nets4.com Open in urlscan Pro
2a06:98c1:3121::7 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://nets4.com/domain/secretofthieves.com
Submission: On March 15 via api (March 15th 2022, 10:02:11 am UTC) from US — Scanned from DE

Summary HTTP 336 Redirects Links 15 Behaviour Indicators

Summary

This website contacted 59 IPs in 6 countries across 43 domains to perform 336 HTTP transactions. The main IP is 2a06:98c1:3121::7, located in United States and belongs to CLOUDFLARENET, US. The main domain is nets4.com.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on April 29th 2021. Valid for: a year.

This is the only time nets4.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
36	2a06:98c1:312... 2a06:98c1:3121::7	13335 (CLOUDFLAR...) (CLOUDFLARENET)
11	2606:4700::68... 2606:4700::6810:135e	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	13.32.99.102 13.32.99.102	16509 (AMAZON-02) (AMAZON-02)
12	2a00:1450:400... 2a00:1450:4001:82b::2004	15169 (GOOGLE) (GOOGLE)
1	2606:4700::68... 2606:4700::6810:5f41	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2a00:1450:400... 2a00:1450:4001:803::200e	15169 (GOOGLE) (GOOGLE)
1	2620:1ec:27::... 2620:1ec:27::cafe:2193	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
6	20.85.30.134 20.85.30.134	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
25	52.205.246.54 52.205.246.54	14618 (AMAZON-AES) (AMAZON-AES)
2	2606:4700:10:... 2606:4700:10::6816:47c5	13335 (CLOUDFLAR...) (CLOUDFLARENET)
6	2a04:4e42:400... 2a04:4e42:400::649	54113 (FASTLY) (FASTLY)
2	2a04:4e42:600... 2a04:4e42:600::649	54113 (FASTLY) (FASTLY)
1 2	52.142.114.2 52.142.114.2	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1 1	2620:1ec:c11:... 2620:1ec:c11::200	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
5	2a00:1450:400... 2a00:1450:4001:827::2003	15169 (GOOGLE) (GOOGLE)
2	2606:4700::68... 2606:4700::6810:5e41	13335 (CLOUDFLAR...) (CLOUDFLARENET)
50	142.250.184.226 142.250.184.226	15169 (GOOGLE) (GOOGLE)
1	184.30.25.193 184.30.25.193	16625 (AKAMAI-AS) (AKAMAI-AS)
2	64.202.112.223 64.202.112.223	23352 (SERVERCEN...) (SERVERCENTRAL)
7	2a00:1450:400... 2a00:1450:4001:830::2002	15169 (GOOGLE) (GOOGLE)
5	2a00:1450:400... 2a00:1450:4001:82f::2002	15169 (GOOGLE) (GOOGLE)
10	2a00:1450:400... 2a00:1450:4001:813::2002	15169 (GOOGLE) (GOOGLE)
8	2a00:1450:400... 2a00:1450:4001:808::2001	15169 (GOOGLE) (GOOGLE)
36	2a00:1450:400... 2a00:1450:400e:80d::2001	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:830::200a	15169 (GOOGLE) (GOOGLE)
1	217.79.188.11 217.79.188.11	24961 (MYLOC-AS ...) (MYLOC-AS IP Backbone of myLoc managed IT AG)
2	217.79.188.54 217.79.188.54	24961 (MYLOC-AS ...) (MYLOC-AS IP Backbone of myLoc managed IT AG)
4	2a00:1450:400... 2a00:1450:4001:802::2002	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:810::2003	15169 (GOOGLE) (GOOGLE)
5	2a00:1450:400... 2a00:1450:4001:82b::2001	15169 (GOOGLE) (GOOGLE)
15 20	142.250.185.98 142.250.185.98	15169 (GOOGLE) (GOOGLE)
5 11	184.30.20.241 184.30.20.241	16625 (AKAMAI-AS) (AKAMAI-AS)
6 9	37.252.172.36 37.252.172.36	29990 (ASN-APPNEX) (ASN-APPNEX)
2	78.46.23.46 78.46.23.46	24940 (HETZNER-AS) (HETZNER-AS)
1	138.201.84.244 138.201.84.244	24940 (HETZNER-AS) (HETZNER-AS)
1 4	138.201.84.245 138.201.84.245	24940 (HETZNER-AS) (HETZNER-AS)
1 4	136.243.149.243 136.243.149.243	24940 (HETZNER-AS) (HETZNER-AS)
26	2a00:1450:400... 2a00:1450:4001:828::2006	15169 (GOOGLE) (GOOGLE)
1 2	3.64.242.218 3.64.242.218	16509 (AMAZON-02) (AMAZON-02)
2	35.244.159.8 35.244.159.8	15169 (GOOGLE) (GOOGLE)
2	104.111.242.245 104.111.242.245	16625 (AKAMAI-AS) (AKAMAI-AS)
1 2	142.250.185.230 142.250.185.230	15169 (GOOGLE) (GOOGLE)
2	142.250.184.194 142.250.184.194	15169 (GOOGLE) (GOOGLE)
3	88.99.165.19 88.99.165.19	24940 (HETZNER-AS) (HETZNER-AS)
1	108.138.15.119 108.138.15.119	16509 (AMAZON-02) (AMAZON-02)
3	151.139.128.11 151.139.128.11	20446 (STACKPATH...) (STACKPATH-CDN)
2	2a00:1450:400... 2a00:1450:4001:813::200a	15169 (GOOGLE) (GOOGLE)
2	85.114.131.233 85.114.131.233	24961 (MYLOC-AS ...) (MYLOC-AS IP Backbone of myLoc managed IT AG)
1 2	2001:678:cb4:... 2001:678:cb4:bbbb::11	56396 (AMOBEE) (AMOBEE)
1	2a02:fa8:8806... 2a02:fa8:8806:16::1370	41041 (VCLK-EU-SE) (VCLK-EU-SE)
1	34.96.105.8 34.96.105.8	15169 (GOOGLE) (GOOGLE)
2 2	18.156.0.31 18.156.0.31	16509 (AMAZON-02) (AMAZON-02)
1	145.239.193.130 145.239.193.130	16276 (OVH) (OVH)
1	88.198.250.30 88.198.250.30	24940 (HETZNER-AS) (HETZNER-AS)
1	54.76.176.197 54.76.176.197	16509 (AMAZON-02) (AMAZON-02)
1	35.71.131.137 35.71.131.137	16509 (AMAZON-02) (AMAZON-02)
2	51.89.20.87 51.89.20.87	16276 (OVH) (OVH)
1 4	54.183.143.74 54.183.143.74	16509 (AMAZON-02) (AMAZON-02)
4 6	35.211.178.172 35.211.178.172	15169 (GOOGLE) (GOOGLE)
1 1	156.154.200.32 156.154.200.32	19907 (NEUSTAR-AS6) (NEUSTAR-AS6)
1 1	18.134.175.161 18.134.175.161	16509 (AMAZON-02) (AMAZON-02)
1 2	54.76.200.156 54.76.200.156	16509 (AMAZON-02) (AMAZON-02)
336	59

36 2a06:98c1:3121::7 (United States)

ASN13335 (CLOUDFLARENET, US)

nets4.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
img.nets4.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
s0.nets4.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 2606:4700::6810:135e (United States)

ASN13335 (CLOUDFLARENET, US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 13.32.99.102 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-32-99-102.fra60.r.cloudfront.net

cdn.purpleads.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 2a00:1450:4001:82b::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:5f41 (United States)

ASN13335 (CLOUDFLARENET, US)

static.cloudflareinsights.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:803::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2620:1ec:27::cafe:2193 (United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

www.clarity.ms	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 20.85.30.134 (Boydton, United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

j.clarity.ms	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

25 52.205.246.54 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-205-246-54.compute-1.amazonaws.com

api.purpleads.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700:10::6816:47c5 (United States)

ASN13335 (CLOUDFLARENET, US)

static.addtoany.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a04:4e42:400::649 (United States)

ASN54113 (FASTLY, US)

a.tile.openstreetmap.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
c.tile.openstreetmap.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a04:4e42:600::649 (United States)

ASN54113 (FASTLY, US)

b.tile.openstreetmap.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.142.114.2 (Dublin, Ireland) 1 redirects

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

c.clarity.ms	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2620:1ec:c11::200 (United States) 1 redirects

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

c.bing.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:827::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6810:5e41 (United States)

ASN13335 (CLOUDFLARENET, US)

cloudflareinsights.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

50 142.250.184.226 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s12-in-f2.1e100.net

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 184.30.25.193 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a184-30-25-193.deploy.static.akamaitechnologies.com

images.outbrainimg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 64.202.112.223 (Leesburg, United States)

ASN23352 (SERVERCENTRAL, US)
PTR: ny.outbrain.com

log.outbrainimg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2a00:1450:4001:830::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:82f::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 2a00:1450:4001:813::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2a00:1450:4001:808::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

274efeac3745f8aadcf775834b09fb6f.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
f57c03fb62f8eeee0edbee0e6d9835ea.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
5cd600e3fb4a5c0fae13201f123d650f.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
ab1a7e5300227e43b7d9e5ad573fa091.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
e18af829038623fb34c15b12baca7053.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

36 2a00:1450:400e:80d::2001 (Ireland)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:830::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 217.79.188.11 (Germany)

ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE)
PTR: imagesrv.adition.com

imagesrv.adition.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 217.79.188.54 (Germany)

ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE)
PTR: aa.adfarm1.adition.com

ad13.adfarm1.adition.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:802::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:810::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:82b::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

cdn.ampproject.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

20 142.250.185.98 (United States) 15 redirects

ASN15169 (GOOGLE, US)
PTR: fra16s49-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 184.30.20.241 (Frankfurt am Main, Germany) 5 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a184-30-20-241.deploy.static.akamaitechnologies.com

dsum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 37.252.172.36 (Frankfurt am Main, Germany) 6 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 692.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 78.46.23.46 (Germany)

ASN24940 (HETZNER-AS, DE)
PTR: static.46.23.46.78.clients.your-server.de

hal9000.redintelligence.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 138.201.84.244 (Germany)

ASN24940 (HETZNER-AS, DE)
PTR: static.244.84.201.138.clients.your-server.de

ad.ad-srv.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 138.201.84.245 (Germany) 1 redirects

ASN24940 (HETZNER-AS, DE)
PTR: static.245.84.201.138.clients.your-server.de

hal900025.redintelligence.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 136.243.149.243 (Germany) 1 redirects

ASN24940 (HETZNER-AS, DE)
PTR: static.243.149.243.136.clients.your-server.de

ad30.ad-srv.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

26 2a00:1450:4001:828::2006 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

s0.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 3.64.242.218 (Frankfurt am Main, Germany) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-3-64-242-218.eu-central-1.compute.amazonaws.com

d.adtriba.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.244.159.8 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 8.159.244.35.bc.googleusercontent.com

us-u.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.111.242.245 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a104-111-242-245.deploy.static.akamaitechnologies.com

sync.teads.tv	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.185.230 (United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: fra16s53-in-f6.1e100.net

8019191.fls.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.184.194 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s11-in-f2.1e100.net

googleads4.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 88.99.165.19 (Germany)

ASN24940 (HETZNER-AS, DE)
PTR: static.19.165.99.88.clients.your-server.de

hal900028.redintelligence.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 108.138.15.119 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-108-138-15-119.fra56.r.cloudfront.net

js.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 151.139.128.11 (United States)

ASN20446 (STACKPATH-CDN, US)

static2.creative-serving.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:813::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

ajax.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 85.114.131.233 (Germany)

ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE)
PTR: srv21037.dus4.fastwebserver.de

cdn.contentspread.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2001:678:cb4:bbbb::11 (United Kingdom) 1 redirects

ASN56396 (AMOBEE, GB)

ad.turn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
r.turn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:fa8:8806:16::1370 (Singapore)

ASN41041 (VCLK-EU-SE, US)

dclk-match.dotomi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.96.105.8 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 8.105.96.34.bc.googleusercontent.com

tr.blismedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 18.156.0.31 (Frankfurt am Main, Germany) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-18-156-0-31.eu-central-1.compute.amazonaws.com

ups.analytics.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 145.239.193.130 (France)

ASN16276 (OVH, FR)

pv.medialead.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 88.198.250.30 (Hamburg, Germany)

ASN24940 (HETZNER-AS, DE)
PTR: static.88-198-250-30.clients.your-server.de

pb.media01.eu	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.76.176.197 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-76-176-197.eu-west-1.compute.amazonaws.com

ad-server.eu	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.71.131.137 (United States)

ASN16509 (AMAZON-02, US)
PTR: a6370ebea231e0c9a.awsglobalaccelerator.com

insight.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 51.89.20.87 (London, United Kingdom)

ASN16276 (OVH, FR)
PTR: p19.id5-sync.com

id5-sync.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 54.183.143.74 (San Jose, United States) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-54-183-143-74.us-west-1.compute.amazonaws.com

ads.creative-serving.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 35.211.178.172 (North Charleston, United States) 4 redirects

ASN15169 (GOOGLE, US)
PTR: 172.178.211.35.bc.googleusercontent.com

x.bidswitch.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 156.154.200.32 (United States) 1 redirects

ASN19907 (NEUSTAR-AS6, US)

adadvisor.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.134.175.161 (London, United Kingdom) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-18-134-175-161.eu-west-2.compute.amazonaws.com

aa.agkn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 54.76.200.156 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-54-76-200-156.eu-west-1.compute.amazonaws.com

dpm.demdex.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
84	googlesyndication.com pagead2.googlesyndication.com — Cisco Umbrella Rank: 90 ab1a7e5300227e43b7d9e5ad573fa091.safeframe.googlesyndication.com Failed 274efeac3745f8aadcf775834b09fb6f.safeframe.googlesyndication.com f57c03fb62f8eeee0edbee0e6d9835ea.safeframe.googlesyndication.com 5cd600e3fb4a5c0fae13201f123d650f.safeframe.googlesyndication.com tpc.googlesyndication.com — Cisco Umbrella Rank: 122 e18af829038623fb34c15b12baca7053.safeframe.googlesyndication.com	434 KB
47	doubleclick.net 16 redirects securepubads.g.doubleclick.net — Cisco Umbrella Rank: 159 googleads.g.doubleclick.net — Cisco Umbrella Rank: 38 cm.g.doubleclick.net — Cisco Umbrella Rank: 176 8019191.fls.doubleclick.net — Cisco Umbrella Rank: 206017 googleads4.g.doubleclick.net — Cisco Umbrella Rank: 276	877 KB
36	nets4.com nets4.com img.nets4.com s0.nets4.com	281 KB
28	purpleads.io cdn.purpleads.io — Cisco Umbrella Rank: 176762 api.purpleads.io — Cisco Umbrella Rank: 157725	45 KB
26	2mdn.net s0.2mdn.net — Cisco Umbrella Rank: 246	124 KB
17	google.com www.google.com — Cisco Umbrella Rank: 2 adservice.google.com — Cisco Umbrella Rank: 57	28 KB
11	casalemedia.com 5 redirects dsum-sec.casalemedia.com — Cisco Umbrella Rank: 496	10 KB
11	cloudflare.com cdnjs.cloudflare.com — Cisco Umbrella Rank: 194	271 KB
9	redintelligence.net 1 redirects hal9000.redintelligence.net — Cisco Umbrella Rank: 28803 hal900025.redintelligence.net — Cisco Umbrella Rank: 222939 hal900028.redintelligence.net — Cisco Umbrella Rank: 180551	19 KB
9	adnxs.com 6 redirects ib.adnxs.com — Cisco Umbrella Rank: 205	9 KB
9	clarity.ms 1 redirects www.clarity.ms — Cisco Umbrella Rank: 916 j.clarity.ms — Cisco Umbrella Rank: 1871 c.clarity.ms — Cisco Umbrella Rank: 547	25 KB
8	openstreetmap.org a.tile.openstreetmap.org — Cisco Umbrella Rank: 13366 b.tile.openstreetmap.org — Cisco Umbrella Rank: 13554 c.tile.openstreetmap.org — Cisco Umbrella Rank: 13588	45 KB
7	creative-serving.com 1 redirects static2.creative-serving.com — Cisco Umbrella Rank: 63081 ads.creative-serving.com — Cisco Umbrella Rank: 3287	15 KB
7	gstatic.com www.gstatic.com fonts.gstatic.com	525 KB
6	bidswitch.net 4 redirects x.bidswitch.net — Cisco Umbrella Rank: 257	3 KB
5	ad-srv.net 1 redirects ad.ad-srv.net — Cisco Umbrella Rank: 33086 ad30.ad-srv.net — Cisco Umbrella Rank: 208258	7 KB
5	ampproject.org cdn.ampproject.org — Cisco Umbrella Rank: 343	111 KB
4	googletagservices.com www.googletagservices.com — Cisco Umbrella Rank: 147	143 KB
4	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 35 ajax.googleapis.com — Cisco Umbrella Rank: 251	65 KB
4	google.de adservice.google.de — Cisco Umbrella Rank: 8832	1 KB
3	adition.com imagesrv.adition.com — Cisco Umbrella Rank: 16139 ad13.adfarm1.adition.com — Cisco Umbrella Rank: 40145	11 KB
3	outbrainimg.com images.outbrainimg.com — Cisco Umbrella Rank: 1845 log.outbrainimg.com — Cisco Umbrella Rank: 1961	57 KB
3	cloudflareinsights.com static.cloudflareinsights.com — Cisco Umbrella Rank: 1207 cloudflareinsights.com — Cisco Umbrella Rank: 1193	5 KB
2	demdex.net 1 redirects dpm.demdex.net — Cisco Umbrella Rank: 184	2 KB
2	id5-sync.com id5-sync.com — Cisco Umbrella Rank: 488	2 KB
2	yahoo.com 2 redirects ups.analytics.yahoo.com — Cisco Umbrella Rank: 268	885 B
2	turn.com 1 redirects ad.turn.com — Cisco Umbrella Rank: 690 r.turn.com — Cisco Umbrella Rank: 2672	869 B
2	contentspread.net cdn.contentspread.net — Cisco Umbrella Rank: 45661	88 KB
2	adsrvr.org js.adsrvr.org — Cisco Umbrella Rank: 1439 insight.adsrvr.org — Cisco Umbrella Rank: 567	3 KB
2	teads.tv sync.teads.tv — Cisco Umbrella Rank: 870	344 B
2	openx.net us-u.openx.net — Cisco Umbrella Rank: 323	366 B
2	adtriba.com 1 redirects d.adtriba.com — Cisco Umbrella Rank: 45822	757 B
2	addtoany.com static.addtoany.com — Cisco Umbrella Rank: 3666	34 KB
2	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 31	20 KB
1	agkn.com 1 redirects aa.agkn.com — Cisco Umbrella Rank: 393	332 B
1	adadvisor.net 1 redirects adadvisor.net — Cisco Umbrella Rank: 6045	241 B
1	ad-server.eu ad-server.eu — Cisco Umbrella Rank: 64653	30 KB
1	media01.eu pb.media01.eu — Cisco Umbrella Rank: 39676	629 B
1	medialead.de pv.medialead.de — Cisco Umbrella Rank: 39406	1 KB
1	blismedia.com tr.blismedia.com — Cisco Umbrella Rank: 2593	173 B
1	dotomi.com dclk-match.dotomi.com — Cisco Umbrella Rank: 2666	104 B
1	bing.com 1 redirects c.bing.com — Cisco Umbrella Rank: 193	553 B
0	netmng.com Failed google2waycm.netmng.com Failed
336	43

	Domain	Requested by
40	pagead2.googlesyndication.com	securepubads.g.doubleclick.net ab1a7e5300227e43b7d9e5ad573fa091.safeframe.googlesyndication.com 274efeac3745f8aadcf775834b09fb6f.safeframe.googlesyndication.com googleads.g.doubleclick.net f57c03fb62f8eeee0edbee0e6d9835ea.safeframe.googlesyndication.com nets4.com tpc.googlesyndication.com e18af829038623fb34c15b12baca7053.safeframe.googlesyndication.com www.googletagservices.com
36	tpc.googlesyndication.com	securepubads.g.doubleclick.net ab1a7e5300227e43b7d9e5ad573fa091.safeframe.googlesyndication.com 274efeac3745f8aadcf775834b09fb6f.safeframe.googlesyndication.com tpc.googlesyndication.com nets4.com googleads.g.doubleclick.net f57c03fb62f8eeee0edbee0e6d9835ea.safeframe.googlesyndication.com cdn.ampproject.org e18af829038623fb34c15b12baca7053.safeframe.googlesyndication.com
26	s0.2mdn.net	nets4.com s0.2mdn.net e18af829038623fb34c15b12baca7053.safeframe.googlesyndication.com
25	api.purpleads.io	cdn.purpleads.io nets4.com
22	img.nets4.com	nets4.com
20	cm.g.doubleclick.net	15 redirects googleads.g.doubleclick.net e18af829038623fb34c15b12baca7053.safeframe.googlesyndication.com
16	securepubads.g.doubleclick.net	cdn.purpleads.io securepubads.g.doubleclick.net nets4.com
12	www.google.com	nets4.com www.gstatic.com www.google.com 274efeac3745f8aadcf775834b09fb6f.safeframe.googlesyndication.com tpc.googlesyndication.com f57c03fb62f8eeee0edbee0e6d9835ea.safeframe.googlesyndication.com e18af829038623fb34c15b12baca7053.safeframe.googlesyndication.com
11	dsum-sec.casalemedia.com	5 redirects googleads.g.doubleclick.net
11	cdnjs.cloudflare.com	nets4.com cdnjs.cloudflare.com
11	nets4.com	nets4.com
9	ib.adnxs.com	6 redirects googleads.g.doubleclick.net
7	googleads.g.doubleclick.net	ab1a7e5300227e43b7d9e5ad573fa091.safeframe.googlesyndication.com nets4.com 274efeac3745f8aadcf775834b09fb6f.safeframe.googlesyndication.com f57c03fb62f8eeee0edbee0e6d9835ea.safeframe.googlesyndication.com e18af829038623fb34c15b12baca7053.safeframe.googlesyndication.com
6	x.bidswitch.net	4 redirects
6	j.clarity.ms	www.clarity.ms j.clarity.ms
5	cdn.ampproject.org	securepubads.g.doubleclick.net
5	adservice.google.com	securepubads.g.doubleclick.net 8019191.fls.doubleclick.net
5	www.gstatic.com	www.google.com
4	ads.creative-serving.com	1 redirects
4	ad30.ad-srv.net	1 redirects ab1a7e5300227e43b7d9e5ad573fa091.safeframe.googlesyndication.com ad30.ad-srv.net
4	hal900025.redintelligence.net	1 redirects 274efeac3745f8aadcf775834b09fb6f.safeframe.googlesyndication.com hal900025.redintelligence.net
4	www.googletagservices.com	ab1a7e5300227e43b7d9e5ad573fa091.safeframe.googlesyndication.com 274efeac3745f8aadcf775834b09fb6f.safeframe.googlesyndication.com f57c03fb62f8eeee0edbee0e6d9835ea.safeframe.googlesyndication.com e18af829038623fb34c15b12baca7053.safeframe.googlesyndication.com
4	adservice.google.de	securepubads.g.doubleclick.net
3	static2.creative-serving.com	ad30.ad-srv.net static2.creative-serving.com
3	hal900028.redintelligence.net	hal9000.redintelligence.net hal900028.redintelligence.net
3	c.tile.openstreetmap.org
3	a.tile.openstreetmap.org
3	s0.nets4.com	nets4.com
3	cdn.purpleads.io	nets4.com
2	dpm.demdex.net	1 redirects
2	id5-sync.com	static2.creative-serving.com
2	ups.analytics.yahoo.com	2 redirects
2	cdn.contentspread.net	hal900025.redintelligence.net hal900028.redintelligence.net
2	ajax.googleapis.com	hal900025.redintelligence.net hal900028.redintelligence.net
2	googleads4.g.doubleclick.net	nets4.com
2	8019191.fls.doubleclick.net	1 redirects nets4.com
2	sync.teads.tv	googleads.g.doubleclick.net
2	us-u.openx.net	googleads.g.doubleclick.net
2	d.adtriba.com	1 redirects e18af829038623fb34c15b12baca7053.safeframe.googlesyndication.com
2	hal9000.redintelligence.net	274efeac3745f8aadcf775834b09fb6f.safeframe.googlesyndication.com f57c03fb62f8eeee0edbee0e6d9835ea.safeframe.googlesyndication.com
2	e18af829038623fb34c15b12baca7053.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
2	fonts.gstatic.com	fonts.googleapis.com
2	ad13.adfarm1.adition.com	ab1a7e5300227e43b7d9e5ad573fa091.safeframe.googlesyndication.com ad13.adfarm1.adition.com
2	fonts.googleapis.com	cdn.purpleads.io securepubads.g.doubleclick.net
2	f57c03fb62f8eeee0edbee0e6d9835ea.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
2	274efeac3745f8aadcf775834b09fb6f.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
2	log.outbrainimg.com	nets4.com
2	cloudflareinsights.com	static.cloudflareinsights.com
2	c.clarity.ms	1 redirects
2	b.tile.openstreetmap.org
2	static.addtoany.com	nets4.com
2	www.google-analytics.com	nets4.com www.google-analytics.com
1	aa.agkn.com	1 redirects
1	adadvisor.net	1 redirects
1	insight.adsrvr.org	js.adsrvr.org
1	ad-server.eu	ad30.ad-srv.net
1	pb.media01.eu	pv.medialead.de
1	pv.medialead.de	ad30.ad-srv.net
1	tr.blismedia.com	e18af829038623fb34c15b12baca7053.safeframe.googlesyndication.com
1	dclk-match.dotomi.com	e18af829038623fb34c15b12baca7053.safeframe.googlesyndication.com
1	r.turn.com	e18af829038623fb34c15b12baca7053.safeframe.googlesyndication.com
1	ad.turn.com	1 redirects
1	js.adsrvr.org	ad30.ad-srv.net
1	ad.ad-srv.net	nets4.com
1	imagesrv.adition.com	ab1a7e5300227e43b7d9e5ad573fa091.safeframe.googlesyndication.com
1	5cd600e3fb4a5c0fae13201f123d650f.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
1	ab1a7e5300227e43b7d9e5ad573fa091.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
1	images.outbrainimg.com	nets4.com
1	c.bing.com	1 redirects
1	www.clarity.ms	nets4.com
1	static.cloudflareinsights.com	nets4.com
0	google2waycm.netmng.com Failed	e18af829038623fb34c15b12baca7053.safeframe.googlesyndication.com
336	72

This site contains links to these domains. Also see Links.

Domain
blog.nets4.com
link.nets4.com
secretofthieves.com
leafletjs.com
www.openstreetmap.org
www.addtoany.com

Subject Issuer	Validity	Valid
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2021-04-29` - `2022-04-28`	a year	crt.sh
*.purpleads.io Amazon	`2021-12-01` - `2022-12-29`	a year	crt.sh
www.google.com GTS CA 1C3	`2022-02-17` - `2022-05-12`	3 months	crt.sh
*.google-analytics.com GTS CA 1C3	`2022-02-17` - `2022-05-12`	3 months	crt.sh
www.clarity.ms DigiCert TLS RSA SHA256 2020 CA1	`2022-02-27` - `2023-02-27`	a year	crt.sh
a.clarity.ms Microsoft RSA TLS CA 01	`2021-07-27` - `2022-07-27`	a year	crt.sh
*.tile.openstreetmap.org GlobalSign Atlas R3 DV TLS CA H2 2021	`2021-11-26` - `2022-12-28`	a year	crt.sh
*.gstatic.com GTS CA 1C3	`2022-02-17` - `2022-05-12`	3 months	crt.sh
*.google.com GTS CA 1C3	`2022-02-17` - `2022-05-12`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2022-02-28` - `2022-05-23`	3 months	crt.sh
*.outbrainimg.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-03-11` - `2023-03-15`	a year	crt.sh
*.google.de GTS CA 1C3	`2022-02-17` - `2022-05-12`	3 months	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2022-02-17` - `2022-05-12`	3 months	crt.sh
upload.video.google.com GTS CA 1C3	`2022-02-17` - `2022-05-12`	3 months	crt.sh
*.adition.com AlphaSSL CA - SHA256 - G2	`2021-04-15` - `2022-05-17`	a year	crt.sh
*.adfarm1.adition.com AlphaSSL CA - SHA256 - G2	`2021-05-21` - `2022-06-22`	a year	crt.sh
misc-sni.google.com GTS CA 1C3	`2022-02-17` - `2022-05-12`	3 months	crt.sh
redintelligence.net R3	`2022-01-27` - `2022-04-27`	3 months	crt.sh
ad-srv.net R3	`2022-01-27` - `2022-04-27`	3 months	crt.sh
*.doubleclick.net GTS CA 1C3	`2022-02-17` - `2022-05-12`	3 months	crt.sh
*.openx.net GeoTrust RSA CA 2018	`2021-07-08` - `2022-08-08`	a year	crt.sh
teads.tv R3	`2022-01-03` - `2022-04-03`	3 months	crt.sh
*.adsrvr.org GlobalSign GCC R3 DV TLS CA 2020	`2021-03-18` - `2022-04-19`	a year	crt.sh
static2.creative-serving.com Sectigo RSA Domain Validation Secure Server CA	`2021-09-10` - `2022-09-10`	a year	crt.sh
contentspread.net R3	`2022-01-27` - `2022-04-27`	3 months	crt.sh
*.dotomi.com GlobalSign RSA OV SSL CA 2018	`2021-08-10` - `2022-09-11`	a year	crt.sh
tr.blismedia.com GTS CA 1D4	`2022-02-20` - `2022-05-21`	3 months	crt.sh
pv.medialead.de R3	`2022-02-20` - `2022-05-21`	3 months	crt.sh
*.media01.eu RapidSSL TLS DV RSA Mixed SHA256 2020 CA-1	`2021-05-27` - `2022-05-27`	a year	crt.sh
ad-server.eu R3	`2022-02-13` - `2022-05-14`	3 months	crt.sh
*.id5-sync.com R3	`2022-03-08` - `2022-06-06`	3 months	crt.sh

This page contains 46 frames:

Primary Page: https://nets4.com/domain/secretofthieves.com
Frame ID: B2364E68095D230AE721AF1BEBCCE2A5
Requests: 86 HTTP requests in this frame

Frame: https://static.addtoany.com/menu/sm.22.html
Frame ID: 362DB5ED5E17284EE4BA7339A89CE130
Requests: 1 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LdBUMUZAAAAAK9sWAfAA-Kd5C0Y4AGlWbDlHXpD&co=aHR0cHM6Ly9uZXRzNC5jb206NDQz&hl=de&v=85AXn53af-oJBEtL2o2WpAjZ&size=normal&cb=6n151wvz2euv
Frame ID: 236EE98A59F071E2FB9FE6DA6ED748A7
Requests: 4 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/tag/js/gpt.js
Frame ID: 8440033C0E5244578FF0B5CBBE2D8EDF
Requests: 8 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/tag/js/gpt.js
Frame ID: D732F44306153AC18CC09FA197D4E0A9
Requests: 8 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/tag/js/gpt.js
Frame ID: 207EDBB686E81E381ABE2194F694FB53
Requests: 6 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/tag/js/gpt.js
Frame ID: DADC53D184055943BB81DB8DDE4886CD
Requests: 8 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/bframe?hl=de&v=85AXn53af-oJBEtL2o2WpAjZ&k=6LdBUMUZAAAAAK9sWAfAA-Kd5C0Y4AGlWbDlHXpD
Frame ID: 628633B780019F8842CA9BE862C7D7B4
Requests: 3 HTTP requests in this frame

Frame: data://truncated
Frame ID: 19E41FED69E59CF1BA4ACFB48982F890
Requests: 5 HTTP requests in this frame

Frame: https://ab1a7e5300227e43b7d9e5ad573fa091.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1
Frame ID: E160B02742B697F54DBD25EB36376C69
Requests: 1 HTTP requests in this frame

Frame: https://274efeac3745f8aadcf775834b09fb6f.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1
Frame ID: F70E5C39D941290D38ECD57765A7D1F7
Requests: 1 HTTP requests in this frame

Frame: https://f57c03fb62f8eeee0edbee0e6d9835ea.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1
Frame ID: 80371747CD449CF91756EB619FB323D9
Requests: 1 HTTP requests in this frame

Frame: https://5cd600e3fb4a5c0fae13201f123d650f.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1
Frame ID: D66EF808CDE51560F956F877F89E264F
Requests: 1 HTTP requests in this frame

Frame: https://ab1a7e5300227e43b7d9e5ad573fa091.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1
Frame ID: 606663B9C578D96B10F1C6F4A56E1E8C
Requests: 26 HTTP requests in this frame

Frame: https://fonts.googleapis.com/css?family=Lato&display=swap
Frame ID: 754DF463FDFBD43B2B8F59985CCC7D4B
Requests: 10 HTTP requests in this frame

Frame: https://274efeac3745f8aadcf775834b09fb6f.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1
Frame ID: 6569AFADBA136E2F61802ED06DD65F52
Requests: 12 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CMmp1wIQ19vYAhidgrrEATAB&v=APEucNWL2sqs8qDwXbHIATltCTmkoM40VjYagVb6kLepId-t0qE55Yj4T0jAk0xoYQ1a5X9eHgz48bdss40-tObG6e5v0jDN5sMhqkdcDvHCZrdBM98cXFcKR2zOO6gl3QBwaNaY8PzDIkB45K7QSIT9JNxSRLX0z4rfZn8RFgfAKzvLJOZXpK8
Frame ID: 55DE08B28CAECD90F7B35C9BB333F5F6
Requests: 5 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhCn9EsYvNLFlQEwAQ&v=APEucNWlYTD4_iqyl_aUV4E8QH4v-Au0eEKf8AWpC86_rhOnFT71bHA65u_gDtcdV736rfT2opgMTjq7UgCIPqhIbB2p5_LZTtDKVFxEMXll2M6VaY73rJU_t_xp87PD73DQyn3xyf2vK5Xi5pDvcGR70tSFyh27CLiJmSj_RP5GwGC8z-7JBhE
Frame ID: 8F70053C81B2CCF79CC42E8AF785D6FF
Requests: 5 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 43D692A457847E23F382DBCFAF7C2360
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 495FA5C7A8C3F1842C4836D5C7D5F451
Requests: 2 HTTP requests in this frame

Frame: https://cdn.ampproject.org/rtv/012202142035000/amp4ads-v0.mjs
Frame ID: 53DD384BBFCDA7886BCDC4F063CA7CE0
Requests: 17 HTTP requests in this frame

Frame: https://f57c03fb62f8eeee0edbee0e6d9835ea.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1
Frame ID: CC4CB7583423771CD3D03ECD9540024E
Requests: 12 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 9479A10107A739E93AEF571D435C73FF
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: AD8D7DA3E61507D620050D98FCB8F148
Requests: 2 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 76ADA82E8D52D881044A2F028C99196D
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 32B1884C7CC43A53FE208CA07A26F241
Requests: 2 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: FB5378B443CC8A1E2E5F4226699855D7
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 072EE727DE3C6D050FA2C60722A60840
Requests: 2 HTTP requests in this frame

Frame: https://e18af829038623fb34c15b12baca7053.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1
Frame ID: B5D07A7B328CA6C406D3896C43CC916E
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhCn9EsYvNLFlQEwAQ&v=APEucNX-BMh-bn0EYwRW_lW6zU82ZYo3nKQ13o3uN0bnwA0tQxIkNT0PZD5_VXGACzVGpq6t68wk_w0cUCce-ioPpy4_P4I-ZfD3mCLceTzRpM-SBKpGnYHv0sBGEUUofgRAcbFV32oPrpACHBt7SIBSlPZEVk-VSYJBqZQanHdpIrblaRP_r0w
Frame ID: 47C4BC6A26F646D44E2A30DDF9E6F812
Requests: 5 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 24DF14BD138A98EB6DD62825D9ED47EB
Requests: 3 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 833CDCE211B4B7D2D6997DB2F8BF2B41
Requests: 3 HTTP requests in this frame

Frame: https://e18af829038623fb34c15b12baca7053.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1
Frame ID: 879EAB0B4CA3B33146886B6ECD2580E8
Requests: 15 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPjqRhC5lOngAhjLzZmxATAB&v=APEucNWqKzhZgV3NsfrC5U1EMaK6DfCk64QNDfr1ZbxU7Q5HjyMSvy6DtL72iud5AIUO9lk8XQSavkB6q7M0d5kuBjY9W6NlKjHq7DSueTO7yyUtxDvwHNQzLqC-I75XX2fWzcoYdcQcooVNVivtWcLrfFg28SHDJnnKqkbiuDw03DCX1Rmwc4w
Frame ID: F945E03781A43B9F8BDC07C8D13D5542
Requests: 5 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: B25BC762046C684BDB78BC5973CE325E
Requests: 3 HTTP requests in this frame

Frame: https://8019191.fls.doubleclick.net/activityi;dc_pre=CO2d15rux_YCFSdAHQkdtRkCBw;src=8019191;type=invmedia;cat=1up4h04i;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=4512883054029.222
Frame ID: B06286292835F854BE36DA2E344CD4B5
Requests: 2 HTTP requests in this frame

Frame: https://hal900025.redintelligence.net/request_content.php?s=80048500073524600710612011899025&a=eba617cb
Frame ID: C2E94113E46E31B107EAF11190356DA5
Requests: 5 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 79F244ED186FCF0E3FE5D3349A72673B
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 4F495702EFB45323D84B87F630A65D4B
Requests: 2 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/2753383143326280557/index.html
Frame ID: 1C312DD5C7851AE4CEFBE0849CDA002C
Requests: 24 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 5E09BF79462E99F3BB18B980042BED9D
Requests: 9 HTTP requests in this frame

Frame: https://hal900028.redintelligence.net/request_content.php?s=67083300076119400710612011899028&a=1839b5aa
Frame ID: 127AE27F2E5368A89E65917808B016D4
Requests: 5 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: F363FDCEFC03002A829F6EA25CBCA8AE
Requests: 3 HTTP requests in this frame

Frame: https://ad30.ad-srv.net/request_content.php?s=12485700074866400383828011899030&a=d5ddb445
Frame ID: 758C7437A4C4E65FB1AAFE3BEDFB7692
Requests: 4 HTTP requests in this frame

Frame: https://pb.media01.eu/view.aspx?trackid=529D4F146E3238B0FD87AE72E1190AD4&dt_subid1=50099&dt_subid2=12485700074866400383828011899030&actionid=981741&produktid=&dt_url=
Frame ID: F251D8EAF696C56C25DC95EAC90774FB
Requests: 1 HTTP requests in this frame

Frame: https://insight.adsrvr.org/track/up?adv=4qqx4oo&ref=https%3A%2F%2Fnets4.com%2F&upid=t9831l4&upv=1.1.0
Frame ID: 7BC5F15E3CCA44B9307C30BB78C83A41
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Secretofthieves domain statistics - Secretofthieves.com

Detected technologies

Leaflet (Maps) Expand

Overall confidence: 100%
Detected patterns

leaflet.{0,32}\.js

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

AppNexus (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.(?:net|com)

Cloudflare Browser Insights (Analytics) Expand

Overall confidence: 100%
Detected patterns

static\.cloudflareinsights\.com/beacon(?:\.min)?\.js

DoubleClick Campaign Manager (DCM) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

2mdn\.net

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/
2mdn\.net

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

OpenX (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.openx\.net

Popper (Miscellaneous) Expand

Overall confidence: 100%
Detected patterns

<script [^>]*src="[^"]*/popper\.js/([0-9.]+)
/popper\.js/([0-9.]+)

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

/([\d.]+)/jquery(?:\.min)?\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

reCAPTCHA (Captchas) Expand

Overall confidence: 100%
Detected patterns

/recaptcha/api\.js

Page Statistics

336
Requests

91 %
HTTPS

40 %
IPv6

43
Domains

72
Subdomains

59
IPs

6
Countries

3272 kB
Transfer

7918 kB
Size

47
Cookies

15 Outgoing links

These are links going to different origins than the main page.

