb8APzlvgd5oSzKH0AC072tNng&cid=CAASEuRopDbTM2gTyCY_scynhnEM6g&rfl=1%2Chttp%253A%252F%252Fwww.tranquilforrestt3.xyz%252F%240

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

86c9bc6e94cf6e6929e61f1f50ea415ebad2b900498f56e23d2e76876bd67474

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://2ee9f9c2d9910c8713dfd6416585c71c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Fri, 28 Jan 2022 13:46:17 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 12
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9288
x-xss-protection: 0
server: cafe
etag: 5602277676122011250
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 11 Feb 2022 13:46:17 GMT

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame 2140 41 KB
15 KB 57ms
57ms Script
text/javascript 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://2ee9f9c2d9910c8713dfd6416585c71c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Fri, 28 Jan 2022 11:11:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 9304
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 28 Jan 2023 11:11:25 GMT

GET
H2 200 / Show response
track.adform.net/adfserve/ Frame 8059 11 KB
4 KB 40ms
40ms Script
text/javascript 37.157.6.241
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://track.adform.net/adfserve/?CC=1&bn=40760428;click=https://googleads.g.doubleclick.net/dbm/clk?sa=L&ai=CzJ2ftPPzYbPHEan5gAe8u5qgA5W2rOFgtv6-uKwMoIeA7JACEAEg_-fIHmCV4pCCoAegAdPGmJgDyAEJqQLRMyIIna-yPqgDAaoE9QFP0AkV4zSu46DuA_6mE425Kdm0IxZiVUro5GdzL1cobk7b4DEgz4Fp6nvbVKvBpHx2lsP3yAFYcLpl6VfbUr2baQAdahOaGkforoFfu6huh3XFx3iPeyzv5hMPNwqEAx9jxFH2b9leI9DxA150jeWedqfZYMGK80fe_69dEKJA8QLP0xNI8hlL6IJ-I-Z9nvdkRc510BaEEg1I6R7ykn7se1eQZU0HWAuMnLYHtxHSlImPGkzAJyvaeU3-0pLGpok1Bz7zIv9Ngy8l3ObJXseVKfTN7uwgtZpSQWBtSeXGVGvE7E1qo0KMaBZYHjYq7l7ouJsmRcAE94OHuJwD4AQDkAYBoAZNgAeVuednqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgH1ckbqAemvhuoB_PRG6gHltgbqAeqm7ECqAffn7EC2AcA0ggJCIDhgBAQARgdgAoDmAsByAsBgAwBsBOi6egN2BMLiBQC2BQB0BUBgBcB&ae=1&num=1&cid=CAASEuRo4GUuMLwVb1TK7AhsgrcewA&sig=AOD64_1-Q57nuQoJaWadeVrRoV_hUuvsBA&client=ca-pub-2192002536170159&dbm_c=AKAmf-BatbBkxWNSJA2MdcHWgJvrGcmULMI1yeP-R-rWKYIbe70Hm1k0nyfwXzoTUkIu9ckt-BLyyT2MDMMubBGcpi9Dw8NGaoC5EOAvqe2HU9fRp1VVWM7AE9jGO3nMFMSUOemjHjd1NJgGYXFyze6OUFw69LTU1g&cry=1&dbm_d=AKAmf-AZAGFOmpdfO_u6TdDYW8U55P30UYLpNfbyRVjBgAaQ471KqCHvsV9ZOBH9TUai5V1KdQ1E-UvspH6xIhlElvO30x3uo5tjfju9KMeMq3GXqRwRN5eFhHOHcHkH6skfWzLf_cyTDErsFtDAW3iKgtkFF6IzsRKCJgsAqKsEJPWxQZFTQ5js3TGbnmyd-uKEclWC6MW9PHF4AoguoQ9n7jHKngkFSy6bP3QeNiOoEnKkW_IMXMF8U55llWF4An0jss_uR_NTfEkiIjB52JBqb-Y6-THLcLb1YqGyS83-MG67kD6IdBc_GXaxvJmOdoqtnKvIK3A-0Cd3U1U4dwUk9xbzw8T4NikVjKH9hQwX5zUUlUm2gkKrIt5fhdHzy7UfofRZAQlOb0E4t2RCw6dNdPCNqV_7xQ&adurl=;js=1;adfxid=1x;4934;set=en-US|en-US|1600X1200|0|300|600|24|8|3|7|1|;cmpgdpr=;cmpgdprconsent=;fd=0|0&CREFURL=http%3A%2F%2Fwww.tranquilforrestt3.xyz

Requested by

Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/bootstrap.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.6.241 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

a7ccc5949419cd32f4f9bcfa00bf8d87c97521e99a37abd337ce43e26997af63

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://2ee9f9c2d9910c8713dfd6416585c71c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 28 Jan 2022 13:46:29 GMT
content-encoding: gzip
server: nginx
vary: Accept-Encoding
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
strict-transport-security: max-age=31536000; includeSubDomains
content-type: text/javascript; charset=utf-8
content-length: 3518
expires: -1

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 646A
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESED3CrVlDuTlQRb4dUbZJ0tg&google_cver=1

43 B
894 B

21ms
21ms

Image
image/gif

2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESED3CrVlDuTlQRb4dUbZJ0tg&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CMmp1wIQ19vYAhj50szAATAB&v=APEucNX6rTcN1r1YDNxrldX-KYmN5AvLsiyA7v1HZ68KZaW3V69vvlnmdhCE0XCPEHy1jr4m0p5UxcHxNHlIQYEWj6OXLuMhwVPersF4Z8MVbpVCNtBGpCqfiTbgkcBvRAQ3l3EhVcjUS6yALAzlta1d1bPlB5t8nreWfd3-iaeOHbxsADFujaE
Protocol: HTTP/1.1
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 28 Jan 2022 13:46:29 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Fri, 28 Jan 2022 13:46:29 GMT

Redirect headers

pragma: no-cache
date: Fri, 28 Jan 2022 13:46:29 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESED3CrVlDuTlQRb4dUbZJ0tg&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 646A
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YfPzs1KMxDHDRFBvdH2Q9QAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESED3CrVlDuTlQRb4dUbZJ0tg&google_cver=1

43 B
894 B

33ms
33ms

Image
image/gif

2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESED3CrVlDuTlQRb4dUbZJ0tg&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CMmp1wIQ19vYAhj50szAATAB&v=APEucNX6rTcN1r1YDNxrldX-KYmN5AvLsiyA7v1HZ68KZaW3V69vvlnmdhCE0XCPEHy1jr4m0p5UxcHxNHlIQYEWj6OXLuMhwVPersF4Z8MVbpVCNtBGpCqfiTbgkcBvRAQ3l3EhVcjUS6yALAzlta1d1bPlB5t8nreWfd3-iaeOHbxsADFujaE
Protocol: HTTP/1.1
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 28 Jan 2022 13:46:29 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Fri, 28 Jan 2022 13:46:29 GMT

Redirect headers

pragma: no-cache
date: Fri, 28 Jan 2022 13:46:29 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESED3CrVlDuTlQRb4dUbZJ0tg&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

setuid
ib.adnxs.com/ Frame 646A
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESECxGEEYzSIwFEYQ7t5-Ew-8&google_cver=1

43 B
1007 B

12ms
11ms

Image
image/gif

37.252.172.36
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=101&code=CAESECxGEEYzSIwFEYQ7t5-Ew-8&google_cver=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CMmp1wIQ19vYAhj50szAATAB&v=APEucNX6rTcN1r1YDNxrldX-KYmN5AvLsiyA7v1HZ68KZaW3V69vvlnmdhCE0XCPEHy1jr4m0p5UxcHxNHlIQYEWj6OXLuMhwVPersF4Z8MVbpVCNtBGpCqfiTbgkcBvRAQ3l3EhVcjUS6yALAzlta1d1bPlB5t8nreWfd3-iaeOHbxsADFujaE

Protocol

HTTP/1.1

Server

37.252.172.36 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

Software

nginx/1.17.9 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 28 Jan 2022 13:46:29 GMT
X-Proxy-Origin: 185.213.155.165; 185.213.155.165; 692.bm-nginx-loadbalancer.mgmt.fra1; adnxs.com
AN-X-Request-Uuid: 6565d5a1-6fa2-474d-b5e7-f38bc365d7d4
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Fri, 28 Jan 2022 13:46:29 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://ib.adnxs.com/setuid?entity=101&code=CAESECxGEEYzSIwFEYQ7t5-Ew-8&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 290
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 646A
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NTYxNDY2NzE0Mjc4MTE3NDQ3

170 B
188 B

59ms
59ms

Image
image/png

142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NTYxNDY2NzE0Mjc4MTE3NDQ3

Requested by

Protocol

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 28 Jan 2022 13:46:29 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Fri, 28 Jan 2022 13:46:29 GMT
X-Proxy-Origin: 185.213.155.165; 185.213.155.165; 692.bm-nginx-loadbalancer.mgmt.fra1; adnxs.com
AN-X-Request-Uuid: 9df17fe6-a714-45ce-ab65-86bcedce5171
Server: nginx/1.17.9
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NTYxNDY2NzE0Mjc4MTE3NDQ3
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 ads Show response
pubads.g.doubleclick.net/gampad/ Frame 5396 156 B
747 B 521ms
392ms XHR
text/xml 216.58.212.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pubads.g.doubleclick.net/gampad/ads?iu=%2F1039154%2FFSTPST_ENG_Desktop_Slider&description_url=https%3A%2F%2Fwww.firstpost.com%2F&tfcd=0&npa=0&sz=400x300%7C640x360%7C640x480&gdfp_req=1&output=xml_vast4&unviewed_position_start=1&env=vp&correlator=593571855552028&sdkv=h.3.497.0&osd=2&frm=0&vis=1&sdr=1&hl=en&is_amp=0&u_so=l&ctv=0&sdki=44d&ptt=20&adk=3116680184&sdk_apis=2%2C7%2C8&omid_p=Google1%2Fh.3.497.0&media_url=https%3A%2F%2Fyaas-b-s.performoo.com%2F3a1662ddb1303c58bac390aa8db9cb64.mp4&sid=E93EE584-3E26-4B8B-93D5-D08E37FCAF71&nel=0&eid=44725355&url=http%3A%2F%2Fwww.tranquilforrestt3.xyz%2F&dt=1643377589636&cookie=ID%3Ddfd37931a2813920%3AT%3D1643377585%3AS%3DALNI_Ma__WEykoxOazRHvyF4STjZrtFM7w&scor=2865959971869380&ged=ve4_td5_tt1_pd5_la5000_er995.1245.1148.1545_vi0.0.1200.1600_vp100_eb24171

Requested by

Host: imasdk.googleapis.com
URL: http://imasdk.googleapis.com/js/core/bridge3.497.0_en.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

216.58.212.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s01-in-f2.1e100.net

Software

cafe /

Resource Hash

8cd629187427fdb93787d7156be7a32c391bb2a8da471bbaa274e806e48b36e7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Fri, 28 Jan 2022 13:46:30 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 113
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/xml; charset=UTF-8
access-control-allow-origin: http://imasdk.googleapis.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame AC6B 1 KB
749 B 42ms
41ms Document
text/html 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: 2ee9f9c2d9910c8713dfd6416585c71c.safeframe.googlesyndication.com
URL: https://2ee9f9c2d9910c8713dfd6416585c71c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://2ee9f9c2d9910c8713dfd6416585c71c.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 724
x-xss-protection: 0
date: Fri, 28 Jan 2022 05:53:44 GMT
expires: Sat, 29 Jan 2022 05:53:44 GMT
cache-control: public, max-age=86400
age: 28365
etag: 48472445140208031
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
DATA 200
OK truncated
/ Frame 8059 212 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 9cd58af89373296f8fbce1cf8ac46b0f8bc0a57ae27bd8e3c38b56fc7c7bdd30

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 Standard Show response
s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.217/e/igSBggDQ/i/vCAv.IAAAAAoAA/r:AdConstructor:contents/HTML:types/ Frame 8059 91 KB
39 KB 41ms
40ms Script
text/javascript 37.157.6.236
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.217/e/igSBggDQ/i/vCAv.IAAAAAoAA/r:AdConstructor:contents/HTML:types/Standard
Requested by: Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/bootstrap.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.157.6.236 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software: nginx /
Resource Hash: 1b618bee5daf4e8a14ef5aefa5c7e80ea96451fcd48884e8a615e4250a9d4ba8

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://2ee9f9c2d9910c8713dfd6416585c71c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Fri, 28 Jan 2022 13:46:29 GMT
content-encoding: gzip
last-modified: Wed, 26 Jan 2022 13:59:05 GMT
server: nginx
x-cache-status: HIT
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=100000
expires: Sat, 29 Jan 2022 17:08:44 GMT

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame C077 22 KB
8 KB 39ms
39ms Document
text/html 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://2ee9f9c2d9910c8713dfd6416585c71c.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
timing-allow-origin: *
content-length: 8395
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 28 Jan 2022 11:12:02 GMT
expires: Sat, 28 Jan 2023 11:12:02 GMT
cache-control: public, max-age=31536000
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
content-type: text/html
age: 9267
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 banner Show response
ad13.adfarm1.adition.com/ Frame 2140 569 B
724 B 21ms
21ms Script
text/javascript 217.79.188.54
MYLOC-AS IP Backb...

General

Check archive.org

Show headers Download Go to

Full URL: https://ad13.adfarm1.adition.com/banner?sid=4285693&adjsver=3&fvers=&iframe=1&ref=http%3A//www.tranquilforrestt3.xyz/&ro=https%3A//2ee9f9c2d9910c8713dfd6416585c71c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html&uao=Mozilla/5.0%20%28Windows%20NT%2010.0%3B%20Win64%3B%20x64%29%20AppleWebKit/537.36%20%28KHTML%2C%20like%20Gecko%29%20Chrome/97.0.4692.71%20Safari/537.36&os=17&browser=11&userid=0&kid=2958451&screen_res=6&wpt=J&clickurl=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCDpxntPPzYdL4J5rjgAezpKjQAa%5F0o9xn%5FbHfyp4P8C4QASD%5F58geYJXikIKgB8gBCakC0TMiCJ2vsj6oAwGqBPYBT9C96LeprJKwgG8p8agF5%2DdGtUUiy33%2DBhJtZ%5FJegbtouEJCbYW0inLh1q1Tu%2DjxZkWTOu%2DmYIZH99F%5Fqgp57TkSokbl6yaWgZm39F2%5FJ5UNJXgYKvwD7veqdQgKvVSxG90iXZIOg%5FDLsKLt8jPL7LCDlZhXLmlo2mPqoWqZ%2DSy%2D%5FpjnkxGI7ZtYWI%5FE6LR1nCfE0SjS5xzEVjnnqWiwTSMivsD7zjWu9tjXH58E16pah7mO%2Dn0jhapkKmZt5k3HESJUenoQp3Tbt5C2WYFKIJamGGvr%2D0vCUW2Zyi%2DxxdWGBuoSU7ChVLtBOG1wnkBEOnch2FqewAT85M%2DY0gLgBAOQBgGgBk2AB6yoy70BqAeOzhuoB5PYG6gH7paxAqgH%5Fp6xAqgH1ckbqAemvhuoB%5FPRG6gHltgbqAeqm7ECqAffn7EC2AcA0ggJCIDhgBAQARgdgAoDmAsByAsBgAwBsBPdr7EN0BMA2BMD2BQB0BUBgBcB%26ae%3D1%26num%3D1%26cid%3DCAASEuRopDbTM2gTyCY%5FscynhnEM6g%26sig%3DAOD64%5F0%5Ff8EsOzsIJ4GaHzUwaKE1uUOgvg%26client%3Dca%2Dpub%2D2192002536170159%26dbm%5Fc%3DAKAmf%2DClKr0TlMYUn6mUneZmqHta0OhNUyDHmREGcjE4s745s4fuWzQRkbk8GihQoWmU1lKAGfSmtlN6LtrObnWHmsauulMjtIW%5FLcUWOKw%2DUvTaT0v5iEQ8pTEd52LgV%2DqBEhGNNLK%5FKmSB5cSne16kK%5FBAnw1RIQ%26cry%3D1%26dbm%5Fd%3DAKAmf%2DDpeVHqv6oGzC8pv3xk24rOQ1HngG7xIjebwrB7MXSFy7QyeaEFaBErmdwRAQemacIc6Ll7w2N178Yj2ur1Ovxs%5F9xNYGCgUohPbPVfXiMjAdtYujzAT%2D%5FavZfNgv%5F8DbmJriZ3qhmm1QhQKIWsjnD1JeoWqsrb334RwjIa%2DMohOecS2uNp5KwznAl2D4ZgrFhTFt1NsIesZoPqIlZziR0E7zJGByEaZAVmfQa4YKhTC1H9PUzUX%5FGl6XhpIEpiW3JxmdQwzeThPDTtF8rJtOMnrfh4Zi2JMZnmOE5r5gYtqYyuK0DqSCkhfSo50nYWyh0HMPe%2Dtz%2DcSzD7FDXpUjVDKtdFQbxaSCMgBYf8U54xIOnEApDBSiIThUu%5FYaTtUT74DiQNkVCAoQ%2DeSM5rFPBhUjfHcA%26adurl%3D
Requested by: Host: ad13.adfarm1.adition.com
URL: https://ad13.adfarm1.adition.com/js?wp_id=4285693&gdpr=&gdpr_consent=&kid=2958451&clickurl=https://googleads.g.doubleclick.net/dbm/clk%3Fsa%3DL%26ai%3DCDpxntPPzYdL4J5rjgAezpKjQAa_0o9xn_bHfyp4P8C4QASD_58geYJXikIKgB8gBCakC0TMiCJ2vsj6oAwGqBPYBT9C96LeprJKwgG8p8agF5-dGtUUiy33-BhJtZ_JegbtouEJCbYW0inLh1q1Tu-jxZkWTOu-mYIZH99F_qgp57TkSokbl6yaWgZm39F2_J5UNJXgYKvwD7veqdQgKvVSxG90iXZIOg_DLsKLt8jPL7LCDlZhXLmlo2mPqoWqZ-Sy-_pjnkxGI7ZtYWI_E6LR1nCfE0SjS5xzEVjnnqWiwTSMivsD7zjWu9tjXH58E16pah7mO-n0jhapkKmZt5k3HESJUenoQp3Tbt5C2WYFKIJamGGvr-0vCUW2Zyi-xxdWGBuoSU7ChVLtBOG1wnkBEOnch2FqewAT85M-Y0gLgBAOQBgGgBk2AB6yoy70BqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgH1ckbqAemvhuoB_PRG6gHltgbqAeqm7ECqAffn7EC2AcA0ggJCIDhgBAQARgdgAoDmAsByAsBgAwBsBPdr7EN0BMA2BMD2BQB0BUBgBcB%26ae%3D1%26num%3D1%26cid%3DCAASEuRopDbTM2gTyCY_scynhnEM6g%26sig%3DAOD64_0_f8EsOzsIJ4GaHzUwaKE1uUOgvg%26client%3Dca-pub-2192002536170159%26dbm_c%3DAKAmf-ClKr0TlMYUn6mUneZmqHta0OhNUyDHmREGcjE4s745s4fuWzQRkbk8GihQoWmU1lKAGfSmtlN6LtrObnWHmsauulMjtIW_LcUWOKw-UvTaT0v5iEQ8pTEd52LgV-qBEhGNNLK_KmSB5cSne16kK_BAnw1RIQ%26cry%3D1%26dbm_d%3DAKAmf-DpeVHqv6oGzC8pv3xk24rOQ1HngG7xIjebwrB7MXSFy7QyeaEFaBErmdwRAQemacIc6Ll7w2N178Yj2ur1Ovxs_9xNYGCgUohPbPVfXiMjAdtYujzAT-_avZfNgv_8DbmJriZ3qhmm1QhQKIWsjnD1JeoWqsrb334RwjIa-MohOecS2uNp5KwznAl2D4ZgrFhTFt1NsIesZoPqIlZziR0E7zJGByEaZAVmfQa4YKhTC1H9PUzUX_Gl6XhpIEpiW3JxmdQwzeThPDTtF8rJtOMnrfh4Zi2JMZnmOE5r5gYtqYyuK0DqSCkhfSo50nYWyh0HMPe-tz-cSzD7FDXpUjVDKtdFQbxaSCMgBYf8U54xIOnEApDBSiIThUu_YaTtUT74DiQNkVCAoQ-eSM5rFPBhUjfHcA%26adurl%3D
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 217.79.188.54 , Germany, ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE),
Reverse DNS: aa.adfarm1.adition.com
Software: ADITIONSERVER v1.0 /
Resource Hash: 5bff8aab6316785594ff5732f3a6846dac632ffe91c9a6beb1eb04cfd0b0af6f

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://2ee9f9c2d9910c8713dfd6416585c71c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 28 Jan 2022 14:46:29 +0100
content-encoding: gzip
server: ADITIONSERVER v1.0
p3p: policyref="https://imagesrv.adition.com/w3c/p3p-ssl.xml",CP="NON DSP ADM DEV PSD IVDo OTPi OUR IND STP PHY PRE NAV UNI"
cache-control: no-cache
content-type: text/javascript
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H/1.1 200
OK h7gx4wfffrt8 Show response
ad.ad-srv.net/zone/ Frame 2140 10 KB
3 KB 60ms
17ms Script
text/html 138.201.84.252
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ad.ad-srv.net/zone/h7gx4wfffrt8?subid=&redirectClick=
Requested by: Host: www.tranquilforrestt3.xyz
URL: http://www.tranquilforrestt3.xyz/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.84.252 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.252.84.201.138.clients.your-server.de
Software: Apache /
Resource Hash: 514bc20e58b50189ff6b6a6e003bffc7a64c7a9ed92a59e59cbebe3baebff4cc

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://2ee9f9c2d9910c8713dfd6416585c71c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Fri, 28 Jan 2022 13:46:29 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 2660
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8

POST
H2 200 /
track.adform.net/csimpr/ Frame 8059 35 B
503 B 20ms
20ms Ping
image/gif 37.157.6.241
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://track.adform.net/csimpr/?bn=40760428&csi=rpxlwQ8Ta1al9_q0IEIRklLlemHY4FOdeGO9bACglOTrygPkIxxfkw8sPRAstUOQ2mhRbwqKPxOu7FJ7qkqy9d6vWmW1dlSa0

Requested by

Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/bootstrap.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.6.241 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://2ee9f9c2d9910c8713dfd6416585c71c.safeframe.googlesyndication.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Fri, 28 Jan 2022 13:46:29 GMT
server: nginx
access-control-max-age: 86400
access-control-allow-methods: GET, POST
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: https://2ee9f9c2d9910c8713dfd6416585c71c.safeframe.googlesyndication.com
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
access-control-allow-headers: Content-Type, Cache-Control, Accept-Encoding, X-Requested-With
expires: -1

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame 336E 0
10 B 41ms
39ms Image
text/plain 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?8cu6MA
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Fri, 28 Jan 2022 13:46:29 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0

GET
H2 204 current
dclk-match.dotomi.com/match/bounce/ Frame AC6B 0
104 B 151ms
49ms Image
text/plain 2a02:fa8:8806:13::1370
VCLK-EU-SE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dclk-match.dotomi.com/match/bounce/current?networkId=14000&version=1&google_gid=CAESECh_14UwFFuJymf5kOqwtEM&google_cver=1&google_push=AYg5qPKR7_nU66Q0HT0Z8ZchXb3XHhLLUtAZOLeW5xWrTATf4Csv8D-CqW2owMXiU2TkeOTmxC724N0MkCISWvQfJs_FS-7KAVnlhg
Requested by: Host: 2ee9f9c2d9910c8713dfd6416585c71c.safeframe.googlesyndication.com
URL: https://2ee9f9c2d9910c8713dfd6416585c71c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2a02:fa8:8806:13::1370 , Singapore, ASN41041 (VCLK-EU-SE, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 28 Jan 2022 13:46:29 GMT
cache-control: no-cache, private, max-age=0, no-store
server: nginx
expires: 0