URL: https://blog.nets4.com/
Title: Blog

Search URL Search Domain Scan URL

URL: https://link.nets4.com/digitalocean

Search URL Search Domain Scan URL

URL: https://link.nets4.com/google
Title: Signin to Nets4.com

Search URL Search Domain Scan URL

URL: http://secretofthieves.com/?utm_source=nets4.com&utm_medium=referral&utm_campaign=domain_page
Title: secretofthieves.com

Search URL Search Domain Scan URL

URL: https://leafletjs.com/
Title: Leaflet

Search URL Search Domain Scan URL

URL: https://www.openstreetmap.org/copyright
Title: OpenStreetMap

Search URL Search Domain Scan URL

URL: https://blog.nets4.com/p/privacy-policy.html
Title: Privacy

Search URL Search Domain Scan URL

URL: https://blog.nets4.com/p/about.html
Title: About Us

Search URL Search Domain Scan URL

URL: https://link.nets4.com/facebook

Search URL Search Domain Scan URL

URL: https://link.nets4.com/twitter

Search URL Search Domain Scan URL

URL: https://link.nets4.com/youtube

Search URL Search Domain Scan URL

URL: https://link.nets4.com/instagram

Search URL Search Domain Scan URL

URL: https://link.nets4.com/quora

Search URL Search Domain Scan URL

URL: https://link.nets4.com/pinterest

Search URL Search Domain Scan URL

URL: https://www.addtoany.com/
Title: AddToAny

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 67

https://c.clarity.ms/c.gif HTTP 302
https://c.bing.com/c.gif?CtsSyncId=F3B85C00E8BD4002B028A8D161B517D1&RedC=c.clarity.ms&MXFR=14FD26EB018B6EAE309A3783058B604E HTTP 302
https://c.clarity.ms/c.gif?CtsSyncId=F3B85C00E8BD4002B028A8D161B517D1&MUID=2B4C9FBB567663C808F88ED357A46224

Request Chain 173

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEPFPSOytBkpgFiuhzkc56XY&google_cver=1

Request Chain 174

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YjBkFx3lG9aMh5s71FH9cwAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEPFPSOytBkpgFiuhzkc56XY&google_cver=1

Request Chain 175

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESEKyTQjFsnvbVSkYHwS3W5xY&google_cver=1 HTTP 307
https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESEKyTQjFsnvbVSkYHwS3W5xY%26google_cver%3D1

Request Chain 176

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MjQwMDEyNDMyOTUxMjU5NjY4OA%3D%3D

Request Chain 189

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEPFPSOytBkpgFiuhzkc56XY&google_cver=1

Request Chain 190

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YjBkFx3lG9aMh5s71FH9cwAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEPFPSOytBkpgFiuhzkc56XY&google_cver=1

Request Chain 191

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESEKyTQjFsnvbVSkYHwS3W5xY&google_cver=1

Request Chain 192

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=Njg5ODY1MzQ2ODc5MjcwMDE5OA%3D%3D

Request Chain 216

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEPFPSOytBkpgFiuhzkc56XY&google_cver=1

Request Chain 217

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YjBkFx3lG9aMh5s71FH9cwAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEPFPSOytBkpgFiuhzkc56XY&google_cver=1

Request Chain 218

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESEKyTQjFsnvbVSkYHwS3W5xY&google_cver=1

Request Chain 219

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MjQwMDEyNDMyOTUxMjU5NjY4OA%3D%3D

Request Chain 222

https://hal900025.redintelligence.net/request.php?zone=4727t6qteyti&nw=20&renderingType=javascript&namespace=1f40ae63b5&subid=&uid=cf8fee8512c350b8&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=728x90&scrollPos=0x0&extData[]=&envData=&gdpr=-1&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCq1X1FmQwYt-0Jo2t3wOT_qegDrXN-YNX_Ni5q-UM8C4QASC52_MmYJWKooKwB8gBCakCCcPyHGBssj6oAwGqBNMBT9DIg2LdsS-0sv46Lkr8VGO8Kzop0nuEnC5ZZ78FX3T4puvDVF1RVm84EFBtep4Llboe6YAkQzInMFKFKW197CBrMVw8Q1PXD6dV_R2URBbr9xMXpV8yZDgO0OOh_4tocN8ZFfmYMZ6VbwEWu52nBxYDr8_ojkXTANYLlIBALRr5R98PEm5mn2OBc89hfaMlj5vLfUGaueOMKHsMksMU8mTXu7uNnqLJ1mSYxKGPdvTF2o-Pq8Ac0KKsBAtOLL_hiwO0YuHmoOBE9FRN1-YOQJWHOMAEqp38vs8B4AQDkAYBoAZNgAfr5-heqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhuoB_PRG6gHltgbqAeqm7ECqAffn7EC2AcA0ggJCIjhgBAQARgd8ggbYWR4LXN1YnN5bi00ODIzOTY5OTg1MDgyMTM2gAoDmAsByAsBgAwBsBPcmesN0BMA2BMD2BQB0BUB-BYBgBcB%26ae%3D1%26num%3D1%26cid%3DCAASKORomW0dAQeQXzatJpxSr4yTWo4y5fsE4QVUpFNyNw2DrFptxwdgQ5w%26sig%3DAOD64_0DYEluLGGkcKyfL4w4CHGQBg8_2g%26client%3Dca-pub-4903453974745530%26dbm_c%3DAKAmf-DWCpR_fwI_iKmAUVENw2FLN553m6FV9iyv_NvtVH4RNhDiMN0HymAunflXs8lydBCyt1iPEy4TCDRRSTiHpkZcpXtW2MMwPHko1ZlQTETDj40PLWx5pusHLmffadwMf_QBUjJXPF42QRf0pxz7oTzNqRWQJg%26cry%3D1%26dbm_d%3DAKAmf-Aj2yUFFpltBiYHXMbh6kxnFhzis8HqoUM5WGRTpyYioRuMxWd4TIERH9hQHDW2k23ughJG_pmNccfaKen305H3TEMHzY8qcCvyq_Fi8XvBAxd4Hve8ppvu22rxeherz_ckrin7KS1zswJM4VP4tfC1X1_EPZu6Njha0eZacrRZAKBR9k2FvnlghnFI-jsYX8z6I2zWh41tJxDekl9cP-NhNwCx-x0VHGbipaH3X9rTF--14cIbdMAdFJX6hcsjDdLjjPGvLNSuQSs4VK__vMw4WTB25I-fkyCD6JfyS2vX03CKmL6IoDtO1k9IESsblH7sqMkZt7xtb4eN6oB-5gzza8YBEbOVO-qNd4Qj0oHALz6Iwv3yLZQ13BfcGTEOyeJGiziEz9okZI1g0j3wuUJILV9Z2NL4gNuw5Quln2rAIBgFD9yoTgF2sTO0a8Ng3zjSZ2PoDg43YtYkP-3fJAKoL7os8gzzdkhMIj4mKbJjpqg9-0y9WBvp6ibKKMDh_GCdUuit%26adurl%3D&documentReferer=https%3A%2F%2Fnets4.com%2F&ancestorOrigins=https%3A%2F%2Fnets4.com%2Chttps%3A%2F%2Fnets4.com&random=174536997210&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0 HTTP 302
https://hal900025.redintelligence.net/request.php?zone=4727t6qteyti&nw=20&renderingType=javascript&namespace=1f40ae63b5&subid=&uid=cf8fee8512c350b8&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=728x90&scrollPos=0x0&extData[]=&envData=&gdpr=-1&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCq1X1FmQwYt-0Jo2t3wOT_qegDrXN-YNX_Ni5q-UM8C4QASC52_MmYJWKooKwB8gBCakCCcPyHGBssj6oAwGqBNMBT9DIg2LdsS-0sv46Lkr8VGO8Kzop0nuEnC5ZZ78FX3T4puvDVF1RVm84EFBtep4Llboe6YAkQzInMFKFKW197CBrMVw8Q1PXD6dV_R2URBbr9xMXpV8yZDgO0OOh_4tocN8ZFfmYMZ6VbwEWu52nBxYDr8_ojkXTANYLlIBALRr5R98PEm5mn2OBc89hfaMlj5vLfUGaueOMKHsMksMU8mTXu7uNnqLJ1mSYxKGPdvTF2o-Pq8Ac0KKsBAtOLL_hiwO0YuHmoOBE9FRN1-YOQJWHOMAEqp38vs8B4AQDkAYBoAZNgAfr5-heqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhuoB_PRG6gHltgbqAeqm7ECqAffn7EC2AcA0ggJCIjhgBAQARgd8ggbYWR4LXN1YnN5bi00ODIzOTY5OTg1MDgyMTM2gAoDmAsByAsBgAwBsBPcmesN0BMA2BMD2BQB0BUB-BYBgBcB%26ae%3D1%26num%3D1%26cid%3DCAASKORomW0dAQeQXzatJpxSr4yTWo4y5fsE4QVUpFNyNw2DrFptxwdgQ5w%26sig%3DAOD64_0DYEluLGGkcKyfL4w4CHGQBg8_2g%26client%3Dca-pub-4903453974745530%26dbm_c%3DAKAmf-DWCpR_fwI_iKmAUVENw2FLN553m6FV9iyv_NvtVH4RNhDiMN0HymAunflXs8lydBCyt1iPEy4TCDRRSTiHpkZcpXtW2MMwPHko1ZlQTETDj40PLWx5pusHLmffadwMf_QBUjJXPF42QRf0pxz7oTzNqRWQJg%26cry%3D1%26dbm_d%3DAKAmf-Aj2yUFFpltBiYHXMbh6kxnFhzis8HqoUM5WGRTpyYioRuMxWd4TIERH9hQHDW2k23ughJG_pmNccfaKen305H3TEMHzY8qcCvyq_Fi8XvBAxd4Hve8ppvu22rxeherz_ckrin7KS1zswJM4VP4tfC1X1_EPZu6Njha0eZacrRZAKBR9k2FvnlghnFI-jsYX8z6I2zWh41tJxDekl9cP-NhNwCx-x0VHGbipaH3X9rTF--14cIbdMAdFJX6hcsjDdLjjPGvLNSuQSs4VK__vMw4WTB25I-fkyCD6JfyS2vX03CKmL6IoDtO1k9IESsblH7sqMkZt7xtb4eN6oB-5gzza8YBEbOVO-qNd4Qj0oHALz6Iwv3yLZQ13BfcGTEOyeJGiziEz9okZI1g0j3wuUJILV9Z2NL4gNuw5Quln2rAIBgFD9yoTgF2sTO0a8Ng3zjSZ2PoDg43YtYkP-3fJAKoL7os8gzzdkhMIj4mKbJjpqg9-0y9WBvp6ibKKMDh_GCdUuit%26adurl%3D&documentReferer=https%3A%2F%2Fnets4.com%2F&ancestorOrigins=https%3A%2F%2Fnets4.com%2Chttps%3A%2F%2Fnets4.com&random=174536997210&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0&uidRedirect=1

Request Chain 231

https://ad30.ad-srv.net/request.php?zone=0s3p1fkb96mt&nw=11&renderingType=javascript&namespace=565662a7fc&subid=&uid=2406ad0a285289fc&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=728x90&scrollPos=0x0&extData[]=&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=&documentReferer=https%3A%2F%2Fnets4.com%2F&ancestorOrigins=https%3A%2F%2Fnets4.com%2Chttps%3A%2F%2Fnets4.com&random=8049008805720&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0 HTTP 302
https://ad30.ad-srv.net/request.php?zone=0s3p1fkb96mt&nw=11&renderingType=javascript&namespace=565662a7fc&subid=&uid=2406ad0a285289fc&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=728x90&scrollPos=0x0&extData[]=&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=&documentReferer=https%3A%2F%2Fnets4.com%2F&ancestorOrigins=https%3A%2F%2Fnets4.com%2Chttps%3A%2F%2Fnets4.com&random=8049008805720&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0&uidRedirect=1

Request Chain 237

https://d.adtriba.com/collect?atb_ptid=e774d0b4&atb_dpuid=nayoki&atb_dcaid=display-pp_paket_s_alw-on HTTP 302
https://d.adtriba.com/px.gif

Request Chain 246

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_dbm HTTP 302
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESELWozsqmmEsqTWIewOHXmyA&google_cver=1

Request Chain 248

https://cm.g.doubleclick.net/pixel?google_nid=teadstv_dbm&google_cm&google_dbm HTTP 302
https://sync.teads.tv/um?eid=3&uid=CAESEMdywhitQ7pp3lczITNhpeg&google_cver=1

Request Chain 250

https://8019191.fls.doubleclick.net/activityi;src=8019191;type=invmedia;cat=1up4h04i;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=4512883054029.222 HTTP 302
https://8019191.fls.doubleclick.net/activityi;dc_pre=CO2d15rux_YCFSdAHQkdtRkCBw;src=8019191;type=invmedia;cat=1up4h04i;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=4512883054029.222

Request Chain 274

https://ad.turn.com/r/cs?pid=3&google_gid=CAESEBzwd33NIqFzX_sBCdHiY2Y&google_cver=1&google_push=AYg5qPKxxr7W0LtCDl0UXaGw7U2t9vx_iR2nlvwD_LCYGmyGzEdnqmeG89dudW4milAqt1EWmZwM5oVWkcKBlsimYRNwqDoIWLuL HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=turn1&google_cm&google_sc&google_hm=MjU0NDIwNzY5MjA5NzAzNjU4OA==&gdpr=&gdpr_consent= HTTP 302
https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?gdpr=&gdpr_consent=&google_gid=CAESEBzwd33NIqFzX_sBCdHiY2Y&google_cver=1

Request Chain 278

https://match.360yield.com/match/ebda?google_gid=CAESEOqCTCyh9w9NbgfvwFM3lcY&google_cver=1&google_push=AYg5qPLpQbB8tH5HV7IyCm6Eo39WUof2UhYyp3fiVZz7Gr3ZCwOrJmEjG1SJDSZ2jwA3CiTbRRFzvlIH6Fd28wBISGmFwd-iBuQ4 HTTP 302
https://match.360yield.com/ul_cb/match/ebda?google_gid=CAESEOqCTCyh9w9NbgfvwFM3lcY&google_cver=1&google_push=AYg5qPLpQbB8tH5HV7IyCm6Eo39WUof2UhYyp3fiVZz7Gr3ZCwOrJmEjG1SJDSZ2jwA3CiTbRRFzvlIH6Fd28wBISGmFwd-iBuQ4 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=v3jNNAFmTJGVHwy6c2gSKQ&google_push=AYg5qPLpQbB8tH5HV7IyCm6Eo39WUof2UhYyp3fiVZz7Gr3ZCwOrJmEjG1SJDSZ2jwA3CiTbRRFzvlIH6Fd28wBISGmFwd-iBuQ4 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=v3jNNAFmTJGVHwy6c2gSKQ&google_push=AYg5qPLpQbB8tH5HV7IyCm6Eo39WUof2UhYyp3fiVZz7Gr3ZCwOrJmEjG1SJDSZ2jwA3CiTbRRFzvlIH6Fd28wBISGmFwd-iBuQ4 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=v3jNNAFmTJGVHwy6c2gSKQ&google_push=AYg5qPLpQbB8tH5HV7IyCm6Eo39WUof2UhYyp3fiVZz7Gr3ZCwOrJmEjG1SJDSZ2jwA3CiTbRRFzvlIH6Fd28wBISGmFwd-iBuQ4 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=v3jNNAFmTJGVHwy6c2gSKQ&google_push=AYg5qPLpQbB8tH5HV7IyCm6Eo39WUof2UhYyp3fiVZz7Gr3ZCwOrJmEjG1SJDSZ2jwA3CiTbRRFzvlIH6Fd28wBISGmFwd-iBuQ4 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=v3jNNAFmTJGVHwy6c2gSKQ&google_push=AYg5qPLpQbB8tH5HV7IyCm6Eo39WUof2UhYyp3fiVZz7Gr3ZCwOrJmEjG1SJDSZ2jwA3CiTbRRFzvlIH6Fd28wBISGmFwd-iBuQ4 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=v3jNNAFmTJGVHwy6c2gSKQ&google_push=AYg5qPLpQbB8tH5HV7IyCm6Eo39WUof2UhYyp3fiVZz7Gr3ZCwOrJmEjG1SJDSZ2jwA3CiTbRRFzvlIH6Fd28wBISGmFwd-iBuQ4 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=v3jNNAFmTJGVHwy6c2gSKQ&google_push=AYg5qPLpQbB8tH5HV7IyCm6Eo39WUof2UhYyp3fiVZz7Gr3ZCwOrJmEjG1SJDSZ2jwA3CiTbRRFzvlIH6Fd28wBISGmFwd-iBuQ4 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=v3jNNAFmTJGVHwy6c2gSKQ&google_push=AYg5qPLpQbB8tH5HV7IyCm6Eo39WUof2UhYyp3fiVZz7Gr3ZCwOrJmEjG1SJDSZ2jwA3CiTbRRFzvlIH6Fd28wBISGmFwd-iBuQ4 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=v3jNNAFmTJGVHwy6c2gSKQ&google_push=AYg5qPLpQbB8tH5HV7IyCm6Eo39WUof2UhYyp3fiVZz7Gr3ZCwOrJmEjG1SJDSZ2jwA3CiTbRRFzvlIH6Fd28wBISGmFwd-iBuQ4 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=v3jNNAFmTJGVHwy6c2gSKQ&google_push=AYg5qPLpQbB8tH5HV7IyCm6Eo39WUof2UhYyp3fiVZz7Gr3ZCwOrJmEjG1SJDSZ2jwA3CiTbRRFzvlIH6Fd28wBISGmFwd-iBuQ4 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=v3jNNAFmTJGVHwy6c2gSKQ&google_push=AYg5qPLpQbB8tH5HV7IyCm6Eo39WUof2UhYyp3fiVZz7Gr3ZCwOrJmEjG1SJDSZ2jwA3CiTbRRFzvlIH6Fd28wBISGmFwd-iBuQ4 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=v3jNNAFmTJGVHwy6c2gSKQ&google_push=AYg5qPLpQbB8tH5HV7IyCm6Eo39WUof2UhYyp3fiVZz7Gr3ZCwOrJmEjG1SJDSZ2jwA3CiTbRRFzvlIH6Fd28wBISGmFwd-iBuQ4 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=v3jNNAFmTJGVHwy6c2gSKQ&google_push=AYg5qPLpQbB8tH5HV7IyCm6Eo39WUof2UhYyp3fiVZz7Gr3ZCwOrJmEjG1SJDSZ2jwA3CiTbRRFzvlIH6Fd28wBISGmFwd-iBuQ4 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=v3jNNAFmTJGVHwy6c2gSKQ&google_push=AYg5qPLpQbB8tH5HV7IyCm6Eo39WUof2UhYyp3fiVZz7Gr3ZCwOrJmEjG1SJDSZ2jwA3CiTbRRFzvlIH6Fd28wBISGmFwd-iBuQ4 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=v3jNNAFmTJGVHwy6c2gSKQ&google_push=AYg5qPLpQbB8tH5HV7IyCm6Eo39WUof2UhYyp3fiVZz7Gr3ZCwOrJmEjG1SJDSZ2jwA3CiTbRRFzvlIH6Fd28wBISGmFwd-iBuQ4 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=v3jNNAFmTJGVHwy6c2gSKQ&google_push=AYg5qPLpQbB8tH5HV7IyCm6Eo39WUof2UhYyp3fiVZz7Gr3ZCwOrJmEjG1SJDSZ2jwA3CiTbRRFzvlIH6Fd28wBISGmFwd-iBuQ4 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=v3jNNAFmTJGVHwy6c2gSKQ&google_push=AYg5qPLpQbB8tH5HV7IyCm6Eo39WUof2UhYyp3fiVZz7Gr3ZCwOrJmEjG1SJDSZ2jwA3CiTbRRFzvlIH6Fd28wBISGmFwd-iBuQ4 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=v3jNNAFmTJGVHwy6c2gSKQ&google_push=AYg5qPLpQbB8tH5HV7IyCm6Eo39WUof2UhYyp3fiVZz7Gr3ZCwOrJmEjG1SJDSZ2jwA3CiTbRRFzvlIH6Fd28wBISGmFwd-iBuQ4 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=v3jNNAFmTJGVHwy6c2gSKQ&google_push=AYg5qPLpQbB8tH5HV7IyCm6Eo39WUof2UhYyp3fiVZz7Gr3ZCwOrJmEjG1SJDSZ2jwA3CiTbRRFzvlIH6Fd28wBISGmFwd-iBuQ4

Request Chain 279

https://ups.analytics.yahoo.com/ups/58281/sync?redir=true&google_gid=CAESEPwRFbNPVGeguKQ32xoJtqE&google_cver=1&google_push=AYg5qPIRS9IkXjOGGoIy_fYt-5ZdpOHb7r2OqRBOqWm3L4yCPCyX5DKiz6CpxMPmoJzfQw6el1nUZJJ76KvgyQUA-fJadtIVj8qoqg HTTP 302
https://ups.analytics.yahoo.com/ups/58281/sync?redir=true&google_gid=CAESEPwRFbNPVGeguKQ32xoJtqE&google_cver=1&google_push=AYg5qPIRS9IkXjOGGoIy_fYt-5ZdpOHb7r2OqRBOqWm3L4yCPCyX5DKiz6CpxMPmoJzfQw6el1nUZJJ76KvgyQUA-fJadtIVj8qoqg&verify=true HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=oath__display__app_eb_&google_hm=eS1JT1BSVjhWRTJ1R0VpY2ZZVHJBZXgwUU50RC44d3pGZn5B&google_push=AYg5qPIRS9IkXjOGGoIy_fYt-5ZdpOHb7r2OqRBOqWm3L4yCPCyX5DKiz6CpxMPmoJzfQw6el1nUZJJ76KvgyQUA-fJadtIVj8qoqg

Request Chain 335

https://ads.creative-serving.com/pixel?id=3156564&id5id=0&type=jsonp&cb=syncResponse HTTP 302
https://ads.creative-serving.com/ul_cb/pixel?id=3156564&id5id=0&type=jsonp&cb=syncResponse

Request Chain 336

https://x.bidswitch.net/sync?dsp_id=4&user_id=84986f46-ca6f-49d5-a439-3ae164ae9d0d&ssp=&expires=5&user_group=4&cb=420 HTTP 302
https://x.bidswitch.net/ul_cb/sync?dsp_id=4&user_id=84986f46-ca6f-49d5-a439-3ae164ae9d0d&ssp=&expires=5&user_group=4&cb=420 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=bdsw&google_cm=1&google_hm=4Jd1IpIPRwSb9Y71IhsZxQ== HTTP 302
https://x.bidswitch.net/google_sync_status?ssp_name=google&google_gid=CAESEH3ecFjkIGWfE27kCDxqo2g&google_cver=1

Request Chain 337

https://x.bidswitch.net/sync?dsp_id=4&user_id=84986f46-ca6f-49d5-a439-3ae164ae9d0d&ssp=&expires=5&user_group=4&cb=213 HTTP 302
https://x.bidswitch.net/ul_cb/sync?dsp_id=4&user_id=84986f46-ca6f-49d5-a439-3ae164ae9d0d&ssp=&expires=5&user_group=4&cb=213 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=bdsw&google_cm=1&google_hm=r772hVCkS-e3UL2d_FDjxw== HTTP 302
https://x.bidswitch.net/google_sync_status?ssp_name=google&google_gid=CAESEH3ecFjkIGWfE27kCDxqo2g&google_cver=1

Request Chain 338

https://adadvisor.net/adscores/g.pixel?sid=9212282158 HTTP 302
https://aa.agkn.com/adscores/g.pixel?sid=9212282158&&bounced=1 HTTP 302
https://ads.creative-serving.com/cm_nst?cookie_id=164920104091000163230

Request Chain 340

https://dpm.demdex.net/ibs:dpid=393426&dpuuid=84986f46-ca6f-49d5-a439-3ae164ae9d0d HTTP 302
https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=393426&dpuuid=84986f46-ca6f-49d5-a439-3ae164ae9d0d

Request Chain 341

https://cm.g.doubleclick.net/pixel?google_nid=platform161_direct_new&google_cm&google_sc HTTP 302
https://ads.creative-serving.com/gcm?google_gid=CAESEJZr6WdlqbzClGYrAXySSsY&google_cver=1

336 HTTP transactions
11 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request secretofthieves.com Show response
nets4.com/domain/ 48 KB
12 KB 716ms
652ms Document
text/html 2a06:98c1:3121::7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://nets4.com/domain/secretofthieves.com
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a06:98c1:3121::7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6605ccb3114d55813d617bac19d3187b1ab91bbada11057f4a471fef463d7ef7

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9

Response headers

date: Tue, 15 Mar 2022 10:01:55 GMT
content-type: text/html; charset=UTF-8
cf-ray: 6ec469161d113747-MXP
cache-control: public, max-age=86400, proxy-revalidate
last-modified: Tue, 15 Mar 2022 10:01:55 GMT
vary: Accept-Encoding
cf-cache-status: MISS
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BRKzKdLRAgrChe2z21N81XLr9QonlUM3izDCK18%2FdAmnRQXgwp%2B%2FuBoK%2F05KxczCKMIUE1%2FxGI1IAY3AnpBPCwuPiqDvrFdM6VnnBUlhag%2B%2Fhimo6eNcyD1HVGg1UDAzSspaV1GRns0%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 awkqrI1qzYcE0gTfW6uXyLl_1bA.js Show response
nets4.com/cdn-cgi/apps/head/ 7 KB
3 KB 39ms
38ms Script
application/javascript 2a06:98c1:3121::7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://nets4.com/cdn-cgi/apps/head/awkqrI1qzYcE0gTfW6uXyLl_1bA.js
Requested by: Host: nets4.com
URL: https://nets4.com/domain/secretofthieves.com
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a06:98c1:3121::7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f70751d4b3f5d5c9f208ea16e8cbcac3c6abf1bda80357da3fcd21dde4333449

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/domain/secretofthieves.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Tue, 15 Mar 2022 10:01:55 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 8105047
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: Z92G2ZE1HMNW2AZG
x-amz-id-2: kRmlxs4Uk6Ans6W39/LiWarHKqNq5cjEv92nMKItZebgN+Nxd7ZAp/ZkZhClaetuHR0YmxVsIG8=
last-modified: Fri, 10 Dec 2021 11:06:12 GMT
server: cloudflare
etag: W/"e951628ea64bbeadb19c6d855ca98c7a"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Ywev8y49gD3tkwA3ER6Ph7Woh%2Fox4Y7k8gQO2x%2FHGEe1YhW5XpSn%2FQ76hrqzI7h58O%2FO0fHlPr0QjFaEkgFHpl%2Ffj7JBrs6l6z4rbTfRnSVWAjpf8ZGEn0nss6nCReKd5h9HWLQcXLQ%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
cache-control: public, max-age=31536000
x-amz-version-id: 7KspX51u1Msx7FcOmJWweyW7FbGqzJNg
cf-ray: 6ec4691adfae3747-MXP

GET
H2 200 bootstrap.min.css
cdnjs.cloudflare.com/ajax/libs/bootstrap/4.5.3/css/ 157 KB
18 KB 61ms
20ms Stylesheet
text/css 2606:4700::6810:135e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/bootstrap/4.5.3/css/bootstrap.min.css

Requested by

Host: nets4.com
URL: https://nets4.com/domain/secretofthieves.com

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:135e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f77c0d1739b618edc4a01ca3f6b2990b01a3009030af49ee8cf68e83052df194

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Tue, 15 Mar 2022 10:01:55 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 1609804
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 17620
timing-allow-origin: *
last-modified: Tue, 20 Jul 2021 01:00:47 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "60f6203f-44d4"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=eMFzpOlHkcy26weBjjVVQqefPw8%2FHFX9SA0CqvTSl8SxBMnJxZJr6iFNGIHLnZbO5fm%2FUuVmfeG8CRtZuoBB7yuEPtNak3lfF5YXEAGUzX8dRMzkrGStU4Y2Gye%2BPs44FiOb3GSd%2FKY9VBh7FaU9OPBa"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=30672000
accept-ranges: bytes
cf-ray: 6ec4691b0ada01f4-ZRH
expires: Sun, 05 Mar 2023 10:01:55 GMT

GET
H2 200 all.min.css
cdnjs.cloudflare.com/ajax/libs/font-awesome/5.15.4/css/ 58 KB
11 KB 70ms
31ms Stylesheet
text/css 2606:4700::6810:135e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.15.4/css/all.min.css

Requested by

Host: nets4.com
URL: https://nets4.com/domain/secretofthieves.com

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:135e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

99464ceb71bc9bbdcc72275faefe44f98eb5cbb6b5d8ee665b87b35376f1a96e

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Tue, 15 Mar 2022 10:01:55 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 490976
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 10462
timing-allow-origin: *
last-modified: Mon, 13 Sep 2021 19:10:03 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "613fa20b-28de"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HBfK0Go%2BHBCY2Ooemi4VaLYyJjalzPQBHOihIDvau8KHMqkpsW52K7SlbSTt%2F4EUsunjmLuPMV%2F1yl0D941GCVdBYX7KQLk0XCmp0WI0Wix1hHPntwalbVXL5u2%2FoaPQi33pRQscJDj4wWeEnJUe0mif"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=30672000
accept-ranges: bytes
cf-ray: 6ec4691b1adf01f4-ZRH
expires: Sun, 05 Mar 2023 10:01:55 GMT

GET
H2 200 style.css
nets4.com/assets/css/ 345 B
572 B 61ms
61ms Stylesheet
text/css 2a06:98c1:3121::7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://nets4.com/assets/css/style.css
Requested by: Host: nets4.com
URL: https://nets4.com/domain/secretofthieves.com
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a06:98c1:3121::7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f0f382f3320ade05dd14f969ff7dd9d894c6a6571165ab6d7fcdade2f4836dfc

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/domain/secretofthieves.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Tue, 15 Mar 2022 10:01:55 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 5393
cf-polished: origSize=451
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Mon, 01 Nov 2021 12:55:19 GMT
server: cloudflare
etag: W/"617fe3b7-1c3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZwtovVm1zBcgRwypndZBAt3df1yP2A14uVhd4iiGe%2BnHgdlCCB8YZGNvG1FL%2F38O%2BVqtMMaVfSIfmgvIzPfG%2BkfRP6j7L8e7Sek5%2FD9HE%2FlICeZwfUGv%2BkCpSbJ%2F26RkrRWPZKjcojs%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cf-ray: 6ec4691adfb13747-MXP
cf-bgj: minify

GET
H3 200 invisible.js Show response
nets4.com/cdn-cgi/challenge-platform/h/g/scripts/ 48 KB
17 KB 67ms
66ms Script
text/javascript 2a06:98c1:3121::7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://nets4.com/cdn-cgi/challenge-platform/h/g/scripts/invisible.js?ts=1647338400
Requested by: Host: nets4.com
URL: https://nets4.com/domain/secretofthieves.com
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a06:98c1:3121::7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8c5656ef4e633866c2affb4fb114eacbe235c813d15e51c491c24e26745139d2

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/domain/secretofthieves.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Tue, 15 Mar 2022 10:01:55 GMT
content-encoding: br
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qAO72JDmdZ3BKeDQBfs6YG9kvgodOf8c3YICgggJKvKIuijLdsse1uyU%2BVLOSRo%2Brr5XTqLaVg6irJez5TiQPuxhKOoULUfdeaETiFD9XAsCy67dU5Ol33ru1wHBN%2FOhnlQbLSSF4Ds%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/javascript
cache-control: max-age=604800, public
x-control-type-options: nosniff
cf-ray: 6ec4691b197c3759-MXP
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 Th69y9F.png
img.nets4.com/img/i.imgur.com/ 1 KB
2 KB 83ms
71ms Image
image/webp 2a06:98c1:3121::7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://img.nets4.com/img/i.imgur.com/Th69y9F.png?w=120&h=20&f=auto