GET
H2 204 pixelSync
pixel-sync.sitescout.com/dmp/ Frame AC6B 0
191 B 96ms
54ms Image
text/plain 66.155.71.150
COGECO-PEER1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel-sync.sitescout.com/dmp/pixelSync?nid=8&google_gid=CAESECnx30SPbH9ymhhMwz7FHNE&google_cver=1&google_push=AYg5qPLgYQyfIdQlnPe4wTDdbA3sFSz8bYIhWUslCFJCXq99ogH0HdlWuhXSxHdZYeKMXPpVA0i53Hk_jKjxtLJq8YE3pFgdlAv1
Requested by: Host: 2ee9f9c2d9910c8713dfd6416585c71c.safeframe.googlesyndication.com
URL: https://2ee9f9c2d9910c8713dfd6416585c71c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server: 66.155.71.150 Portsmouth, United Kingdom, ASN13768 (COGECO-PEER1, CA),
Reverse DNS
Software: AC1.1 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 28 Jan 2022 13:46:29 GMT
cache-control: max-age=0,no-cache,no-store
server: AC1.1
p3p: CP="NON DEVa PSAa PSDa OUR NOR NAV",policyref="/w3c/p3p.xml"
expires: Tue, 11 Oct 1977 12:34:56 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame AC6B
Redirect Chain

https://x.bidswitch.net/sync?ssp=google&google_gid=CAESEMh-DfYVxqp3Ul2uoy3sRUE&google_cver=1&google_push=AYg5qPLGhfqppDMN3JvZJzZkMynOj2dz92t6ttR5k5ceEfCETt1tyZWA-tCOwl6ICJ35zYkMMZ5Lb3cZM3osaX1-tzHt...
https://cm.g.doubleclick.net/pixel?google_nid=bdsw&google_push=AYg5qPLGhfqppDMN3JvZJzZkMynOj2dz92t6ttR5k5ceEfCETt1tyZWA-tCOwl6ICJ35zYkMMZ5Lb3cZM3osaX1-tzHtcrd45V_CrQ&google_hm=vnw8cRdMQ9udIoxoOCCBiA==

170 B
188 B

85ms
84ms

Image
image/png

142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=bdsw&google_push=AYg5qPLGhfqppDMN3JvZJzZkMynOj2dz92t6ttR5k5ceEfCETt1tyZWA-tCOwl6ICJ35zYkMMZ5Lb3cZM3osaX1-tzHtcrd45V_CrQ&google_hm=vnw8cRdMQ9udIoxoOCCBiA==

Protocol

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 28 Jan 2022 13:46:29 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: //cm.g.doubleclick.net/pixel?google_nid=bdsw&google_push=AYg5qPLGhfqppDMN3JvZJzZkMynOj2dz92t6ttR5k5ceEfCETt1tyZWA-tCOwl6ICJ35zYkMMZ5Lb3cZM3osaX1-tzHtcrd45V_CrQ&google_hm=vnw8cRdMQ9udIoxoOCCBiA==
Date: Fri, 28 Jan 2022 13:46:29 GMT
Cache-Control: no-cache, no-store, must-revalidate
Connection: keep-alive
Content-Length: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame AC6B
Redirect Chain

https://c1.adform.net/serving/cookie/match/?party=1&google_gid=CAESEI16aGAVSUfL4uwpDrOHNBQ&google_cver=1&google_push=AYg5qPKvYW_63ZceHHHIpS279lckF4ULGxq2qvEwFOsSff1mgtbTYqGXccBSm-LV1amH-gDO3L5jMqKY...
https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=NDYwNTY2NzY3NzEwODI0NzYyMw&google_push=AYg5qPKvYW_63ZceHHHIpS279lckF4ULGxq2qvEwFOsSff1mgtbTYqGXccBSm-LV1amH-gDO3L5jMq...

170 B
188 B

69ms
69ms

Image
image/png

142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=NDYwNTY2NzY3NzEwODI0NzYyMw&google_push=AYg5qPKvYW_63ZceHHHIpS279lckF4ULGxq2qvEwFOsSff1mgtbTYqGXccBSm-LV1amH-gDO3L5jMqKY5z6nRI-jdMMXpYmciDmjhg

Protocol

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 28 Jan 2022 13:46:29 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Fri, 28 Jan 2022 13:46:29 GMT
server: nginx
location: https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=NDYwNTY2NzY3NzEwODI0NzYyMw&google_push=AYg5qPKvYW_63ZceHHHIpS279lckF4ULGxq2qvEwFOsSff1mgtbTYqGXccBSm-LV1amH-gDO3L5jMqKY5z6nRI-jdMMXpYmciDmjhg
access-control-max-age: 86400
access-control-allow-methods: GET
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
content-length: 0
expires: -1

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame AC6B
Redirect Chain

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%...
https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%...
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=F9lrfjalT0WxK3QSqJqwVg%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mp...

170 B
188 B

57ms
55ms

Image
image/png

142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=F9lrfjalT0WxK3QSqJqwVg%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AYg5qPK7riL5GErFtrwD4vK6IbFedui3JdkJBN7E65CWHKEprL37rm3RPVDVMiuJxow-oTAsM8iXf1Xy-qWOPK1xcMduFx3dXyTSTg

Protocol

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 28 Jan 2022 13:46:30 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=F9lrfjalT0WxK3QSqJqwVg%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AYg5qPK7riL5GErFtrwD4vK6IbFedui3JdkJBN7E65CWHKEprL37rm3RPVDVMiuJxow-oTAsM8iXf1Xy-qWOPK1xcMduFx3dXyTSTg
date: Fri, 28 Jan 2022 13:46:28 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 0
content-type: text/html; charset=UTF-8

GET
H2 204 pub
cs.chocolateplatform.com/ Frame AC6B 0
38 B 236ms
103ms Image
text/plain 35.212.101.174
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cs.chocolateplatform.com/pub?pid=ebda&google_gid=CAESEFplOKMlSksRQFyQOibyxm4&google_cver=1&google_push=AYg5qPIyhaZ5dbafqWR7TqawiiGQ5x6lVh8LaI7N_XxrFkjycag7EbL1l3AN93Cxf4YQOw_Irr_rX3fYORH6JF3Co45cDcCxwJG6
Requested by: Host: 2ee9f9c2d9910c8713dfd6416585c71c.safeframe.googlesyndication.com
URL: https://2ee9f9c2d9910c8713dfd6416585c71c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.212.101.174 Washington, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 174.101.212.35.bc.googleusercontent.com
Software: Chocolate Cookie Sync Powered by Vdopia /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Fri, 28 Jan 2022 13:46:29 GMT
via: 1.1 google
server: Chocolate Cookie Sync Powered by Vdopia
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame AC6B
Redirect Chain

https://pixel.advertising.com/ups/58202/sync?gdpr=&gdpr_consent=&redir=true&google_gid=CAESEC077aiw5W9YZalE7OyKkS8&google_cver=1&google_push=AYg5qPIs8CiTV39bvYOX22hcly9OwSb-Hvl_BchJwHxLgriyE5m4e9wZ...
https://pixel.advertising.com/ups/58202/sync?gdpr=&gdpr_consent=&redir=true&google_gid=CAESEC077aiw5W9YZalE7OyKkS8&google_cver=1&google_push=AYg5qPIs8CiTV39bvYOX22hcly9OwSb-Hvl_BchJwHxLgriyE5m4e9wZ...
https://ups.analytics.yahoo.com/ups/58202/sync?gdpr=&gdpr_consent=&redir=true&google_gid=CAESEC077aiw5W9YZalE7OyKkS8&google_cver=1&google_push=AYg5qPIs8CiTV39bvYOX22hcly9OwSb-Hvl_BchJwHxLgriyE5m4e9...
https://cm.g.doubleclick.net/pixel?google_nid=oath_eb&google_hm=VVBiMjQ4N2NjYS04MDQwLTExZWMtOTNhYS0wNjRjNjJiNGZkNTQ%3D&google_push=AYg5qPIs8CiTV39bvYOX22hcly9OwSb-Hvl_BchJwHxLgriyE5m4e9wZfjNhj8uTts...

170 B
188 B

50ms
50ms

Image
image/png

142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=oath_eb&google_hm=VVBiMjQ4N2NjYS04MDQwLTExZWMtOTNhYS0wNjRjNjJiNGZkNTQ%3D&google_push=AYg5qPIs8CiTV39bvYOX22hcly9OwSb-Hvl_BchJwHxLgriyE5m4e9wZfjNhj8uTtsC-0b7A0jnMibjCgkxJcgU26jwRm4Q63PPukf4

Protocol

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 28 Jan 2022 13:46:30 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=oath_eb&google_hm=VVBiMjQ4N2NjYS04MDQwLTExZWMtOTNhYS0wNjRjNjJiNGZkNTQ%3D&google_push=AYg5qPIs8CiTV39bvYOX22hcly9OwSb-Hvl_BchJwHxLgriyE5m4e9wZfjNhj8uTtsC-0b7A0jnMibjCgkxJcgU26jwRm4Q63PPukf4
date: Fri, 28 Jan 2022 13:46:29 GMT
server: ATS/9.1.0.33
age: 0
content-length: 0
strict-transport-security: max-age=31536000
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame AC6B 0
12 B 57ms
55ms Image
text/html 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13Izhx5aHYqzmLxt_1kcNFw4ibUUQqNDyU5ag9JVYd-7hsoX--dXtaAZsjeMaAVzcoGcqDDE9Q

Requested by

Host: 2ee9f9c2d9910c8713dfd6416585c71c.safeframe.googlesyndication.com
URL: https://2ee9f9c2d9910c8713dfd6416585c71c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

https-178-79-242-245.fra.llnw.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Fri, 28 Jan 2022 13:46:29 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H2 200 10821377.js Show response
s1.adform.net/Banners/Elements/Files/133175/10821377/ Frame 158C 21 KB
7 KB 25ms
25ms Script
application/x-javascript 37.157.6.236
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://s1.adform.net/Banners/Elements/Files/133175/10821377/10821377.js?ADFassetID=10821377&bv=514

Requested by

Host: www.tranquilforrestt3.xyz
URL: http://www.tranquilforrestt3.xyz/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.6.236 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

ea90ec0ce9b382764a282564e3649037d05e3decaec2d1a14ab9f5d5fae0f0c3

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://2ee9f9c2d9910c8713dfd6416585c71c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Fri, 28 Jan 2022 13:46:29 GMT
content-encoding: gzip
last-modified: Thu, 27 Jan 2022 17:01:57 GMT
server: nginx
etag: W/"61f2d005-53a5"
x-cache-status: HIT
strict-transport-security: max-age=0
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: *
cache-control: public, max-age=604800
content-type: application/x-javascript

GET
H3 200 oVIaA8DHLQK8xPwSs1vijU2jqi1uqHC3deFYmTpVz9A.js Show response
pagead2.googlesyndication.com/bg/ Frame C077 35 KB
13 KB 72ms
72ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/oVIaA8DHLQK8xPwSs1vijU2jqi1uqHC3deFYmTpVz9A.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a1521a03c0c72d02bcc4fc12b35be28d4da3aa2d6ea870b775e158993a55cfd0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Fri, 28 Jan 2022 10:36:53 GMT
content-encoding: br
x-content-type-options: nosniff
age: 11376
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13582
x-xss-protection: 0
last-modified: Mon, 24 Jan 2022 14:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sat, 28 Jan 2023 10:36:53 GMT

GET
H/1.1

200
OK

request.php Show response
ad29.ad-srv.net/ Frame 2140
Redirect Chain

https://ad29.ad-srv.net/request.php?zone=h7gx4wfffrt8&nw=11&renderingType=javascript&namespace=3e55839b25&subid=&uid=10ec926617f012b5&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=300x2...
https://ad29.ad-srv.net/request.php?zone=h7gx4wfffrt8&nw=11&renderingType=javascript&namespace=3e55839b25&subid=&uid=10ec926617f012b5&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=300x2...