Requested by

Host: nets4.com
URL: https://nets4.com/domain/secretofthieves.com

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a06:98c1:3121::7 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2fa3103806ec53fb0e95a0b28ca8b6ff105212961406e7074f9e67c1dca13dfc

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Tue, 15 Mar 2022 10:01:55 GMT
via: 1.1 varnish
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 8278196
cf-ray: 6ec4691b28783747-MXP
x-cache: HIT, HIT
x-cache-hits: 1
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 1490
x-served-by: cache-sea4480-SEA, cache-mxp6982-MXP
server: cloudflare
x-timer: S1639060319.223268,VS0,VE1
etag: "stly99L8QVWcb6m8RMUQ7cA4kw:db93d278b907309c379deddbb0d961d7"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ELydHaeJkyptXeGeobWyL6dctBHOFb71pZUoDC%2FJ%2FKvunIcg%2BXXgaNLjbeVmgIaImFifMTj0tkIg9zyFPQaI4FN4jSuKqTug%2F96Uwa%2BkbEW1FTlC%2FjSOAb4KOM%2Fb0NbXD1TNice4qYEi4Csz"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
access-control-allow-origin: *
vary: Accept, Accept-Encoding
cache-control: public, max-age=31536000, immutable
accept-ranges: bytes
timing-allow-origin: *
link: <https://i.imgur.com/Th69y9F.png>; rel="canonical"
access-control-expose-headers: *

GET
H2 200 58T3Wrl.png
img.nets4.com/img/i.imgur.com/ 472 B
1 KB 73ms
62ms Image
image/webp 2a06:98c1:3121::7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://img.nets4.com/img/i.imgur.com/58T3Wrl.png?w=20h=20&f=auto

Requested by

Host: nets4.com
URL: https://nets4.com/domain/secretofthieves.com

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a06:98c1:3121::7 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

912fa3094520c8407511db6ba89d2896806103a3d91119b6a187d6aaf91b84ee

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Tue, 15 Mar 2022 10:01:55 GMT
via: 1.1 varnish
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 9325393
access-control-expose-headers: *
cf-ray: 6ec4691b28773747-MXP
x-cache: HIT, HIT
x-cache-hits: 1
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 472
x-served-by: cache-sea4428-SEA, cache-mxp6930-MXP
st-img-id: 6a5af67d3cc36089-SEA
server: cloudflare
x-timer: S1638013122.261633,VS0,VE1
etag: "stlyiP4BjAye3OZ8qlZ7vzTBDQ:452ecb89109de4e1cab9c5348e6f85ec"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4Fwc6KY9mhJqwQDlceTDf5XYyPBWzrSo0KtUMeeZZO%2BnVFtDqdq%2BgydEHqOQiF14vQJiBrasCQnLKZZm8e8PardEdt3KTtPFT0PnZbHmWssWXnpQjatLvSyueUKSUFvHA6RmSJ%2F4zLVVl%2Bw8"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
access-control-allow-origin: *
vary: Accept, Accept-Encoding
cache-control: public, max-age=31536000, immutable
accept-ranges: bytes
timing-allow-origin: *
link: <https://i.imgur.com/58T3Wrl.png>; rel="canonical"
cf-bgj: imgq:66,h2pri

GET
H2 200 leaflet.min.css
cdnjs.cloudflare.com/ajax/libs/leaflet/1.7.1/ 10 KB
3 KB 48ms
19ms Stylesheet
text/css 2606:4700::6810:135e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/leaflet/1.7.1/leaflet.min.css

Requested by

Host: nets4.com
URL: https://nets4.com/domain/secretofthieves.com

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:135e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

722c5b95144aaf980dafacd36b1df0a3a0cff78962e8eee8f56e40c423f00b6f

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Referer: https://nets4.com/
Origin: https://nets4.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Tue, 15 Mar 2022 10:01:55 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 27526135
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 2153
cf-request-id: 09c5f087010000cc4ae8264000000001
timing-allow-origin: *
last-modified: Thu, 03 Sep 2020 12:27:33 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5f50e135-298f"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FosEsdNBFAnLxQtFSpD6axP08kaw7jU87A8OC2x4Z0%2FnDNvTgB2R4NUw6XCjgAfnKOlXVVc8oWrhQYa9%2Fec5YZHO6QNi%2B77FHB9TbLkE0t5gIidJFxCRLW%2FR1n9TN7j0Fuhj9egW1moTgbeRDJKn8Fvq"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=30672000
accept-ranges: bytes
cf-ray: 6ec4691b4fa8020d-ZRH
expires: Sun, 05 Mar 2023 10:01:55 GMT

GET
H2 200 Zc4iwuj.png
img.nets4.com/img/i.imgur.com/ 814 B
1 KB 174ms
163ms Image
image/gif 2a06:98c1:3121::7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://img.nets4.com/img/i.imgur.com/Zc4iwuj.png?w=15h=15&f=auto

Requested by

Host: nets4.com
URL: https://nets4.com/domain/secretofthieves.com

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a06:98c1:3121::7 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dd1892cb87a74dac682a6207344909a96f23d342670b32063a4f4bae614805dd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Tue, 15 Mar 2022 10:01:55 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 474487
cf-ray: 6ec4691b28733747-MXP
x-cache: MISS
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 814
x-served-by: cache-sea4422-SEA
server: cloudflare
etag: W/"ef5e715e8edc5303224592e859bd4f82e513e48ef6932a25dfb6f389dbaed4a9"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=R79WZ3Yz26AklD5oqnHKfMNG5RfUhP7LR7smB4kJx0cWm6MFNMW8xLMTFFwE9x9lmNLps3bfWm8SaNu1Uo%2BAJIYZ0FsYw48oEAqwQI%2B70rcb73BqLLu%2BSXSIhE7qbRLDKAIrA%2BTr%2BGsUz%2BE9"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
access-control-allow-origin: *
vary: Accept, Accept-Encoding
cache-control: public, max-age=31536000, immutable
accept-ranges: bytes
timing-allow-origin: *
link: <https://img.nets4.com/image/Zc4iwuj.png>; rel="canonical"
access-control-expose-headers: *

GET
H3 200 email-decode.min.js Show response
nets4.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/ 1 KB
1 KB 36ms
34ms Script
application/javascript 2a06:98c1:3121::7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://nets4.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js

Requested by

Host: nets4.com
URL: https://nets4.com/domain/secretofthieves.com

Protocol

Security

QUIC, , AES_128_GCM

Server

2a06:98c1:3121::7 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/domain/secretofthieves.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Tue, 15 Mar 2022 10:01:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Fri, 11 Mar 2022 12:22:44 GMT
server: cloudflare
etag: W/"622b3f14-4d7"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
x-frame-options: DENY
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pE0b6JF26TP9UMG2EXLjki1j2O25sEZJHcqR%2Bh05o%2FnssWzGvofuVOHUgMm03N95swjy01HkLaaHP5WHgycBN4Wgn5xuIwRzROjDViLGBP%2F2GqrnjKeZeBKWW086b8Kj%2FAEuMIzXLcE%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=172800, public
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 6ec4691b197a3759-MXP
vary: Accept-Encoding
expires: Thu, 17 Mar 2022 10:01:55 GMT

GET
H3 200 rocket-loader.min.js Show response
nets4.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/ 12 KB
4 KB 36ms
35ms Script
application/javascript 2a06:98c1:3121::7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://nets4.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Requested by

Host: nets4.com
URL: https://nets4.com/domain/secretofthieves.com

Protocol

Security

QUIC, , AES_128_GCM

Server

2a06:98c1:3121::7 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ccf00d1923b0131a10e0c6d26f95e5dee6ebf8621a27e83c5a2f68a2e0093142

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/domain/secretofthieves.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Tue, 15 Mar 2022 10:01:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Fri, 11 Mar 2022 12:22:44 GMT
server: cloudflare
etag: W/"622b3f14-302c"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
x-frame-options: DENY
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6VDuQpn9XrQkhTeREX9L8wCoBXm3MSPzfnRNEv%2BA4LXby7ssL7j6r2l4qqPOvx06wv%2FLsQ4US7M511nB0OrLWDcDvYaxjXAfFdEcglfxMw7YQetAoaU11DX2ws79vvyTr%2F%2BbuUVFnCw%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=172800, public
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 6ec4691b19803759-MXP
vary: Accept-Encoding
expires: Thu, 17 Mar 2022 10:01:55 GMT

GET
H3 200 secretofthieves.com
nets4.com/domain/ 15 B
0 47ms
47ms Fetch
application/json 2a06:98c1:3121::7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://nets4.com/domain/secretofthieves.com
Requested by: Host: nets4.com
URL: https://nets4.com/domain/secretofthieves.com
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a06:98c1:3121::7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Referer: https://nets4.com/domain/secretofthieves.com
ts-request-embed-key: f877673d-8b14-4652-b3a3-28b74c835d3f:ca54dbcb875da47bafb64eb79109612c1c969434bdd4ca6d60e4efc454ff2222
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 15 Mar 2022 10:01:55 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qAfenjFTM0LetUKhjmOxmPNL9OARar%2FPRhBqrLyLYTKy2nNveYl%2FdEy1qZGsun29gVr%2Bvroit%2BwyNL6TXOlvibPlCvGnA59MOnw97Igajd5SFtsTWm16Cy36xH0rDSiVtKViU1J9kWk%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/json; charset=UTF-8
cache-control: no-store
cf-ray: 6ec4691b7a543759-MXP
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 15

GET
H3 200 leaflet.js Show response
cdnjs.cloudflare.com/ajax/libs/leaflet/1.7.1/ 139 KB
36 KB 42ms
23ms Script
application/javascript 2606:4700::6810:135e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/leaflet/1.7.1/leaflet.js

Requested by

Host: nets4.com
URL: https://nets4.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6810:135e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c837347a297c1a35852aa375392cc74950a2b868214e8b1909c4637b8b63ee24

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Referer: https://nets4.com/
Origin: https://nets4.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Tue, 15 Mar 2022 10:01:55 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 2362984
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 35659
timing-allow-origin: *
last-modified: Thu, 03 Sep 2020 12:27:01 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5f50e115-22a75"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VJFrqEitS4y6bPyf6Fiwpw6X%2F6WUhepeQEoPYkjzNfPfRNEsQA1W77D9qGIPHOXAgXoiQHmqBhxYnuTdhcZhAkonfDZBLaNZOLopEhv%2Br6l3GDcywx%2BUGFsbY6lN9fQ8%2FrEtadzkEF6JrzYvleX6sZNW"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=30672000
accept-ranges: bytes
cf-ray: 6ec4691b999d01f0-ZRH
expires: Sun, 05 Mar 2023 10:01:55 GMT

GET
H2 200 agent.js Show response
cdn.purpleads.io/ 35 KB
11 KB 38ms
7ms Script
application/javascript 13.32.99.102
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.purpleads.io/agent.js?publisherId=344ad2e45bc351c4ada152793585a015:8aed5d81ec539e8e6c45776fc6ee38d0aa92f5aeb356bf9114996f6476591916247996f56f76a9fe14770cd4806b54edb29d6938615ba1769d3b435fb1fcd83b
Requested by: Host: nets4.com
URL: https://nets4.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.99.102 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-99-102.fra60.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 1d07bcab4c15f3ff3b56d0b5c9f44c3dd1c7266eb5788bfbc09f02822b07de0c

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Tue, 15 Mar 2022 09:36:56 GMT
content-encoding: gzip
last-modified: Tue, 15 Mar 2022 09:36:51 GMT
server: AmazonS3
age: 1500
etag: "6b17cf687f43a8f73178a58f89d7d60e"
x-cache: Hit from cloudfront
content-type: application/javascript
via: 1.1 987865b81ba895db5b3f56f8ae175c84.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA60-P3
accept-ranges: bytes
content-length: 10487
x-amz-cf-id: 1a_9WFhI5S1QLVpqIBslTkgNlaqQMNgK6XMYem1dse4zQlD1t2klKg==

GET
H3 200 sharebutton.js Show response
nets4.com/assets/js/ 80 KB
28 KB 135ms
134ms Script
application/javascript 2a06:98c1:3121::7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://nets4.com/assets/js/sharebutton.js
Requested by: Host: nets4.com
URL: https://nets4.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a06:98c1:3121::7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 21af66f64bb18b1159ee363a933d5630e27419c83915d4d5ef42d8154f3921da

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/domain/secretofthieves.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Tue, 15 Mar 2022 10:01:55 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 701
cf-polished: origSize=120806
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Sat, 03 Jul 2021 07:08:27 GMT
server: cloudflare
etag: W/"60e00ceb-1d7e6"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=iCokhO46z7bIA9sCb%2BB9sCDDitdPji67%2Bt70zD7TRaQRaqF%2B93zv9AVZNaF57SN8aiX5UQO9i4rEeaad45wIeUGpeVpCfTjjSTZbYneo%2BoYWmHUJQ8L1XfGh6J5evWRpESbAuBIcCF4%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cf-ray: 6ec4691b7a653759-MXP
cf-bgj: minify

GET
H2 200 load.js Show response
cdn.purpleads.io/ 24 KB
7 KB 39ms
7ms Script
application/javascript 13.32.99.102
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.purpleads.io/load.js?publisherId=344ad2e45bc351c4ada152793585a015:8aed5d81ec539e8e6c45776fc6ee38d0aa92f5aeb356bf9114996f6476591916247996f56f76a9fe14770cd4806b54edb29d6938615ba1769d3b435fb1fcd83b
Requested by: Host: nets4.com
URL: https://nets4.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.99.102 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-99-102.fra60.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 56386db6fedf5475ff6ac57939cfaac58722f519fdce666cee7494b993c84e81

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Tue, 15 Mar 2022 09:36:58 GMT
content-encoding: gzip
last-modified: Mon, 21 Feb 2022 10:12:20 GMT
server: AmazonS3
age: 1498
etag: "46df8e234dd4307137411d6b4887edad"
x-cache: Hit from cloudfront
content-type: application/javascript
via: 1.1 987865b81ba895db5b3f56f8ae175c84.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA60-P3
accept-ranges: bytes
content-length: 6702
x-amz-cf-id: YHGLRc7s78QPKQJM67Y-Yf93lf1xCUCGVHCPK-Qk-VTdSHwqXxPfXQ==

GET
H2 200 api.js Show response
www.google.com/recaptcha/ 850 B
968 B 46ms
15ms Script
text/javascript 2a00:1450:4001:82b::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api.js

Requested by

Host: nets4.com
URL: https://nets4.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

bafa1db2a6708b6401e11e0b2ac4c5bb6eddf4c25e5a83b7eb391fe42ab34a2f

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Tue, 15 Mar 2022 10:01:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: GSE
x-frame-options: SAMEORIGIN
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=300
cross-origin-resource-policy: cross-origin
content-security-policy: frame-ancestors 'self'
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 555
x-xss-protection: 1; mode=block
expires: Tue, 15 Mar 2022 10:01:55 GMT

GET
H3 200 bootstrap.min.js Show response
cdnjs.cloudflare.com/ajax/libs/bootstrap/4.5.3/js/ 62 KB
14 KB 40ms
21ms Script
application/javascript 2606:4700::6810:135e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/bootstrap/4.5.3/js/bootstrap.min.js

Requested by

Host: nets4.com
URL: https://nets4.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6810:135e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d8968086f7509df34c3278563dab87399da4f9dcdfb419818e3a309eedc70b88

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Tue, 15 Mar 2022 10:01:55 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 1517433
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 13102
timing-allow-origin: *
last-modified: Tue, 20 Jul 2021 01:00:47 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "60f6203f-332e"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mrZ4L2sGbRT08MvFSgs3hq6rusI8EbYBG3ijcQ7SsG4Vo9sYm9ODxrpXyeBUnmWsXCvX4XJR%2BbJhgS%2FPc1Mbhgmgl9UZh2j54iZwXCK27eKlQ80kgpYNRFGukCa4AFmq2skeGs01Ut1YxkE8aoEA8kch"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=30672000
accept-ranges: bytes
cf-ray: 6ec4691b9826020d-ZRH
expires: Sun, 05 Mar 2023 10:01:55 GMT

GET
H3 200 popper.min.js Show response
cdnjs.cloudflare.com/ajax/libs/popper.js/2.10.0/umd/ 18 KB
7 KB 57ms
39ms Script
application/javascript 2606:4700::6810:135e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/popper.js/2.10.0/umd/popper.min.js

Requested by

Host: nets4.com
URL: https://nets4.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6810:135e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

691d4bd7b9b31f9ab1b1837e7d956e0e3041ef63c1ee0edee8ca6208a4234efd

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Tue, 15 Mar 2022 10:01:55 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 14496342
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 6107
timing-allow-origin: *
last-modified: Thu, 02 Sep 2021 17:01:41 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "61310375-17db"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BbTJZyIbwk92s1FENnfgvtrD1vLW%2BjIkBh%2BiwSVBkMtUf9fx8LJHpIl2FHUMn0q2Np3hazaQaFYl9y2FQGi3mZrvoeCYsg0zq0w2ff5keOPb5DZketnb6UsVoBC4m%2FD9laEEPaN6Juh4tAmi1lHDFiAk"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=30672000
accept-ranges: bytes
cf-ray: 6ec4691b9825020d-ZRH
expires: Sun, 05 Mar 2023 10:01:55 GMT

GET
H3 200 jquery.min.js Show response
cdnjs.cloudflare.com/ajax/libs/jquery/3.6.0/ 87 KB
28 KB 57ms
40ms Script
application/javascript 2606:4700::6810:135e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/jquery/3.6.0/jquery.min.js

Requested by

Host: nets4.com
URL: https://nets4.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6810:135e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Tue, 15 Mar 2022 10:01:55 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 4888597
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 27938
timing-allow-origin: *
last-modified: Tue, 02 Mar 2021 18:58:36 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "603e8adc-15d9d"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BxucTZUlYFH08S9rhSiaBtptkuicIDXXFW8%2FTLhRONDED%2BZQBJFMA0AOYE0vHnvYU7kCnux9d4xXNwevkyfR1DXT%2BjhQt16Hr2uX8iyWfxvdtxBBHQfzMT6rTCNJNxPdevnKRPJ82XwOQOGNPJ5UqKDs"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=30672000
accept-ranges: bytes
cf-ray: 6ec4691b9827020d-ZRH
expires: Sun, 05 Mar 2023 10:01:55 GMT

GET
H2 200 beacon.min.js Show response
static.cloudflareinsights.com/ 14 KB
5 KB 99ms
69ms Script
text/javascript 2606:4700::6810:5f41
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://static.cloudflareinsights.com/beacon.min.js
Requested by: Host: nets4.com
URL: https://nets4.com/cdn-cgi/apps/head/awkqrI1qzYcE0gTfW6uXyLl_1bA.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6810:5f41 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: fd0a1ac929c11b08e819fe4b0a18c5574012c44f09de8987c6be99a0f055a505

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Tue, 15 Mar 2022 10:01:55 GMT
content-encoding: gzip
last-modified: Thu, 09 Dec 2021 19:55:17 GMT
server: cloudflare
etag: W/2021.12.0
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
cf-ray: 6ec4691ba835020d-ZRH

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 49 KB
20 KB 34ms
6ms Script
text/javascript 2a00:1450:4001:803::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: nets4.com
URL: https://nets4.com/domain/secretofthieves.com

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 02 Nov 2021 17:39:06 GMT
server: Golfe2
age: 7029
date: Tue, 15 Mar 2022 08:04:46 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20006
expires: Tue, 15 Mar 2022 10:04:46 GMT

GET
H3 200 s.js Show response
nets4.com/cdn-cgi/zaraz/ 4 KB
2 KB 193ms
192ms Script
text/javascript 2a06:98c1:3121::7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://nets4.com/cdn-cgi/zaraz/s.js?z=JTdCJTIyZXhlY3V0ZWQlMjIlM0ElNUIlNUQlMkMlMjJ0cmFja3MlMjIlM0ElNUIlNUQlMkMlMjJ0JTIyJTNBJTIyU2VjcmV0b2Z0aGlldmVzJTIwZG9tYWluJTIwc3RhdGlzdGljcyUyMC0lMjBTZWNyZXRvZnRoaWV2ZXMuY29tJTIyJTJDJTIydyUyMiUzQTE2MDAlMkMlMjJoJTIyJTNBMTIwMCUyQyUyMmolMjIlM0ExMjAwJTJDJTIyZSUyMiUzQTE2MDAlMkMlMjJsJTIyJTNBJTIyaHR0cHMlM0ElMkYlMkZuZXRzNC5jb20lMkZkb21haW4lMkZzZWNyZXRvZnRoaWV2ZXMuY29tJTIyJTJDJTIyciUyMiUzQSUyMiUyMiUyQyUyMmslMjIlM0EyNCUyQyUyMm4lMjIlM0ElMjJVVEYtOCUyMiUyQyUyMm8lMjIlM0EwJTdE
Requested by: Host: nets4.com
URL: https://nets4.com/domain/secretofthieves.com
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a06:98c1:3121::7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a8ac5207255ea6beff6ba2971bea9ea5fdf48560a6f78f167398a3b259164ee9

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/domain/secretofthieves.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Tue, 15 Mar 2022 10:01:55 GMT
content-encoding: br
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin, Accept-Encoding
access-control-allow-methods: GET, HEAD, POST, OPTIONS
content-type: text/javascript
access-control-allow-origin: https://nets4.com
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1oAbsSe9OIL0TzXCToVEeVYRDbS5FfzD7d8ryVABZewBpkYA4SVT7osJoXwOCpnpFHwdtSQQg54HBiCFz43Ndki5rQjSW3QCOO8SGTwr8Pdri6kN5LTLYTIVz3tCn8%2FzGaD95YH9%2F2U%3D"}],"group":"cf-nel","max_age":604800}
access-control-max-age: 600
access-control-allow-credentials: true
cf-ray: 6ec4691b7a693759-MXP
access-control-allow-headers: Content-Type, Set-Cookie, Cache-Control
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H3 200 fa-solid-900.woff2
cdnjs.cloudflare.com/ajax/libs/font-awesome/5.15.4/webfonts/ 76 KB
77 KB 58ms
48ms Font
application/octet-stream 2606:4700::6810:135e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.15.4/webfonts/fa-solid-900.woff2

Requested by

Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.15.4/css/all.min.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6810:135e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8f52ae059ebd18fcb45ca5d2f81ab410ade2b54e096aa1284fd4b2b97bf3ddc9

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Referer: https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.15.4/css/all.min.css
Origin: https://nets4.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Tue, 15 Mar 2022 10:01:55 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 44447
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 78268
timing-allow-origin: *
last-modified: Mon, 13 Sep 2021 19:10:03 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "613fa20b-131bc"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Ogw%2BLkPdfajwreLr1fWOfx%2BQO1lo56tFRCaYOdTw%2FpW%2FTEO1STLwI7sAPxOhzE7y%2FQDRptZr%2B7dQMq27xRDcS8aq5Z4%2BGdwLOncoN0DUb8dmv1lzmug%2Bpb0skUhpeR%2FgVtJ2OI1EqXPGhx4rB8sWc6zC"}],"group":"cf-nel","max_age":604800}
content-type: application/octet-stream; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=30672000
accept-ranges: bytes
cf-ray: 6ec4691b99a501f0-ZRH
expires: Sun, 05 Mar 2023 10:01:55 GMT

GET
H3 200 fa-brands-400.woff2
cdnjs.cloudflare.com/ajax/libs/font-awesome/5.15.4/webfonts/ 75 KB
76 KB 84ms
74ms Font
application/octet-stream 2606:4700::6810:135e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.15.4/webfonts/fa-brands-400.woff2

Requested by

Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.15.4/css/all.min.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6810:135e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

23cc8f32949c8b6960b1a4ca216ccaff2db4b769f6565bef2ee1fa954e072029

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Referer: https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.15.4/css/all.min.css
Origin: https://nets4.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Tue, 15 Mar 2022 10:01:55 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 4890733
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 76736
timing-allow-origin: *
last-modified: Mon, 13 Sep 2021 19:10:03 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "613fa20b-12bc0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mWl2%2BPx2nYax1DGmLRwua6myNb6MUiCMgjUc9kGBfy2B%2FIOeCilT5j9m3FLvySkGQ1QleC4TVWcV6v1keamypzQP47YQBTaM6cpn%2BZhLi7ZKD7oifoYdsxGQ3%2BTUTmjWyhOkzQMeCzOlDHniddiZMaJg"}],"group":"cf-nel","max_age":604800}
content-type: application/octet-stream; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=30672000
accept-ranges: bytes
cf-ray: 6ec4691b99a701f0-ZRH
expires: Sun, 05 Mar 2023 10:01:55 GMT

GET
H3 200 W25b9ht.png
img.nets4.com/img/i.imgur.com/ 2 KB
2 KB 156ms
155ms Image
image/gif 2a06:98c1:3121::7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://img.nets4.com/img/i.imgur.com/W25b9ht.png?w=40&h=40&f=auto

Requested by

Host: nets4.com
URL: https://nets4.com/domain/secretofthieves.com

Protocol

Security

QUIC, , AES_128_GCM

Server

2a06:98c1:3121::7 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

17a97981604a1fe56f8804e77655010e70cbfbbac2c66e03a303e876dfd72640

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Tue, 15 Mar 2022 10:01:56 GMT
via: 1.1 varnish
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 4404011
cf-ray: 6ec4691c4c843759-MXP
x-cache: HIT, HIT
x-cache-hits: 1
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 1574
x-served-by: cache-sea4470-SEA, cache-mxp6945-MXP
server: cloudflare
x-timer: S1642934504.494838,VS0,VE1
etag: W/"ee80457266cef4b485c3668cbdd5f67e7ed204e94a46f041afd17fa27c93c945"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=w00ySA7VC5g3l%2FX%2BvYkNDrt%2F08WQgjSW0XLo9ICzThe8sgoJLAg5kMuiD5YSGoI4LFBodTTTF%2FmgNbKbaZzVLNvqetOwfC9sLO9yTBHwiOx0RN2drzcAIRrjQ9%2FIQykO2s8eNUBWHPf%2Bdcat"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
access-control-allow-origin: *
vary: Accept, Accept-Encoding
cache-control: public, max-age=31536000, immutable
accept-ranges: bytes
timing-allow-origin: *
link: <https://img.nets4.com/image/W25b9ht.png>; rel="canonical"
access-control-expose-headers: *

GET
H2 200 a2bc31d5-2631-43d0-b965-57f21cee48e4.png
s0.nets4.com/s/ 112 KB
112 KB 3452ms
3428ms Image
image/gif 2a06:98c1:3121::7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.nets4.com/s/a2bc31d5-2631-43d0-b965-57f21cee48e4.png?w=500

Requested by

Host: nets4.com
URL: https://nets4.com/domain/secretofthieves.com

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a06:98c1:3121::7 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a10574b58fc72ab64f657a8c2f7147f0ecacd97a06c5a94b76efb1f5f3f7b190

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Tue, 15 Mar 2022 10:01:59 GMT
x-content-type-options: nosniff
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-cache: MISS
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 114444
x-served-by: cache-sea4438-SEA
timing-allow-origin: *
server: cloudflare
etag: W/"e6ff667077877fe568c677c56b0f0b729506505d36763733452e7b87809241ae"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7xf25F%2BaWpW%2B4j0l1UjVMvV6L1oxbfe7FWeqbIiKTKUAwJ9dlszqRbdQSJXzveuPMH%2Fzye4pnYSmuFko3rT7oBQkDsm1hFHvM%2BG5RuW3RDKL5UU40nIAfFoGpUFE7Y%2Fj6w%2BXFCxoIF2WU1Q%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
access-control-allow-origin: *
vary: Accept, Accept-Encoding
cache-control: public, max-age=31536000, immutable
accept-ranges: bytes
cf-ray: 6ec4691c7b763747-MXP
link: <https://urlscan.io/screenshots/a2bc31d5-2631-43d0-b965-57f21cee48e4.png>; rel="canonical"
access-control-expose-headers: *

GET
H3 200 secretofthieves.com
img.nets4.com/favs/ 2 KB
3 KB 611ms
610ms Image
image/png 2a06:98c1:3121::7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://img.nets4.com/favs/secretofthieves.com?size=32

Requested by

Host: nets4.com
URL: https://nets4.com/domain/secretofthieves.com

Protocol

Security

QUIC, , AES_128_GCM

Server

2a06:98c1:3121::7 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9f835bb439e855a8ef85db64c1a8cff422242136ae46a20f083d96b6f3a5d4d9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Tue, 15 Mar 2022 10:01:56 GMT
x-content-type-options: nosniff
cf-cache-status: MISS
last-modified: Tue, 15 Mar 2022 10:01:56 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=y7nVIOdHWdq0ByCb7T3GNAa5nL8Jsn9CeXZVkCTW0ODkvhZqcitEqnXM46NUcPDfrzyT66uhtwU1Ah77A5zRnMbqGKp18jwSZNikgsh0zi9tp7NkrAmiw93nohD4FxsI68YQ60ZIkZvWp%2BAN"}],"group":"cf-nel","max_age":604800}
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=691200
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 6ec4691c4c863759-MXP
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection: 1; mode=block

GET
H3 200 secretofthieves.com
img.nets4.com/favs/ 797 B
1 KB 675ms
674ms Image
image/png 2a06:98c1:3121::7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://img.nets4.com/favs/secretofthieves.com?size=16

Requested by

Host: nets4.com
URL: https://nets4.com/domain/secretofthieves.com

Protocol

Security

QUIC, , AES_128_GCM

Server

2a06:98c1:3121::7 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

785ed2c8ca9cfd6d174d97dcbbe1bfde22d2d4b17287136b146a213508a223f8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Tue, 15 Mar 2022 10:01:56 GMT
x-content-type-options: nosniff
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 797
x-xss-protection: 1; mode=block
last-modified: Tue, 15 Mar 2022 10:01:56 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3I%2BTKF5neYhNdTtITVOrSRnUA0K8j%2FN6aR5h4i4WEUk8T6wNggYb0Er1dtVQPMD2kn%2BiNTiVX6EXJCvtyKXKWv64Fh2BkFgvZeik8TISUvhLYi7lqjkMMfkE9rYdyJS3CUdFb8Wz4EtINwu8"}],"group":"cf-nel","max_age":604800}
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=691200
accept-ranges: bytes
cf-ray: 6ec4691c4c8a3759-MXP

GET
H3 200 sandiegozoo.org
img.nets4.com/favs/ 715 B
1 KB 141ms
140ms Image
image/png 2a06:98c1:3121::7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://img.nets4.com/favs/sandiegozoo.org?size=16

Requested by

Host: nets4.com
URL: https://nets4.com/domain/secretofthieves.com

Protocol

Security

QUIC, , AES_128_GCM

Server

2a06:98c1:3121::7 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a24f9e1cc485e496d52ee617721481335ccda16631c4059c8980c03c75713651

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Tue, 15 Mar 2022 10:01:56 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 9044
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 715
x-xss-protection: 1; mode=block
last-modified: Tue, 15 Mar 2022 07:31:11 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gfHMlx2YIfLS3wTsvIKu0kLZTPATY6WpYEua1SPO69pu0QSQD9VlCb8Ci2ji6dsId1wakAA%2FunJFMxSrCpcwR7PCTrPcFWZ3AXFNhWiOj%2BSI6wrmnIA3CxN57FZWadzys28ILID9lCQRt00m"}],"group":"cf-nel","max_age":604800}
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=691200
accept-ranges: bytes
cf-ray: 6ec4691c4c8e3759-MXP

GET
H3 200 suttonmass.org
img.nets4.com/favs/ 354 B
883 B 612ms
611ms Image
image/png 2a06:98c1:3121::7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://img.nets4.com/favs/suttonmass.org?size=16

Requested by

Host: nets4.com
URL: https://nets4.com/domain/secretofthieves.com

Protocol

Security

QUIC, , AES_128_GCM

Server

2a06:98c1:3121::7 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0cee2ce5c67a141ab39f27408093684e2f5818b0bc275ccc3f501c677f3b0391

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Tue, 15 Mar 2022 10:01:56 GMT
x-content-type-options: nosniff
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 354
x-xss-protection: 1; mode=block
last-modified: Tue, 15 Mar 2022 10:01:56 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NkGNiwWvp19kYCTjDCPvO7P1vjda7yWGIvxNeqAaH9lBArMxxDPFE9JQDyNNNo5baJA2wODvbsEkGfFyUDexzfiMJpO6okrpL3o24DtS%2F69nxy4Z61ElRSJALt8Ep%2Fcv4C7RAyxGla8zpsrT"}],"group":"cf-nel","max_age":604800}
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=691200
accept-ranges: bytes
cf-ray: 6ec4691c4c8f3759-MXP

GET
H3 200 olimpiateodora.it
img.nets4.com/favs/ 678 B
1 KB 666ms
666ms Image
image/png 2a06:98c1:3121::7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://img.nets4.com/favs/olimpiateodora.it?size=16

Requested by

Host: nets4.com
URL: https://nets4.com/domain/secretofthieves.com

Protocol

Security

QUIC, , AES_128_GCM

Server

2a06:98c1:3121::7 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

260dde3e525c2a0fbdfe743a029fd2572c31c9ec0468ce6e31dace8ac18283f0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Tue, 15 Mar 2022 10:01:56 GMT
x-content-type-options: nosniff
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 678
x-xss-protection: 1; mode=block
last-modified: Tue, 15 Mar 2022 10:01:56 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=N7v1Dpi%2BTlxeFGFS5ZoNdrZqtpecU%2Frsz9t02Jq9n2S15jK4ieyRtWQYm1ydRgWmjYrEPGxZDKRRq%2BK0ZkTpbiRCbvl4um%2FoBoMypS1eK954F2wCnO%2BjabZd4s7xOho%2FDVVjZpCqyEtrknbe"}],"group":"cf-nel","max_age":604800}
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=691200
accept-ranges: bytes
cf-ray: 6ec4691c4c923759-MXP

GET
H3 200 ascem.org
img.nets4.com/favs/ 70 B
607 B 807ms
800ms Image
image/png 2a06:98c1:3121::7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://img.nets4.com/favs/ascem.org?size=16

Requested by

Host: nets4.com
URL: https://nets4.com/domain/secretofthieves.com

Protocol

Security

QUIC, , AES_128_GCM

Server

2a06:98c1:3121::7 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9681c0a0a13d8581f202bfaf62e53563ea6d0d6bd8e542b35b6d7c09b0e7b41b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Tue, 15 Mar 2022 10:01:56 GMT
x-content-type-options: nosniff
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 70
x-xss-protection: 1; mode=block
last-modified: Tue, 15 Mar 2022 10:01:56 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UjGw59IxN4Pyam%2Fc84%2F%2BcEOWpTRkVRH%2FQAy3ibdF9IfZmzSi5K8%2BQTc9TOpZyDTqY1K%2BsJH396GIiD1vK4rdZO%2BxG%2Ff0QPqnr23tnNReSAcRPZ2v9qjQKZ8HclTyiF1JraIAxCuLzYXFz5Lm"}],"group":"cf-nel","max_age":604800}
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=691200
accept-ranges: bytes
cf-ray: 6ec4691c6cb13759-MXP

GET
H3 200 virtualpiano.net
img.nets4.com/favs/ 770 B
1 KB 1301ms
1294ms Image
image/png 2a06:98c1:3121::7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://img.nets4.com/favs/virtualpiano.net?size=16

Requested by

Host: nets4.com
URL: https://nets4.com/domain/secretofthieves.com

Protocol

Security

QUIC, , AES_128_GCM

Server

2a06:98c1:3121::7 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9f847e3f9f8e574d2e5f3975b6297ebc7d3a38a3642a8ba1b9a1e610cc0b0742