2 KB
1 KB

537ms
513ms

Script
application/x-javascript

88.99.219.174
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ad29.ad-srv.net/request.php?zone=h7gx4wfffrt8&nw=11&renderingType=javascript&namespace=3e55839b25&subid=&uid=10ec926617f012b5&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=300x250&scrollPos=0x0&extData[]=&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=&documentReferer=http%3A%2F%2Fwww.tranquilforrestt3.xyz%2F&ancestorOrigins=http%3A%2F%2Fwww.tranquilforrestt3.xyz&random=78920043140&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0&uidRedirect=1
Requested by: Host: 2ee9f9c2d9910c8713dfd6416585c71c.safeframe.googlesyndication.com
URL: https://2ee9f9c2d9910c8713dfd6416585c71c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: HTTP/1.1
Server: 88.99.219.174 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.174.219.99.88.clients.your-server.de
Software: Apache /
Resource Hash: c063202523579f91898212684c1e92d1ff7f8171a6969df7151453095768e3a9

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://2ee9f9c2d9910c8713dfd6416585c71c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 28 Jan 2022 13:46:30 GMT
Content-Encoding: gzip
Server: Apache
Vary: Accept-Encoding
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
X-NEORY-SubId: 18911400155074200383832011853029
Connection: close
Content-Type: application/x-javascript; charset=utf-8
Content-Length: 752
Expires: Fri, 28 Jan 2022 13:46:30 +0100

Redirect headers

Pragma: no-cache
Date: Fri, 28 Jan 2022 13:46:30 GMT
Server: Apache
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Location: request.php?zone=h7gx4wfffrt8&nw=11&renderingType=javascript&namespace=3e55839b25&subid=&uid=10ec926617f012b5&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=300x250&scrollPos=0x0&extData[]=&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=&documentReferer=http%3A%2F%2Fwww.tranquilforrestt3.xyz%2F&ancestorOrigins=http%3A%2F%2Fwww.tranquilforrestt3.xyz&random=78920043140&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0&uidRedirect=1
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 0
Expires: Fri, 28 Jan 2022 13:46:30 +0100

GET
H2 200 Adform.DHTML.js Show response
s1.adform.net/banners/scripts/rmb/ Frame 158C 30 KB
13 KB 57ms
57ms Script
application/x-javascript 37.157.6.236
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL: https://s1.adform.net/banners/scripts/rmb/Adform.DHTML.js?bv=626
Requested by: Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.217/e/igSBggDQ/i/vCAv.IAAAAAoAA/r:AdConstructor:contents/HTML:types/Standard
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.157.6.236 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software: nginx /
Resource Hash: bea63616949c80ff0dfdbb1e8547f1585882fc691483317b06441688e3e5f14a

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://2ee9f9c2d9910c8713dfd6416585c71c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Fri, 28 Jan 2022 13:46:29 GMT
content-encoding: gzip
last-modified: Fri, 14 May 2021 12:35:29 GMT
server: nginx
etag: W/"609e6e91-76d9"
x-cache-status: HIT
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: *
cache-control: public, max-age=604800
content-type: application/x-javascript

GET
H2 404 300x600.jpg
s1.adform.net/Banners/Elements/Files/133175/10821377/bvpath_514/assets/ Frame 158C 0
0 58ms
58ms Image
text/html 37.157.6.236
ADFORM

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s1.adform.net/Banners/Elements/Files/133175/10821377/bvpath_514/assets/300x600.jpg
Requested by: Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.217/e/igSBggDQ/i/vCAv.IAAAAAoAA/r:AdConstructor:contents/HTML:types/Standard
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.157.6.236 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://2ee9f9c2d9910c8713dfd6416585c71c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

GET
H2 404 300x600.png
s1.adform.net/Banners/Elements/Files/133175/10821377/bvpath_514/assets/ Frame 158C 0
0 57ms
57ms Image
text/html 37.157.6.236
ADFORM

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s1.adform.net/Banners/Elements/Files/133175/10821377/bvpath_514/assets/300x600.png
Requested by: Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.217/e/igSBggDQ/i/vCAv.IAAAAAoAA/r:AdConstructor:contents/HTML:types/Standard
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.157.6.236 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://2ee9f9c2d9910c8713dfd6416585c71c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
20 B 103ms
102ms Image
image/gif 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=225&t=2&li=gpt_2022012702&jk=1059964830798939&bg=!urmluf3NAAY6OBv_Ojg7ACkAdvg8WlmKztqsz9YgAM7wJLeVJOFt2vCo2CQLZD1_QWqsoP89yIRBXwIAAAESUgAAAAJoAQeZAsIrkZlvZWj-thRYVhXzi7ZB8V7nZDl9C8CU3Y_z_N1aCkpcRqakyFBFhpCusgUh-T75S5e14Q-dK6mxeTnjWiitua8ipFVNLiKuA82guV5wg9_hha3i5kP92WTFjJVBFcqFUh7nxejuhip2lc80d8uU_4ZVrN5upWwSy98SNEG9wDowFyshfbwKSCc9rR98LlMog1oXJappdIdUl9AnZvxzvwhTwoa0-xtSUGkTF_ZZ6L_fDsSrbHZXQJvWlwjer9pRZ9W_ql-aX6jnGN5TmByVoinVBda5cwr-uubKgMtiS7C3NKS8at0L0Gc7zJe0-Ug81rVyry7RS-t9HgyBcZJo9vAPHqpBvUv0wJKXhBra6acQ7U0uGSnb4_DEXk8qtfwWWpYaIU-LyrlB0wSIfrR30ZZfIdhGtSFRg5h3cnSm-1RtNet1FU5dVo0lagIbX82pX03lVvwmMA8CePWdTbEFMwL07C3m-gNf0ljEHT6rwBggLBvW8oUFmdexgKab5fs8fFySJ88pYFHFFBfwaViaPntH9SlXh-dZGhcBBpEEpSlY-Vb9XNEL27Bs57W0O8GTQr9EUg3uCBZzAbd3aPwohMmpNCfvp8pk5-GJrDbU3USPSM_0cgM6ZjWRjvJ3Of7vlLSnmKpxCIZbL9NNNMI_M2n8vF6pOmyXCsXqm81mmD_hJkouKi2LZ0fkqydW1eMCZbpK0c42bpvBqlI3FJXNcI46B32Zc0rmrzyYP0aQq1VrMyaIdakyjoL5pA8Cyt3FXIdXJj1-guC_MvS81U2XYbsdKzdJrca-8PtTS84TUzVCZidcatYFQYAEET0DM-gmNqpJ3cUFmlUfSdqjKsAtgNbnbuqeISkQxkNwLLXVXj4UI9sy8c3MCUUbOVHGvtYoZxBriIQCpDCY6RiCHud3WnNnCQ9UH5vkjcpyPj8tGlpp

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www.tranquilforrestt3.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 28 Jan 2022 13:46:29 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 525E 0
20 B 95ms
94ms Image
image/gif 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BF9K5tPPzYc6nNf7L7_UPkZOUGAAAAAA4AeAEAg&bg=!Dg2lDUnNAAY6OBv_Ojg7ACkAdvg8Wuws1v3dMDo9G2HL8WWcpmTxKQlOnEilscIuyjWdEFndmDJJBgIAAAEPUgAAAANoAQeZAyUotoc9rce7F9ITXrxY3OFbMwPAsnLrmkGqiq6RuoVlOg6MBsaeOHcHS1gRFuuTj-amGHWcO6coFeYkgkaaOyu-WYQtByI74BzKw9KEdq0TKNqZMBmlT0Cu9o39V6hRou_6N9kPC7i5bWioAbuMGQw_libMOkoTJR1nQpQge5c6y_9tilz9Y8yQ7qIwgYRSAgbN5qrP6fU5erPofXNP5ZfTd6NgQQ5yJU3A9gEJ4waNE6lbzgaWH_A9ZvL4_okhj9GCQ-8TndNAr7ST-7kJqrMrZBPYqI-Kb01veqauD8Ph4U-b5SgWQxMzQiF4rpxM4hOXLBAJJxaSJ5xqfrRi427M5FyF6Wg0aU4U7fL8nwliZ_WEARqE4vqGD0S9CtG72Rb6TQvLiEkbEIvX-BqrhOnAPKzCuJlxPjLahfGtL_2IIncR9BjjtZAcT4bbUpbUGvgtFSzQ-YkyuNSz4XQnSh6INE1rgk0WFZxBdzLLs7lfvQfOxVcxnjQK-pB5_H04r-p-BEp6hh00gw2D4Dmjg0K_7aFfkKbXW8gluGygOiQbEIiiPjARx2N8zBgd9ksytKUsMC5TyKkl8cWCP_KQuX9Kx_Fu2LPmaW6YaM3v1OObetvj4z9_NlbLzCOWgSORTOJ_cy68M1odgpby0TyTLLciSe16kC7T6YTGSBnn0JV7MrohkJ1xx0yeTQ4agABjwWfyw-9b68mNvpGgwu1utVdbiuYPHD52OEHSYUKSbSAaZfZRfxlcXXxAZOShmvkeDmfZhWqmApHIyLxkOE_IPGWhvTCfeS-PG9oypwuKipWPZk7lC7J25QMtb195_VZDfjVbZKMoPwmnP3fuojHUM7V9ORvQJ7BrE2GPmfkD7QEyXMWJA8-6R1mSBn0ptyJjpe4iWgGSnCOqgzrq0T7pjNsEtbhgUbMuqL4u5gylF_dPgd1YbRZ47-zvmsGP6jLyitToTSWNoemWH_xAPeoGVyNyh8PLUEKiuLCZP9eVrfKoi9YuBTJIMvZiaR_JAQ3i8JTJAp69EAahbpKTrEE5tn1FOG8EeLhtT0Pz2d5V7bgYTVgj_CBO

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 28 Jan 2022 13:46:29 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H/1.1 200 592.json Show response
id5-sync.com/g/v2/ 213 B
542 B 88ms
9ms XHR
application/json 51.195.5.234
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://id5-sync.com/g/v2/592.json

Requested by

Host: browser.sentry-cdn.com
URL: https://browser.sentry-cdn.com/6.13.3/bundle.tracing.min.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

51.195.5.234 , France, ASN16276 (OVH, FR),

Reverse DNS

p36.id5-sync.com

Software

Resource Hash

5e8f7cbe16b8f81a3bb9128b8b8ada3e9a2758a0a1152eb16fd6b46d2b5630fe

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

Referer: http://www.tranquilforrestt3.xyz/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Content-Type: text/plain

Response headers

Access-Control-Allow-Origin: http://www.tranquilforrestt3.xyz
Date: Fri, 28 Jan 2022 13:46:29 GMT
Access-Control-Allow-Credentials: true
Vary: Origin
Transfer-Encoding: chunked
Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
Content-Type: application/json;charset=UTF-8