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Tue, 15 Mar 2022 10:01:57 GMT
x-content-type-options: nosniff
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 770
x-xss-protection: 1; mode=block
last-modified: Tue, 15 Mar 2022 10:01:57 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=i%2B0pPx%2B%2FStqv%2BYbZ2pCswNuB0ZndlsmrSXruZY1wJF%2BD06DgHAOqelOAG%2BdDgSAkTISTwRT28rgFU8dVGIZ4RqSrmEO%2BshXlEebIKB%2FgpCYajkaNzzeEqBhm7J1TTUqQBbamBLy4NrLd2Cm8"}],"group":"cf-nel","max_age":604800}
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=691200
accept-ranges: bytes
cf-ray: 6ec4691c6cb43759-MXP

GET
H3 200 fishingfreaks.in
img.nets4.com/favs/ 724 B
1 KB 674ms
664ms Image
image/png 2a06:98c1:3121::7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://img.nets4.com/favs/fishingfreaks.in?size=16

Requested by

Host: nets4.com
URL: https://nets4.com/domain/secretofthieves.com

Protocol

Security

QUIC, , AES_128_GCM

Server

2a06:98c1:3121::7 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0b8ffe36078e2825883e837b8003a164f9e28470da2cec71a359d8a5f18b1671

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Tue, 15 Mar 2022 10:01:56 GMT
x-content-type-options: nosniff
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 724
x-xss-protection: 1; mode=block
last-modified: Tue, 15 Mar 2022 10:01:56 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FOJ%2BIZhL1b5MpLmHdBIvF0ClYVwH5pbWZndEHSCuosBpl%2BqteREQjr4WLBnLrO4L%2FhK2Uh%2FXK03U%2FDUSFSk53OuuMTB5pBT8xFyzQrj8oFGS%2BVO0vgCJXex2p0VPYUg3tiOO%2Fia8t7cp3lNC"}],"group":"cf-nel","max_age":604800}
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=691200
accept-ranges: bytes
cf-ray: 6ec4691c6cb63759-MXP

GET
H2 200 backlinks-discovery-chart
s0.nets4.com/charts/ 34 KB
35 KB 1259ms
1238ms Image
image/png 2a06:98c1:3121::7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.nets4.com/charts/backlinks-discovery-chart?d=secretofthieves.com&w=400&h=200&entries=12&ctype=2

Requested by

Host: nets4.com
URL: https://nets4.com/domain/secretofthieves.com

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a06:98c1:3121::7 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

138bda822534d4aad891af1546a31653dbb472110704e5371e396773293c3457

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors https://docs.google.com https://*.googleusercontent.com;
X-Content-Type-Options	nosniff
X-Frame-Options	ALLOW-FROM https://docs.google.com
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Tue, 15 Mar 2022 10:01:57 GMT
x-content-type-options: nosniff
cf-cache-status: BYPASS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-security-policy-report-only: default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' analytics.majesticseo.com analytics.majestic.com info.majestic.com https://www.googletagmanager.com www.google-analytics.com https://www.googleadservices.com/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://platform.twitter.com/;style-src 'self' 'unsafe-inline';img-src 'self' data: https:;font-src 'none';object-src 'none';media-src 'none';frame-src www.openstreetmap.org www.youtube.com https://www.google.com/recaptcha/ https://platform.twitter.com/ https://syndication.twitter.com/;child-src www.openstreetmap.org www.youtube.com https://www.google.com/recaptcha/ https://platform.twitter.com/ https://syndication.twitter.com/;frame-ancestors https://docs.google.com https://*.googleusercontent.com;report-uri /csp/report
content-disposition: filename=BacklinkHistoryChart.png
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 34713
x-xss-protection: 1; mode=block
server: cloudflare
x-frame-options: ALLOW-FROM https://docs.google.com
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Language, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bzg0muY%2BbgmSgCG8RNZTsngPTbHqHQo9dDG5onPFjhNBu029tAha9M5ifQCI3shznmWxGMjQSmDznAxbACJ1gGFWKns3Lr0HWh9GhtIUh0HixZSELdtJQ0Xa5hWDwA8%2B9ZCdMi1MZdiTy2U%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=604800
content-security-policy: frame-ancestors https://docs.google.com https://*.googleusercontent.com;
accept-ranges: bytes
cf-ray: 6ec4691c7b723747-MXP
expires: Tue, 22 Mar 2022 10:01:56 GMT

GET
H2 200 referring-domains-discovery
s0.nets4.com/charts/ 31 KB
32 KB 1377ms
1362ms Image
image/png 2a06:98c1:3121::7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.nets4.com/charts/referring-domains-discovery?d=secretofthieves.com&w=400&h=200&entries=12&ctype=2

Requested by

Host: nets4.com
URL: https://nets4.com/domain/secretofthieves.com

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a06:98c1:3121::7 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

511c0854b9aa16abb7e293306727a8c5f988063cfa9f45fc98d81398df8d582c

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors https://docs.google.com https://*.googleusercontent.com;
X-Content-Type-Options	nosniff
X-Frame-Options	ALLOW-FROM https://docs.google.com
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Tue, 15 Mar 2022 10:01:57 GMT
x-content-type-options: nosniff
cf-cache-status: BYPASS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-security-policy-report-only: default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' analytics.majesticseo.com analytics.majestic.com info.majestic.com https://www.googletagmanager.com www.google-analytics.com https://www.googleadservices.com/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://platform.twitter.com/;style-src 'self' 'unsafe-inline';img-src 'self' data: https:;font-src 'none';object-src 'none';media-src 'none';frame-src www.openstreetmap.org www.youtube.com https://www.google.com/recaptcha/ https://platform.twitter.com/ https://syndication.twitter.com/;child-src www.openstreetmap.org www.youtube.com https://www.google.com/recaptcha/ https://platform.twitter.com/ https://syndication.twitter.com/;frame-ancestors https://docs.google.com https://*.googleusercontent.com;report-uri /csp/report
content-disposition: filename=BacklinkHistoryChart.png
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 32163
x-xss-protection: 1; mode=block
server: cloudflare
x-frame-options: ALLOW-FROM https://docs.google.com
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Language, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HAPwEikqWdXqCYDFn5luMoBXooxNXOHAtaBzaFruO7sSiUCEw3rwSQxACR5IWVn8IToy%2FLOfj8AqFry7SnmFsgQFYorXHkFk6HrQodZZzeLbEo5NOfOP5BXOsLoh0P8Z1KpMp0%2F5wb5kFMw%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=604800
content-security-policy: frame-ancestors https://docs.google.com https://*.googleusercontent.com;
accept-ranges: bytes
cf-ray: 6ec4691c7b743747-MXP
expires: Tue, 22 Mar 2022 10:01:56 GMT

GET
H3 200 9anime.uk
img.nets4.com/favs/ 856 B
1 KB 148ms
146ms Image
image/png 2a06:98c1:3121::7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://img.nets4.com/favs/9anime.uk?size=16

Requested by

Host: nets4.com
URL: https://nets4.com/domain/secretofthieves.com

Protocol

Security

QUIC, , AES_128_GCM

Server

2a06:98c1:3121::7 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a82240ba5865f16da8ec7166c0b769aabc15f1f7ddcb4af1bc2f84d04de4ce57

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Tue, 15 Mar 2022 10:01:56 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 1081
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 856
x-xss-protection: 1; mode=block
last-modified: Tue, 15 Mar 2022 09:43:55 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FAb1EaMeEmSSpKMrmZxDA%2BDCPZegXVWCuKrxAA6WEQB6ayuETSXfX8sxGkYKyr1wHwi0r1DWepN9bpirUEnW2dEUI8Pbne6bvlwWJoTBHRX%2BpzcrEI0ymbolw1bmu8kNHcF%2F%2BuBE9RVV4Y8V"}],"group":"cf-nel","max_age":604800}
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=691200
accept-ranges: bytes
cf-ray: 6ec4691c6cb73759-MXP

GET
H3 200 9animes.org
img.nets4.com/favs/ 256 B
786 B 170ms
168ms Image
image/png 2a06:98c1:3121::7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://img.nets4.com/favs/9animes.org?size=16

Requested by

Host: nets4.com
URL: https://nets4.com/domain/secretofthieves.com

Protocol

Security

QUIC, , AES_128_GCM

Server

2a06:98c1:3121::7 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0b779b25e7ead2586d3bd38c2642843ed1e276e805598a45a9495fda0a99bf49

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Tue, 15 Mar 2022 10:01:56 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 1081
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 256
x-xss-protection: 1; mode=block
last-modified: Tue, 15 Mar 2022 09:43:55 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=712vjvUQZV6lEf1YCyhqFjmhmJY782kqW4wcjmVdkXWIuCsdBHoeeOat0OKd9S%2FYDOrkwy7nKX79vzjlSymQWEt0McPojoDDorNdOHP8iMNAIoctNsKiqIr2LVV2XiXFW7G9pFtLoAvfCNpD"}],"group":"cf-nel","max_age":604800}
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=691200
accept-ranges: bytes
cf-ray: 6ec4691c6cb93759-MXP

GET
H3 200 9animes.ru
img.nets4.com/favs/ 242 B
776 B 187ms
185ms Image
image/png 2a06:98c1:3121::7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://img.nets4.com/favs/9animes.ru?size=16

Requested by

Host: nets4.com
URL: https://nets4.com/domain/secretofthieves.com

Protocol

Security

QUIC, , AES_128_GCM

Server

2a06:98c1:3121::7 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

50fb88e3a2d413c5c0a0294b71e0da34829b2ec9444ba55af7e1d6935a4029a3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Tue, 15 Mar 2022 10:01:56 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 1082
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 242
x-xss-protection: 1; mode=block
last-modified: Tue, 15 Mar 2022 09:43:54 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lALfihXIgxTwZKnKrsF%2FbZe0fzz8ehyPhKlGnHhMEyYrJdHWvBQNdonBaqOaGX6fHUdMVqvwoID2sC7q7tPAeDP81msDbTNM3KSNH22%2FdouDIkirAVfiWACBeFlb4WqKqs6AX%2BHQke02%2Bq48"}],"group":"cf-nel","max_age":604800}
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=691200
accept-ranges: bytes
cf-ray: 6ec4691c6cbe3759-MXP

GET
H3 200 9animes.co
img.nets4.com/favs/ 70 B
599 B 169ms
166ms Image
image/png 2a06:98c1:3121::7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://img.nets4.com/favs/9animes.co?size=16

Requested by

Host: nets4.com
URL: https://nets4.com/domain/secretofthieves.com

Protocol

Security

QUIC, , AES_128_GCM

Server

2a06:98c1:3121::7 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9681c0a0a13d8581f202bfaf62e53563ea6d0d6bd8e542b35b6d7c09b0e7b41b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Tue, 15 Mar 2022 10:01:56 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 1082
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 70
x-xss-protection: 1; mode=block
last-modified: Tue, 15 Mar 2022 09:43:54 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pFrokcWxELLX3SxPIFIioUZZ0EVbi63kpUeCYK5xEjbJeX6t26D4rEASR2yshcdLegkeCdmZQnnKazWgATWI4ggTE5YRFd90OsW2Yztos4%2FnExwMuRy2RmePGrcO3uQdx3oUXY5hOlcXWc9s"}],"group":"cf-nel","max_age":604800}
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=691200
accept-ranges: bytes
cf-ray: 6ec4691c6cc13759-MXP

GET
H3 200 9animes.io
img.nets4.com/favs/ 70 B
606 B 170ms
168ms Image
image/png 2a06:98c1:3121::7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://img.nets4.com/favs/9animes.io?size=16

Requested by

Host: nets4.com
URL: https://nets4.com/domain/secretofthieves.com

Protocol

Security

QUIC, , AES_128_GCM

Server

2a06:98c1:3121::7 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9681c0a0a13d8581f202bfaf62e53563ea6d0d6bd8e542b35b6d7c09b0e7b41b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Tue, 15 Mar 2022 10:01:56 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 1081
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 70
x-xss-protection: 1; mode=block
last-modified: Tue, 15 Mar 2022 09:43:55 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=p2TX4D5YC4vF0gSbOKL%2BSKpszqboNYPcfGerqYopQJdCPQnGssvFKtYOnZM7NeiwBYSLkSYX0EOmc2C5CCaRHRz2ff4vr8%2BSLRMvEdGNkzj9gXZJHo9zmLFbEDYFp2QjcFSM%2Bq99MA%2FmKpNS"}],"group":"cf-nel","max_age":604800}
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=691200
accept-ranges: bytes
cf-ray: 6ec4691c6cc33759-MXP

GET
H3 200 9animes.cc
img.nets4.com/favs/ 242 B
783 B 108ms
106ms Image
image/png 2a06:98c1:3121::7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://img.nets4.com/favs/9animes.cc?size=16

Requested by

Host: nets4.com
URL: https://nets4.com/domain/secretofthieves.com

Protocol

Security

QUIC, , AES_128_GCM

Server

2a06:98c1:3121::7 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

50fb88e3a2d413c5c0a0294b71e0da34829b2ec9444ba55af7e1d6935a4029a3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Tue, 15 Mar 2022 10:01:55 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 1081
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 242
x-xss-protection: 1; mode=block
last-modified: Tue, 15 Mar 2022 09:43:54 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=aO4bIkHqng3X1EBZQ4DGqZW3pBaSWlx7JIVnTd%2F%2B08LDaI4VX2MUcHMI0Lq%2Bt5RR9HWVBCqbICM%2FCLiqZdtIzGS6tJTdD8AUvTzHS%2FbjjP9Py7jkBeei3uZgnXKE3SlNgVUa%2BEHpM9iES%2Fkp"}],"group":"cf-nel","max_age":604800}
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=691200
accept-ranges: bytes
cf-ray: 6ec4691c6cc53759-MXP

GET
H3 200 gowatchanime.net
img.nets4.com/favs/ 277 B
812 B 169ms
167ms Image
image/png 2a06:98c1:3121::7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://img.nets4.com/favs/gowatchanime.net?size=16

Requested by

Host: nets4.com
URL: https://nets4.com/domain/secretofthieves.com

Protocol

Security

QUIC, , AES_128_GCM

Server

2a06:98c1:3121::7 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

23e311959c8fa176ea4b2ef0de17b6b19e25a2e4c31a86bae8ca4316fd542220

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Tue, 15 Mar 2022 10:01:56 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 1080
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 277
x-xss-protection: 1; mode=block
last-modified: Tue, 15 Mar 2022 09:43:55 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=b50R%2FaHxX4zlFcSnHX8m3nlkO4znNiBRU59ddh4OC2PgvWnlSEeXXPtj%2BMDFqI77z2LaQNG7XwPXye%2FuwK33s7P61DZV6otcCtrMpOJspx%2BPnK9Fbjmr0nS12eDeB%2Be6oxtA8y3kmQQ8RPoa"}],"group":"cf-nel","max_age":604800}
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=691200
accept-ranges: bytes
cf-ray: 6ec4691c6cd73759-MXP

GET
H3 200 9anime.me
img.nets4.com/favs/ 242 B
778 B 130ms
128ms Image
image/png 2a06:98c1:3121::7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://img.nets4.com/favs/9anime.me?size=16

Requested by

Host: nets4.com
URL: https://nets4.com/domain/secretofthieves.com

Protocol

Security

QUIC, , AES_128_GCM

Server

2a06:98c1:3121::7 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

50fb88e3a2d413c5c0a0294b71e0da34829b2ec9444ba55af7e1d6935a4029a3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Tue, 15 Mar 2022 10:01:56 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 670110
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 242
x-xss-protection: 1; mode=block
last-modified: Mon, 07 Mar 2022 15:53:25 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FV9OJXWD9T8m%2BeMnMqwK1rebG8ow1Qv4dn0hzwBJ4veCVbLZTfeb78EnZFzhBpwZawZ0ywqWy0JDH%2FpbobhSJ58UixPWGw8nnYt6mhbJuU1UkQia3xCNZhIsU%2BUmHY4Q7%2FxBujkYbdUMxCJ9"}],"group":"cf-nel","max_age":604800}
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=691200
accept-ranges: bytes
cf-ray: 6ec4691c6cd93759-MXP

GET
H3 200 weecheck.io
img.nets4.com/favs/ 439 B
977 B 179ms
177ms Image
image/png 2a06:98c1:3121::7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://img.nets4.com/favs/weecheck.io?size=16

Requested by

Host: nets4.com
URL: https://nets4.com/domain/secretofthieves.com

Protocol

Security

QUIC, , AES_128_GCM

Server

2a06:98c1:3121::7 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e5dc577d94f9f87f94a797846949133a3184e78e0832261a841188d3d65966b0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Tue, 15 Mar 2022 10:01:56 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 7903
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 439
x-xss-protection: 1; mode=block
last-modified: Tue, 15 Mar 2022 07:50:13 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lkYS3nGU%2FI66TN3G2DuRcXjva0xFtiMeX%2F2I8ZzHif5kq1ApRj%2B4S9tr3p22x0UM8zfRBh0xyXlyszuShGckyUWLsqKnF1PdCpLWdOHX8h6ut%2FRWWjnbYLY%2B3sjhP%2FDbrkS4aSq70xl3QrW5"}],"group":"cf-nel","max_age":604800}
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=691200
accept-ranges: bytes
cf-ray: 6ec4691c6cdd3759-MXP

GET
H3 200 ket.org
img.nets4.com/favs/ 70 B
601 B 168ms
166ms Image
image/png 2a06:98c1:3121::7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://img.nets4.com/favs/ket.org?size=16

Requested by

Host: nets4.com
URL: https://nets4.com/domain/secretofthieves.com

Protocol

Security

QUIC, , AES_128_GCM

Server

2a06:98c1:3121::7 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9681c0a0a13d8581f202bfaf62e53563ea6d0d6bd8e542b35b6d7c09b0e7b41b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Tue, 15 Mar 2022 10:01:56 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 9944
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 70
x-xss-protection: 1; mode=block
last-modified: Tue, 15 Mar 2022 07:16:11 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6ZjOcJIA9gCRoqVPRJRC8YPDMSj314nPGuYMNm7DOR12PGKc4OjmCfO%2F90gUvFBmXW71BEp5sLxqEsdkVMWYB2HZn74YBUiluSFoxUl9Xhk0aOFVDhUPlNxAXcq9dHjzDmaWSovpknHU5n4w"}],"group":"cf-nel","max_age":604800}
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=691200
accept-ranges: bytes
cf-ray: 6ec4691c6cde3759-MXP

POST
H3 200 collect Show response
www.google-analytics.com/j/ 2 B
22 B 30ms
15ms XHR
text/plain 2a00:1450:4001:803::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j96&a=2025744647&t=pageview&_s=1&dl=https%3A%2F%2Fnets4.com%2Fdomain%2Fsecretofthieves.com&ul=en-us&de=UTF-8&dt=Secretofthieves%20domain%20statistics%20-%20Secretofthieves.com&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IEBAAEABAAAAAC~&jid=561826956&gjid=1414272026&cid=1671851228.1647338516&tid=UA-123511935-10&_gid=520835375.1647338516&_r=1&_slc=1&z=1383685085

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

a048e640908046be06e00eab37742b5d5ff80964af58cfd22f7cb2de4dfe375f

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://nets4.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 15 Mar 2022 10:01:56 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://nets4.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 550j6zn5gn Show response
www.clarity.ms/tag/ 730 B
1 KB 398ms
149ms Script
application/x-javascript 2620:1ec:27::cafe:2193
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.clarity.ms/tag/550j6zn5gn
Requested by: Host: nets4.com
URL: https://nets4.com/domain/secretofthieves.com
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:27::cafe:2193 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: / ASP.NET
Resource Hash: 5ad4775e1fe1f79812db4a03e8a5385a2b542639587bbadfed3f6fe83752f8b5

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Tue, 15 Mar 2022 10:01:56 GMT
x-powered-by: ASP.NET
x-azure-ref: 0FGQwYgAAAAC62FvRogZ5TIptExNvhRnLU09GMDFFREdFMDQxOQA2Y2ZiZWVlMC01MDI3LTQ4NGItODk2Ny00YTI5YWY3N2YxZTE=
x-cache: CONFIG_NOCACHE
content-type: application/x-javascript
expires: -1
cache-control: no-cache, no-store
request-context: appId=cid-v1:3f60b293-70d6-4805-b0bb-3484f0a73bf0

GET
H2 200 clarity.js Show response
j.clarity.ms/s/0.6.32/ 53 KB
23 KB 298ms
97ms Script
application/javascript 20.85.30.134
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://j.clarity.ms/s/0.6.32/clarity.js
Requested by: Host: www.clarity.ms
URL: https://www.clarity.ms/tag/550j6zn5gn
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 20.85.30.134 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: 3701cadc5fc84e8ad639f83a87e20d82575e3cc28d479d73a0e66e5230e71c65

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Tue, 15 Mar 2022 10:01:56 GMT
content-encoding: br
etag: "1d8314040aa9e90"
last-modified: Sun, 06 Mar 2022 09:55:04 GMT
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET
vary: Accept-Encoding
content-type: application/javascript;charset=utf-8
cache-control: public,max-age=86400
accept-ranges: bytes
request-context: appId=cid-v1:3f60b293-70d6-4805-b0bb-3484f0a73bf0

GET
H2 200 / Show response
api.purpleads.io/x/ 5 KB
2 KB 401ms
134ms Fetch
application/json 52.205.246.54
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://api.purpleads.io/x/?ts=1647338516864
Requested by: Host: cdn.purpleads.io
URL: https://cdn.purpleads.io/load.js?publisherId=344ad2e45bc351c4ada152793585a015:8aed5d81ec539e8e6c45776fc6ee38d0aa92f5aeb356bf9114996f6476591916247996f56f76a9fe14770cd4806b54edb29d6938615ba1769d3b435fb1fcd83b
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.205.246.54 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-205-246-54.compute-1.amazonaws.com
Software: /
Resource Hash: bf2f851aba887c7afd0965b3257fe29148ab997e0d447a449b28c130abdaca11

Request headers

Accept-Language: de-DE,de;q=0.9
Authorization: Bearer 344ad2e45bc351c4ada152793585a015:8aed5d81ec539e8e6c45776fc6ee38d0aa92f5aeb356bf9114996f6476591916247996f56f76a9fe14770cd4806b54edb29d6938615ba1769d3b435fb1fcd83b
x-request-url: aHR0cHM6Ly9uZXRzNC5jb20vZG9tYWluL3NlY3JldG9mdGhpZXZlcy5jb20=
Accept: application/json
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: application/json
x-purpleads-version: 0.4.13

Response headers

date: Tue, 15 Mar 2022 10:01:57 GMT
content-encoding: gzip
etag: W/"12c0-9wntuDtGgoQK71bU/WFUIQ8A8hI"
vary: Accept-Encoding
access-control-allow-methods: GET, PUT, POST, DELETE, HEAD, OPTIONS
content-type: application/json; charset=utf-8
access-control-allow-origin: https://nets4.com
access-control-allow-credentials: true
x-request-id: ad00394d-ef62-4306-aa06-42a95357d9a4

GET
H2 200 agent.js Show response
cdn.purpleads.io/ 35 KB
11 KB 8ms
7ms Script
application/javascript 13.32.99.102
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.purpleads.io/agent.js?publisherId=344ad2e45bc351c4ada152793585a015:8aed5d81ec539e8e6c45776fc6ee38d0aa92f5aeb356bf9114996f6476591916247996f56f76a9fe14770cd4806b54edb29d6938615ba1769d3b435fb1fcd83b
Requested by: Host: nets4.com
URL: https://nets4.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.99.102 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-99-102.fra60.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 1d07bcab4c15f3ff3b56d0b5c9f44c3dd1c7266eb5788bfbc09f02822b07de0c

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Tue, 15 Mar 2022 09:36:56 GMT
content-encoding: gzip
last-modified: Tue, 15 Mar 2022 09:36:51 GMT
server: AmazonS3
age: 1501
etag: "6b17cf687f43a8f73178a58f89d7d60e"
x-cache: Hit from cloudfront
content-type: application/javascript
via: 1.1 987865b81ba895db5b3f56f8ae175c84.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA60-P3
accept-ranges: bytes
content-length: 10487
x-amz-cf-id: 5oBlu2fUiFzTk4u-_jB8agR_cdcIaKN-XlWparpRZTRN5LYdX1jNAA==

OPTIONS
H2 200 /
api.purpleads.io/x/ Frame 0
0 318ms
101ms Preflight 52.205.246.54
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://api.purpleads.io/x/?ts=1647338516864
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.205.246.54 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-205-246-54.compute-1.amazonaws.com
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: GET
Access-Control-Request-Headers: authorization,content-type,x-purpleads-version,x-request-url
Origin: https://nets4.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

date: Tue, 15 Mar 2022 10:01:57 GMT
access-control-allow-origin: https://nets4.com
access-control-allow-credentials: true
access-control-allow-methods: GET, PUT, POST, DELETE, HEAD, OPTIONS
access-control-allow-headers: authorization,content-type,x-purpleads-version,x-request-url
x-request-id: 565a4b29-ad2b-4816-a919-a7bb691f9cb4

GET
H2 200 sm.22.html Show response
static.addtoany.com/menu/ Frame 362D 278 B
651 B 96ms
66ms Document
text/html 2606:4700:10::6816:47c5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.addtoany.com/menu/sm.22.html

Requested by

Host: nets4.com
URL: https://nets4.com/assets/js/sharebutton.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:47c5 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4fef239ebd936e96f316dee1aca599952e7adaaba26fab72b45328871855ac4b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/

Response headers

date: Tue, 15 Mar 2022 10:01:56 GMT
content-type: text/html; charset=utf-8
p3p: CP="ALL DSP COR CURa ADMa DEVa TAIa PSAa PSDa OUR IND UNI COM NAV INT"
last-modified: Tue, 28 Sep 2021 21:02:23 GMT
etag: W/"116-5cd1487afaaea"
cache-control: max-age=315360000, immutable
vary: Accept-Encoding
via: e2s
cf-cache-status: HIT
age: 2378374
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 6ec46922c8350204-ZRH
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
DATA 200
OK truncated
/ 34 B
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 1e85ec81b9800b4c443d39caca0d0926089a3ac201120db1ceb45b93789480b8

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Content-Type: image/gif

OPTIONS
H2 200 init
api.purpleads.io/x/ Frame 0
0 269ms
101ms Preflight 52.205.246.54
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://api.purpleads.io/x/init?ts=1647338516914
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.205.246.54 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-205-246-54.compute-1.amazonaws.com
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: GET
Access-Control-Request-Headers: authorization,content-type,x-purpleads-version,x-request-url
Origin: https://nets4.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

date: Tue, 15 Mar 2022 10:01:57 GMT
access-control-allow-origin: https://nets4.com
access-control-allow-credentials: true
access-control-allow-methods: GET, PUT, POST, DELETE, HEAD, OPTIONS
access-control-allow-headers: authorization,content-type,x-purpleads-version,x-request-url
x-request-id: 6f74e73a-d26f-4ef1-b316-063c5ec38ae2

GET
H2 200 init Show response
api.purpleads.io/x/ 68 B
358 B 352ms
84ms Fetch
application/json 52.205.246.54
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://api.purpleads.io/x/init?ts=1647338516914
Requested by: Host: cdn.purpleads.io
URL: https://cdn.purpleads.io/agent.js?publisherId=344ad2e45bc351c4ada152793585a015:8aed5d81ec539e8e6c45776fc6ee38d0aa92f5aeb356bf9114996f6476591916247996f56f76a9fe14770cd4806b54edb29d6938615ba1769d3b435fb1fcd83b
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.205.246.54 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-205-246-54.compute-1.amazonaws.com
Software: /
Resource Hash: 587259314084a04755f0dfb2d0f0e9f07bdf03a575352e366e308d2e19cfc70a

Request headers

Accept-Language: de-DE,de;q=0.9
Authorization: Bearer 344ad2e45bc351c4ada152793585a015:8aed5d81ec539e8e6c45776fc6ee38d0aa92f5aeb356bf9114996f6476591916247996f56f76a9fe14770cd4806b54edb29d6938615ba1769d3b435fb1fcd83b
x-request-url: aHR0cHM6Ly9uZXRzNC5jb20vZG9tYWluL3NlY3JldG9mdGhpZXZlcy5jb20=
Accept: application/json
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: application/json
x-purpleads-version: 2.0.31

Response headers

date: Tue, 15 Mar 2022 10:01:57 GMT
etag: W/"44-Pm5SJt3t2KI5gMvsRd3GV+dxT2U"
vary: Accept-Encoding
access-control-allow-methods: GET, PUT, POST, DELETE, HEAD, OPTIONS
content-type: application/json; charset=utf-8
access-control-allow-origin: https://nets4.com
access-control-allow-credentials: true
content-length: 68
x-request-id: 788c798f-8d78-4309-a7db-b0001e28c858

GET
H3 200 marker-icon.png
cdnjs.cloudflare.com/ajax/libs/leaflet/1.7.1/images/ 1 KB
2 KB 30ms
30ms Image
image/png 2606:4700::6810:135e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdnjs.cloudflare.com/ajax/libs/leaflet/1.7.1/images/marker-icon.png

Requested by

Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/leaflet/1.7.1/leaflet.min.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6810:135e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

574c3a5cca85f4114085b6841596d62f00d7c892c7b03f28cbfa301deb1dc437

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://cdnjs.cloudflare.com/ajax/libs/leaflet/1.7.1/leaflet.min.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Tue, 15 Mar 2022 10:01:56 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 23347104
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 1470
cf-request-id: 0abf077ea700000219fc8f9000000001
timing-allow-origin: *
last-modified: Thu, 03 Sep 2020 12:27:01 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5f50e115-5ba"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zF6EuZvDvFZVilsXtTbJevgrKJfUL047P%2B7Yr8Ot3q%2FgO7Y1FWstspiR4hPyaxM15i2v8pEDTfatOluBTqkbmIEKdqT%2BNvniJedQByWA2RurTo219M3F26jkwwD8SBSbiU4SEqTgRNNlYKFQt9PIrlgE"}],"group":"cf-nel","max_age":604800}
content-type: image/png; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=30672000
accept-ranges: bytes
cf-ray: 6ec469230c26020d-ZRH
expires: Sun, 05 Mar 2023 10:01:56 GMT

GET
H2 200 2.png
a.tile.openstreetmap.org/3/1/ 8 KB
9 KB 72ms
15ms Image
image/png 2a04:4e42:400::649
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://a.tile.openstreetmap.org/3/1/2.png

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:400::649 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Apache/2.4.41 (Ubuntu) /

Resource Hash

3b322c9030883acdb559f857024b4ef3ab7574712b635b6e3db135749e32e1fe

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 varnish
etag: "cb5643e63f3bc4f3e5c38d2017293c13"
age: 121096
x-cache: HIT
x-cache-hits: 57
content-length: 8528
x-served-by: cache-mxp6930-MXP
server: Apache/2.4.41 (Ubuntu)
x-timer: S1647338517.045850,VS0,VE0
date: Tue, 15 Mar 2022 10:01:57 GMT
expect-ct: max-age=0
content-type: image/png
access-control-allow-origin: *
x-tilerender: odin.openstreetmap.org
cache-control: max-age=47349, stale-while-revalidate=604800, stale-if-error=604800
accept-ranges: bytes
expires: Tue, 01 Mar 2022 18:43:47 GMT

GET
H2 200 2.png
b.tile.openstreetmap.org/3/2/ 11 KB
11 KB 84ms
25ms Image
image/png 2a04:4e42:600::649
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.tile.openstreetmap.org/3/2/2.png

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:600::649 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Apache/2.4.41 (Ubuntu) /

Resource Hash

3c865f9ba19b80bbab61230ac6f099d6c605af2b21615415338a9bfa471c863a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 varnish
etag: "c7b1ee252c1accd2fea964a71de354de"
age: 175906
x-cache: HIT
x-cache-hits: 102
content-length: 11092
x-served-by: cache-mxp6978-MXP
server: Apache/2.4.41 (Ubuntu)
x-timer: S1647338517.050908,VS0,VE0
date: Tue, 15 Mar 2022 10:01:57 GMT
expect-ct: max-age=0
content-type: image/png
access-control-allow-origin: *
x-tilerender: odin.openstreetmap.org
cache-control: max-age=86743, stale-while-revalidate=604800, stale-if-error=604800
accept-ranges: bytes
expires: Fri, 04 Mar 2022 14:03:09 GMT

GET
H2 200 3.png
b.tile.openstreetmap.org/3/1/ 4 KB
4 KB 77ms
24ms Image
image/png 2a04:4e42:600::649
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.tile.openstreetmap.org/3/1/3.png

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:600::649 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Apache/2.4.41 (Ubuntu) /

Resource Hash

516fadf20aefdc9565d38ff12fd35aa4262d20408dace2f5849cd191119496c0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 varnish
etag: "bc52a0f704ebee39a8cb5a58715363ce"
age: 144656
x-cache: HIT
x-cache-hits: 59
content-length: 3910
x-served-by: cache-mxp6978-MXP
server: Apache/2.4.41 (Ubuntu)
x-timer: S1647338517.050988,VS0,VE0
date: Tue, 15 Mar 2022 10:01:57 GMT
expect-ct: max-age=0
content-type: image/png
access-control-allow-origin: *
x-tilerender: nidhogg.openstreetmap.org
cache-control: max-age=86861, stale-while-revalidate=604800, stale-if-error=604800
accept-ranges: bytes
expires: Fri, 04 Mar 2022 17:56:46 GMT

GET
H2 200 3.png
c.tile.openstreetmap.org/3/2/ 5 KB
6 KB 66ms
15ms Image
image/png 2a04:4e42:400::649
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://c.tile.openstreetmap.org/3/2/3.png

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:400::649 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Apache/2.4.41 (Ubuntu) /

Resource Hash

c6cd28b8f48cd9c890723dbd16c6847083e7c322af81fc3da91b9730ac576658

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 varnish
etag: "7c25652ac6639939d717ee7de6a8d342"
age: 191868
x-cache: HIT
x-cache-hits: 90
content-length: 5621
x-served-by: cache-mxp6974-MXP
server: Apache/2.4.41 (Ubuntu)
x-timer: S1647338517.046168,VS0,VE0
date: Tue, 15 Mar 2022 10:01:57 GMT
expect-ct: max-age=0
content-type: image/png
access-control-allow-origin: *
x-tilerender: odin.openstreetmap.org
cache-control: max-age=21585, stale-while-revalidate=604800, stale-if-error=604800
accept-ranges: bytes
expires: Mon, 28 Feb 2022 09:08:49 GMT

GET
H2 200 2.png
c.tile.openstreetmap.org/3/0/ 5 KB
5 KB 70ms
19ms Image
image/png 2a04:4e42:400::649
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://c.tile.openstreetmap.org/3/0/2.png

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:400::649 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Apache/2.4.41 (Ubuntu) /

Resource Hash

dea6d9b977b06e1be6dbf3fc5118a1d8bfca410f14b6c4ad64ec07c057d4783c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 varnish
etag: "a97b0ae3a1c931b59d9503c0fb773d21"
age: 169344
x-cache: HIT
x-cache-hits: 40
content-length: 4699
x-served-by: cache-mxp6974-MXP
server: Apache/2.4.41 (Ubuntu)
x-timer: S1647338517.046366,VS0,VE0
date: Tue, 15 Mar 2022 10:01:57 GMT
expect-ct: max-age=0
content-type: image/png
access-control-allow-origin: *
x-tilerender: odin.openstreetmap.org
cache-control: max-age=37902, stale-while-revalidate=604800, stale-if-error=604800
accept-ranges: bytes
expires: Tue, 01 Mar 2022 01:35:01 GMT

GET
H2 200 2.png
c.tile.openstreetmap.org/3/3/ 5 KB
5 KB 66ms
15ms Image
image/png 2a04:4e42:400::649
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://c.tile.openstreetmap.org/3/3/2.png

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:400::649 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Apache/2.4.41 (Ubuntu) /