GET rid
match.adsrvr.org/track/ 0
0

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame C077 0
20 B 75ms
74ms Image
image/gif 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=Bo8a6tfPzYareG9eWgAea05ywDQAAAAA4AeAEAg&bg=!eXqlej7NAAY6OBv_Ojg7ACkAdvg8WoPnsrNpbOjciPsjVo2gXmljIkC0Mr5e2V8YDensbaFqP5NneQIAAACWUgAAAAdoAQeZAy9APwYOy8j_JkN8qGqAZsnc-AXloyyr8aflY6Bwrjw2NLUFTvovH0k5A24iSiH9XtbgeKjwkVdfrpD6n_28x2rlbQvmBO_K8GiCjbGn1Pejxs1_WCb78deM_DZfCjoGt0QsJZHtqo7re05oTAv5_W2rqxR4GXRxUltsAbXKg55mns85wN72jpAKGsjul4LrerWvakk0QXapA6J1sR1tyOK-ttpGmeJZIZhTlRGxslQFuSPIwXulMmFy24UQMT4sj_8PNGjhzaNHGfk2v5snrbNGS7HpYZqWM9XoY7pHSr2eLsH_keVK9ZXdjksQ7CDGQ2GGlKMBNkn5T_k-L_YWV429ovuyUTI_OV3HkT9TSFC8-05vCSOOPl1wQUEjAr7VB_MpZ2XangXWIM2z1we159OPR0z4MX04K5Kmpl1L3eMAjz8GZG3OHfl6bwevm6DoDGqrIBuqQ65OL9jqC35JamlBQ8Roa6Wr__tZF9i1yPjHrlmTke-GZsvYJ4SH-2oGFdY_oYxBzClgpW0VDKNZ90trCuBomimIUbXRZaI7CaOX-VDDTGQ3CzGLRdxcoQcOL9Zut3QW7Ls_meUB_IDdC2_neENmocXKEXjvETVfWaJsm9CkkRJCXu2PxYtCq3bTylo4lm4JgYXwafuGyb6XGkoxHI31pH85Ob-PdSR6DEf2CVUvU4BbZXZXgyvuAoA8KvG59d7JRBKPvMUSRn3kM0_ECE9cIS-uYDZfBErKMb6dYG6A5-kHjtSIL5Q-pSs5jat02w07M1MH7qIpy81GCL1dRzLQJJWwPv9x415gYELxcHpbCiSZ9pooMu02KFGizLzhkGzGzjzzx0uSx981oVlwpiVYTZs73J_JNvmPu0NiZqPn5JCGOYg7SKroAktVrnONnoXU6I7P_hoxHgdxYDIaVZ2KE_o8hQQaD0amk72u2LdIfR1bn_JsMcojkihmSekCDtPTkXmFw2wD-FTLkgmAKfGdZsTASl-_ZXEiXqE9NQqWpuxXMRIJPOJ1TwIGHPxW3svUKQv9THOK5_0Zlf5zRTLdfHSIi6Kgrih_jfkRZuwIr60kDfddR9a7S-ihEg

Requested by

Host: 2ee9f9c2d9910c8713dfd6416585c71c.safeframe.googlesyndication.com
URL: https://2ee9f9c2d9910c8713dfd6416585c71c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 28 Jan 2022 13:46:30 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 gtm.js Show response
www.googletagmanager.com/ 168 KB
60 KB 157ms
94ms Script
application/javascript 2a00:1450:4001:831::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-MLJQLND

Requested by

Host: www.tranquilforrestt3.xyz
URL: http://www.tranquilforrestt3.xyz/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

0ca50d4e03d4fe5b34eb72fb860dfd7aab6b1b44c29f0b0d130cf619fbea1839

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www.tranquilforrestt3.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Fri, 28 Jan 2022 13:46:30 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 61139
x-xss-protection: 0
last-modified: Fri, 28 Jan 2022 12:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Fri, 28 Jan 2022 13:46:30 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 49 KB
20 KB 172ms
43ms Script
text/javascript 2a00:1450:4001:82f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MLJQLND

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www.tranquilforrestt3.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 02 Nov 2021 17:39:06 GMT
server: Golfe2
age: 696
date: Fri, 28 Jan 2022 13:34:54 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20006
expires: Fri, 28 Jan 2022 15:34:54 GMT

GET
H/1.1 200
OK outbrain.js Show response
widgets.outbrain.com/ 195 KB
68 KB 586ms
507ms Script
application/x-javascript 2.18.234.190
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: http://widgets.outbrain.com/outbrain.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MLJQLND
Protocol: HTTP/1.1
Server: 2.18.234.190 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-190.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: e8645d86bffcf05f83fa9f1e83005d869d18382cbae62a45d4e606575da1fcd8

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www.tranquilforrestt3.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Fri, 28 Jan 2022 13:46:31 GMT
Content-Encoding: gzip
Last-Modified: Wed, 26 Jan 2022 08:58:46 GMT
Connection: keep-alive, Transfer-Encoding
ETag: "2d-cjI7bEmuexlJ7wC9JoUaYI5NZOc"
Vary: Accept-Encoding
Edge-Cache-Tag: widget-cheetah
Content-Type: application/x-javascript; charset=utf-8
Access-Control-Allow-Origin: *
Cache-Control: no-cache
Transfer-Encoding: chunked
Access-Control-Allow-Methods: GET,POST
X-TraceId: 5ccfe07d05794fc2d587214bffe85e1a
Timing-Allow-Origin: *, *
Access-Control-Allow-Credentials: false

GET
H2 200 00acb2139b7de30d5754c91bdabbe2d808c2e453.js Show response
cdn.izooto.com/scripts/ 7 KB
2 KB 169ms
60ms Script
application/javascript 2606:4700::6812:d941
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.izooto.com/scripts/00acb2139b7de30d5754c91bdabbe2d808c2e453.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MLJQLND

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:d941 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d6aba730232d320b336451ad77863d840bbf34fda4d65999080d36d257e7fd12

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubdomains; preload
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www.tranquilforrestt3.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Fri, 28 Jan 2022 13:46:30 GMT
content-encoding: br
vary: Accept-Encoding
cf-cache-status: HIT
age: 273606
x-xss-protection: 1; mode=block
last-modified: Mon, 02 Aug 2021 13:28:46 GMT
server: cloudflare
etag: W/"6107f30e-1adc"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubdomains; preload
content-type: application/javascript
access-control-allow-origin: *
expires: Mon, 28 Feb 2022 13:46:30 GMT
cache-control: public, max-age=2678400
cf-ray: 6d4aaad5aaf892b1-FRA
cf-bgj: minify

GET
H2 200 nw18_fp.js Show response
www.tranquilforrestt3.xyz/dlxczavtqcctuei/prod/ 0
608 B 450ms
342ms Script
text/html 2606:4700:3030::6815:da0
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.tranquilforrestt3.xyz/dlxczavtqcctuei/prod/nw18_fp.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MLJQLND
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3030::6815:da0 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / PHP/5.3.3
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www.tranquilforrestt3.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Fri, 28 Jan 2022 13:46:30 GMT
content-encoding: br
cf-cache-status: MISS
last-modified: Fri, 28 Jan 2022 13:46:30 GMT
server: cloudflare
x-powered-by: PHP/5.3.3
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3mUmJE8t2wof4MA6K257R%2BMDRycbJMdzKuZbJ7k77RXcK6RwjIsBnooayFhgLO%2BNvGtoed4Yfs3SID94j3HIesYoYESmPbgeXbC1ZYq1q560r76SiR3MXA%2BszydAl8hiFOsN6lMNO70p%2FXIofyzP3bl0iiMAhVGY"}],"group":"cf-nel","max_age":604800}
content-type: text/html; charset=UTF-8
cache-control: max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 6d4aaad59ed69046-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2

204

b2
sb.scorecardresearch.com/
Redirect Chain

https://sb.scorecardresearch.com/b?c1=2&c2=6683813&ns__t=1643377590541&ns_c=UTF-8&c8=LIVE%20updates%2C%20Latest%20News%2C%20Breaking%20News%2C%20Bollywood%2C%20Business%20and%20Political%20News%20%...
https://sb.scorecardresearch.com/b2?c1=2&c2=6683813&ns__t=1643377590541&ns_c=UTF-8&c8=LIVE%20updates%2C%20Latest%20News%2C%20Breaking%20News%2C%20Bollywood%2C%20Business%20and%20Political%20News%20...

0
225 B

18ms
18ms

Image
text/plain

108.157.4.15
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sb.scorecardresearch.com/b2?c1=2&c2=6683813&ns__t=1643377590541&ns_c=UTF-8&c8=LIVE%20updates%2C%20Latest%20News%2C%20Breaking%20News%2C%20Bollywood%2C%20Business%20and%20Political%20News%20%E2%80%93%20Firstpost&c7=http%3A%2F%2Fwww.tranquilforrestt3.xyz%2F&c9=
Protocol: H2
Server: 108.157.4.15 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www.tranquilforrestt3.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Fri, 28 Jan 2022 13:46:30 GMT
via: 1.1 374989d04bb9f7efef831637d8f4b234.cloudfront.net (CloudFront)
x-amz-cf-pop: DUS51-P2
etag: W/"0-2jmj7l5rSw0yVb/vlWAYkK/YBwk"
x-amz-cf-id: tbJnil7qQM1aCEyP3WYoCEgEfcVXHpytO1Z7koIAvJdMjjbmMTBN2g==
x-cache: Miss from cloudfront

Redirect headers

date: Fri, 28 Jan 2022 13:46:30 GMT
via: 1.1 374989d04bb9f7efef831637d8f4b234.cloudfront.net (CloudFront)
x-amz-cf-pop: DUS51-P2
vary: Accept
x-cache: Miss from cloudfront
content-type: text/plain; charset=utf-8
location: https://sb.scorecardresearch.com/b2?c1=2&c2=6683813&ns__t=1643377590541&ns_c=UTF-8&c8=LIVE%20updates%2C%20Latest%20News%2C%20Breaking%20News%2C%20Bollywood%2C%20Business%20and%20Political%20News%20%E2%80%93%20Firstpost&c7=http%3A%2F%2Fwww.tranquilforrestt3.xyz%2F&c9=
content-length: 289
x-amz-cf-id: i_XHwf0Ly9IfcaHY2BCaArtiBrVvTFSs4HeJwHT-bowE8DHvigiKcw==

GET
H3 200 videoplayback Show response
rr4---sn-5hnekn7d.googlevideo.com/ Frame 6886 240 KB
240 KB 25ms
24ms XHR
audio/webm 2a00:1450:400e:1::9
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://rr4---sn-5hnekn7d.googlevideo.com/videoplayback?expire=1643399186&ei=svPzYfPWJcu8x_APiKutyAU&ip=2a03%3A1b20%3A6%3Af011%3A%3A5e&id=o-AL3wTGwWKNbjJTkrjhflecK629aFoy7vY3lIMYGWKxhC&itag=251&source=youtube&requiressl=yes&mh=Wa&mm=31%2C29&mn=sn-5hnekn7d%2Csn-5hne6nsy&ms=au%2Crdu&mv=m&mvi=4&pl=48&initcwndbps=1653750&vprv=1&mime=audio%2Fwebm&ns=hP-kvHtvtRLTj6Kh5qfEHDkG&gir=yes&clen=3452870&dur=200.861&lmt=1623499696404952&mt=1643377277&fvip=4&keepalive=yes&fexp=24001373%2C24007246&c=WEB_EMBEDDED_PLAYER&txp=5532434&n=23PZ7T0nZdSa8g&sparams=expire%2Cei%2Cip%2Cid%2Citag%2Csource%2Crequiressl%2Cvprv%2Cmime%2Cns%2Cgir%2Cclen%2Cdur%2Clmt&sig=AOq0QJ8wRQIgfDxLgvk5zlKx9J86b7Vdt-DoSjEc9ub3j7XCr8NPppYCIQDm6RYQAapDuntBLhBHvGm719whTbA8vGRcmRInbpsIfw%3D%3D&lsparams=mh%2Cmm%2Cmn%2Cms%2Cmv%2Cmvi%2Cpl%2Cinitcwndbps&lsig=AG3C_xAwRQIhAOEdbmAhtsZaGgA-3mU_n3vAvBlHjAzmdS1xjp7ZI06PAiBIXCpcrjzLvjCr6lZngoKgDl1vu5bufRXd4fPHk8obOQ%3D%3D&alr=yes&cpn=MzsjtoIXAbgRTkG9&cver=1.20220126.01.00&range=279520-525562&rn=8&rbuf=12171

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/495d0f2b/player_ias.vflset/de_DE/base.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400e:1::9 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

gvs 1.0 /

Resource Hash

f05765dc48d1b2ad8a3e9a701e95391a81f2673fef7028ab4a8764a5815650e5

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.youtube.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Fri, 28 Jan 2022 13:46:30 GMT
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 246043
client-protocol: quic
last-modified: Sat, 12 Jun 2021 12:08:16 GMT
server: gvs 1.0
vary: Origin
content-type: audio/webm
access-control-allow-origin: https://www.youtube.com
access-control-expose-headers: Client-Protocol, Content-Length, Content-Type, X-Bandwidth-Est, X-Bandwidth-Est2, X-Bandwidth-Est3, X-Bandwidth-App-Limited, X-Bandwidth-Est-App-Limited, X-Bandwidth-Est-Comp, X-Bandwidth-Avg, X-Head-Time-Millis, X-Head-Time-Sec, X-Head-Seqnum, X-Response-Itag, X-Restrict-Formats-Hint, X-Sequence-Num, X-Segment-Lmt, X-Walltime-Ms
cache-control: private, max-age=21296
access-control-allow-credentials: true
accept-ranges: bytes
timing-allow-origin: https://www.youtube.com
expires: Fri, 28 Jan 2022 13:46:30 GMT

GET
H2

200

cs.js Show response
sb.scorecardresearch.com/internal-c2/default/
Redirect Chain

https://sb.scorecardresearch.com/c2/6683813/cs.js
https://sb.scorecardresearch.com/internal-c2/default/cs.js

0
351 B

18ms
17ms

Script
application/javascript

108.157.4.15
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://sb.scorecardresearch.com/internal-c2/default/cs.js
Protocol: H2
Server: 108.157.4.15 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www.tranquilforrestt3.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Fri, 28 Jan 2022 13:17:11 GMT
via: 1.1 374989d04bb9f7efef831637d8f4b234.cloudfront.net (CloudFront)
etag: "d41d8cd98f00b204e9800998ecf8427e"
last-modified: Mon, 01 Mar 2021 20:42:20 GMT
server: AmazonS3
age: 1760
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-type: application/javascript
x-amz-cf-pop: DUS51-P2
accept-ranges: bytes
content-length: 0
x-amz-cf-id: RoHcjaiE15baTx9qVpVaUmZw9pSFtErs7NG2dErzVZzpkHHXfFkp-g==

Redirect headers

date: Fri, 28 Jan 2022 13:46:30 GMT
via: 1.1 374989d04bb9f7efef831637d8f4b234.cloudfront.net (CloudFront)
x-amz-cf-pop: DUS51-P2
vary: Accept
x-cache: Miss from cloudfront
content-type: text/plain; charset=utf-8
location: /internal-c2/default/cs.js
content-length: 48
x-amz-cf-id: aSxNy9cnTCC6Er929YktA1kAug7EFnl-9lGLXidaQgJTdhG8482zqQ==

GET
H2

200

ztpv.php Show response
www.conrad.de/ Frame 5031
Redirect Chain

https://www.awin1.com/cshow.php?s=2470208&v=11354&q=371931&r=473322&pv=1&pref1=18911400155074200383832011853029
https://www.zenaps.com/cshow.php?pvr=b2bd3790-8040-11ec-b99f-2231db894da9&v=11354&r=473322&q=371931&s=2470208&viewref=18911400155074200383832011853029&pv=1
https://www.conrad.de/ztpv.php?awc=11354_473322_1643377590_b2bd3790-8040-11ec-b99f-2231db894da9&insert=AW

0
727 B

148ms
104ms

Document
text/html

2606:4700::6812:7e05
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.conrad.de/ztpv.php?awc=11354_473322_1643377590_b2bd3790-8040-11ec-b99f-2231db894da9&insert=AW

Requested by

Host: ad29.ad-srv.net
URL: https://ad29.ad-srv.net/request.php?zone=h7gx4wfffrt8&nw=11&renderingType=javascript&namespace=3e55839b25&subid=&uid=10ec926617f012b5&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=300x250&scrollPos=0x0&extData[]=&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=&documentReferer=http%3A%2F%2Fwww.tranquilforrestt3.xyz%2F&ancestorOrigins=http%3A%2F%2Fwww.tranquilforrestt3.xyz&random=78920043140&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:7e05 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://2ee9f9c2d9910c8713dfd6416585c71c.safeframe.googlesyndication.com/

Response headers

date: Fri, 28 Jan 2022 13:46:30 GMT
content-type: text/html; charset=UTF-8
server-timing: intid;desc=2a654970a633ccfa
cache-control: no-cache
expires: -1
p3p: policyref="http://www.conrad.de/w3c/p3p.xml", CP="NOI NID STP STA CUR OUR"
x-varnish: 482717040
age: 0
via: 1.1 varnish (Varnish/6.6)
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000
server: cloudflare
cf-ray: 6d4aaad64f3d5b86-FRA
content-encoding: br

Redirect headers

Content-Length: 0
Location: https://www.conrad.de/ztpv.php?awc=11354_473322_1643377590_b2bd3790-8040-11ec-b99f-2231db894da9&insert=AW
Node: Helix
P3P: policyref="http://www.awin1.com/w3c/p3p.xml", CP="NOI NID CURa ADMa PSAa HISa OUR IND UNI PUR COM NAV"
Date: Fri, 28 Jan 2022 13:46:30 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=86400
Awin-Akamai-Rule-Set: default

GET
H2

200

/ Show response
htlp.emp.de/ Frame 6DF2
Redirect Chain

https://www.awin1.com/cshow.php?s=2481850&v=14172&q=372911&r=473322&pv=1&pref1=18911400155074200383832011853029
https://htlp.emp.de/

3 KB
3 KB

88ms
23ms

Document
text/html

2600:9000:225e:c200:c:6264:8240:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://htlp.emp.de/
Requested by: Host: ad29.ad-srv.net
URL: https://ad29.ad-srv.net/request.php?zone=h7gx4wfffrt8&nw=11&renderingType=javascript&namespace=3e55839b25&subid=&uid=10ec926617f012b5&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=300x250&scrollPos=0x0&extData[]=&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=&documentReferer=http%3A%2F%2Fwww.tranquilforrestt3.xyz%2F&ancestorOrigins=http%3A%2F%2Fwww.tranquilforrestt3.xyz&random=78920043140&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:225e:c200:c:6264:8240:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 6bb77d20dd85b4bfae78affeef6ee91869bffa0ef53ed9c8ab9c2a526d0180c5

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://2ee9f9c2d9910c8713dfd6416585c71c.safeframe.googlesyndication.com/

Response headers

content-type: text/html
content-length: 2647
last-modified: Wed, 08 Jul 2020 09:51:56 GMT
x-amz-version-id: Za5k1aCF3b8ugAP1.Dh5UJVd_ViDWDOf
accept-ranges: bytes
server: AmazonS3
date: Fri, 28 Jan 2022 13:46:30 GMT
cache-control: max-age=10
etag: "81767a046d18dbeec7092a1dbdc70325"
x-cache: Hit from cloudfront
via: 1.1 a3c1615d6bdfc01a05a0b3a742d10d38.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA60-P4
x-amz-cf-id: TLKPXPBeLfKM-YwhFaYja8_oYzuMvG_mhSZMt29nge537oagOS5Szg==
age: 6

Redirect headers

Content-Length: 0
Location: https://htlp.emp.de/
Node: Helix
P3P: policyref="http://www.awin1.com/w3c/p3p.xml", CP="NOI NID CURa ADMa PSAa HISa OUR IND UNI PUR COM NAV"
Date: Fri, 28 Jan 2022 13:46:30 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=86400
Awin-Akamai-Rule-Set: default

GET
H/1.1 200
OK request_content.php Show response
ad29.ad-srv.net/ Frame 05BF 8 KB
3 KB 43ms
15ms Document
text/html 88.99.219.174
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ad29.ad-srv.net/request_content.php?s=18911400155074200383832011853029&a=979e4484
Requested by: Host: ad29.ad-srv.net
URL: https://ad29.ad-srv.net/request.php?zone=h7gx4wfffrt8&nw=11&renderingType=javascript&namespace=3e55839b25&subid=&uid=10ec926617f012b5&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=300x250&scrollPos=0x0&extData[]=&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=&documentReferer=http%3A%2F%2Fwww.tranquilforrestt3.xyz%2F&ancestorOrigins=http%3A%2F%2Fwww.tranquilforrestt3.xyz&random=78920043140&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 88.99.219.174 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.174.219.99.88.clients.your-server.de
Software: Apache /
Resource Hash: 1ac282a67db18db33d7a159a738b8c638541348bd15c5404e31686733d6c893a

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://2ee9f9c2d9910c8713dfd6416585c71c.safeframe.googlesyndication.com/

Response headers

Date: Fri, 28 Jan 2022 13:46:30 GMT
Server: Apache
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Expires: Fri, 28 Jan 2022 13:46:30 +0100
Pragma: no-cache
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 2312
Connection: close
Content-Type: text/html; charset=utf-8

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 17C3 1 KB
749 B 38ms
38ms Document
text/html 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: 2ee9f9c2d9910c8713dfd6416585c71c.safeframe.googlesyndication.com
URL: https://2ee9f9c2d9910c8713dfd6416585c71c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://2ee9f9c2d9910c8713dfd6416585c71c.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 724
x-xss-protection: 0
date: Fri, 28 Jan 2022 05:53:44 GMT
expires: Sat, 29 Jan 2022 05:53:44 GMT
cache-control: public, max-age=86400
age: 28366
etag: 48472445140208031
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
DATA 200
OK truncated
/ Frame 2140 220 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: c1ae24dd1421eb1089837f363a54aba394f5e023b16840a9020087aeffec1126

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Content-Type: image/png

GET
H/1.1 200
OK minified-custom.js Show response
cdn.contentspread.net/kupona/advertiser/782/creativesup/ Frame 05BF 7 KB
3 KB 101ms
16ms Script
application/javascript 51.75.147.170
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.contentspread.net/kupona/advertiser/782/creativesup/minified-custom.js
Requested by: Host: ad29.ad-srv.net
URL: https://ad29.ad-srv.net/request_content.php?s=18911400155074200383832011853029&a=979e4484
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 51.75.147.170 , France, ASN16276 (OVH, FR),
Reverse DNS: ns3133977.ip-51-75-147.eu
Software: nginx /
Resource Hash: fca489bbafda0e046c6b2bcfb91400b48d41aff8db1dc2a3df2b8da3cbcb43fd

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ad29.ad-srv.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Fri, 28 Jan 2022 13:46:30 GMT
Content-Encoding: gzip
Last-Modified: Tue, 04 Feb 2014 08:20:56 GMT
Server: nginx
ETag: W/"52f0a2e8-1a40"
Transfer-Encoding: chunked
Content-Type: application/javascript
Connection: close

GET
H/1.1

200
OK

69250fcfc588cf5d8ffbc24dca91a6f6 Show response
pv.medialead.de/trck/epv/ Frame 05BF
Redirect Chain

https://pv.medialead.de/trck/epv/69250fcfc588cf5d8ffbc24dca91a6f6&subid=18911400155074200383832011853029&ctrack=https%3A%2F%2Fad29.ad-srv.net%2Fc%2Fc9etzjkrig2jyjq%3Ftprde%3D
https://pv.medialead.de/trck/epv/69250fcfc588cf5d8ffbc24dca91a6f6?subid=18911400155074200383832011853029&ctrack=https%3A%2F%2Fad29.ad-srv.net%2Fc%2Fc9etzjkrig2jyjq%3Ftprde%3D

698 B
2 KB

34ms
34ms

Script
application/javascript

145.239.193.130
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://pv.medialead.de/trck/epv/69250fcfc588cf5d8ffbc24dca91a6f6?subid=18911400155074200383832011853029&ctrack=https%3A%2F%2Fad29.ad-srv.net%2Fc%2Fc9etzjkrig2jyjq%3Ftprde%3D

Requested by

Host: ad29.ad-srv.net
URL: https://ad29.ad-srv.net/request_content.php?s=18911400155074200383832011853029&a=979e4484

Protocol

HTTP/1.1

Server

145.239.193.130 , France, ASN16276 (OVH, FR),

Reverse DNS

Software

nginx/1.19.7 / PHP/7.2.34

Resource Hash

9a173fd3d1636dfeb8626ce702717668608b095703858f180b716617a6e6048f

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000;includeSubdomains;preload, max-age=15768000