Resource Hash

c87dc7d9c212984118785676c741a202f5cac746b7b003298a930ed56316e51f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 varnish
etag: "9a69d3f3c4dff9f5588aaa850c1c6140"
age: 217949
x-cache: HIT
x-cache-hits: 1102
content-length: 4828
x-served-by: cache-mxp6974-MXP
server: Apache/2.4.41 (Ubuntu)
x-timer: S1647338517.046251,VS0,VE0
date: Tue, 15 Mar 2022 10:01:57 GMT
expect-ct: max-age=0
content-type: image/png
access-control-allow-origin: *
x-tilerender: nidhogg.openstreetmap.org
cache-control: max-age=79311, stale-while-revalidate=604800, stale-if-error=604800
accept-ranges: bytes
expires: Fri, 04 Mar 2022 11:01:04 GMT

GET
H2 200 3.png
a.tile.openstreetmap.org/3/0/ 249 B
440 B 67ms
19ms Image
image/png 2a04:4e42:400::649
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://a.tile.openstreetmap.org/3/0/3.png

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:400::649 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Apache/2.4.41 (Ubuntu) /

Resource Hash

6ad584690f7fa3e788ea1df9a6a567211be5d9d627908e9339e84e99efe70126

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 varnish
etag: "07a14efdf923d78dad7320032b8d412c"
age: 49288
x-cache: HIT
x-cache-hits: 9
content-length: 249
x-served-by: cache-mxp6930-MXP
server: Apache/2.4.41 (Ubuntu)
x-timer: S1647338517.045937,VS0,VE0
date: Tue, 15 Mar 2022 10:01:57 GMT
expect-ct: max-age=0
content-type: image/png
access-control-allow-origin: *
x-tilerender: nidhogg.openstreetmap.org
cache-control: max-age=160453, stale-while-revalidate=604800, stale-if-error=604800
accept-ranges: bytes
expires: Wed, 09 Mar 2022 23:47:36 GMT

GET
H2 200 3.png
a.tile.openstreetmap.org/3/3/ 5 KB
5 KB 67ms
20ms Image
image/png 2a04:4e42:400::649
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://a.tile.openstreetmap.org/3/3/3.png

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:400::649 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Apache/2.4.41 (Ubuntu) /

Resource Hash

15f97543ff4d546609111ebf1c117bbe16c5fe852fa7e826204b74566e91a8f7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 varnish
etag: "c947e22ac6e5f0475ad3445622a32d51"
age: 162792
x-cache: HIT
x-cache-hits: 980
content-length: 4834
x-served-by: cache-mxp6930-MXP
server: Apache/2.4.41 (Ubuntu)
x-timer: S1647338517.045991,VS0,VE0
date: Tue, 15 Mar 2022 10:01:57 GMT
expect-ct: max-age=0
content-type: image/png
access-control-allow-origin: *
x-tilerender: odin.openstreetmap.org
cache-control: max-age=35138, stale-while-revalidate=604800, stale-if-error=604800
accept-ranges: bytes
expires: Tue, 01 Mar 2022 01:58:14 GMT

GET
H3 200 marker-shadow.png
cdnjs.cloudflare.com/ajax/libs/leaflet/1.7.1/images/ 618 B
1 KB 23ms
21ms Image
image/png 2606:4700::6810:135e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdnjs.cloudflare.com/ajax/libs/leaflet/1.7.1/images/marker-shadow.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6810:135e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

264f5c640339f042dd729062cfc04c17f8ea0f29882b538e3848ed8f10edb4da

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Tue, 15 Mar 2022 10:01:57 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 23566331
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 622
cf-request-id: 0ab1f65efa000023af51afc000000001
timing-allow-origin: *
last-modified: Thu, 03 Sep 2020 12:27:01 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5f50e115-26a"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=aDW8xNwTEO01xAzNE7sP02UqjZeHdlHm4BzBkTh13GMrG5HojPSCL0W37M5qxEgSBnoExDzwR4aJZE6be7JSYyPBCrKz0RW2o%2BJH5QcQW4MkQZgHjyZewTqFPp7yg0%2BC5nawt%2F%2Bnk7lXxykSHja%2B0qEx"}],"group":"cf-nel","max_age":604800}
content-type: image/png; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=30672000
accept-ranges: bytes
cf-ray: 6ec469233c80020d-ZRH
expires: Sun, 05 Mar 2023 10:01:57 GMT

GET
H2

200

c.gif
c.clarity.ms/
Redirect Chain

https://c.clarity.ms/c.gif
https://c.bing.com/c.gif?CtsSyncId=F3B85C00E8BD4002B028A8D161B517D1&RedC=c.clarity.ms&MXFR=14FD26EB018B6EAE309A3783058B604E
https://c.clarity.ms/c.gif?CtsSyncId=F3B85C00E8BD4002B028A8D161B517D1&MUID=2B4C9FBB567663C808F88ED357A46224

42 B
369 B

34ms
34ms

Image
image/gif

52.142.114.2
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://c.clarity.ms/c.gif?CtsSyncId=F3B85C00E8BD4002B028A8D161B517D1&MUID=2B4C9FBB567663C808F88ED357A46224
Protocol: H2
Server: 52.142.114.2 Dublin, Ireland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: 99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 15 Mar 2022 10:01:57 GMT
last-modified: Mon, 28 Feb 2022 22:29:30 GMT
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET
etag: "7c5ed6a6f22cd81:0"
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
cache-control: private, no-cache, proxy-revalidate, no-store
accept-ranges: bytes
content-type: image/gif
content-length: 42

Redirect headers

pragma: no-cache
date: Tue, 15 Mar 2022 10:01:57 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: B234C903E7CB483DBE0506F5DCC00916 Ref B: FRAEDGE1220 Ref C: 2022-03-15T10:01:57Z
x-powered-by: ASP.NET
x-cache: CONFIG_NOCACHE
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
location: https://c.clarity.ms/c.gif?CtsSyncId=F3B85C00E8BD4002B028A8D161B517D1&MUID=2B4C9FBB567663C808F88ED357A46224
cache-control: private, no-cache, proxy-revalidate, no-store
content-length: 0

GET
H3 200 icons.29.svg.js Show response
static.addtoany.com/menu/svg/ 78 KB
33 KB 46ms
28ms Script
application/javascript 2606:4700:10::6816:47c5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.addtoany.com/menu/svg/icons.29.svg.js

Requested by

Host: nets4.com
URL: https://nets4.com/assets/js/sharebutton.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:10::6816:47c5 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e30f848c353b8ab801c18d2109527cb32a27f145262dccb3cd4db9f309cc53bb

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Tue, 15 Mar 2022 10:01:57 GMT
via: e2s
x-content-type-options: nosniff
cf-cache-status: HIT
age: 28205346
p3p: CP="ALL DSP COR CURa ADMa DEVa TAIa PSAa PSDa OUR IND UNI COM NAV INT"
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Mon, 31 Dec 2018 23:29:11 GMT
server: cloudflare
etag: W/"13937-57e59c7b88bd6"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
vary: Accept-Encoding
cache-control: max-age=315360000, immutable
cf-ray: 6ec469235b7c233d-ZRH
cf-bgj: minify

POST
H2 204 collect Show response
j.clarity.ms/ 0
65 B 97ms
95ms XHR
text/plain 20.85.30.134
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://j.clarity.ms/collect
Requested by: Host: j.clarity.ms
URL: https://j.clarity.ms/s/0.6.32/clarity.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 20.85.30.134 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: application/x-clarity-gzip
Referer: https://nets4.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

access-control-allow-origin: https://nets4.com
date: Tue, 15 Mar 2022 10:01:56 GMT
access-control-allow-credentials: true
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET
request-context: appId=cid-v1:3f60b293-70d6-4805-b0bb-3484f0a73bf0

GET
H2 200 recaptcha__de.js Show response
www.gstatic.com/recaptcha/releases/85AXn53af-oJBEtL2o2WpAjZ/ 360 KB
142 KB 44ms
8ms Script
text/javascript 2a00:1450:4001:827::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/85AXn53af-oJBEtL2o2WpAjZ/recaptcha__de.js

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/api.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

15f9c75454fbc8c7a512938af4ebbe852cd2fe82b8bd32ec98222a231b8a7e12

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://nets4.com/
Origin: https://nets4.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Tue, 15 Mar 2022 09:26:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 2136
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 145081
x-xss-protection: 0
last-modified: Mon, 07 Mar 2022 05:02:21 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
vary: Accept-Encoding
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 15 Mar 2023 09:26:21 GMT

GET
H3 200 pica.js
nets4.com/cdn-cgi/challenge-platform/h/g/scripts/ 19 KB
7 KB 44ms
43ms Other
text/javascript 2a06:98c1:3121::7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://nets4.com/cdn-cgi/challenge-platform/h/g/scripts/pica.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a06:98c1:3121::7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 080b5d151fa93bf62abd2e13eaf283b353bf59a4a5d6907257f360a4975e5d72

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/domain/secretofthieves.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Tue, 15 Mar 2022 10:01:57 GMT
content-encoding: br
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Kf9qSI%2F5n0%2Bt9sjapEFveA7K5neyyHsI0yYNxW8qWj%2Fv9%2F3hCdlfxhKtQ9wNQgqkj0kav%2BwbwJrG2L0SoqSL3YItFNuft7DprX7qG4L2%2BSCr4IzHRqKjnAPoQxXM00uLSKvbng7J%2BaU%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/javascript
cache-control: max-age=604800, public
x-control-type-options: nosniff
cf-ray: 6ec469235d283759-MXP
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

POST
H2 200 rum Show response
cloudflareinsights.com/cdn-cgi/ 0
77 B 36ms
36ms XHR
text/plain 2606:4700::6810:5e41
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cloudflareinsights.com/cdn-cgi/rum

Requested by

Host: static.cloudflareinsights.com
URL: https://static.cloudflareinsights.com/beacon.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:5e41 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://nets4.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
content-type: application/json

Response headers

date: Tue, 15 Mar 2022 10:01:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cloudflare
x-frame-options: DENY
access-control-allow-methods: POST,OPTIONS
content-type: text/plain
access-control-allow-origin: https://nets4.com
access-control-max-age: 86400
access-control-allow-credentials: true
cf-ray: 6ec46923ed0423df-ZRH
vary: Origin

OPTIONS
H2 200 rum
cloudflareinsights.com/cdn-cgi/ Frame 0
0 89ms
17ms Preflight
text/plain 2606:4700::6810:5e41
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cloudflareinsights.com/cdn-cgi/rum

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:5e41 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Origin: https://nets4.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

date: Tue, 15 Mar 2022 10:01:57 GMT
content-type: text/plain
access-control-allow-origin: https://nets4.com
access-control-allow-methods: POST,OPTIONS
access-control-allow-headers: Content-Type
access-control-max-age: 86400
vary: Origin
access-control-allow-credentials: true
server: cloudflare
cf-ray: 6ec46923ccc423df-ZRH
x-frame-options: DENY
x-content-type-options: nosniff
content-encoding: gzip

GET
H2 200 / Show response
api.purpleads.io/x/b/ 9 KB
2 KB 288ms
102ms Fetch
application/json 52.205.246.54
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://api.purpleads.io/x/b/?idx=0&pid=ac1c5bbb03a54529845c08c8933e68e0&sizes=[[728,90],[468,60],[200,200],[320,100],[320,50],[300,100]]&slotid=9929bd44-49ea-4d75-b0b5-36b76d13291c&ts=1647338517142
Requested by: Host: cdn.purpleads.io
URL: https://cdn.purpleads.io/agent.js?publisherId=344ad2e45bc351c4ada152793585a015:8aed5d81ec539e8e6c45776fc6ee38d0aa92f5aeb356bf9114996f6476591916247996f56f76a9fe14770cd4806b54edb29d6938615ba1769d3b435fb1fcd83b
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.205.246.54 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-205-246-54.compute-1.amazonaws.com
Software: /
Resource Hash: 032bfb2ff87753a4d3761d04e94e16791dacdfd107a18ecaea1f64e72aeb9c64

Request headers

Accept-Language: de-DE,de;q=0.9
Authorization: Bearer 344ad2e45bc351c4ada152793585a015:8aed5d81ec539e8e6c45776fc6ee38d0aa92f5aeb356bf9114996f6476591916247996f56f76a9fe14770cd4806b54edb29d6938615ba1769d3b435fb1fcd83b
x-request-url: aHR0cHM6Ly9uZXRzNC5jb20vZG9tYWluL3NlY3JldG9mdGhpZXZlcy5jb20=
Accept: application/json
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: application/json
x-purpleads-version: 2.0.31

Response headers

date: Tue, 15 Mar 2022 10:01:57 GMT
content-encoding: gzip
etag: W/"2429-pRr2u5GP2Wtch3gZf2ZfC1lNUdo"
vary: Accept-Encoding
access-control-allow-methods: GET, PUT, POST, DELETE, HEAD, OPTIONS
content-type: application/json; charset=utf-8
access-control-allow-origin: https://nets4.com
access-control-allow-credentials: true
x-request-id: 357ea5c1-ffb7-4d92-9933-20515746d1db

GET
H2 200 / Show response
api.purpleads.io/x/b/ 9 KB
2 KB 301ms
132ms Fetch
application/json 52.205.246.54
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://api.purpleads.io/x/b/?idx=1&pid=ac1c5bbb03a54529845c08c8933e68e0&sizes=[[728,90],[468,60],[200,200],[320,100],[320,50],[300,100]]&slotid=9c4c9361-0953-40dc-8e42-4504bbe88b67&ts=1647338517143
Requested by: Host: cdn.purpleads.io
URL: https://cdn.purpleads.io/agent.js?publisherId=344ad2e45bc351c4ada152793585a015:8aed5d81ec539e8e6c45776fc6ee38d0aa92f5aeb356bf9114996f6476591916247996f56f76a9fe14770cd4806b54edb29d6938615ba1769d3b435fb1fcd83b
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.205.246.54 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-205-246-54.compute-1.amazonaws.com
Software: /
Resource Hash: 14bc30928b69dc755262170d33c94e3d26e7ab45071936e21b9a5e5cadb3ee51

Request headers

Accept-Language: de-DE,de;q=0.9
Authorization: Bearer 344ad2e45bc351c4ada152793585a015:8aed5d81ec539e8e6c45776fc6ee38d0aa92f5aeb356bf9114996f6476591916247996f56f76a9fe14770cd4806b54edb29d6938615ba1769d3b435fb1fcd83b
x-request-url: aHR0cHM6Ly9uZXRzNC5jb20vZG9tYWluL3NlY3JldG9mdGhpZXZlcy5jb20=
Accept: application/json
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: application/json
x-purpleads-version: 2.0.31

Response headers

date: Tue, 15 Mar 2022 10:01:57 GMT
content-encoding: gzip
etag: W/"2429-AkG1yFzKrRkr3/TMxSQ7x13h/tg"
vary: Accept-Encoding
access-control-allow-methods: GET, PUT, POST, DELETE, HEAD, OPTIONS
content-type: application/json; charset=utf-8
access-control-allow-origin: https://nets4.com
access-control-allow-credentials: true
x-request-id: faa78896-c661-47f7-8ec3-90c543ab4200

GET
H2 200 / Show response
api.purpleads.io/x/b/ 9 KB
2 KB 272ms
95ms Fetch
application/json 52.205.246.54
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://api.purpleads.io/x/b/?idx=2&pid=ac1c5bbb03a54529845c08c8933e68e0&sizes=[[728,90],[468,60],[200,200],[320,100],[320,50],[300,100]]&slotid=dae66e25-3679-490a-a737-6388aa2bbe0a&ts=1647338517143
Requested by: Host: cdn.purpleads.io
URL: https://cdn.purpleads.io/agent.js?publisherId=344ad2e45bc351c4ada152793585a015:8aed5d81ec539e8e6c45776fc6ee38d0aa92f5aeb356bf9114996f6476591916247996f56f76a9fe14770cd4806b54edb29d6938615ba1769d3b435fb1fcd83b
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.205.246.54 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-205-246-54.compute-1.amazonaws.com
Software: /
Resource Hash: cc031991108ea40da43220de92b33b6b88d3cd7e3b7ee53deae4fd6e2a7684d7

Request headers

Accept-Language: de-DE,de;q=0.9
Authorization: Bearer 344ad2e45bc351c4ada152793585a015:8aed5d81ec539e8e6c45776fc6ee38d0aa92f5aeb356bf9114996f6476591916247996f56f76a9fe14770cd4806b54edb29d6938615ba1769d3b435fb1fcd83b
x-request-url: aHR0cHM6Ly9uZXRzNC5jb20vZG9tYWluL3NlY3JldG9mdGhpZXZlcy5jb20=
Accept: application/json
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: application/json
x-purpleads-version: 2.0.31

Response headers

date: Tue, 15 Mar 2022 10:01:57 GMT
content-encoding: gzip
etag: W/"2429-rjtMJ7MDzkKkl6yi9BQbWlfFZAI"
vary: Accept-Encoding
access-control-allow-methods: GET, PUT, POST, DELETE, HEAD, OPTIONS
content-type: application/json; charset=utf-8
access-control-allow-origin: https://nets4.com
access-control-allow-credentials: true
x-request-id: 1d091c47-1880-4866-be00-4ace54084869

GET
H2 200 / Show response
api.purpleads.io/x/b/ 9 KB
2 KB 340ms
165ms Fetch
application/json 52.205.246.54
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://api.purpleads.io/x/b/?idx=3&pid=ac1c5bbb03a54529845c08c8933e68e0&sizes=[[728,90],[468,60],[200,200],[320,100],[320,50],[300,100]]&slotid=5bc2304c-5825-4b03-908c-1d8186b94817&ts=1647338517144
Requested by: Host: cdn.purpleads.io
URL: https://cdn.purpleads.io/agent.js?publisherId=344ad2e45bc351c4ada152793585a015:8aed5d81ec539e8e6c45776fc6ee38d0aa92f5aeb356bf9114996f6476591916247996f56f76a9fe14770cd4806b54edb29d6938615ba1769d3b435fb1fcd83b
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.205.246.54 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-205-246-54.compute-1.amazonaws.com
Software: /
Resource Hash: c3c899e001eb8d2f672a18b0caca760855ec4bdcd895e88d079343ff5f94af0d

Request headers

Accept-Language: de-DE,de;q=0.9
Authorization: Bearer 344ad2e45bc351c4ada152793585a015:8aed5d81ec539e8e6c45776fc6ee38d0aa92f5aeb356bf9114996f6476591916247996f56f76a9fe14770cd4806b54edb29d6938615ba1769d3b435fb1fcd83b
x-request-url: aHR0cHM6Ly9uZXRzNC5jb20vZG9tYWluL3NlY3JldG9mdGhpZXZlcy5jb20=
Accept: application/json
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: application/json
x-purpleads-version: 2.0.31

Response headers

date: Tue, 15 Mar 2022 10:01:57 GMT
content-encoding: gzip
etag: W/"2429-SeEyZodFjFOH7dtlSVyJeXS1Ksg"
vary: Accept-Encoding
access-control-allow-methods: GET, PUT, POST, DELETE, HEAD, OPTIONS
content-type: application/json; charset=utf-8
access-control-allow-origin: https://nets4.com
access-control-allow-credentials: true
x-request-id: f46186d8-4414-4f8e-9513-a3fb9adc8b5e

GET
H2 200 / Show response
api.purpleads.io/x/b/ 20 KB
4 KB 601ms
455ms Fetch
application/json 52.205.246.54
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://api.purpleads.io/x/b/?idx=4&pid=ac1c5bbb03a54529845c08c8933e68e0&sizes=[[160,600],[120,600],[200,200],[250,250]]&slotid=d801b95a-9d19-4cdb-bad7-70e6b0c685bb&ts=1647338517144
Requested by: Host: cdn.purpleads.io
URL: https://cdn.purpleads.io/agent.js?publisherId=344ad2e45bc351c4ada152793585a015:8aed5d81ec539e8e6c45776fc6ee38d0aa92f5aeb356bf9114996f6476591916247996f56f76a9fe14770cd4806b54edb29d6938615ba1769d3b435fb1fcd83b
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.205.246.54 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-205-246-54.compute-1.amazonaws.com
Software: /
Resource Hash: c7a1121133dd1c72a57e9240a527eec6eb0d9cad6f795b95cd4d6da0553b777c

Request headers

Accept-Language: de-DE,de;q=0.9
Authorization: Bearer 344ad2e45bc351c4ada152793585a015:8aed5d81ec539e8e6c45776fc6ee38d0aa92f5aeb356bf9114996f6476591916247996f56f76a9fe14770cd4806b54edb29d6938615ba1769d3b435fb1fcd83b
x-request-url: aHR0cHM6Ly9uZXRzNC5jb20vZG9tYWluL3NlY3JldG9mdGhpZXZlcy5jb20=
Accept: application/json
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: application/json
x-purpleads-version: 2.0.31

Response headers

date: Tue, 15 Mar 2022 10:01:57 GMT
content-encoding: gzip
etag: W/"5196-XdQH8C9CDkGRaqhvAnPCmjVuuAQ"
vary: Accept-Encoding
access-control-allow-methods: GET, PUT, POST, DELETE, HEAD, OPTIONS
content-type: application/json; charset=utf-8
access-control-allow-origin: https://nets4.com
access-control-allow-credentials: true
x-request-id: c28d15cc-1184-4855-a647-23fe446c7f6b

OPTIONS
H2 200 /
api.purpleads.io/x/b/ Frame 0
0 109ms
105ms Preflight 52.205.246.54
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://api.purpleads.io/x/b/?idx=0&pid=ac1c5bbb03a54529845c08c8933e68e0&sizes=[[728,90],[468,60],[200,200],[320,100],[320,50],[300,100]]&slotid=9929bd44-49ea-4d75-b0b5-36b76d13291c&ts=1647338517142
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.205.246.54 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-205-246-54.compute-1.amazonaws.com
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: GET
Access-Control-Request-Headers: authorization,content-type,x-purpleads-version,x-request-url
Origin: https://nets4.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

date: Tue, 15 Mar 2022 10:01:57 GMT
access-control-allow-origin: https://nets4.com
access-control-allow-credentials: true
access-control-allow-methods: GET, PUT, POST, DELETE, HEAD, OPTIONS
access-control-allow-headers: authorization,content-type,x-purpleads-version,x-request-url
x-request-id: d09b18db-86f3-4059-9b70-8875c63400fc

OPTIONS
H2 200 /
api.purpleads.io/x/b/ Frame 0
0 122ms
120ms Preflight 52.205.246.54
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://api.purpleads.io/x/b/?idx=1&pid=ac1c5bbb03a54529845c08c8933e68e0&sizes=[[728,90],[468,60],[200,200],[320,100],[320,50],[300,100]]&slotid=9c4c9361-0953-40dc-8e42-4504bbe88b67&ts=1647338517143
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.205.246.54 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-205-246-54.compute-1.amazonaws.com
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: GET
Access-Control-Request-Headers: authorization,content-type,x-purpleads-version,x-request-url
Origin: https://nets4.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

date: Tue, 15 Mar 2022 10:01:57 GMT
access-control-allow-origin: https://nets4.com
access-control-allow-credentials: true
access-control-allow-methods: GET, PUT, POST, DELETE, HEAD, OPTIONS
access-control-allow-headers: authorization,content-type,x-purpleads-version,x-request-url
x-request-id: 51d24a1c-fcd4-4526-8abb-c3f3f69ad915

OPTIONS
H2 200 /
api.purpleads.io/x/b/ Frame 0
0 115ms
113ms Preflight 52.205.246.54
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://api.purpleads.io/x/b/?idx=2&pid=ac1c5bbb03a54529845c08c8933e68e0&sizes=[[728,90],[468,60],[200,200],[320,100],[320,50],[300,100]]&slotid=dae66e25-3679-490a-a737-6388aa2bbe0a&ts=1647338517143
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.205.246.54 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-205-246-54.compute-1.amazonaws.com
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: GET
Access-Control-Request-Headers: authorization,content-type,x-purpleads-version,x-request-url
Origin: https://nets4.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

date: Tue, 15 Mar 2022 10:01:57 GMT
access-control-allow-origin: https://nets4.com
access-control-allow-credentials: true
access-control-allow-methods: GET, PUT, POST, DELETE, HEAD, OPTIONS
access-control-allow-headers: authorization,content-type,x-purpleads-version,x-request-url
x-request-id: 3f575ed8-52d6-48e8-95e5-6dd6167d45d0

OPTIONS
H2 200 /
api.purpleads.io/x/b/ Frame 0
0 117ms
115ms Preflight 52.205.246.54
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://api.purpleads.io/x/b/?idx=3&pid=ac1c5bbb03a54529845c08c8933e68e0&sizes=[[728,90],[468,60],[200,200],[320,100],[320,50],[300,100]]&slotid=5bc2304c-5825-4b03-908c-1d8186b94817&ts=1647338517144
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.205.246.54 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-205-246-54.compute-1.amazonaws.com
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: GET
Access-Control-Request-Headers: authorization,content-type,x-purpleads-version,x-request-url
Origin: https://nets4.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

date: Tue, 15 Mar 2022 10:01:57 GMT
access-control-allow-origin: https://nets4.com
access-control-allow-credentials: true
access-control-allow-methods: GET, PUT, POST, DELETE, HEAD, OPTIONS
access-control-allow-headers: authorization,content-type,x-purpleads-version,x-request-url
x-request-id: 6285aa92-0d7b-42e2-996d-54e69fe7fac8

OPTIONS
H2 200 /
api.purpleads.io/x/b/ Frame 0
0 138ms
136ms Preflight 52.205.246.54
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://api.purpleads.io/x/b/?idx=4&pid=ac1c5bbb03a54529845c08c8933e68e0&sizes=[[160,600],[120,600],[200,200],[250,250]]&slotid=d801b95a-9d19-4cdb-bad7-70e6b0c685bb&ts=1647338517144
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.205.246.54 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-205-246-54.compute-1.amazonaws.com
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: GET
Access-Control-Request-Headers: authorization,content-type,x-purpleads-version,x-request-url
Origin: https://nets4.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

date: Tue, 15 Mar 2022 10:01:57 GMT
access-control-allow-origin: https://nets4.com
access-control-allow-credentials: true
access-control-allow-methods: GET, PUT, POST, DELETE, HEAD, OPTIONS
access-control-allow-headers: authorization,content-type,x-purpleads-version,x-request-url
x-request-id: c97e1e51-75dc-468e-9afc-463b92720d68

GET
H3 200 anchor Show response
www.google.com/recaptcha/api2/ Frame 236E 42 KB
22 KB 60ms
35ms Document
text/html 2a00:1450:4001:82b::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LdBUMUZAAAAAK9sWAfAA-Kd5C0Y4AGlWbDlHXpD&co=aHR0cHM6Ly9uZXRzNC5jb206NDQz&hl=de&v=85AXn53af-oJBEtL2o2WpAjZ&size=normal&cb=6n151wvz2euv

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/85AXn53af-oJBEtL2o2WpAjZ/recaptcha__de.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

660c1de66828dedae7d74267ec4a565f052281ae190aa13b80b7a3089954f5ec

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-xk0yHZxRNeCvrg2EvCDtbw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/

Response headers

cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Tue, 15 Mar 2022 10:01:57 GMT
content-security-policy: script-src 'report-sample' 'nonce-xk0yHZxRNeCvrg2EvCDtbw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 22620
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

POST
H2 204 collect Show response
j.clarity.ms/ 0
25 B 235ms
235ms XHR
text/plain 20.85.30.134
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://j.clarity.ms/collect
Requested by: Host: j.clarity.ms
URL: https://j.clarity.ms/s/0.6.32/clarity.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 20.85.30.134 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: application/x-clarity-gzip
Referer: https://nets4.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

access-control-allow-origin: https://nets4.com
date: Tue, 15 Mar 2022 10:01:56 GMT
access-control-allow-credentials: true
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET
request-context: appId=cid-v1:3f60b293-70d6-4805-b0bb-3484f0a73bf0

GET
H3 200 styles__ltr.css
www.gstatic.com/recaptcha/releases/85AXn53af-oJBEtL2o2WpAjZ/ Frame 236E 51 KB
24 KB 44ms
10ms Stylesheet
text/css 2a00:1450:4001:827::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/85AXn53af-oJBEtL2o2WpAjZ/styles__ltr.css

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LdBUMUZAAAAAK9sWAfAA-Kd5C0Y4AGlWbDlHXpD&co=aHR0cHM6Ly9uZXRzNC5jb206NDQz&hl=de&v=85AXn53af-oJBEtL2o2WpAjZ&size=normal&cb=6n151wvz2euv

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f6d032132eed5aa1a417456f07864c51fe631858b190224cf7d1a50116d15f48

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Tue, 15 Mar 2022 09:26:05 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 2152
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 24237
x-xss-protection: 0
last-modified: Mon, 07 Mar 2022 05:02:21 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
vary: Accept-Encoding
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/css
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 15 Mar 2023 09:26:05 GMT

GET
H3 200 recaptcha__de.js Show response
www.gstatic.com/recaptcha/releases/85AXn53af-oJBEtL2o2WpAjZ/ Frame 236E 360 KB
142 KB 38ms
13ms Script
text/javascript 2a00:1450:4001:827::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/85AXn53af-oJBEtL2o2WpAjZ/recaptcha__de.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

15f9c75454fbc8c7a512938af4ebbe852cd2fe82b8bd32ec98222a231b8a7e12

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Tue, 15 Mar 2022 09:26:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 2136
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 145081
x-xss-protection: 0
last-modified: Mon, 07 Mar 2022 05:02:21 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
vary: Accept-Encoding
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 15 Mar 2023 09:26:21 GMT

POST
H3 200 6ec469161d113747 Show response
nets4.com/cdn-cgi/challenge-platform/h/g/cv/result/ 2 B
688 B 70ms
68ms XHR
text/plain 2a06:98c1:3121::7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://nets4.com/cdn-cgi/challenge-platform/h/g/cv/result/6ec469161d113747
Requested by: Host: nets4.com
URL: https://nets4.com/cdn-cgi/challenge-platform/h/g/scripts/invisible.js?ts=1647338400
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a06:98c1:3121::7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df

Request headers

Referer: https://nets4.com/domain/secretofthieves.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: application/json

Response headers

date: Tue, 15 Mar 2022 10:01:57 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 6ec4692858cf3759-MXP
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=eudM2661AbDyYuC38qDTQHonB8m1VRvSNRxlvStgmdmBmW0lKw7CLoMWKAaplzvNVAzGae%2FkMYkh%2FeaKQMH1Dio%2BCkpTK2H4vNTVFlBGBL7qZq7n%2BEYQfZPZCv%2BVwbV3cgFN74GW2Tg%3D"}],"group":"cf-nel","max_age":604800}

GET
H3 200 webworker.js
www.google.com/recaptcha/api2/ Frame 236E 102 B
134 B 20ms
17ms Other
text/javascript 2a00:1450:4001:82b::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/webworker.js?hl=de&v=85AXn53af-oJBEtL2o2WpAjZ

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

f98ff8ab059bdef9ea7fe9165a4e74fce15166abdbb8dd25307b7b7d9ac26ddd

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LdBUMUZAAAAAK9sWAfAA-Kd5C0Y4AGlWbDlHXpD&co=aHR0cHM6Ly9uZXRzNC5jb206NDQz&hl=de&v=85AXn53af-oJBEtL2o2WpAjZ&size=normal&cb=6n151wvz2euv
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Tue, 15 Mar 2022 10:01:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: GSE
cross-origin-embedder-policy: require-corp
x-frame-options: SAMEORIGIN
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=300
content-security-policy: frame-ancestors 'self'
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 112
x-xss-protection: 1; mode=block
expires: Tue, 15 Mar 2022 10:01:57 GMT

GET
H2 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ Frame 8440 81 KB
28 KB 123ms
39ms Script
text/javascript 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: cdn.purpleads.io
URL: https://cdn.purpleads.io/agent.js?publisherId=344ad2e45bc351c4ada152793585a015:8aed5d81ec539e8e6c45776fc6ee38d0aa92f5aeb356bf9114996f6476591916247996f56f76a9fe14770cd4806b54edb29d6938615ba1769d3b435fb1fcd83b

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

sffe /

Resource Hash

e65b94317efdb4299d67fc6bc85d4846d8190612d816fc5850b5c866c46a7bbf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Tue, 15 Mar 2022 10:01:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 27750
x-xss-protection: 0
server: sffe
etag: "1159 / 329 of 1000 / last-modified: 1647333762"
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Tue, 15 Mar 2022 10:01:58 GMT

GET
H2 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ Frame D732 81 KB
27 KB 129ms
57ms Script
text/javascript 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

sffe /

Resource Hash

a91cc75a3b72310604165f6e0f6052e16db225f18820f2deba8b425cd3e436be

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Tue, 15 Mar 2022 10:01:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 27750
x-xss-protection: 0
server: sffe
etag: "1159 / 576 of 1000 / last-modified: 1647333762"
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Tue, 15 Mar 2022 10:01:58 GMT

GET
H2 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ Frame 207E 81 KB
27 KB 106ms
48ms Script
text/javascript 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

sffe /

Resource Hash

d3660a2d5bb96b0556aaec05d61a6a7f3b60eee4052d0a7423c59835959bf497

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Tue, 15 Mar 2022 10:01:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 27754
x-xss-protection: 0
server: sffe
etag: "1159 / 629 of 1000 / last-modified: 1647333762"
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Tue, 15 Mar 2022 10:01:58 GMT

GET
H2 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ Frame DADC 81 KB
27 KB 107ms
62ms Script
text/javascript 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

sffe /

Resource Hash

c172e11bec93c507453d7b26b16905a491aa5ccaaddfc9bac286f70b3abc5a10

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Tue, 15 Mar 2022 10:01:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 27718
x-xss-protection: 0
server: sffe
etag: "1159 / 338 of 1000 / last-modified: 1647333762"
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Tue, 15 Mar 2022 10:01:58 GMT

GET
H3 200 bframe Show response
www.google.com/recaptcha/api2/ Frame 6286 7 KB
1 KB 20ms
19ms Document
text/html 2a00:1450:4001:82b::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/bframe?hl=de&v=85AXn53af-oJBEtL2o2WpAjZ&k=6LdBUMUZAAAAAK9sWAfAA-Kd5C0Y4AGlWbDlHXpD

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/85AXn53af-oJBEtL2o2WpAjZ/recaptcha__de.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

361f858c2132844e57d29662dcff1d748f9d3a8560af25b4e6ca0a2c91c31a22

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-uuCe3lB5DwxAaLoNZG0bJw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/

Response headers

cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Tue, 15 Mar 2022 10:01:58 GMT
content-security-policy: script-src 'report-sample' 'nonce-uuCe3lB5DwxAaLoNZG0bJw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 1112
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
DATA 200
OK truncated
/ Frame 19E4 221 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 613603afe8c5203c59d7f9df1cbac87109df7ffdf245fd20becfa6bd95b92155

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H2 200 eyJpdSI6Ijk4ZjJjNDk2OGU4Zjk3NGZhMmEyMzQ0NDc1MjczMWJjOTU4MDBmODhmYzJjNjBlOWJkMTQxMWM0ZjFjNDVjYTkiLCJ3Ijo2NDAsImgiOjQ4MCwiZCI6MS4wLCJjcyI6MCwiZiI6NH0.webp
images.outbrainimg.com/transform/v3/ Frame 19E4 56 KB
56 KB 117ms
16ms Image
image/webp 184.30.25.193
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.outbrainimg.com/transform/v3/eyJpdSI6Ijk4ZjJjNDk2OGU4Zjk3NGZhMmEyMzQ0NDc1MjczMWJjOTU4MDBmODhmYzJjNjBlOWJkMTQxMWM0ZjFjNDVjYTkiLCJ3Ijo2NDAsImgiOjQ4MCwiZCI6MS4wLCJjcyI6MCwiZiI6NH0.webp
Requested by: Host: nets4.com
URL: https://nets4.com/domain/secretofthieves.com
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 184.30.25.193 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a184-30-25-193.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 2a954a84b07f4ca8aec86ea484ea85506c7a4af07c54404fe505f2bda8ed50da