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ad29.ad-srv.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Fri, 28 Jan 2022 13:46:30 GMT
Server: nginx/1.19.7
X-IPLB-Request-ID: B9D59BA5:DB74_91EFC182:01BB_61F3F3B6_11E5640A:297E8
X-Powered-By: PHP/7.2.34
X-IPLB-Instance: 40028
Transfer-Encoding: chunked
Access-Control-Allow-Methods: GET,PUT,POST,DELETE,OPTIONS
Content-Type: application/javascript; charset=utf-8
Access-Control-Allow-Origin: *
Cache-control: private
Access-Control-Allow-Credentials: true
Strict-Transport-Security: max-age=63072000;includeSubdomains;preload, max-age=15768000
Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Range, Content-Disposition, Content-Type, Authorization
Keep-Alive: timeout=20

Redirect headers

Date: Fri, 28 Jan 2022 13:46:30 GMT
Server: nginx/1.19.7
X-IPLB-Request-ID: B9D59BA5:DB74_91EFC182:01BB_61F3F3B6_11E56404:297E8
X-Powered-By: PHP/7.2.34
X-IPLB-Instance: 40028
Strict-Transport-Security: max-age=63072000;includeSubdomains;preload, max-age=15768000
Content-Type: text/html; charset=UTF-8
Location: /trck/epv/69250fcfc588cf5d8ffbc24dca91a6f6?subid=18911400155074200383832011853029&ctrack=https%3A%2F%2Fad29.ad-srv.net%2Fc%2Fc9etzjkrig2jyjq%3Ftprde%3D
Cache-control: private
Transfer-Encoding: chunked
Keep-Alive: timeout=20

GET
H2

200

COUPON122_234x60
asset.conrad.com/media10/isa/160267/c1/-/de/ Frame 05BF
Redirect Chain

https://www.awin1.com/cshow.php?s=2470208&v=11354&q=371931&r=473322&pref1=18911400155074200383832011853029
https://www.zenaps.com/cshow.php?pvr=b2c8a940-8040-11ec-915c-22338470aac8&v=11354&r=473322&q=371931&s=2470208&viewref=18911400155074200383832011853029
https://asset.conrad.com/media10/isa/160267/c1/-/de/COUPON122_234x60?format=gif

31 KB
31 KB

84ms
17ms

Image
image/gif

178.79.242.245
LLNW

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://asset.conrad.com/media10/isa/160267/c1/-/de/COUPON122_234x60?format=gif

Requested by

Host: ad29.ad-srv.net
URL: https://ad29.ad-srv.net/request_content.php?s=18911400155074200383832011853029&a=979e4484

Protocol

Server

178.79.242.245 , United States, ASN22822 (LLNW, US),

Reverse DNS

Software

Cliplister GmbH /

Resource Hash

d944530b229640cc8c39188bef6135a526d1d6e5b26242d836647526ff5af1fe

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ad29.ad-srv.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

strict-transport-security: max-age=15768000
etag: "61f0f597-7ae0"
last-modified: Wed, 26 Jan 2022 07:17:43 GMT
server: Cliplister GmbH
age: 22410
date: Fri, 28 Jan 2022 13:46:30 GMT
content-type: image/gif
access-control-allow-origin: *
cache-control: max-age=172800
x-server: c20
reporting: eyJjb25zdW1lcmlkIjoxNjAyNjcsIm93bmVyaWQiOjE2MDI2NywidW5pcXVlaWQiOiIxNjAyNjcxemRQQ0prRU5tTzlOZTdMeU5UcURrQVQiLCJ1dWlkIjoiYWMyYzY3NmNhYjgyZjQ2MzVhYTBlNGRiNmZkYzBmOThiIiwiYXNzZXR0eXBlIjoicGljdHVyZSJ9
x-llid: 1c807d7b69409eeebb6c71c21c551cb6
content-length: 31456
accept-ranges: bytes
expires: Sun, 30 Jan 2022 07:33:00 GMT

Redirect headers

Date: Fri, 28 Jan 2022 13:46:30 GMT
Strict-Transport-Security: max-age=86400
P3P: policyref="http://www.awin1.com/w3c/p3p.xml", CP="NOI NID CURa ADMa PSAa HISa OUR IND UNI PUR COM NAV"
Location: https://asset.conrad.com/media10/isa/160267/c1/-/de/COUPON122_234x60?format=gif
Awin-Akamai-Rule-Set: default
Node: Helix
Connection: keep-alive
Content-Length: 0

GET
H2

200

234x60.png
media.acfrg.com/banner/Affilinet/Logo/EMP/ Frame 05BF
Redirect Chain

https://www.awin1.com/cshow.php?s=2481854&v=14172&q=372905&r=473322&pref1=18911400155074200383832011853029
https://media.acfrg.com/banner/Affilinet/Logo/EMP/234x60.png

19 KB
20 KB

107ms
19ms

Image
image/png

2600:9000:224a:3a00:13:99a2:1280:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://media.acfrg.com/banner/Affilinet/Logo/EMP/234x60.png
Requested by: Host: ad29.ad-srv.net
URL: https://ad29.ad-srv.net/request_content.php?s=18911400155074200383832011853029&a=979e4484
Protocol: H2
Server: 2600:9000:224a:3a00:13:99a2:1280:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx / PleskLin
Resource Hash: 1af3b3d1d392da6c48dd7483de1db04f952f58bd852d7858144e9b61b6baf0a0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ad29.ad-srv.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Fri, 28 Jan 2022 03:18:59 GMT
via: 1.1 63d9e08bce2adee06986125b699b4cec.cloudfront.net (CloudFront)
etag: "5c7d2f4f-4ce8"
last-modified: Mon, 04 Mar 2019 13:59:43 GMT
server: nginx
age: 37660
x-powered-by: PleskLin
x-cache: Hit from cloudfront
content-type: image/png
x-amz-cf-pop: DUS51-P1
accept-ranges: bytes
content-length: 19688
x-amz-cf-id: VnP2GcGEU3sFeTJ7Z8W4q74vh1iZtzXUl37fQdewSLswnfYXH9qr8Q==

Redirect headers

Date: Fri, 28 Jan 2022 13:46:30 GMT
Strict-Transport-Security: max-age=86400
P3P: policyref="http://www.awin1.com/w3c/p3p.xml", CP="NOI NID CURa ADMa PSAa HISa OUR IND UNI PUR COM NAV"
Location: https://media.acfrg.com/banner/Affilinet/Logo/EMP/234x60.png
Awin-Akamai-Rule-Set: default
Node: Helix
Connection: keep-alive
Content-Length: 0

GET
H/1.1 200
OK viewability Show response
ad29.ad-srv.net/ Frame 05BF 0
150 B 67ms
23ms Script
text/html 88.99.219.174
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ad29.ad-srv.net/viewability?s=18911400155074200383832011853029&a=710aa67d&vb=m
Requested by: Host: ad29.ad-srv.net
URL: https://ad29.ad-srv.net/request_content.php?s=18911400155074200383832011853029&a=979e4484
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 88.99.219.174 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.174.219.99.88.clients.your-server.de
Software: Apache /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ad29.ad-srv.net/request_content.php?s=18911400155074200383832011853029&a=979e4484
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Fri, 28 Jan 2022 13:46:30 GMT
Server: Apache
Connection: close
Content-Length: 0
Content-Type: text/html; charset=UTF-8

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 17C3
Redirect Chain

https://sync-tm.everesttech.net/upi/pid/5w3jqr4k?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dg8f47s39e399f3fe%26google_hm%3D%24%7BTM_USER_ID_BASE64ENC_URLENC%7D&google_gid=CAESE...
https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=WWZQenN3QUI4LV90bHdCQg==&google_gid=CAESEPkbiGv5Bgh5_RCz9qyKUe8&google_cver=1&google_push=AYg5qPL1-p81HlTPlyd3O3IX1Fnw8u9lN5...

170 B
188 B

64ms
63ms

Image
image/png

142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=WWZQenN3QUI4LV90bHdCQg==&google_gid=CAESEPkbiGv5Bgh5_RCz9qyKUe8&google_cver=1&google_push=AYg5qPL1-p81HlTPlyd3O3IX1Fnw8u9lN5Ayvg1JcGAHIuGxHDIiuHRrxuUKQWD0jwHoLd6-7mYMTMAYmrzjFFtJ6FnPzBhw4-k

Requested by

Host: 2ee9f9c2d9910c8713dfd6416585c71c.safeframe.googlesyndication.com
URL: https://2ee9f9c2d9910c8713dfd6416585c71c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 28 Jan 2022 13:46:30 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Fri, 28 Jan 2022 13:46:30 GMT
via: 1.1 varnish
server: Varnish
x-timer: S1643377591.735727,VS0,VE0
x-served-by: cache-hhn4034-HHN
x-cache: HIT
location: https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=WWZQenN3QUI4LV90bHdCQg==&google_gid=CAESEPkbiGv5Bgh5_RCz9qyKUe8&google_cver=1&google_push=AYg5qPL1-p81HlTPlyd3O3IX1Fnw8u9lN5Ayvg1JcGAHIuGxHDIiuHRrxuUKQWD0jwHoLd6-7mYMTMAYmrzjFFtJ6FnPzBhw4-k
cache-control: no-cache
accept-ranges: bytes
content-length: 0
retry-after: 0
x-cache-hits: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 17C3
Redirect Chain

https://d5p.de17a.com/cookies/google?google_gid=CAESEIt66789R7mzDkel-lfLJ1g&google_cver=1&google_push=AYg5qPJpkbh4_tOE-EDguYNTGlLCvfObwlzy5Q4uvhvlhKi-cb1Gr6tqMASWS1A_ttT_dQTi8xJqK47bQ1bVY6pP6_u4N2o...
https://d5p.de17a.com/cookies/google;c?google_gid=CAESEIt66789R7mzDkel-lfLJ1g&google_cver=1&google_push=AYg5qPJpkbh4_tOE-EDguYNTGlLCvfObwlzy5Q4uvhvlhKi-cb1Gr6tqMASWS1A_ttT_dQTi8xJqK47bQ1bVY6pP6_u4N...
https://cm.g.doubleclick.net/pixel?google_nid=delta_projects_ab&google_ula=668382&google_push=AYg5qPJpkbh4_tOE-EDguYNTGlLCvfObwlzy5Q4uvhvlhKi-cb1Gr6tqMASWS1A_ttT_dQTi8xJqK47bQ1bVY6pP6_u4N2ojaGM

170 B
188 B

59ms
58ms

Image
image/png

142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=delta_projects_ab&google_ula=668382&google_push=AYg5qPJpkbh4_tOE-EDguYNTGlLCvfObwlzy5Q4uvhvlhKi-cb1Gr6tqMASWS1A_ttT_dQTi8xJqK47bQ1bVY6pP6_u4N2ojaGM

Requested by

Host: 2ee9f9c2d9910c8713dfd6416585c71c.safeframe.googlesyndication.com
URL: https://2ee9f9c2d9910c8713dfd6416585c71c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 28 Jan 2022 13:46:30 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=delta_projects_ab&google_ula=668382&google_push=AYg5qPJpkbh4_tOE-EDguYNTGlLCvfObwlzy5Q4uvhvlhKi-cb1Gr6tqMASWS1A_ttT_dQTi8xJqK47bQ1bVY6pP6_u4N2ojaGM
content-length: 0
p3p: CP=NON CURa ADMa DEVa TAIa OUR STP IND UNI COM NAV

GET
H3 200 dds
rtb.openx.net/sync/ Frame 17C3 43 B
64 B 34ms
33ms Image
image/gif 35.227.252.103
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb.openx.net/sync/dds?google_gid=CAESEA1BB2sYyztkoEl8hr0a9EU&google_cver=1&google_push=AYg5qPJqiTIk-AtcJdz6y36i1aS7RSFsA0KLQDEJ8tnRCa2v0gWc1KkKBfWoQqHdpONSwfgsR9IL_ci0A15ZcUzpWfOZnw5JzqE
Requested by: Host: 2ee9f9c2d9910c8713dfd6416585c71c.safeframe.googlesyndication.com
URL: https://2ee9f9c2d9910c8713dfd6416585c71c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 35.227.252.103 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 103.252.227.35.bc.googleusercontent.com
Software: Cowboy /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 28 Jan 2022 13:46:30 GMT
via: 1.1 google
server: Cowboy
vary: Origin
p3p: CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin: null
access-control-expose-headers
cache-control: private, max-age=0, no-cache, must-revalidate
access-control-allow-credentials: true
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
x-request-id: r1u84hoqgheabr1gl8bl7ntta62688g0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 17C3
Redirect Chain

https://s.ad.smaato.net/c/n///-?adNetInit=g&google_gid=CAESEPOKq0H7b7eyPTq7FthKSXg&google_cver=1&google_push=AYg5qPISEWzqC621HB-KUUs-Nwt2zVAbYFVANVXYB66iizMm-zuE0J92RY2l3s77UJMSl7tDL1YDYXtZ5_w3cjVA...
https://cm.g.doubleclick.net/pixel?google_nid=smaato&google_push=AYg5qPISEWzqC621HB-KUUs-Nwt2zVAbYFVANVXYB66iizMm-zuE0J92RY2l3s77UJMSl7tDL1YDYXtZ5_w3cjVANferyPiTukE