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Tue, 15 Mar 2022 10:01:58 GMT
cache-control: max-age=814901
last-modified: Mon, 02 Aug 2021 14:41:43 GMT
x-traceid: 421b10a5649aa2e6ae4dd0cea15af96
timing-allow-origin: *
content-length: 57120
content-type: image/webp

GET
H2 200 i
api.purpleads.io/x/a/01757f3e42ccbeebf5e146428921e568:ee51dd774a939540af9113326518d3e72d27fdc9356b412b0488c9040b0f869f4681ae6aa0f14476e4c51261f4ceaa14f4bcc97598ffb5630d594030c9032fd941c9440a509f829... Frame 19E4 0
200 B 208ms
208ms Image
text/plain 52.205.246.54
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://api.purpleads.io/x/a/01757f3e42ccbeebf5e146428921e568:ee51dd774a939540af9113326518d3e72d27fdc9356b412b0488c9040b0f869f4681ae6aa0f14476e4c51261f4ceaa14f4bcc97598ffb5630d594030c9032fd941c9440a509f829b5c0d8d04d3d589a4155791b2baf4531f1b0e77e91ebeb0fe80d00f43134b55e5738b89fc0ef7483d6cd8871dcba56d31e9e5435f53b9a341a41a5ba9d326f33cd8f2eeea173f106e/i?id=c28d15cc-1184-4855-a647-23fe446c7f6b
Requested by: Host: nets4.com
URL: https://nets4.com/domain/secretofthieves.com
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.205.246.54 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-205-246-54.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

access-control-allow-origin: api.purpleads.io
date: Tue, 15 Mar 2022 10:01:58 GMT
access-control-allow-methods: GET, PUT, POST, DELETE, HEAD, OPTIONS
access-control-allow-credentials: true
x-request-id: bcf18371-7505-4f7d-835f-596b8c996d48

GET
H/1.1 200
OK widgetGlobalEvent
log.outbrainimg.com/loggerServices/ Frame 19E4 4 B
325 B 582ms
86ms Image
application/json 64.202.112.223
SERVERCENTRAL

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://log.outbrainimg.com/loggerServices/widgetGlobalEvent?rId=49aa9ac9217ac92ad26ca096e4a21e88&pvId=49aa9ac9217ac92ad26ca096e4a21e88&sid=8304872&pid=45718&idx=4&wId=171&pad=1&org=0&tm=0&eT=3&cnsnt=no_consent
Requested by: Host: nets4.com
URL: https://nets4.com/domain/secretofthieves.com
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 64.202.112.223 Leesburg, United States, ASN23352 (SERVERCENTRAL, US),
Reverse DNS: ny.outbrain.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 15 Mar 2022 10:01:58 GMT
Access-Control-Allow-Methods: GET,POST
Content-Type: application/json; charset=UTF-8
Access-Control-Allow-Origin: *
Cache-Control: no-cache, no-store, must-revalidate
X-TraceId: 43610b29bbc830ffeed70d89398862ed
Content-Length: 4
Expires: 0

GET
H/1.1 200
OK log-viewability
log.outbrainimg.com/loggerServices/ Frame 19E4 4 B
325 B 593ms
95ms Image
application/json 64.202.112.223
SERVERCENTRAL

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://log.outbrainimg.com/loggerServices/log-viewability?requestId=49aa9ac9217ac92ad26ca096e4a21e88&position=0
Requested by: Host: nets4.com
URL: https://nets4.com/domain/secretofthieves.com
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 64.202.112.223 Leesburg, United States, ASN23352 (SERVERCENTRAL, US),
Reverse DNS: ny.outbrain.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 15 Mar 2022 10:01:58 GMT
Access-Control-Allow-Methods: GET,POST
Content-Type: application/json; charset=UTF-8
Access-Control-Allow-Origin: *
Cache-Control: no-cache, no-store, must-revalidate
X-TraceId: 627abda83bc307de9122568239e9a090
Content-Length: 4
Expires: 0

GET
H3 200 styles__ltr.css
www.gstatic.com/recaptcha/releases/85AXn53af-oJBEtL2o2WpAjZ/ Frame 6286 51 KB
24 KB 9ms
8ms Stylesheet
text/css 2a00:1450:4001:827::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/85AXn53af-oJBEtL2o2WpAjZ/styles__ltr.css

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/api2/bframe?hl=de&v=85AXn53af-oJBEtL2o2WpAjZ&k=6LdBUMUZAAAAAK9sWAfAA-Kd5C0Y4AGlWbDlHXpD

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f6d032132eed5aa1a417456f07864c51fe631858b190224cf7d1a50116d15f48

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Tue, 15 Mar 2022 09:26:05 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 2153
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 24237
x-xss-protection: 0
last-modified: Mon, 07 Mar 2022 05:02:21 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
vary: Accept-Encoding
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/css
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 15 Mar 2023 09:26:05 GMT

GET
H3 200 recaptcha__de.js Show response
www.gstatic.com/recaptcha/releases/85AXn53af-oJBEtL2o2WpAjZ/ Frame 6286 360 KB
142 KB 9ms
9ms Script
text/javascript 2a00:1450:4001:827::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/85AXn53af-oJBEtL2o2WpAjZ/recaptcha__de.js

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/api2/bframe?hl=de&v=85AXn53af-oJBEtL2o2WpAjZ&k=6LdBUMUZAAAAAK9sWAfAA-Kd5C0Y4AGlWbDlHXpD

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

15f9c75454fbc8c7a512938af4ebbe852cd2fe82b8bd32ec98222a231b8a7e12

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Tue, 15 Mar 2022 09:26:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 2137
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 145081
x-xss-protection: 0
last-modified: Mon, 07 Mar 2022 05:02:21 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
vary: Accept-Encoding
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 15 Mar 2023 09:26:21 GMT

GET
H3 200 pubads_impl_2022031001.js Show response
securepubads.g.doubleclick.net/gpt/ Frame 8440 362 KB
122 KB 31ms
10ms Script
text/javascript 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022031001.js?cb=31065650

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

sffe /

Resource Hash

50ef77c247263fdc6e0308a69334a3064176a1f4803e90eb0b45370231044fb2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Tue, 15 Mar 2022 09:13:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 2928
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 125087
x-xss-protection: 0
last-modified: Thu, 10 Mar 2022 09:34:59 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Wed, 15 Mar 2023 09:13:10 GMT

GET
H3 200 pubads_impl_2022031001.js Show response
securepubads.g.doubleclick.net/gpt/ Frame D732 362 KB
122 KB 21ms
9ms Script
text/javascript 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022031001.js?cb=31065651

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

sffe /

Resource Hash

50ef77c247263fdc6e0308a69334a3064176a1f4803e90eb0b45370231044fb2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 18:23:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 56314
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 125087
x-xss-protection: 0
last-modified: Thu, 10 Mar 2022 09:34:59 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Tue, 14 Mar 2023 18:23:24 GMT

GET
H3 200 pubads_impl_2022030901.js Show response
securepubads.g.doubleclick.net/gpt/ Frame DADC 358 KB
121 KB 37ms
32ms Script
text/javascript 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022030901.js?cb=31065649

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

sffe /

Resource Hash

eba88ef6b1f09543b0b3f34bc3c1d401da36d590354cd7728e2aae4d3c1abc91

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 17:11:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 60647
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 123713
x-xss-protection: 0
last-modified: Wed, 09 Mar 2022 09:34:50 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Tue, 14 Mar 2023 17:11:11 GMT

GET
H3 200 pubads_impl_2022031401.js Show response
securepubads.g.doubleclick.net/gpt/ Frame 207E 364 KB
124 KB 39ms
38ms Script
text/javascript 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022031401.js?cb=31065652

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

sffe /

Resource Hash

4d44b03d4e4d1df9a852bf35460f5584c94b37c52d08742682a1a03d20d2f6d1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 18:24:04 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 56274
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 126502
x-xss-protection: 0
last-modified: Mon, 14 Mar 2022 08:34:56 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Tue, 14 Mar 2023 18:24:04 GMT

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ Frame 8440 107 B
792 B 55ms
17ms Script
application/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=nets4.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022031001.js?cb=31065650

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 15 Mar 2022 10:01:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ Frame 8440 107 B
549 B 66ms
29ms Script
application/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=nets4.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022031001.js?cb=31065650

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 15 Mar 2022 10:01:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame 8440 18 KB
9 KB 351ms
349ms XHR
text/plain 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=1306574979629182&correlator=4447946006152369&eid=31064151%2C31065650%2C31063247%2C44756895&output=ldjh&gdfp_req=1&vrg=2022031001&ptt=17&impl=fif&sc=1&iu_parts=22178702878%2Cpurpleapl%2Callsizesv2&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=728x90%7C468x60%7C200x200%7C320x100%7C320x50%7C300x100&ifi=1&adks=4203880072&sfv=1-0-38&ecs=20220315&fsapi=false&eri=4&cookie_enabled=1&cdm=nets4.com&abxe=1&dt=1647338518450&dlt=1647338517921&idt=340&biw=1600&bih=1200&isw=728&ish=90&adxs=294&adys=2286&oid=2&ucis=luyq2zgu7kbk&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&nhd=1&url=https%3A%2F%2Fnets4.com%2Fdomain%2Fsecretofthieves.com%3Fcb%3D7287131647338517481&loc=https%3A%2F%2Fnets4.com%2Fdomain%2Fsecretofthieves.com&top=nets4.com&frm=23&vis=1&scr_x=0&scr_y=0&psz=728x0&msz=728x0&fws=256&ohw=0&ea=0&ga_vid=1671851228.1647338516&ga_sid=1647338518&ga_hid=1590901547&ga_fc=true&btvi=1&nvt=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022031001.js?cb=31065650

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

cafe /

Resource Hash

908896e473d27277bd0cbad43b35965e0de3f517f55cc22d04cb16b5fcb39893

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Tue, 15 Mar 2022 10:01:58 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8846
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://nets4.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame 8440 13 KB
11 KB 60ms
23ms XHR
application/json 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2022031001&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022031001.js?cb=31065650

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0e7cf325af635a5572ae38abca8fe760e39f59a08c1dfd641c7cf99c5e98103e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 15 Mar 2022 10:01:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10410
x-xss-protection: 0

GET container.html
ab1a7e5300227e43b7d9e5ad573fa091.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame E160 0
0

GET
H3 200 integrator.js Show response
adservice.google.de/adsid/ Frame D732 107 B
122 B 90ms
21ms Script
application/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=nets4.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022031001.js?cb=31065651

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 15 Mar 2022 10:01:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 integrator.js Show response
adservice.google.com/adsid/ Frame D732 107 B
122 B 88ms
20ms Script
application/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=nets4.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022031001.js?cb=31065651

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 15 Mar 2022 10:01:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame D732 17 KB
9 KB 386ms
384ms XHR
text/plain 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=2248819705474838&correlator=4074650614851885&eid=31065651%2C21065724%2C31065516&output=ldjh&gdfp_req=1&vrg=2022031001&ptt=17&impl=fif&sc=1&iu_parts=22178702878%2Cpurpleapl%2Callsizesv2&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=728x90%7C468x60%7C200x200%7C320x100%7C320x50%7C300x100&ifi=1&adks=4203880072&sfv=1-0-38&ecs=20220315&fsapi=false&eri=4&cookie_enabled=1&cdm=nets4.com&abxe=1&dt=1647338518576&dlt=1647338517937&idt=578&biw=1600&bih=1200&isw=728&ish=90&adxs=294&adys=1446&oid=2&ucis=2nwiqqy2hdv4&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&nhd=1&url=https%3A%2F%2Fnets4.com%2Fdomain%2Fsecretofthieves.com%3Fcb%3D2216471647338517493&loc=https%3A%2F%2Fnets4.com%2Fdomain%2Fsecretofthieves.com&top=nets4.com&frm=23&vis=1&scr_x=0&scr_y=0&psz=728x0&msz=728x0&fws=256&ohw=0&ea=0&ga_vid=1671851228.1647338516&ga_sid=1647338519&ga_hid=485016003&ga_fc=true&btvi=1&nvt=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022031001.js?cb=31065651

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

cafe /

Resource Hash

21ddbb670b925ac2565a058717c095e39a1425ea03ffda175cfa73956f327877

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Tue, 15 Mar 2022 10:01:58 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9321
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://nets4.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame D732 13 KB
10 KB 40ms
23ms XHR
application/json 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2022031001&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022031001.js?cb=31065651

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e67eb1f6afa159440d1ffe5f613d79f907ea551d79a16fdbf906f8af9f8581c7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 15 Mar 2022 10:01:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10497
x-xss-protection: 0

GET
H2 200 container.html
274efeac3745f8aadcf775834b09fb6f.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame F70E 0
0 59ms
15ms Document
text/html 2a00:1450:4001:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://274efeac3745f8aadcf775834b09fb6f.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022031001.js?cb=31065651

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 3108
date: Tue, 15 Mar 2022 10:01:58 GMT
expires: Wed, 15 Mar 2023 10:01:58 GMT
cache-control: public, immutable, max-age=31536000
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 integrator.js Show response
adservice.google.de/adsid/ Frame DADC 107 B
122 B 17ms
17ms Script
application/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=nets4.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022030901.js?cb=31065649

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 15 Mar 2022 10:01:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 integrator.js Show response
adservice.google.com/adsid/ Frame DADC 107 B
122 B 24ms
23ms Script
application/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=nets4.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022030901.js?cb=31065649

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 15 Mar 2022 10:01:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame DADC 17 KB
9 KB 485ms
477ms XHR
text/plain 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=3772867770963712&correlator=400759448759209&eid=31064685%2C31064904%2C31065294%2C31065632%2C31065649%2C44752585%2C44756432&output=ldjh&gdfp_req=1&vrg=2022030901&ptt=17&impl=fif&iu_parts=22178702878%2Cpurpleapl%2Callsizesv2&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=728x90%7C468x60%7C200x200%7C320x100%7C320x50%7C300x100&ifi=1&adks=4203880072&sfv=1-0-38&ecs=20220315&fsapi=false&eri=4&sc=1&cookie_enabled=1&cdm=nets4.com&abxe=1&dt=1647338518654&dlt=1647338517962&idt=648&biw=1600&bih=1200&isw=728&ish=90&oid=2&adxs=294&adys=4392&ucis=2xlu4l7mk58r&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&nhd=1&url=https%3A%2F%2Fnets4.com%2Fdomain%2Fsecretofthieves.com%3Fcb%3D3683091647338517529&loc=https%3A%2F%2Fnets4.com%2Fdomain%2Fsecretofthieves.com&top=nets4.com&frm=23&vis=1&scr_x=0&scr_y=0&psz=728x0&msz=728x0&fws=256&ohw=0&ea=0&ga_vid=1671851228.1647338516&ga_sid=1647338519&ga_hid=985881408&ga_fc=true&btvi=1&nvt=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022030901.js?cb=31065649

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

cafe /

Resource Hash

e1037972c154832e1e264bf0eca73556104f337ebf33574e41b495245f0e0929

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Tue, 15 Mar 2022 10:01:59 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9006
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://nets4.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame DADC 14 KB
10 KB 44ms
38ms XHR
application/json 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2022030901&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022030901.js?cb=31065649

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c3cab72bd89b5bce5f3fbf4bbfdd1023b3dcb510f388b940bbe5165b465e3d73

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 15 Mar 2022 10:01:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10532
x-xss-protection: 0

GET
H2 200 container.html Show response
f57c03fb62f8eeee0edbee0e6d9835ea.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 8037 6 KB
3 KB 45ms
22ms Document
text/html 2a00:1450:4001:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://f57c03fb62f8eeee0edbee0e6d9835ea.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022030901.js?cb=31065649

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 3108
date: Tue, 15 Mar 2022 10:01:58 GMT
expires: Wed, 15 Mar 2023 10:01:58 GMT
cache-control: public, immutable, max-age=31536000
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame 207E 57 KB
13 KB 381ms
380ms XHR
text/plain 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=1897515287488787&correlator=4147865784717983&eid=31060438%2C31065293%2C31065652%2C31065642%2C31063246%2C44756896&output=ldjh&gdfp_req=1&vrg=2022031401&ptt=17&impl=fif&sc=1&iu_parts=22178702878%2Cpurpleapl%2Callsizesv2&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=728x90%7C468x60%7C200x200%7C320x100%7C320x50%7C300x100&ifi=1&adks=4203880072&sfv=1-0-38&ecs=20220315&fsapi=false&eri=4&cookie_enabled=1&cdm=nets4.com&abxe=1&dt=1647338518738&dlt=1647338517951&idt=738&biw=1600&bih=1200&isw=728&ish=90&adxs=294&adys=555&oid=2&ucis=o3aaag4n08a5&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&nhd=1&url=https%3A%2F%2Fnets4.com%2Fdomain%2Fsecretofthieves.com%3Fcb%3D7532181647338517507&loc=https%3A%2F%2Fnets4.com%2Fdomain%2Fsecretofthieves.com&top=nets4.com&frm=23&vis=1&scr_x=0&scr_y=0&psz=728x0&msz=728x0&fws=256&ohw=0&ea=0&ga_vid=1671851228.1647338516&ga_sid=1647338519&ga_hid=1757521546&ga_fc=true&btvi=0&nvt=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022031401.js?cb=31065652

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

cafe /

Resource Hash

79373591ace012b7d28489349643b3632d9464f39c2257bb9fb06118eb55eaa4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Tue, 15 Mar 2022 10:01:59 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12958
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://nets4.com
access-control-expose-headers: x-google-amp-ad-validated-version
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame 207E 13 KB
10 KB 40ms
39ms XHR
application/json 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2022031401&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022031401.js?cb=31065652

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

cf28085afb907c4ca71172b900b318601e2e305ecc4e68948447107bf001cbca

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 15 Mar 2022 10:01:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10484
x-xss-protection: 0

GET
H2 200 container.html Show response
5cd600e3fb4a5c0fae13201f123d650f.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame D66E 6 KB
3 KB 48ms
19ms Document
text/html 2a00:1450:4001:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://5cd600e3fb4a5c0fae13201f123d650f.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022031401.js?cb=31065652

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 3108
date: Tue, 15 Mar 2022 10:01:58 GMT
expires: Wed, 15 Mar 2023 10:01:58 GMT
cache-control: public, immutable, max-age=31536000
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame 8440 17 KB
7 KB 291ms
27ms Script
text/javascript 2a00:1450:400e:80d::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022031001.js?cb=31065650

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400e:80d::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Tue, 15 Mar 2022 10:01:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Tue, 15 Mar 2022 10:01:59 GMT

GET
H2 200 container.html Show response
ab1a7e5300227e43b7d9e5ad573fa091.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 6066 6 KB
3 KB 19ms
18ms Document
text/html 2a00:1450:4001:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ab1a7e5300227e43b7d9e5ad573fa091.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022031001.js?cb=31065650

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 3108
date: Tue, 15 Mar 2022 10:01:59 GMT
expires: Wed, 15 Mar 2023 10:01:59 GMT
cache-control: public, immutable, max-age=31536000
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 i Show response
api.purpleads.io/x/a/3b973c3fa1ee85ccb1fc7953efaeb4cc:56f19edc6d06304cc1c3dcd5889d4a34ba0f4971e3902dbfbbb7804ebf61ca6e2cc2e0cb60194790852cb43323108e3fad172104ad47668f078fb45e6f1103625e4b22eafcbe16d... 0
199 B 403ms
402ms Fetch 52.205.246.54
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://api.purpleads.io/x/a/3b973c3fa1ee85ccb1fc7953efaeb4cc:56f19edc6d06304cc1c3dcd5889d4a34ba0f4971e3902dbfbbb7804ebf61ca6e2cc2e0cb60194790852cb43323108e3fad172104ad47668f078fb45e6f1103625e4b22eafcbe16dfa1a60ab7d1c001618701eb669de9c2eef8e9a087f6ee5d54672c692b6d2f8c209f05919b89787256e22c3b248030b2d0d59ada1a7a86c12a45d1a4d9e217422195366f4c53ab1af0/i?id=1d091c47-1880-4866-be00-4ace54084869&ts=1647338518901
Requested by: Host: cdn.purpleads.io
URL: https://cdn.purpleads.io/agent.js?publisherId=344ad2e45bc351c4ada152793585a015:8aed5d81ec539e8e6c45776fc6ee38d0aa92f5aeb356bf9114996f6476591916247996f56f76a9fe14770cd4806b54edb29d6938615ba1769d3b435fb1fcd83b
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.205.246.54 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-205-246-54.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Authorization: Bearer 344ad2e45bc351c4ada152793585a015:8aed5d81ec539e8e6c45776fc6ee38d0aa92f5aeb356bf9114996f6476591916247996f56f76a9fe14770cd4806b54edb29d6938615ba1769d3b435fb1fcd83b
x-request-url: aHR0cHM6Ly9uZXRzNC5jb20vZG9tYWluL3NlY3JldG9mdGhpZXZlcy5jb20=
Accept: application/json
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: application/json
x-purpleads-version: 2.0.31

Response headers

access-control-allow-origin: https://nets4.com
date: Tue, 15 Mar 2022 10:01:59 GMT
access-control-allow-methods: GET, PUT, POST, DELETE, HEAD, OPTIONS
access-control-allow-credentials: true
x-request-id: 496520a5-66c6-4224-8b7a-bc265a7e0646

GET
H2 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame D732 17 KB
6 KB 215ms
51ms Script
text/javascript 2a00:1450:400e:80d::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022031001.js?cb=31065651

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400e:80d::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Tue, 15 Mar 2022 10:01:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Tue, 15 Mar 2022 10:01:59 GMT

GET
H2 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame DADC 17 KB
6 KB 214ms
50ms Script
text/javascript 2a00:1450:400e:80d::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022030901.js?cb=31065649

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400e:80d::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Tue, 15 Mar 2022 10:01:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Tue, 15 Mar 2022 10:01:59 GMT

GET
H2 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame 207E 17 KB
6 KB 211ms
51ms Script
text/javascript 2a00:1450:400e:80d::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022031401.js?cb=31065652

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400e:80d::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Tue, 15 Mar 2022 10:01:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Tue, 15 Mar 2022 10:01:59 GMT

GET
H2 200 css
fonts.googleapis.com/ Frame 754D 708 B
869 B 124ms
25ms Stylesheet
text/css 2a00:1450:4001:830::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Lato&display=swap

Requested by

Host: cdn.purpleads.io
URL: https://cdn.purpleads.io/load.js?publisherId=344ad2e45bc351c4ada152793585a015:8aed5d81ec539e8e6c45776fc6ee38d0aa92f5aeb356bf9114996f6476591916247996f56f76a9fe14770cd4806b54edb29d6938615ba1769d3b435fb1fcd83b

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

230f27646f2460a7e13106d06ec50cb822acf254ae08fba4058aa06ca57b9dab

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Tue, 15 Mar 2022 08:48:35 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Tue, 15 Mar 2022 10:01:59 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Tue, 15 Mar 2022 10:01:59 GMT

GET
H3 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ Frame 754D 81 KB
27 KB 49ms
48ms Script
text/javascript 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

sffe /

Resource Hash

d3660a2d5bb96b0556aaec05d61a6a7f3b60eee4052d0a7423c59835959bf497

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Tue, 15 Mar 2022 10:01:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 27754
x-xss-protection: 0
server: sffe
etag: "1159 / 581 of 1000 / last-modified: 1647333762"
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Tue, 15 Mar 2022 10:01:59 GMT

GET
H3 200 container.html Show response
274efeac3745f8aadcf775834b09fb6f.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 6569 6 KB
3 KB 34ms
8ms Document
text/html 2a00:1450:4001:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://274efeac3745f8aadcf775834b09fb6f.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022031001.js?cb=31065651

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 3108
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 15 Mar 2022 10:01:58 GMT
expires: Wed, 15 Mar 2023 10:01:58 GMT
cache-control: public, immutable, max-age=31536000
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
content-type: text/html
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 i Show response
api.purpleads.io/x/a/e7cea21dc45cc401bcace9d687eee7e1:bf0d3ea427cac77c3cf00bc65bf4be9506a98b93c05aec7ec1966468da5d2de22077f9e3b252c45dec979d8e5586234f37f520fb33797b9007091c267c8cca04f28f1256ef97be1... 0
199 B 296ms
267ms Fetch 52.205.246.54
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://api.purpleads.io/x/a/e7cea21dc45cc401bcace9d687eee7e1:bf0d3ea427cac77c3cf00bc65bf4be9506a98b93c05aec7ec1966468da5d2de22077f9e3b252c45dec979d8e5586234f37f520fb33797b9007091c267c8cca04f28f1256ef97be1342b7b2ff94e37958aafd2cd3559efa2c4b0eece88943fcb27b79316c1e9681acef10d231c83287a720cdfefa5c6adb5d459930ea07274944daacbecbf19aa4fd2963f652f0e6646c/i?id=faa78896-c661-47f7-8ec3-90c543ab4200&ts=1647338519012
Requested by: Host: cdn.purpleads.io
URL: https://cdn.purpleads.io/agent.js?publisherId=344ad2e45bc351c4ada152793585a015:8aed5d81ec539e8e6c45776fc6ee38d0aa92f5aeb356bf9114996f6476591916247996f56f76a9fe14770cd4806b54edb29d6938615ba1769d3b435fb1fcd83b
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.205.246.54 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-205-246-54.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Authorization: Bearer 344ad2e45bc351c4ada152793585a015:8aed5d81ec539e8e6c45776fc6ee38d0aa92f5aeb356bf9114996f6476591916247996f56f76a9fe14770cd4806b54edb29d6938615ba1769d3b435fb1fcd83b
x-request-url: aHR0cHM6Ly9uZXRzNC5jb20vZG9tYWluL3NlY3JldG9mdGhpZXZlcy5jb20=
Accept: application/json
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: application/json
x-purpleads-version: 2.0.31

Response headers

access-control-allow-origin: https://nets4.com
date: Tue, 15 Mar 2022 10:01:59 GMT
access-control-allow-methods: GET, PUT, POST, DELETE, HEAD, OPTIONS
access-control-allow-credentials: true
x-request-id: fc12e19e-ef70-4fb4-a754-53dee0505d78

OPTIONS
H2 200 i
api.purpleads.io/x/a/3b973c3fa1ee85ccb1fc7953efaeb4cc:56f19edc6d06304cc1c3dcd5889d4a34ba0f4971e3902dbfbbb7804ebf61ca6e2cc2e0cb60194790852cb43323108e3fad172104ad47668f078fb45e6f1103625e4b22eafcbe16d... Frame 0
0 116ms
114ms Preflight 52.205.246.54
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://api.purpleads.io/x/a/3b973c3fa1ee85ccb1fc7953efaeb4cc:56f19edc6d06304cc1c3dcd5889d4a34ba0f4971e3902dbfbbb7804ebf61ca6e2cc2e0cb60194790852cb43323108e3fad172104ad47668f078fb45e6f1103625e4b22eafcbe16dfa1a60ab7d1c001618701eb669de9c2eef8e9a087f6ee5d54672c692b6d2f8c209f05919b89787256e22c3b248030b2d0d59ada1a7a86c12a45d1a4d9e217422195366f4c53ab1af0/i?id=1d091c47-1880-4866-be00-4ace54084869&ts=1647338518901
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.205.246.54 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-205-246-54.compute-1.amazonaws.com
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: GET
Access-Control-Request-Headers: authorization,content-type,x-purpleads-version,x-request-url
Origin: https://nets4.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

date: Tue, 15 Mar 2022 10:01:58 GMT
access-control-allow-origin: https://nets4.com
access-control-allow-credentials: true
access-control-allow-methods: GET, PUT, POST, DELETE, HEAD, OPTIONS
access-control-allow-headers: authorization,content-type,x-purpleads-version,x-request-url
x-request-id: 6b3c3d85-16ad-4ec5-b59f-6371284323fc

OPTIONS
H2 200 i
api.purpleads.io/x/a/e7cea21dc45cc401bcace9d687eee7e1:bf0d3ea427cac77c3cf00bc65bf4be9506a98b93c05aec7ec1966468da5d2de22077f9e3b252c45dec979d8e5586234f37f520fb33797b9007091c267c8cca04f28f1256ef97be1... Frame 0
0 109ms
108ms Preflight 52.205.246.54
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://api.purpleads.io/x/a/e7cea21dc45cc401bcace9d687eee7e1:bf0d3ea427cac77c3cf00bc65bf4be9506a98b93c05aec7ec1966468da5d2de22077f9e3b252c45dec979d8e5586234f37f520fb33797b9007091c267c8cca04f28f1256ef97be1342b7b2ff94e37958aafd2cd3559efa2c4b0eece88943fcb27b79316c1e9681acef10d231c83287a720cdfefa5c6adb5d459930ea07274944daacbecbf19aa4fd2963f652f0e6646c/i?id=faa78896-c661-47f7-8ec3-90c543ab4200&ts=1647338519012
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.205.246.54 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-205-246-54.compute-1.amazonaws.com
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: GET
Access-Control-Request-Headers: authorization,content-type,x-purpleads-version,x-request-url
Origin: https://nets4.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

date: Tue, 15 Mar 2022 10:01:59 GMT
access-control-allow-origin: https://nets4.com
access-control-allow-credentials: true
access-control-allow-methods: GET, PUT, POST, DELETE, HEAD, OPTIONS
access-control-allow-headers: authorization,content-type,x-purpleads-version,x-request-url
x-request-id: 4ef04748-8d1c-43cf-887e-3a58c1913cba

GET
H2 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 55DE 624 B
975 B 56ms
25ms Document
text/html 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CMmp1wIQ19vYAhidgrrEATAB&v=APEucNWL2sqs8qDwXbHIATltCTmkoM40VjYagVb6kLepId-t0qE55Yj4T0jAk0xoYQ1a5X9eHgz48bdss40-tObG6e5v0jDN5sMhqkdcDvHCZrdBM98cXFcKR2zOO6gl3QBwaNaY8PzDIkB45K7QSIT9JNxSRLX0z4rfZn8RFgfAKzvLJOZXpK8

Requested by

Host: ab1a7e5300227e43b7d9e5ad573fa091.safeframe.googlesyndication.com
URL: https://ab1a7e5300227e43b7d9e5ad573fa091.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://ab1a7e5300227e43b7d9e5ad573fa091.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
date: Tue, 15 Mar 2022 10:01:59 GMT
server: cafe
cache-control: private
content-length: 276
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Tue, 15 Mar 2022 10:01:59 GMT

GET
H2 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 6066 26 KB
16 KB 75ms
51ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-B6VjKqP7KvXEB0G6VZVeKvT9d3_YOSrVm5zCp8enxpIMVtXSL-P7ZHLTP3mkRii2YZviLS9RZSuihMWwN8dalOQdiFq3ECRKigN6yU8gFqC_2xPSmdWEQxIvzi97n8wlqLAlIwjNLOQncZ79MnQmJWjAVTaw&cry=1&dbm_d=AKAmf-BgW8BJ7l1Q5xYm3907fLrGCaxkXgp7RVlarAQDOuRy_VAQ5OTrKHNESd0-iDc7Rkvd6_dZaxrrs2OO2GuSaHFcbt8cNFJINdsIvbgvE6aTUjxTx4QozNKRE28_RyDgV_l-vDbE6pM_TE8cvx4Fu2V2X-XjvtrkUjJEA_KSEBTv9Dml455CPvRNo6tsNzMiBPNgK9USOL5xJbPQutabcdxi8afqL4DRxK1zZSRG_bYz5hvG5NP-QpXPzdet2vDDowo3wGKxLeTmhV-riN9wlRAAqXreQkG1o5XWkpcFYTfUe26NxPGWzdHKNrKsl61vJJekaZaDH6YnWjYAv_wiCEnZBjipUIOXvHletkoSUh8L6Nz2fs_cNyQcVnoSi41SNQZzJl-hl6bZE-D4Rmr5Beb2WWObUy9KFwYwFgVyh-Fjij3OOUvvZXC13f15Cr0btYe2TBb8JSqzhr5lD5nCjFFbubY9GEiN1cM3-uwXpp-kAc1P8zwH6T-HjlQoFBi74YNSWaiOspxvvBvCn-IdXEIBIfANAJKrf81wU82UC1hdyqILoMohi-platkdk8s_RpGpHBqUonqbhUCXZ5u1N701EK0D5dGO4nu_Y9y3mBwHfYXv_L_W6H_OuX3kuzwK5XhM7BerAlFgRS446dwL88qx4L-v-PCJfBNVvKu--uozKycEps4lK-aSyQL7btR0k6K4rNIw0rxMxgTo_XHb-oxfbOD9Fq8CcqxHq7tTB3X73MJShz1kXlCeA-YAYfMi0OZInlSthaJzHUunXvrGSnCNmlfkBxVnCpvAPGiK-vXnzwdKbsjpBBJgvu3SGdXTRl20_-EDE7_qvXhJFo5AdlZsai7n8yAv1tyfU9XXlqiF0FDFlMPSFkUdnkKOGKIUb45zrQudSVZxas-mavLS079FVpUXx-sBD5tSC4GuM--AR7mZnsmKhGLK57hqHSp6qcHJJMOXp0U88XW1hpEjjNvw1jmBt0OGaKYp3oBZLKcWpDAe7H77aB0-Su0qzOTX5HX40u4ghVmb-LRYJj10-ewH5AffvbKwjBWmIJ8NE98-OIJgUGiT5PTeCDLmX3v0z-TT4xizT4EOZvYdSvBrdxK1F91TRwZsuqqFyuZa9L7pKpa9QRqh3p-Qifm6jXANUgirOfdvanbK_b6_MFJ_WUx7LPKyud5v-QqKdmovakO88lW3K8x3yFxPKqf8ZhT_CplNt0TcEKumiyYyX3eX1yhaSTi3sYVY1wdAqSe11dHwvbqBpFRQGayoFZahCZBgtzFeuI0nmhj2wPJMh5HmsPCxsm_7Ci1v0m_QC-Ul_x8rYc9MVN_74eZ1e_A4kGITdLrAvbee07fZhnY9M_zKnEafYUuwUXrkAt9PlFF6LMvIdfyAosB8rJ3bp0Wrv2l5fgeYbJTYdMzCpQO0vId5rzcCCYkbJnIrfziy2eS8RaWw9wQosl4_S-CaNoS3gitCplZFm9NUg4JXZJa8v6_6A62Axr097Fgndq5RW8oPX6ROh7p2MEp-HHykQhGF-ZhKDWGj3_dkLcCzZW3_a8tNivuBZV-SqWyvxPkjmuZCs1Joa3oqz9UKboOQMUxa-JdLvWYYs0kVADSeR7SnFXdThFHihhoo_50PNLheUqG0-ipKGBG7jWP440z7MSq9o3CAWWSj3al8Ga_TQU1XhJ6YPmEcO-McxGmgdoPrTRdALgjgxDhmlYD937Xs7CDmWWHnaHoiMY3X56kZgaKZl_R2jkaU4iJyDytAq9a1zlOP3D5cQtnAW8--6JXtBbxsB4DMDx3qjDVxIhk9ZrctWZ2QA75ElYh7DGKnJLZ79eRLk_F3YqU-I7D6MDlSBsdYOd0k55DzBunFXVBDd7VDMsBRD55MfHYrvlTYbFTisVa_XOkA76bdr9grekerlrSuas6jwLN9K4bo9J2KkO6ofIgfUNaSmpO2_RNmATtG-ALBrpPWkTd8vR3HRAzb-vkXA4EhZ-0HNNdvMu9Er3iGEU7zZskXCWZIMI8_CkKD6Ww1IptZ91tbxKAaj98p8qLR6VXe1JYpHBgibq_oVLZp53Kh0AokUj-BHs4BdMHSlCFlLpcqKQ2Mb2BSMbazYlPvfgonrU6F21dzl5eCPYPfBmq02BYOkwC5MrUX0Dyy_NksH-euDnjDTHSRCOmtG-0KGFxQ4WbkSb0eidnlVwUHxJS9QqBVvYyXVM6IRXIuh-HNbYAfIxHz4ukspzGHpp-dhaBSrFoRhE0gqKjAW15WzSAe0sijk_mVJmDnXfPQ7x9elRu0VyPOAfDpx11v8pHmKVP9V3gn0oyP5aFzntGVDEnQuQv4fhwIp6c9XqPza3Rup_Ya-dz-mrSDGTvKvhI6bibkKYDNIv5eD-r99ZSCFpSlfPJZbkamRhSGt1I2EAox12W5QEYNUh69tn1YxmnPVIVhfkx-lksK8l8eZT9HNBLC0m7oAI1_81whBb_vD9TRlPbOigLSL_1fJszod8sNarr7mH32Bvy4zHVwl-V1QPsi-oI_PhfKS-Tk0MDRHAl_mBqghnGs7tsINqBttyk21r0LYkhCSrv1Y6Qd3glN27Qf4V6TUKKD7Y4DgGqhJFsje1In5eahHf6bAY52rT_NCU4zg9nvxw_2fUdcQHVMhQNdKzTU7W4Me9xdkRj3iRAyxe3M6Czf1ftOjIQNnurtjYEADQUj6rLr8zz_cJopF2Capv7i5lejsCjP2EEetO7I2HsCZ09JD7Ctq3QZjjQXNZ4Ur9iQIgNmuwrtDRbeYSMy38M8PD_kHT-wYWgv65iQiKxpwvxa38XQIsDVC4ChPlb0LlP-Ew7BrsC7TrmkiclIXD3T-ed9izJ2_cSEXwYMXbtnCZwjU6ddLpbN4xwQ4CHLApN9oiSK1MyxYoiBHaOUKNWXqX-bEMFS5Mn7r2DQ7Ve8yKtCPL9f_5g3GUJtk4s5bG5eu-iLVqb4OX0vRLT32w5RlTbc4mKI7FZEBC4v7uBH_5mJN1Iaae8jan59fm153gzXLX-RMxgdS0uRduG04Bii6PO-vzCB44R5gPUQefaaEM-BVn8BYEH6l1SRMN6gvlrGGyjSzOyFKpC4VyQoRBqbi7tFa6iN0hXLiXj9DkOlBLk2ro9CCLSyyKmEqM6RqsmX8AD43SCxeJqswT431nRy8b4jbFysy74PGf5wmjQrRl63EUT6t2u12oNNRDdGzrPR8Y8AaXK4vaGgXo-MujFL7DeV6VWJ78OuHD714LkCUio08qR4A70IPbs1NiiRYn9LIE6wP8PnNDjaPSSo3yYX8zTOpkr8-vXW_7VMnkO9yAJbbTE&cid=CAASKORove6umdxPidRLTanU0nXODGVXTTCoDjWH4VKy8pGfXlsFjqddW2s&rfl=2%2Chttps%253A%252F%252Fnets4.com%242%2Chttps%253A%252F%252Fnets4.com%252F%240

Requested by

Host: nets4.com
URL: https://nets4.com/domain/secretofthieves.com

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

493e135eca273ccbbf63e0ad01a16c4b8103b4497fb2e8dac7ab56e879ae40ba

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ab1a7e5300227e43b7d9e5ad573fa091.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 15 Mar 2022 10:01:59 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 16086
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 6066 42 B
63 B 44ms
43ms Image
image/gif 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-DBnOgJEzPOvxTWzjPN5cM0-EqlnwKv_Baw7GBtNJQPNgewQ_bNIxLupszjkvjXxTPPFWkk4ngrsRS2rW8KbadQiDeAbXCavUANfF_yFGQebQVwfCg

Requested by

Host: ab1a7e5300227e43b7d9e5ad573fa091.safeframe.googlesyndication.com
URL: https://ab1a7e5300227e43b7d9e5ad573fa091.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ab1a7e5300227e43b7d9e5ad573fa091.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 15 Mar 2022 10:01:59 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 adition.js Show response
imagesrv.adition.com/js/ Frame 6066 32 KB
8 KB 97ms
4ms Script
application/javascript 217.79.188.11
MYLOC-AS IP Backb...

General

Check archive.org

Show headers Download Go to

Full URL: https://imagesrv.adition.com/js/adition.js
Requested by: Host: ab1a7e5300227e43b7d9e5ad573fa091.safeframe.googlesyndication.com
URL: https://ab1a7e5300227e43b7d9e5ad573fa091.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 217.79.188.11 , Germany, ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE),
Reverse DNS: imagesrv.adition.com
Software: /
Resource Hash: 70e0a3b2c82384039a2e4b31c305c9ef1f72a59b585acad421c54a6101a25237

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ab1a7e5300227e43b7d9e5ad573fa091.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Tue, 15 Mar 2022 10:01:59 GMT
content-encoding: br
last-modified: Thu, 21 Oct 2021 06:32:42 GMT
etag: "4043560335-br"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
accept-ranges: bytes
content-length: 8355

GET
H2 200 js Show response
ad13.adfarm1.adition.com/ Frame 6066 3 KB
2 KB 99ms
6ms Script
application/x-javascript 217.79.188.54
MYLOC-AS IP Backb...

General

Check archive.org

Show headers Download Go to

Full URL: https://ad13.adfarm1.adition.com/js?wp_id=4285695&kid=2954778&clickurl=https://googleads.g.doubleclick.net/dbm/clk%3Fsa%3DL%26ai%3DCQ-A_FmQwYpHnH8qKjuwPnNKviAS1kNfhaJ28pLS8D_AuEAEgudvzJmCViqKCsAfIAQmpAgnD8hxgbLI-qAMBqgTUAU_QOkKsoY1vXXKwnJF2iNqcl2nvD3eCwXNYuJ_W2QMhfAs4zZTwZumcxMtLJ3gLhcfwpixNxVhDI94_M899FZhcVmzFvH2TeS4t8T9zFM9Z4t6z9cCehlp070_2Mgntb0y55bsdErlFlgDGbUyfp1eV3GRV-IUm-TLgX4shWEJ4Lbi5QEzRUuOPQplKeQ9yPcJjer-Q_TXXpkgZZhtUdIh3wvuC8fdUWC9YmgYGGLIyn8KEp5JvkZOK0IjhO7u_XzWftXW7g76opAPo0jSXq2KxGcsywAT85M-Y0gLgBAOQBgGgBk2AB6yoy70BqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhuoB_PRG6gHltgbqAeqm7ECqAffn7EC2AcA0ggJCIjhgBAQARgd8ggbYWR4LXN1YnN5bi00ODIzOTY5OTg1MDgyMTM2gAoDmAsByAsBgAwBsBPdr7EN0BMA2BMD2BQB0BUB-BYBgBcB%26ae%3D1%26num%3D1%26cid%3DCAASKORove6umdxPidRLTanU0nXODGVXTTCoDjWH4VKy8pGfXlsFjqddW2s%26sig%3DAOD64_2x0LGvb8xBgE-YoS0H1MEiPhPcxA%26client%3Dca-pub-4903453974745530%26dbm_c%3DAKAmf-DY4iLNWqzicJtAwJjVgS53zQ8VTHdubqbNC_mc7PosJSX0bSEjvgv_9UzOG85eNkJVnhtFUd4FHbD8gB6EPntWAdbIJeJ9UeezA-eUqHNqzkah5xNGIPc2PZXX7iDatjWn_nXZQ6-MlD7-3A5x2Qa2Q0yUHQ%26cry%3D1%26dbm_d%3DAKAmf-BYp7Ahs5YCuxMHkJRyUBhI0Vqn4yg0ZomNOkI9Y9Xb-Ot1V1CsSZRumdp-uE2mdOTQ7WzmBtHwkgtPPiWHRgXECe9sqMdgax_xYbEs83VCbvcwbYvKX-B5stQrqPCEdyUnANpMMRRNbRdnSX0Nb86kGtWOG84UX9d7gzyef8ZA0lzXmnhg3FVOwmjOYqc2TvhTskV6b_v4ILanlQy8oTprtVSPnqHzFIjjktPs2rEI-Uh_Sx5FlmlZu202jQ81cnUACxGHTO-A_5RlxxuesSnFqO0Xdwt0DI430HGcCy0EtbTZLVfM_Dsn-04FN-UVQ56u_8Y8qazxMSGKRcMof7B2ckIL34JxOOIXlCvuLRzh-zdSYyP2Xh0yls5RtYPa6mJ2U-5FHj7pyqgAqQaAb1VZrNbsAF7H6Qq3AxQa2vjdVU197SPOGEEDr33-crC3ZUHu-xSx0cBKPmYs0ejfbCg9Mt1WE_0MbJRSgi0xPzwoygZg_Y7Km9cIthuqWF_UMZJIH7pD%26adurl%3D
Requested by: Host: ab1a7e5300227e43b7d9e5ad573fa091.safeframe.googlesyndication.com
URL: https://ab1a7e5300227e43b7d9e5ad573fa091.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 217.79.188.54 , Germany, ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE),
Reverse DNS: aa.adfarm1.adition.com
Software: ADITIONSERVER v1.0 /
Resource Hash: bc195df1fc403c366f67054271b339dbd1ca599f26a63863e15e848f5caaf9ab

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ab1a7e5300227e43b7d9e5ad573fa091.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Tue, 15 Mar 2022 11:01:59 +0100
content-encoding: gzip
content-type: application/x-javascript
server: ADITIONSERVER v1.0
cache-control: max-age=600
p3p: policyref="https://imagesrv.adition.com/w3c/p3p-ssl.xml",CP="NON DSP ADM DEV PSD IVDo OTPi OUR IND STP PHY PRE NAV UNI"
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220308/r20110914/client/ Frame 6066 2 KB
1 KB 16ms
15ms Script
text/javascript 2a00:1450:400e:80d::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220308/r20110914/client/window_focus_fy2019.js

Requested by

Host: ab1a7e5300227e43b7d9e5ad573fa091.safeframe.googlesyndication.com
URL: https://ab1a7e5300227e43b7d9e5ad573fa091.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400e:80d::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

68026f99511fbc5c2275b7068b5fac19797d638977ffb9db12c5c1523614c18f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ab1a7e5300227e43b7d9e5ad573fa091.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Tue, 15 Mar 2022 10:00:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 108
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1233
x-xss-protection: 0
server: cafe
etag: 16517525077337815633
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 29 Mar 2022 10:00:11 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 6066 117 KB
36 KB 116ms
22ms Script
text/javascript 2a00:1450:4001:802::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: ab1a7e5300227e43b7d9e5ad573fa091.safeframe.googlesyndication.com
URL: https://ab1a7e5300227e43b7d9e5ad573fa091.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c39d994e33ee115b35d7872dbea911a99508c74e34629725343b269b5d5233e4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ab1a7e5300227e43b7d9e5ad573fa091.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Tue, 15 Mar 2022 10:01:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 36369
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1647258231097430"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Tue, 15 Mar 2022 10:01:59 GMT

GET
H2 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220308/r20110914/client/ Frame 6066 15 KB
7 KB 15ms
14ms Script
text/javascript 2a00:1450:400e:80d::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220308/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: ab1a7e5300227e43b7d9e5ad573fa091.safeframe.googlesyndication.com
URL: https://ab1a7e5300227e43b7d9e5ad573fa091.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400e:80d::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

fdecda5ee87b28e579c5b61ef0f86e7fff85c838ff0a06450feee13a5877ed0b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ab1a7e5300227e43b7d9e5ad573fa091.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Tue, 15 Mar 2022 09:49:04 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 775
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6397
x-xss-protection: 0
server: cafe
etag: 14404976697706490601
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 29 Mar 2022 09:49:04 GMT

GET
H2 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 8F70 624 B
560 B 58ms
10ms Document
text/html 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhCn9EsYvNLFlQEwAQ&v=APEucNWlYTD4_iqyl_aUV4E8QH4v-Au0eEKf8AWpC86_rhOnFT71bHA65u_gDtcdV736rfT2opgMTjq7UgCIPqhIbB2p5_LZTtDKVFxEMXll2M6VaY73rJU_t_xp87PD73DQyn3xyf2vK5Xi5pDvcGR70tSFyh27CLiJmSj_RP5GwGC8z-7JBhE

Requested by

Host: 274efeac3745f8aadcf775834b09fb6f.safeframe.googlesyndication.com
URL: https://274efeac3745f8aadcf775834b09fb6f.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://274efeac3745f8aadcf775834b09fb6f.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
date: Tue, 15 Mar 2022 10:01:59 GMT
server: cafe
cache-control: private
content-length: 276
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Tue, 15 Mar 2022 10:01:59 GMT

GET
H2 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 6569 26 KB
16 KB 62ms
42ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-BTNZMJ9hcCHZBTm3ak81_spZOSFUD4ldAwTaZD0cd0N96l95OeFUAUgj-muANqmg_iwhc5ioW7jBKwnCg15UdJjycLK7CabxXQRPVoWDf3i8OyhaWCaxVE714aeLR5Hc9h9w1IOl9b1NmENSgu2Ev4IxXykA&cry=1&dbm_d=AKAmf-A4WnArMy-L5f_Gocs9SmKOZ6LyzyXLZI4ttTBQmE3G0z0R796FX-TdeXNZn2RWM_nVJA10inA9EsI9K0C7WvxKY-5nvoR9F1HeL6emiq66pq9lf4OEb5MwQGQbr_LGgggF_A2wHvdLGUXEiFtEOOy7-XwSuXRDvJi7bIm3q8H7JRZrtUr_5Jckm3WjMJp3yfnFrasQkLfmLbqtukBFJ6OYoDoiLqCWvV_0ZD80D5ZxpD1lBDcFGX4LWoiHLGLRxxgXKWjYc7yYeJsd8x-85fqbs9IAFr3v5FLVh-MN1W5cpZ-AEvKkslv8BYjsSipVMqsduogBtVsiWzVJLKp1KrctED6lbW0400MsEZpdX-1zWurtta4VdMVsthCFLCK6LTMWfOmhIYyxMvCohI9Wi2MNFcsNHtAYhNQB729Lp0B-2rMhEJVuTfp813Jayrdi5j_63fBvm0kfEKms6Wyp-ZCXCg-8knaTWyXBJgsb9dUj7xETu7NXNXNVwZ_I-_Hnj-iVqZHtoxmrJDvLI-LX8upAJ390-ADDH5TyD7hTec3H16zQ6Da2eE_F4sMv01YvjA3fo9PTmMg_YQA19wcFygzjXkrks_V0bX5hhfeV4lDKiY5q8EEzl8xbUtUuIWe80O5TcWOoYoGsrSdmLFNn-W1gcoMkFg26l4whSbynkCx8B8N4CNnb2ByVtdOI_2AavIqiG2HnpqGL7kgOWZl06Ykaty2DYgpRi8vPvN5_4ucZ89E3Lue6jbcCS4VOq10i0rsmX8f9I-HAiW9u_JiJJsY612unXJIZ7vLkE63Ed0uintnJHYex168Vfmk7oKmOVdvJk_x3JJ-vy38J4Hv0R2LNXqMmRiNTztmNy8yJI9PrV9Ukt_Us7DxK8-yUE5qER3pkUUZPudWF8_gaHiqq7ngtx1HMf_iZJ5PWF7Z8Jx0py5mEbKC_dEfbTWlrmOfe-WuP7QvPJ08bOphBBDqcsvcKnxJTyGVR8TjHTvFdXI7b-dfjNCUAuJC9-wkVi0119r7pqS8SFI5ZypyEzF2o5MjLZM8x6Wwj3Fp9PNb0j5bChk7aueV1ZnTx8Ezp0j4vyYLCI9ujmq9IitmZD73HACMbajGchPAQRqXgVcqzsROgZjrxHY4Ef0lMlyzmGMMe_CJPfpFnk0BkQ6OTtTwF8LspGEYcrGBhiMMwqtLx64Hd0jZ45W_88xZA4PogUBfuIbGxlWS2kb8zO9vhYepWH06s-n-6PKOpAc0JzcY3Aak1cYN3T6H3OHcgIucgu2LYPN2DFJZ6WyAI0GhhQ1o7yJ83TYsWzYm8Nv-z4fnsJPrBuhvrCmXDlf9SlDsMo6sHaB4MKrPoGbYl1CsVdhBUtOW-Ej1gn2tPxnC0nfu_3GBhYR6sJWFa6ukZQdZaT9BHLmzH_HSvNQiVGCjexs95vd0L8KKEy0H3N-LhZ0tKKErw8MjuZlzOy5DnMAebuM9R71PTYi9d4o6kU8wJ-dDUtDwFCcLYt3ELq1URcyCyjlE2eGp5mTm5gVsbg0ke7sM_1ZZjMMYYORPSDXmqDaX_Jjb2c9HomIhXdE-yP5iFYwefq6LWiqh7d-nc6fI5HlO_SkzgSq9cqpEoD3URuX8ghGnkhHMJFiqHyXeyRuPtV3Y9taLWHRMhyg_kHkkuV6dHZn0BM7m7IJ6NgZgvQdGTTGkT14gnAKpcNnjVqswMvEvBnd3rGLqGz_cKJoF-imv3k70OfR8I7cOR6RyPndT_jJaek4sJXz-ejKB3CDCdnMXS03CFLX7riaYz_jL-UNAM_cCMN1kF7C4N5mfITml4xxzK7gsls6Z13dxXc9_7c9DQQxLeUqKeD-0EcuJe7TKel-T19YvPKEBxvoNpK6g8OWFKEgbgV8xlpkvZIECokKpAm4rzEOjvRIkr_K2KaXc7-0_Q56orZ8T5LKPXM5z1ArXkCcLPynFUtXM62hbSlEHDNCsvho2uQ0huLa114aZIhVP_4r7Sn8JV4PiVhwZD0e_icYSPvE8QoGv8LtlETZSdMSW1uA51c9dipModLWMKnpe3uUUfc80-xWbSp3mUxSMk90Gd24WMjuVEpprLIDBxmKMh-NszVEp9XuzRUPeYoNIYVXO0Gz1fiItaiwtQu4flpsJSJDEOTgJaFMA58xDlskG5yLT6yQJTV2doq8uqKi7u10FpEd8V4Lbq7W2VkwCV-NnYPDi6yb-B7fLYAafyJwyD34eFgW1cexH3c79Bc5usnsjilDSIHdYLHtt-h90KrEMwo5_i3sm6vDo9Vm2vg1zbe5UCJlVxc8i_P8Cd-Zw6n8uyTmqcQPc-g6t9qkkmcSJjHekeDZ5os29T_Vea8kWmbPXwCxczzeJiS34m1QgfOJZY4ivzFjJEynUle12ApK69Ix68m1gTvsH4Drbr5DhFQ8hy7kvGxorVJZTZAjcP4mmlLc1FtLPWst_Ab3BXZDC03bPgulMw5kRi3YUXdUuZxmPJnGqBToIOi3nnFj9eqXY1ltiSvevtb0GsI-iHHqfOO9DelUGdvSt7SKp__1bAtMCjqZcEf9a89wAN3zcvWeYfHTjgxsSv36TW7oneOmGMgtrQUg6doYIkX0C0WkVm-WrQ1pCZ6qBSU0VyerwjORLCgnvuC1-iEfnVDk3YjZ3bPwErKnoG8k0B3g8RURdvJWOogNB-yFJ0NndnYqli2Whdrk0AeHbB3Ngc0Z9CYP8vIQ0itT7rBHbAWKd3VrboyagasXQ1I5tu_bSKT3--A8BYFRKiXgZ9iuJrPhePxQhAen3XRvB0ANqBSHxUk5yQNdFxisjtqGeQr5GSL-OFGaGwLweQbEb_ITXXY_PFuMZsXfEamyBlre3IKnC7XZeL3LphO_MSTp9L8V2fhEx7KgWHgnwF33MAd_6n9rel2MThXWS720cHAXn7t4nvTqxIvasKGTRXUpT04_hn7rO6IPWmSw8SbJ9dnZLeWsOY8ERGLu-MWt5hlo2joz2pyhJDtNczvaEBnElGGqx3Yy8lS30X2N_b04PNkCKD9Hx5FCkeoUFGUtgsLxkiJILdb0RPJf8rzlDSPaFd0GPgHDfcZAoHem-S7ByqHCbuAC1gz31W4qY4-nvitSdux4ydWWOGVpVLnIToFDIAwj3WaWcaFKX8hQetKMY6RiuURNE10iV0f_ikgxXGy8u6mCi35ACGNh3tRh9aRYIK0k_AUskH5weTD3-76av1zj68s6yDf0gzYE63QyNRuwdd0HD7ADC3M_xR67w_V9mh4hcs42dYc4ZIJ-waXEAD3b-spBdyxCVHY5mbEADjuR70Dg7fE5tivKI&cid=CAASKORomW0dAQeQXzatJpxSr4yTWo4y5fsE4QVUpFNyNw2DrFptxwdgQ5w&rfl=2%2Chttps%253A%252F%252Fnets4.com%242%2Chttps%253A%252F%252Fnets4.com%252F%240

Requested by

Host: nets4.com
URL: https://nets4.com/domain/secretofthieves.com

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

65cce875889f9f28bdcd8739c872caef27b641ec9411334dbd32004be611b596

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://274efeac3745f8aadcf775834b09fb6f.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 15 Mar 2022 10:01:59 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 16215
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 6569 42 B
63 B 46ms
39ms Image
image/gif 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-CmDTbu_rm-vslA1GvgGfx13f3y7EhsZ7T-EQkWTI0ijIVBRe-8lWXRdVWenCoru-61LN63T5WW_xstDFBj453gut-V-6aN_tCrUIUiFA9jArK0Ygg

Requested by

Host: 274efeac3745f8aadcf775834b09fb6f.safeframe.googlesyndication.com
URL: https://274efeac3745f8aadcf775834b09fb6f.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://274efeac3745f8aadcf775834b09fb6f.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 15 Mar 2022 10:01:59 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220308/r20110914/client/ Frame 6569 2 KB
1 KB 69ms
22ms Script
text/javascript 2a00:1450:400e:80d::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220308/r20110914/client/window_focus_fy2019.js

Requested by

Host: 274efeac3745f8aadcf775834b09fb6f.safeframe.googlesyndication.com
URL: https://274efeac3745f8aadcf775834b09fb6f.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400e:80d::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

68026f99511fbc5c2275b7068b5fac19797d638977ffb9db12c5c1523614c18f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://274efeac3745f8aadcf775834b09fb6f.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Tue, 15 Mar 2022 10:00:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 108
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1233
x-xss-protection: 0
server: cafe
etag: 16517525077337815633
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 29 Mar 2022 10:00:11 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 6569 117 KB
36 KB 80ms
31ms Script
text/javascript 2a00:1450:4001:802::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 274efeac3745f8aadcf775834b09fb6f.safeframe.googlesyndication.com
URL: https://274efeac3745f8aadcf775834b09fb6f.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c39d994e33ee115b35d7872dbea911a99508c74e34629725343b269b5d5233e4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://274efeac3745f8aadcf775834b09fb6f.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Tue, 15 Mar 2022 10:01:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 36369
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1647258231097430"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Tue, 15 Mar 2022 10:01:59 GMT

GET
H3 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220308/r20110914/client/ Frame 6569 15 KB
6 KB 67ms
21ms Script
text/javascript 2a00:1450:400e:80d::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220308/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: 274efeac3745f8aadcf775834b09fb6f.safeframe.googlesyndication.com
URL: https://274efeac3745f8aadcf775834b09fb6f.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400e:80d::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

fdecda5ee87b28e579c5b61ef0f86e7fff85c838ff0a06450feee13a5877ed0b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://274efeac3745f8aadcf775834b09fb6f.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Tue, 15 Mar 2022 09:49:04 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 775
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6397
x-xss-protection: 0
server: cafe
etag: 14404976697706490601
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 29 Mar 2022 09:49:04 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame 6569 0
0 33ms
28ms Image
text/html 2a00:1450:4001:82b::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaQTdPCAqqYfHE7nvp7T_OC-Y_dlUneRJSSBv66a0ffhnoTc4Lr3w9j-TJkKmbrWJFoTXC7IRVK5saUtlNLqeRFxNdJ39Q
Requested by: Host: 274efeac3745f8aadcf775834b09fb6f.safeframe.googlesyndication.com
URL: https://274efeac3745f8aadcf775834b09fb6f.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82b::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://274efeac3745f8aadcf775834b09fb6f.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

GET
H2 200 S6uyw4BMUTPHjx4wXg.woff2
fonts.gstatic.com/s/lato/v22/ Frame 754D 23 KB
24 KB 58ms
8ms Font
font/woff2 2a00:1450:4001:810::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/lato/v22/S6uyw4BMUTPHjx4wXg.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Lato&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

918b7dc3e2e2d015c16ce08b57bcb64d2253bafc1707658f361e72865498e537

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://nets4.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 09 Mar 2022 19:30:55 GMT
x-content-type-options: nosniff
age: 484264
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 23580
x-xss-protection: 0
last-modified: Wed, 26 Jan 2022 19:14:03 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Thu, 09 Mar 2023 19:30:55 GMT

GET
H3 200 pubads_impl_2022031401.js Show response
securepubads.g.doubleclick.net/gpt/ Frame 754D 364 KB
124 KB 28ms
8ms Script
text/javascript 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022031401.js?cb=31065652

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

sffe /

Resource Hash

4d44b03d4e4d1df9a852bf35460f5584c94b37c52d08742682a1a03d20d2f6d1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 18:24:04 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 56275
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 126502
x-xss-protection: 0
last-modified: Mon, 14 Mar 2022 08:34:56 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Tue, 14 Mar 2023 18:24:04 GMT

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 43D6 13 KB
5 KB 32ms
23ms Document
text/html 2a00:1450:400e:80d::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400e:80d::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-length: 5046
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 15 Mar 2022 08:12:04 GMT
expires: Wed, 15 Mar 2023 08:12:04 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
content-type: text/html
age: 6595
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 495F 783 B
534 B 30ms
28ms Document
text/html 2a00:1450:4001:82b::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

046d80c6905892cc5f9631073e1057b4c084d48dcb5fdd280bf9ff7b2e1f2f97

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-0OL5wh3UeXa8enIEodGyQQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/

Response headers

cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
expires: Tue, 15 Mar 2022 10:01:59 GMT
date: Tue, 15 Mar 2022 10:01:59 GMT
cache-control: private, max-age=300
content-type: text/html; charset=utf-8
content-security-policy: script-src 'report-sample' 'nonce-0OL5wh3UeXa8enIEodGyQQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 512
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

OPTIONS
H2 200 i
api.purpleads.io/x/a/5969454421214a38343689e18fdd2b6e:b69f90421c9182d33ee45f5a203e6fe20d28f2999fa31de7d766556c4e1c78421eb1a1cec70a8df0f5fe16631cbb99b483cbb1092cf08d00010f24582f1bddea217431ebc78af1a... Frame 0
0 115ms
107ms Preflight 52.205.246.54
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://api.purpleads.io/x/a/5969454421214a38343689e18fdd2b6e:b69f90421c9182d33ee45f5a203e6fe20d28f2999fa31de7d766556c4e1c78421eb1a1cec70a8df0f5fe16631cbb99b483cbb1092cf08d00010f24582f1bddea217431ebc78af1a66c23cb17dd671990ba9149203f72f0ebb53728b51754ef072ba4b5f075120c0ce5ae1feff5fba4be6401bcbebe448f2feb3d872edd2f44ab75bfb7cc6e30ca0800bd3914eb2d2cf0/i?id=357ea5c1-ffb7-4d92-9933-20515746d1db&ts=1647338519204
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.205.246.54 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-205-246-54.compute-1.amazonaws.com
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: GET
Access-Control-Request-Headers: authorization,content-type,x-purpleads-version,x-request-url
Origin: https://nets4.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

date: Tue, 15 Mar 2022 10:01:59 GMT
access-control-allow-origin: https://nets4.com
access-control-allow-credentials: true
access-control-allow-methods: GET, PUT, POST, DELETE, HEAD, OPTIONS
access-control-allow-headers: authorization,content-type,x-purpleads-version,x-request-url
x-request-id: 5cbea00b-b205-435c-be0d-d9a7ffedb7a4

GET
H2 200 amp4ads-v0.mjs Show response
cdn.ampproject.org/rtv/012202142035000/ Frame 53DD 220 KB
61 KB 78ms
9ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012202142035000/amp4ads-v0.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022031401.js?cb=31065652

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ed7385b2ca535f7f90bb14266ddd68d64393f41d1559cbb4af01ece4dd36b8fb

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 53418
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 61563
x-xss-protection: 0
server: sffe
date: Mon, 14 Mar 2022 19:11:41 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "74cdf3878bfbef53"
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Tue, 14 Mar 2023 19:11:41 GMT

GET
H2 200 amp-ad-exit-0.1.mjs Show response
cdn.ampproject.org/rtv/012202142035000/v0/ Frame 53DD 16 KB
6 KB 91ms
25ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012202142035000/v0/amp-ad-exit-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022031401.js?cb=31065652

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

32b8fae56a7edbfe89e7f7fd22aa7df75546183f81660692c9cf03d3c8d914ba

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 53418
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5733
x-xss-protection: 0
server: sffe
date: Mon, 14 Mar 2022 19:11:41 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "42a91727bcc93df1"
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Tue, 14 Mar 2023 19:11:41 GMT

GET
H2 200 amp-analytics-0.1.mjs Show response
cdn.ampproject.org/rtv/012202142035000/v0/ Frame 53DD 96 KB
29 KB 99ms
33ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012202142035000/v0/amp-analytics-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022031401.js?cb=31065652

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1e02189b6990b38c43207a8c0c206a2fda1833e7b7401fa42af72671e62f43a5

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 53418
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 29577
x-xss-protection: 0
server: sffe
date: Mon, 14 Mar 2022 19:11:41 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "42f1ed997a28c2a2"
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Tue, 14 Mar 2023 19:11:41 GMT

GET
H2 200 amp-fit-text-0.1.mjs Show response
cdn.ampproject.org/rtv/012202142035000/v0/ Frame 53DD 5 KB
2 KB 98ms
32ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012202142035000/v0/amp-fit-text-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022031401.js?cb=31065652

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3110966fa73dac64901ac2cec67656155bb9717286b7b0da0544cdd8ae7c888d

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 53418
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1873
x-xss-protection: 0
server: sffe
date: Mon, 14 Mar 2022 19:11:41 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "8e63b195883091b5"
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Tue, 14 Mar 2023 19:11:41 GMT

GET
H2 200 amp-form-0.1.mjs Show response
cdn.ampproject.org/rtv/012202142035000/v0/ Frame 53DD 42 KB
13 KB 100ms
34ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012202142035000/v0/amp-form-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022031401.js?cb=31065652

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ac2a6bdf3640e1213ba9a0a900ea6864a0274b080ba3bcf05ff245bfabb5eba0

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 53418
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13633
x-xss-protection: 0
server: sffe
date: Mon, 14 Mar 2022 19:11:41 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "d3c67c66f710e82a"
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Tue, 14 Mar 2023 19:11:41 GMT

GET
H3 200 css
fonts.googleapis.com/ Frame 53DD 8 KB
892 B 56ms
31ms Stylesheet
text/css 2a00:1450:4001:830::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022031401.js?cb=31065652

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

1e046a89bb90f44dadb24f5fdfbe412b5f6d320b790f7317fad956b193234726

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Tue, 15 Mar 2022 08:38:39 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Tue, 15 Mar 2022 10:01:59 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Tue, 15 Mar 2022 10:01:59 GMT

GET
H3 200 en.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 53DD 2 KB
2 KB 26ms
21ms Image
image/png 2a00:1450:400e:80d::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/en.png

Requested by

Host: nets4.com
URL: https://nets4.com/domain/secretofthieves.com

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400e:80d::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 17:37:15 GMT
x-content-type-options: nosniff
server: cafe
age: 59084
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
etag: 14819457070020093239
vary: Accept-Encoding
content-type: image/png
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2502
x-xss-protection: 0
expires: Tue, 15 Mar 2022 17:37:15 GMT

GET
H3 200 icon.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 53DD 295 B
319 B 28ms
23ms Image
image/png 2a00:1450:400e:80d::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/icon.png

Requested by

Host: nets4.com
URL: https://nets4.com/domain/secretofthieves.com

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400e:80d::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 17:14:10 GMT
x-content-type-options: nosniff
server: cafe
age: 60469
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
etag: 426692510519060060
vary: Accept-Encoding
content-type: image/png
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 295
x-xss-protection: 0
expires: Tue, 15 Mar 2022 17:14:10 GMT

GET
H3 200 adview
securepubads.g.doubleclick.net/pagead/ Frame 53DD 0
0 51ms
47ms Image
text/html 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=CQqBXFmQwYvyYMsnt3wPO1qeACo3-xvBo8aWLirkI7s7y3pcOEAEgudvzJmCViqKCsAegAcixqc0DyAEJ4AIAqAMByAMKqgSLAk_QUMgbxKIFF8iUKMTyQJ1lHq-fV7AmaYX8XpaP7peDHA-b3SSwZCQG6BKgtNLGIQrtDXJ3cfkOQOnKqsvjlVljuuz0nu629CvofL31Ovsqj9j1tUHH0_PvSDkpNzBtgLAOt87yB5Jg3INg6HUzIl4x_CceK739hsC6QbeH7cO0vxDu5YxgEOafIQItozQcA4vlMK0P9kQsEyo2CdkYWE4DL0VBAfwm_k3A8bR6jCbb48RT_BSXtcZfkQJGz26REfxlzmT3I7EmfDwCRtICmyznCxOAORhVk9kV-C4z193MSv3S3VAVQfT3cU9l7dXyRIXJUAGicJKSzl5AxJN2vSP2UksJJO_F0wCFYsAEz_uxgvQB4AQBkgUECAQYAZIFBAgFGASSBQQIBRgYkgUFCAUYqAGgBi6AB-Tq4jWoB47OG6gHk9gbqAfulrECqAf-nrECqAeko7ECqAfVyRuoB6a-G9gHAPIHBBChyx_SCAkIiOGAEBABGB3yCBthZHgtc3Vic3luLTQ4MjM5Njk5ODUwODIxMzaACgPICwG4E4gn2BMMiBQT0BUBgBcBshceChwIABIUcHViLTQ5MDM0NTM5NzQ3NDU1MzAYi7l3&sigh=YO38_Cn76nw&uach_m=[UACH]&template_id=5000
Requested by: Host: nets4.com
URL: https://nets4.com/domain/secretofthieves.com
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 142.250.184.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra24s12-in-f2.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

GET
H2 200 i Show response
api.purpleads.io/x/a/5969454421214a38343689e18fdd2b6e:b69f90421c9182d33ee45f5a203e6fe20d28f2999fa31de7d766556c4e1c78421eb1a1cec70a8df0f5fe16631cbb99b483cbb1092cf08d00010f24582f1bddea217431ebc78af1a... 0
199 B 170ms
152ms Fetch 52.205.246.54
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://api.purpleads.io/x/a/5969454421214a38343689e18fdd2b6e:b69f90421c9182d33ee45f5a203e6fe20d28f2999fa31de7d766556c4e1c78421eb1a1cec70a8df0f5fe16631cbb99b483cbb1092cf08d00010f24582f1bddea217431ebc78af1a66c23cb17dd671990ba9149203f72f0ebb53728b51754ef072ba4b5f075120c0ce5ae1feff5fba4be6401bcbebe448f2feb3d872edd2f44ab75bfb7cc6e30ca0800bd3914eb2d2cf0/i?id=357ea5c1-ffb7-4d92-9933-20515746d1db&ts=1647338519204
Requested by: Host: cdn.purpleads.io
URL: https://cdn.purpleads.io/agent.js?publisherId=344ad2e45bc351c4ada152793585a015:8aed5d81ec539e8e6c45776fc6ee38d0aa92f5aeb356bf9114996f6476591916247996f56f76a9fe14770cd4806b54edb29d6938615ba1769d3b435fb1fcd83b
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.205.246.54 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-205-246-54.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Authorization: Bearer 344ad2e45bc351c4ada152793585a015:8aed5d81ec539e8e6c45776fc6ee38d0aa92f5aeb356bf9114996f6476591916247996f56f76a9fe14770cd4806b54edb29d6938615ba1769d3b435fb1fcd83b
x-request-url: aHR0cHM6Ly9uZXRzNC5jb20vZG9tYWluL3NlY3JldG9mdGhpZXZlcy5jb20=
Accept: application/json
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: application/json
x-purpleads-version: 2.0.31

Response headers

access-control-allow-origin: https://nets4.com
date: Tue, 15 Mar 2022 10:01:59 GMT
access-control-allow-methods: GET, PUT, POST, DELETE, HEAD, OPTIONS
access-control-allow-credentials: true
x-request-id: 2f4e187c-08b9-43ed-be32-5a1bfe350790

GET
H3 200 container.html Show response
f57c03fb62f8eeee0edbee0e6d9835ea.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame CC4C 6 KB
3 KB 24ms
9ms Document
text/html 2a00:1450:4001:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://f57c03fb62f8eeee0edbee0e6d9835ea.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022030901.js?cb=31065649

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 3108
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 15 Mar 2022 10:01:58 GMT
expires: Wed, 15 Mar 2023 10:01:58 GMT
cache-control: public, immutable, max-age=31536000
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
content-type: text/html
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 i Show response
api.purpleads.io/x/a/db1e70561e56f7e08067bb1b75046923:aa5747f4c94cb40da3b7d2c42834f71de14444e0e11b19b1ce140183e9678dd2187cb1569047e974c7cc413c76ad010e33fb767015cb7c3e540974df2258bd72182560d358c1098... 0
198 B 143ms
134ms Fetch 52.205.246.54
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://api.purpleads.io/x/a/db1e70561e56f7e08067bb1b75046923:aa5747f4c94cb40da3b7d2c42834f71de14444e0e11b19b1ce140183e9678dd2187cb1569047e974c7cc413c76ad010e33fb767015cb7c3e540974df2258bd72182560d358c109824c6d69b58ebd2b340dc132b2cd5ab3c6121b4ab54e742f9cc61eb932f154738aad80e8e220147d7a9f2f90509eb385f78ee53a6b09abe400e170d655b18b288979ae7439e4f4d7f0/i?id=f46186d8-4414-4f8e-9513-a3fb9adc8b5e&ts=1647338519271
Requested by: Host: cdn.purpleads.io
URL: https://cdn.purpleads.io/agent.js?publisherId=344ad2e45bc351c4ada152793585a015:8aed5d81ec539e8e6c45776fc6ee38d0aa92f5aeb356bf9114996f6476591916247996f56f76a9fe14770cd4806b54edb29d6938615ba1769d3b435fb1fcd83b
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.205.246.54 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-205-246-54.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Authorization: Bearer 344ad2e45bc351c4ada152793585a015:8aed5d81ec539e8e6c45776fc6ee38d0aa92f5aeb356bf9114996f6476591916247996f56f76a9fe14770cd4806b54edb29d6938615ba1769d3b435fb1fcd83b
x-request-url: aHR0cHM6Ly9uZXRzNC5jb20vZG9tYWluL3NlY3JldG9mdGhpZXZlcy5jb20=
Accept: application/json
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: application/json
x-purpleads-version: 2.0.31

Response headers

access-control-allow-origin: https://nets4.com
date: Tue, 15 Mar 2022 10:01:59 GMT
access-control-allow-methods: GET, PUT, POST, DELETE, HEAD, OPTIONS
access-control-allow-credentials: true
x-request-id: d291fef0-8eb1-4ce1-9132-d3ea0950050d

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 9479 13 KB
5 KB 31ms
25ms Document
text/html 2a00:1450:400e:80d::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400e:80d::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-length: 5046
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 15 Mar 2022 08:12:04 GMT
expires: Wed, 15 Mar 2023 08:12:04 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
content-type: text/html
age: 6595
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

OPTIONS
H2 200 i
api.purpleads.io/x/a/db1e70561e56f7e08067bb1b75046923:aa5747f4c94cb40da3b7d2c42834f71de14444e0e11b19b1ce140183e9678dd2187cb1569047e974c7cc413c76ad010e33fb767015cb7c3e540974df2258bd72182560d358c1098... Frame 0
0 127ms
116ms Preflight 52.205.246.54
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://api.purpleads.io/x/a/db1e70561e56f7e08067bb1b75046923:aa5747f4c94cb40da3b7d2c42834f71de14444e0e11b19b1ce140183e9678dd2187cb1569047e974c7cc413c76ad010e33fb767015cb7c3e540974df2258bd72182560d358c109824c6d69b58ebd2b340dc132b2cd5ab3c6121b4ab54e742f9cc61eb932f154738aad80e8e220147d7a9f2f90509eb385f78ee53a6b09abe400e170d655b18b288979ae7439e4f4d7f0/i?id=f46186d8-4414-4f8e-9513-a3fb9adc8b5e&ts=1647338519271
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.205.246.54 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-205-246-54.compute-1.amazonaws.com
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: GET
Access-Control-Request-Headers: authorization,content-type,x-purpleads-version,x-request-url
Origin: https://nets4.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

date: Tue, 15 Mar 2022 10:01:59 GMT
access-control-allow-origin: https://nets4.com
access-control-allow-credentials: true
access-control-allow-methods: GET, PUT, POST, DELETE, HEAD, OPTIONS
access-control-allow-headers: authorization,content-type,x-purpleads-version,x-request-url
x-request-id: ac36be5b-8888-4eb2-9869-2664f169b0ab

GET
H3 200 aframe Show response
www.google.com/recaptcha/api2/ Frame AD8D 783 B
536 B 30ms
28ms Document
text/html 2a00:1450:4001:82b::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

ce99119296796e0237baa683015065c50e906a629500223b180fca801acdf1a6

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-fURHnGBzI+nq5D8a2gvi6w' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/

Response headers

cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
expires: Tue, 15 Mar 2022 10:01:59 GMT
date: Tue, 15 Mar 2022 10:01:59 GMT
cache-control: private, max-age=300
content-type: text/html; charset=utf-8
content-security-policy: script-src 'report-sample' 'nonce-fURHnGBzI+nq5D8a2gvi6w' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 514
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 76AD 13 KB
5 KB 28ms
26ms Document
text/html 2a00:1450:400e:80d::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400e:80d::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-length: 5046
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 15 Mar 2022 08:12:04 GMT
expires: Wed, 15 Mar 2023 08:12:04 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
content-type: text/html
age: 6595
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 32B1 783 B
535 B 50ms
33ms Document
text/html 2a00:1450:4001:82b::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

ff5aa4577f7bcbab0d05acc34e5135fc2888cb23ecdd5bdde79d4eaf0d574b93

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-F7h3b1+dC+W4f4kppHxnZg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/

Response headers

cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
expires: Tue, 15 Mar 2022 10:01:59 GMT
date: Tue, 15 Mar 2022 10:01:59 GMT
cache-control: private, max-age=300
content-type: text/html; charset=utf-8
content-security-policy: script-src 'report-sample' 'nonce-F7h3b1+dC+W4f4kppHxnZg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 513
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 55DE
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEPFPSOytBkpgFiuhzkc56XY&google_cver=1

43 B
1014 B

83ms
21ms

Image
image/gif

184.30.20.241
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEPFPSOytBkpgFiuhzkc56XY&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CMmp1wIQ19vYAhidgrrEATAB&v=APEucNWL2sqs8qDwXbHIATltCTmkoM40VjYagVb6kLepId-t0qE55Yj4T0jAk0xoYQ1a5X9eHgz48bdss40-tObG6e5v0jDN5sMhqkdcDvHCZrdBM98cXFcKR2zOO6gl3QBwaNaY8PzDIkB45K7QSIT9JNxSRLX0z4rfZn8RFgfAKzvLJOZXpK8
Protocol: HTTP/1.1
Server: 184.30.20.241 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a184-30-20-241.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 15 Mar 2022 10:01:59 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Tue, 15 Mar 2022 10:01:59 GMT

Redirect headers

pragma: no-cache
date: Tue, 15 Mar 2022 10:01:59 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEPFPSOytBkpgFiuhzkc56XY&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 55DE
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YjBkFx3lG9aMh5s71FH9cwAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEPFPSOytBkpgFiuhzkc56XY&google_cver=1

43 B
894 B

34ms
25ms

Image
image/gif

184.30.20.241
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEPFPSOytBkpgFiuhzkc56XY&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CMmp1wIQ19vYAhidgrrEATAB&v=APEucNWL2sqs8qDwXbHIATltCTmkoM40VjYagVb6kLepId-t0qE55Yj4T0jAk0xoYQ1a5X9eHgz48bdss40-tObG6e5v0jDN5sMhqkdcDvHCZrdBM98cXFcKR2zOO6gl3QBwaNaY8PzDIkB45K7QSIT9JNxSRLX0z4rfZn8RFgfAKzvLJOZXpK8
Protocol: HTTP/1.1
Server: 184.30.20.241 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a184-30-20-241.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 15 Mar 2022 10:01:59 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Tue, 15 Mar 2022 10:01:59 GMT

Redirect headers

pragma: no-cache
date: Tue, 15 Mar 2022 10:01:59 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEPFPSOytBkpgFiuhzkc56XY&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

bounce
ib.adnxs.com/ Frame 55DE
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEKyTQjFsnvbVSkYHwS3W5xY&google_cver=1
https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESEKyTQjFsnvbVSkYHwS3W5xY%26google_cver%3D1

43 B
1 KB

64ms
46ms

Image
image/gif

37.252.172.36
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESEKyTQjFsnvbVSkYHwS3W5xY%26google_cver%3D1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CMmp1wIQ19vYAhidgrrEATAB&v=APEucNWL2sqs8qDwXbHIATltCTmkoM40VjYagVb6kLepId-t0qE55Yj4T0jAk0xoYQ1a5X9eHgz48bdss40-tObG6e5v0jDN5sMhqkdcDvHCZrdBM98cXFcKR2zOO6gl3QBwaNaY8PzDIkB45K7QSIT9JNxSRLX0z4rfZn8RFgfAKzvLJOZXpK8

Protocol

HTTP/1.1

Server

37.252.172.36 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

692.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 15 Mar 2022 10:01:59 GMT
X-Proxy-Origin: 217.64.151.32; 217.64.151.32; 692.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
AN-X-Request-Uuid: 359070a5-4178-4b52-9030-d60217f01891
Server: nginx/1.21.3
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Tue, 15 Mar 2022 10:01:59 GMT
X-Proxy-Origin: 217.64.151.32; 217.64.151.32; 692.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
AN-X-Request-Uuid: 6a0fdb61-0a80-4dfb-b8ae-8939f0439f79
Server: nginx/1.21.3
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESEKyTQjFsnvbVSkYHwS3W5xY%26google_cver%3D1
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 55DE
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MjQwMDEyNDMyOTUxMjU5NjY4OA%3D%3D

170 B
188 B

20ms
20ms

Image
image/png

142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MjQwMDEyNDMyOTUxMjU5NjY4OA%3D%3D

Requested by

Protocol

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 15 Mar 2022 10:02:00 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Tue, 15 Mar 2022 10:01:59 GMT
X-Proxy-Origin: 217.64.151.32; 217.64.151.32; 692.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
AN-X-Request-Uuid: 1ae03f6f-fd9b-4953-939f-755a29a58355
Server: nginx/1.21.3
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MjQwMDEyNDMyOTUxMjU5NjY4OA%3D%3D
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame FB53 13 KB
5 KB 39ms
20ms Document
text/html 2a00:1450:400e:80d::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400e:80d::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-length: 5046
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 15 Mar 2022 08:12:04 GMT
expires: Wed, 15 Mar 2023 08:12:04 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
content-type: text/html
age: 6595
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 072E 783 B
534 B 61ms
36ms Document
text/html 2a00:1450:4001:82b::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

ad0ae7783fece9c7ae50c981a1fc308444ae00d9b1be6fed5d2d7165d082b63e

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-iHSOSNJllQ8OQyKTZ2Aivg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/

Response headers

cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
expires: Tue, 15 Mar 2022 10:01:59 GMT
date: Tue, 15 Mar 2022 10:01:59 GMT
cache-control: private, max-age=300
content-type: text/html; charset=utf-8
content-security-policy: script-src 'report-sample' 'nonce-iHSOSNJllQ8OQyKTZ2Aivg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 512
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20220308/r20110914/ Frame 6066 25 KB
9 KB 21ms
7ms Script
text/javascript 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20220308/r20110914/abg_lite.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-B6VjKqP7KvXEB0G6VZVeKvT9d3_YOSrVm5zCp8enxpIMVtXSL-P7ZHLTP3mkRii2YZviLS9RZSuihMWwN8dalOQdiFq3ECRKigN6yU8gFqC_2xPSmdWEQxIvzi97n8wlqLAlIwjNLOQncZ79MnQmJWjAVTaw&cry=1&dbm_d=AKAmf-BgW8BJ7l1Q5xYm3907fLrGCaxkXgp7RVlarAQDOuRy_VAQ5OTrKHNESd0-iDc7Rkvd6_dZaxrrs2OO2GuSaHFcbt8cNFJINdsIvbgvE6aTUjxTx4QozNKRE28_RyDgV_l-vDbE6pM_TE8cvx4Fu2V2X-XjvtrkUjJEA_KSEBTv9Dml455CPvRNo6tsNzMiBPNgK9USOL5xJbPQutabcdxi8afqL4DRxK1zZSRG_bYz5hvG5NP-QpXPzdet2vDDowo3wGKxLeTmhV-riN9wlRAAqXreQkG1o5XWkpcFYTfUe26NxPGWzdHKNrKsl61vJJekaZaDH6YnWjYAv_wiCEnZBjipUIOXvHletkoSUh8L6Nz2fs_cNyQcVnoSi41SNQZzJl-hl6bZE-D4Rmr5Beb2WWObUy9KFwYwFgVyh-Fjij3OOUvvZXC13f15Cr0btYe2TBb8JSqzhr5lD5nCjFFbubY9GEiN1cM3-uwXpp-kAc1P8zwH6T-HjlQoFBi74YNSWaiOspxvvBvCn-IdXEIBIfANAJKrf81wU82UC1hdyqILoMohi-platkdk8s_RpGpHBqUonqbhUCXZ5u1N701EK0D5dGO4nu_Y9y3mBwHfYXv_L_W6H_OuX3kuzwK5XhM7BerAlFgRS446dwL88qx4L-v-PCJfBNVvKu--uozKycEps4lK-aSyQL7btR0k6K4rNIw0rxMxgTo_XHb-oxfbOD9Fq8CcqxHq7tTB3X73MJShz1kXlCeA-YAYfMi0OZInlSthaJzHUunXvrGSnCNmlfkBxVnCpvAPGiK-vXnzwdKbsjpBBJgvu3SGdXTRl20_-EDE7_qvXhJFo5AdlZsai7n8yAv1tyfU9XXlqiF0FDFlMPSFkUdnkKOGKIUb45zrQudSVZxas-mavLS079FVpUXx-sBD5tSC4GuM--AR7mZnsmKhGLK57hqHSp6qcHJJMOXp0U88XW1hpEjjNvw1jmBt0OGaKYp3oBZLKcWpDAe7H77aB0-Su0qzOTX5HX40u4ghVmb-LRYJj10-ewH5AffvbKwjBWmIJ8NE98-OIJgUGiT5PTeCDLmX3v0z-TT4xizT4EOZvYdSvBrdxK1F91TRwZsuqqFyuZa9L7pKpa9QRqh3p-Qifm6jXANUgirOfdvanbK_b6_MFJ_WUx7LPKyud5v-QqKdmovakO88lW3K8x3yFxPKqf8ZhT_CplNt0TcEKumiyYyX3eX1yhaSTi3sYVY1wdAqSe11dHwvbqBpFRQGayoFZahCZBgtzFeuI0nmhj2wPJMh5HmsPCxsm_7Ci1v0m_QC-Ul_x8rYc9MVN_74eZ1e_A4kGITdLrAvbee07fZhnY9M_zKnEafYUuwUXrkAt9PlFF6LMvIdfyAosB8rJ3bp0Wrv2l5fgeYbJTYdMzCpQO0vId5rzcCCYkbJnIrfziy2eS8RaWw9wQosl4_S-CaNoS3gitCplZFm9NUg4JXZJa8v6_6A62Axr097Fgndq5RW8oPX6ROh7p2MEp-HHykQhGF-ZhKDWGj3_dkLcCzZW3_a8tNivuBZV-SqWyvxPkjmuZCs1Joa3oqz9UKboOQMUxa-JdLvWYYs0kVADSeR7SnFXdThFHihhoo_50PNLheUqG0-ipKGBG7jWP440z7MSq9o3CAWWSj3al8Ga_TQU1XhJ6YPmEcO-McxGmgdoPrTRdALgjgxDhmlYD937Xs7CDmWWHnaHoiMY3X56kZgaKZl_R2jkaU4iJyDytAq9a1zlOP3D5cQtnAW8--6JXtBbxsB4DMDx3qjDVxIhk9ZrctWZ2QA75ElYh7DGKnJLZ79eRLk_F3YqU-I7D6MDlSBsdYOd0k55DzBunFXVBDd7VDMsBRD55MfHYrvlTYbFTisVa_XOkA76bdr9grekerlrSuas6jwLN9K4bo9J2KkO6ofIgfUNaSmpO2_RNmATtG-ALBrpPWkTd8vR3HRAzb-vkXA4EhZ-0HNNdvMu9Er3iGEU7zZskXCWZIMI8_CkKD6Ww1IptZ91tbxKAaj98p8qLR6VXe1JYpHBgibq_oVLZp53Kh0AokUj-BHs4BdMHSlCFlLpcqKQ2Mb2BSMbazYlPvfgonrU6F21dzl5eCPYPfBmq02BYOkwC5MrUX0Dyy_NksH-euDnjDTHSRCOmtG-0KGFxQ4WbkSb0eidnlVwUHxJS9QqBVvYyXVM6IRXIuh-HNbYAfIxHz4ukspzGHpp-dhaBSrFoRhE0gqKjAW15WzSAe0sijk_mVJmDnXfPQ7x9elRu0VyPOAfDpx11v8pHmKVP9V3gn0oyP5aFzntGVDEnQuQv4fhwIp6c9XqPza3Rup_Ya-dz-mrSDGTvKvhI6bibkKYDNIv5eD-r99ZSCFpSlfPJZbkamRhSGt1I2EAox12W5QEYNUh69tn1YxmnPVIVhfkx-lksK8l8eZT9HNBLC0m7oAI1_81whBb_vD9TRlPbOigLSL_1fJszod8sNarr7mH32Bvy4zHVwl-V1QPsi-oI_PhfKS-Tk0MDRHAl_mBqghnGs7tsINqBttyk21r0LYkhCSrv1Y6Qd3glN27Qf4V6TUKKD7Y4DgGqhJFsje1In5eahHf6bAY52rT_NCU4zg9nvxw_2fUdcQHVMhQNdKzTU7W4Me9xdkRj3iRAyxe3M6Czf1ftOjIQNnurtjYEADQUj6rLr8zz_cJopF2Capv7i5lejsCjP2EEetO7I2HsCZ09JD7Ctq3QZjjQXNZ4Ur9iQIgNmuwrtDRbeYSMy38M8PD_kHT-wYWgv65iQiKxpwvxa38XQIsDVC4ChPlb0LlP-Ew7BrsC7TrmkiclIXD3T-ed9izJ2_cSEXwYMXbtnCZwjU6ddLpbN4xwQ4CHLApN9oiSK1MyxYoiBHaOUKNWXqX-bEMFS5Mn7r2DQ7Ve8yKtCPL9f_5g3GUJtk4s5bG5eu-iLVqb4OX0vRLT32w5RlTbc4mKI7FZEBC4v7uBH_5mJN1Iaae8jan59fm153gzXLX-RMxgdS0uRduG04Bii6PO-vzCB44R5gPUQefaaEM-BVn8BYEH6l1SRMN6gvlrGGyjSzOyFKpC4VyQoRBqbi7tFa6iN0hXLiXj9DkOlBLk2ro9CCLSyyKmEqM6RqsmX8AD43SCxeJqswT431nRy8b4jbFysy74PGf5wmjQrRl63EUT6t2u12oNNRDdGzrPR8Y8AaXK4vaGgXo-MujFL7DeV6VWJ78OuHD714LkCUio08qR4A70IPbs1NiiRYn9LIE6wP8PnNDjaPSSo3yYX8zTOpkr8-vXW_7VMnkO9yAJbbTE&cid=CAASKORove6umdxPidRLTanU0nXODGVXTTCoDjWH4VKy8pGfXlsFjqddW2s&rfl=2%2Chttps%253A%252F%252Fnets4.com%242%2Chttps%253A%252F%252Fnets4.com%252F%240

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

cafe /

Resource Hash

947e22d9ed05fbe3f5ed3c4ee35618a1910a85968f48a22c0277f9936f2eb769

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ab1a7e5300227e43b7d9e5ad573fa091.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Tue, 15 Mar 2022 10:01:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 49
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9657
x-xss-protection: 0
server: cafe
etag: 5177785407398320510
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 29 Mar 2022 10:01:10 GMT

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame 6066 41 KB
15 KB 31ms
26ms Script
text/javascript 2a00:1450:400e:80d::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400e:80d::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ab1a7e5300227e43b7d9e5ad573fa091.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 10:21:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 85258
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 14 Mar 2023 10:21:01 GMT

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20220308/r20110914/ Frame 6569 25 KB
9 KB 24ms
9ms Script
text/javascript 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20220308/r20110914/abg_lite.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-BTNZMJ9hcCHZBTm3ak81_spZOSFUD4ldAwTaZD0cd0N96l95OeFUAUgj-muANqmg_iwhc5ioW7jBKwnCg15UdJjycLK7CabxXQRPVoWDf3i8OyhaWCaxVE714aeLR5Hc9h9w1IOl9b1NmENSgu2Ev4IxXykA&cry=1&dbm_d=AKAmf-A4WnArMy-L5f_Gocs9SmKOZ6LyzyXLZI4ttTBQmE3G0z0R796FX-TdeXNZn2RWM_nVJA10inA9EsI9K0C7WvxKY-5nvoR9F1HeL6emiq66pq9lf4OEb5MwQGQbr_LGgggF_A2wHvdLGUXEiFtEOOy7-XwSuXRDvJi7bIm3q8H7JRZrtUr_5Jckm3WjMJp3yfnFrasQkLfmLbqtukBFJ6OYoDoiLqCWvV_0ZD80D5ZxpD1lBDcFGX4LWoiHLGLRxxgXKWjYc7yYeJsd8x-85fqbs9IAFr3v5FLVh-MN1W5cpZ-AEvKkslv8BYjsSipVMqsduogBtVsiWzVJLKp1KrctED6lbW0400MsEZpdX-1zWurtta4VdMVsthCFLCK6LTMWfOmhIYyxMvCohI9Wi2MNFcsNHtAYhNQB729Lp0B-2rMhEJVuTfp813Jayrdi5j_63fBvm0kfEKms6Wyp-ZCXCg-8knaTWyXBJgsb9dUj7xETu7NXNXNVwZ_I-_Hnj-iVqZHtoxmrJDvLI-LX8upAJ390-ADDH5TyD7hTec3H16zQ6Da2eE_F4sMv01YvjA3fo9PTmMg_YQA19wcFygzjXkrks_V0bX5hhfeV4lDKiY5q8EEzl8xbUtUuIWe80O5TcWOoYoGsrSdmLFNn-W1gcoMkFg26l4whSbynkCx8B8N4CNnb2ByVtdOI_2AavIqiG2HnpqGL7kgOWZl06Ykaty2DYgpRi8vPvN5_4ucZ89E3Lue6jbcCS4VOq10i0rsmX8f9I-HAiW9u_JiJJsY612unXJIZ7vLkE63Ed0uintnJHYex168Vfmk7oKmOVdvJk_x3JJ-vy38J4Hv0R2LNXqMmRiNTztmNy8yJI9PrV9Ukt_Us7DxK8-yUE5qER3pkUUZPudWF8_gaHiqq7ngtx1HMf_iZJ5PWF7Z8Jx0py5mEbKC_dEfbTWlrmOfe-WuP7QvPJ08bOphBBDqcsvcKnxJTyGVR8TjHTvFdXI7b-dfjNCUAuJC9-wkVi0119r7pqS8SFI5ZypyEzF2o5MjLZM8x6Wwj3Fp9PNb0j5bChk7aueV1ZnTx8Ezp0j4vyYLCI9ujmq9IitmZD73HACMbajGchPAQRqXgVcqzsROgZjrxHY4Ef0lMlyzmGMMe_CJPfpFnk0BkQ6OTtTwF8LspGEYcrGBhiMMwqtLx64Hd0jZ45W_88xZA4PogUBfuIbGxlWS2kb8zO9vhYepWH06s-n-6PKOpAc0JzcY3Aak1cYN3T6H3OHcgIucgu2LYPN2DFJZ6WyAI0GhhQ1o7yJ83TYsWzYm8Nv-z4fnsJPrBuhvrCmXDlf9SlDsMo6sHaB4MKrPoGbYl1CsVdhBUtOW-Ej1gn2tPxnC0nfu_3GBhYR6sJWFa6ukZQdZaT9BHLmzH_HSvNQiVGCjexs95vd0L8KKEy0H3N-LhZ0tKKErw8MjuZlzOy5DnMAebuM9R71PTYi9d4o6kU8wJ-dDUtDwFCcLYt3ELq1URcyCyjlE2eGp5mTm5gVsbg0ke7sM_1ZZjMMYYORPSDXmqDaX_Jjb2c9HomIhXdE-yP5iFYwefq6LWiqh7d-nc6fI5HlO_SkzgSq9cqpEoD3URuX8ghGnkhHMJFiqHyXeyRuPtV3Y9taLWHRMhyg_kHkkuV6dHZn0BM7m7IJ6NgZgvQdGTTGkT14gnAKpcNnjVqswMvEvBnd3rGLqGz_cKJoF-imv3k70OfR8I7cOR6RyPndT_jJaek4sJXz-ejKB3CDCdnMXS03CFLX7riaYz_jL-UNAM_cCMN1kF7C4N5mfITml4xxzK7gsls6Z13dxXc9_7c9DQQxLeUqKeD-0EcuJe7TKel-T19YvPKEBxvoNpK6g8OWFKEgbgV8xlpkvZIECokKpAm4rzEOjvRIkr_K2KaXc7-0_Q56orZ8T5LKPXM5z1ArXkCcLPynFUtXM62hbSlEHDNCsvho2uQ0huLa114aZIhVP_4r7Sn8JV4PiVhwZD0e_icYSPvE8QoGv8LtlETZSdMSW1uA51c9dipModLWMKnpe3uUUfc80-xWbSp3mUxSMk90Gd24WMjuVEpprLIDBxmKMh-NszVEp9XuzRUPeYoNIYVXO0Gz1fiItaiwtQu4flpsJSJDEOTgJaFMA58xDlskG5yLT6yQJTV2doq8uqKi7u10FpEd8V4Lbq7W2VkwCV-NnYPDi6yb-B7fLYAafyJwyD34eFgW1cexH3c79Bc5usnsjilDSIHdYLHtt-h90KrEMwo5_i3sm6vDo9Vm2vg1zbe5UCJlVxc8i_P8Cd-Zw6n8uyTmqcQPc-g6t9qkkmcSJjHekeDZ5os29T_Vea8kWmbPXwCxczzeJiS34m1QgfOJZY4ivzFjJEynUle12ApK69Ix68m1gTvsH4Drbr5DhFQ8hy7kvGxorVJZTZAjcP4mmlLc1FtLPWst_Ab3BXZDC03bPgulMw5kRi3YUXdUuZxmPJnGqBToIOi3nnFj9eqXY1ltiSvevtb0GsI-iHHqfOO9DelUGdvSt7SKp__1bAtMCjqZcEf9a89wAN3zcvWeYfHTjgxsSv36TW7oneOmGMgtrQUg6doYIkX0C0WkVm-WrQ1pCZ6qBSU0VyerwjORLCgnvuC1-iEfnVDk3YjZ3bPwErKnoG8k0B3g8RURdvJWOogNB-yFJ0NndnYqli2Whdrk0AeHbB3Ngc0Z9CYP8vIQ0itT7rBHbAWKd3VrboyagasXQ1I5tu_bSKT3--A8BYFRKiXgZ9iuJrPhePxQhAen3XRvB0ANqBSHxUk5yQNdFxisjtqGeQr5GSL-OFGaGwLweQbEb_ITXXY_PFuMZsXfEamyBlre3IKnC7XZeL3LphO_MSTp9L8V2fhEx7KgWHgnwF33MAd_6n9rel2MThXWS720cHAXn7t4nvTqxIvasKGTRXUpT04_hn7rO6IPWmSw8SbJ9dnZLeWsOY8ERGLu-MWt5hlo2joz2pyhJDtNczvaEBnElGGqx3Yy8lS30X2N_b04PNkCKD9Hx5FCkeoUFGUtgsLxkiJILdb0RPJf8rzlDSPaFd0GPgHDfcZAoHem-S7ByqHCbuAC1gz31W4qY4-nvitSdux4ydWWOGVpVLnIToFDIAwj3WaWcaFKX8hQetKMY6RiuURNE10iV0f_ikgxXGy8u6mCi35ACGNh3tRh9aRYIK0k_AUskH5weTD3-76av1zj68s6yDf0gzYE63QyNRuwdd0HD7ADC3M_xR67w_V9mh4hcs42dYc4ZIJ-waXEAD3b-spBdyxCVHY5mbEADjuR70Dg7fE5tivKI&cid=CAASKORomW0dAQeQXzatJpxSr4yTWo4y5fsE4QVUpFNyNw2DrFptxwdgQ5w&rfl=2%2Chttps%253A%252F%252Fnets4.com%242%2Chttps%253A%252F%252Fnets4.com%252F%240

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

cafe /

Resource Hash

947e22d9ed05fbe3f5ed3c4ee35618a1910a85968f48a22c0277f9936f2eb769

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://274efeac3745f8aadcf775834b09fb6f.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Tue, 15 Mar 2022 10:01:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 49
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9657
x-xss-protection: 0
server: cafe
etag: 5177785407398320510
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 29 Mar 2022 10:01:10 GMT

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame 6569 41 KB
15 KB 36ms
30ms Script
text/javascript 2a00:1450:400e:80d::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400e:80d::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://274efeac3745f8aadcf775834b09fb6f.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 10:21:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 85258
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 14 Mar 2023 10:21:01 GMT

GET
H3 200 downsize_200k_v1
tpc.googlesyndication.com/simgad/6528039975527766319/ Frame 53DD 14 KB
14 KB 35ms
30ms Image
image/jpeg 2a00:1450:400e:80d::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/6528039975527766319/downsize_200k_v1?w=400&h=209

Requested by

Host: nets4.com
URL: https://nets4.com/domain/secretofthieves.com

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400e:80d::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9b3f9e0eec5b585b86c19bc175b155922daf524f542bba4703c5d1675e0f01b7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 07:01:51 GMT
x-content-type-options: nosniff
age: 97208
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 14771
x-xss-protection: 0
last-modified: Fri, 06 Mar 2020 14:22:35 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Tue, 14 Mar 2023 07:01:51 GMT

GET
DATA 200
OK truncated
/ Frame 53DD 206 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 44eefef34507164f4234b958d8f6906488a2521071379498041568bae9499b2e

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ Frame 53DD 209 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 9e5e995f0936d63304195ab72af99edee3c10d218a5d57719b13c94780631127

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ Frame 53DD 213 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 2992f81c53d1d7ea9f1abce38ccea77eec5e76c0e8907c2aa4ed2a055cc812a5

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 4UasrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RPjIUvQ.woff2
fonts.gstatic.com/s/googlesans/v42/ Frame 53DD 28 KB
28 KB 45ms
12ms Font
font/woff2 2a00:1450:4001:810::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/googlesans/v42/4UasrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RPjIUvQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a67d07f733785876b3192826e76f537e2b9dc0be172ce52c773d30d65f712a07

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://nets4.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Tue, 08 Mar 2022 22:47:37 GMT
x-content-type-options: nosniff
age: 558862
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 28328
x-xss-protection: 0
last-modified: Tue, 01 Mar 2022 21:57:43 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 08 Mar 2023 22:47:37 GMT

POST
H2 204 collect Show response
j.clarity.ms/ 0
48 B 310ms
303ms XHR
text/plain 20.85.30.134
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://j.clarity.ms/collect
Requested by: Host: j.clarity.ms
URL: https://j.clarity.ms/s/0.6.32/clarity.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 20.85.30.134 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: application/x-clarity-gzip
Referer: https://nets4.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

access-control-allow-origin: https://nets4.com
date: Tue, 15 Mar 2022 10:01:59 GMT
access-control-allow-credentials: true
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET
request-context: appId=cid-v1:3f60b293-70d6-4805-b0bb-3484f0a73bf0

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 8F70
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEPFPSOytBkpgFiuhzkc56XY&google_cver=1

43 B
1014 B

73ms
21ms

Image
image/gif

184.30.20.241
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEPFPSOytBkpgFiuhzkc56XY&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhCn9EsYvNLFlQEwAQ&v=APEucNWlYTD4_iqyl_aUV4E8QH4v-Au0eEKf8AWpC86_rhOnFT71bHA65u_gDtcdV736rfT2opgMTjq7UgCIPqhIbB2p5_LZTtDKVFxEMXll2M6VaY73rJU_t_xp87PD73DQyn3xyf2vK5Xi5pDvcGR70tSFyh27CLiJmSj_RP5GwGC8z-7JBhE
Protocol: HTTP/1.1
Server: 184.30.20.241 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a184-30-20-241.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 15 Mar 2022 10:01:59 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Tue, 15 Mar 2022 10:01:59 GMT

Redirect headers

pragma: no-cache
date: Tue, 15 Mar 2022 10:01:59 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEPFPSOytBkpgFiuhzkc56XY&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 8F70
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YjBkFx3lG9aMh5s71FH9cwAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEPFPSOytBkpgFiuhzkc56XY&google_cver=1

43 B
894 B

15ms
15ms

Image
image/gif

184.30.20.241
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEPFPSOytBkpgFiuhzkc56XY&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhCn9EsYvNLFlQEwAQ&v=APEucNWlYTD4_iqyl_aUV4E8QH4v-Au0eEKf8AWpC86_rhOnFT71bHA65u_gDtcdV736rfT2opgMTjq7UgCIPqhIbB2p5_LZTtDKVFxEMXll2M6VaY73rJU_t_xp87PD73DQyn3xyf2vK5Xi5pDvcGR70tSFyh27CLiJmSj_RP5GwGC8z-7JBhE
Protocol: HTTP/1.1
Server: 184.30.20.241 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a184-30-20-241.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 15 Mar 2022 10:01:59 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Tue, 15 Mar 2022 10:01:59 GMT

Redirect headers

pragma: no-cache
date: Tue, 15 Mar 2022 10:01:59 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEPFPSOytBkpgFiuhzkc56XY&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

setuid
ib.adnxs.com/ Frame 8F70
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEKyTQjFsnvbVSkYHwS3W5xY&google_cver=1

43 B
1016 B

37ms
24ms

Image
image/gif

37.252.172.36
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=101&code=CAESEKyTQjFsnvbVSkYHwS3W5xY&google_cver=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhCn9EsYvNLFlQEwAQ&v=APEucNWlYTD4_iqyl_aUV4E8QH4v-Au0eEKf8AWpC86_rhOnFT71bHA65u_gDtcdV736rfT2opgMTjq7UgCIPqhIbB2p5_LZTtDKVFxEMXll2M6VaY73rJU_t_xp87PD73DQyn3xyf2vK5Xi5pDvcGR70tSFyh27CLiJmSj_RP5GwGC8z-7JBhE

Protocol

HTTP/1.1

Server

37.252.172.36 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

692.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 15