170 B
188 B

52ms
52ms

Image
image/png

142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=smaato&google_push=AYg5qPISEWzqC621HB-KUUs-Nwt2zVAbYFVANVXYB66iizMm-zuE0J92RY2l3s77UJMSl7tDL1YDYXtZ5_w3cjVANferyPiTukE

Requested by

Host: 2ee9f9c2d9910c8713dfd6416585c71c.safeframe.googlesyndication.com
URL: https://2ee9f9c2d9910c8713dfd6416585c71c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 28 Jan 2022 13:46:30 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Fri, 28 Jan 2022 13:46:30 GMT
via: 1.1 22b00b5685ee1822efcb3d9e95d3c19a.cloudfront.net (CloudFront)
server: CloudFront
x-amz-cf-pop: FRA56-P5
x-cache: FunctionGeneratedResponse from cloudfront
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location: https://cm.g.doubleclick.net/pixel?google_nid=smaato&google_push=AYg5qPISEWzqC621HB-KUUs-Nwt2zVAbYFVANVXYB66iizMm-zuE0J92RY2l3s77UJMSl7tDL1YDYXtZ5_w3cjVANferyPiTukE
cache-control: no-cache, must-revalidate
content-length: 0
x-amz-cf-id: sHcndtx8Lc0yoqX7RTiqtXdD839bjLbGvQub_VUUyfpcIbP12N4Ghw==

GET

pixel
cm.g.doubleclick.net/ Frame 17C3
Redirect Chain

https://onetag-sys.com/sync/i,19/?google_gid=CAESEE_UoJwOMSB1-TI_ttXk6Eg&google_cver=1&google_push=AYg5qPLPAScCM5ZIQbfISSONpQAvDt9eNy59jLiEoybKC5R6y9FL1oxhWDkCvmAX__7K7XzYdC-iSPbIX6ogUvKM53XDZ8r5bPg
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_push=AYg5qPLPAScCM5ZIQbfISSONpQAvDt9eNy59jLiEoybKC5R6y9FL1oxhWDkCvmAX__7K7XzYdC-iSPbIX6ogUvKM53XDZ8r5bPg
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_push=AYg5qPLPAScCM5ZIQbfISSONpQAvDt9eNy59jLiEoybKC5R6y9FL1oxhWDkCvmAX__7K7XzYdC-iSPbIX6ogUvKM53XDZ8r5bPg
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_push=AYg5qPLPAScCM5ZIQbfISSONpQAvDt9eNy59jLiEoybKC5R6y9FL1oxhWDkCvmAX__7K7XzYdC-iSPbIX6ogUvKM53XDZ8r5bPg
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_push=AYg5qPLPAScCM5ZIQbfISSONpQAvDt9eNy59jLiEoybKC5R6y9FL1oxhWDkCvmAX__7K7XzYdC-iSPbIX6ogUvKM53XDZ8r5bPg
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_push=AYg5qPLPAScCM5ZIQbfISSONpQAvDt9eNy59jLiEoybKC5R6y9FL1oxhWDkCvmAX__7K7XzYdC-iSPbIX6ogUvKM53XDZ8r5bPg
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_push=AYg5qPLPAScCM5ZIQbfISSONpQAvDt9eNy59jLiEoybKC5R6y9FL1oxhWDkCvmAX__7K7XzYdC-iSPbIX6ogUvKM53XDZ8r5bPg
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_push=AYg5qPLPAScCM5ZIQbfISSONpQAvDt9eNy59jLiEoybKC5R6y9FL1oxhWDkCvmAX__7K7XzYdC-iSPbIX6ogUvKM53XDZ8r5bPg
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_push=AYg5qPLPAScCM5ZIQbfISSONpQAvDt9eNy59jLiEoybKC5R6y9FL1oxhWDkCvmAX__7K7XzYdC-iSPbIX6ogUvKM53XDZ8r5bPg
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_push=AYg5qPLPAScCM5ZIQbfISSONpQAvDt9eNy59jLiEoybKC5R6y9FL1oxhWDkCvmAX__7K7XzYdC-iSPbIX6ogUvKM53XDZ8r5bPg
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_push=AYg5qPLPAScCM5ZIQbfISSONpQAvDt9eNy59jLiEoybKC5R6y9FL1oxhWDkCvmAX__7K7XzYdC-iSPbIX6ogUvKM53XDZ8r5bPg
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_push=AYg5qPLPAScCM5ZIQbfISSONpQAvDt9eNy59jLiEoybKC5R6y9FL1oxhWDkCvmAX__7K7XzYdC-iSPbIX6ogUvKM53XDZ8r5bPg
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_push=AYg5qPLPAScCM5ZIQbfISSONpQAvDt9eNy59jLiEoybKC5R6y9FL1oxhWDkCvmAX__7K7XzYdC-iSPbIX6ogUvKM53XDZ8r5bPg
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_push=AYg5qPLPAScCM5ZIQbfISSONpQAvDt9eNy59jLiEoybKC5R6y9FL1oxhWDkCvmAX__7K7XzYdC-iSPbIX6ogUvKM53XDZ8r5bPg
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_push=AYg5qPLPAScCM5ZIQbfISSONpQAvDt9eNy59jLiEoybKC5R6y9FL1oxhWDkCvmAX__7K7XzYdC-iSPbIX6ogUvKM53XDZ8r5bPg
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_push=AYg5qPLPAScCM5ZIQbfISSONpQAvDt9eNy59jLiEoybKC5R6y9FL1oxhWDkCvmAX__7K7XzYdC-iSPbIX6ogUvKM53XDZ8r5bPg
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_push=AYg5qPLPAScCM5ZIQbfISSONpQAvDt9eNy59jLiEoybKC5R6y9FL1oxhWDkCvmAX__7K7XzYdC-iSPbIX6ogUvKM53XDZ8r5bPg
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_push=AYg5qPLPAScCM5ZIQbfISSONpQAvDt9eNy59jLiEoybKC5R6y9FL1oxhWDkCvmAX__7K7XzYdC-iSPbIX6ogUvKM53XDZ8r5bPg
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_push=AYg5qPLPAScCM5ZIQbfISSONpQAvDt9eNy59jLiEoybKC5R6y9FL1oxhWDkCvmAX__7K7XzYdC-iSPbIX6ogUvKM53XDZ8r5bPg
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_push=AYg5qPLPAScCM5ZIQbfISSONpQAvDt9eNy59jLiEoybKC5R6y9FL1oxhWDkCvmAX__7K7XzYdC-iSPbIX6ogUvKM53XDZ8r5bPg
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_push=AYg5qPLPAScCM5ZIQbfISSONpQAvDt9eNy59jLiEoybKC5R6y9FL1oxhWDkCvmAX__7K7XzYdC-iSPbIX6ogUvKM53XDZ8r5bPg

0
0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 17C3
Redirect Chain

https://sync.1rx.io/usersync2/rmpssp?sub=google&redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dr1%26google_push%3D%5BRX_SPD%5D%26google_hm%3D%5BRX_UUID_B64_BIN%5D&google_gid=CAESEA...
https://cm.g.doubleclick.net/pixel?google_nid=r1&google_push=AYg5qPLVEJRDKPZx3X-lTVjD4I3faKuA38RFDLHCs-MhczEzhdTTw_8y3uVloclI8zU7HHCi3HGErfm01op3zckkU4g1Z7dV6As&google_hm=

170 B
188 B

59ms
56ms

Image
image/png

142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=r1&google_push=AYg5qPLVEJRDKPZx3X-lTVjD4I3faKuA38RFDLHCs-MhczEzhdTTw_8y3uVloclI8zU7HHCi3HGErfm01op3zckkU4g1Z7dV6As&google_hm=

Requested by

Host: 2ee9f9c2d9910c8713dfd6416585c71c.safeframe.googlesyndication.com
URL: https://2ee9f9c2d9910c8713dfd6416585c71c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 28 Jan 2022 13:46:30 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Fri, 28 Jan 2022 13:46:30 GMT
server: Tengine
etag: OPTOUT
content-type: text/html
location: https://cm.g.doubleclick.net/pixel?google_nid=r1&google_push=AYg5qPLVEJRDKPZx3X-lTVjD4I3faKuA38RFDLHCs-MhczEzhdTTw_8y3uVloclI8zU7HHCi3HGErfm01op3zckkU4g1Z7dV6As&google_hm=
cache-control: no-store, no-cache, must-revalidate
expires: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 17C3
Redirect Chain

https://pixel.advertising.com/ups/58202/sync?gdpr=&gdpr_consent=&redir=true&google_gid=CAESEAtNCbi9kV5b8eA-2IAGC5k&google_cver=1&google_push=AYg5qPKBk0WUbmYDiiK5bG5YKZmUuhAPkY-cYHFTjA_xPJ-RuoyIDlu9...
https://ups.analytics.yahoo.com/ups/58202/sync?gdpr=&gdpr_consent=&redir=true&google_gid=CAESEAtNCbi9kV5b8eA-2IAGC5k&google_cver=1&google_push=AYg5qPKBk0WUbmYDiiK5bG5YKZmUuhAPkY-cYHFTjA_xPJ-RuoyIDl...
https://cm.g.doubleclick.net/pixel?google_nid=oath_eb&google_hm=VVBiMjQ4N2NjYS04MDQwLTExZWMtOTNhYS0wNjRjNjJiNGZkNTQ%3D&google_push=AYg5qPKBk0WUbmYDiiK5bG5YKZmUuhAPkY-cYHFTjA_xPJ-RuoyIDlu9LMFcrE3ofF...

170 B
188 B

53ms
50ms

Image
image/png

142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=oath_eb&google_hm=VVBiMjQ4N2NjYS04MDQwLTExZWMtOTNhYS0wNjRjNjJiNGZkNTQ%3D&google_push=AYg5qPKBk0WUbmYDiiK5bG5YKZmUuhAPkY-cYHFTjA_xPJ-RuoyIDlu9LMFcrE3ofFAKvEJWsjNsiP-WCThMwQhiEeGxReiC4_8

Requested by

Host: 2ee9f9c2d9910c8713dfd6416585c71c.safeframe.googlesyndication.com
URL: https://2ee9f9c2d9910c8713dfd6416585c71c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 28 Jan 2022 13:46:30 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=oath_eb&google_hm=VVBiMjQ4N2NjYS04MDQwLTExZWMtOTNhYS0wNjRjNjJiNGZkNTQ%3D&google_push=AYg5qPKBk0WUbmYDiiK5bG5YKZmUuhAPkY-cYHFTjA_xPJ-RuoyIDlu9LMFcrE3ofFAKvEJWsjNsiP-WCThMwQhiEeGxReiC4_8
date: Fri, 28 Jan 2022 13:46:30 GMT
server: ATS/9.1.0.33
age: 0
content-length: 0
strict-transport-security: max-age=31536000
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame 17C3 0
12 B 68ms
67ms Image
text/html 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13L4qSNaixXVGnIu7VM3jY69WmkNNPTJuH0t4pbdICBntb7DhkLCRQMY3W6WxTCLEROXzvwb9Q

Requested by

Host: 2ee9f9c2d9910c8713dfd6416585c71c.safeframe.googlesyndication.com
URL: https://2ee9f9c2d9910c8713dfd6416585c71c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS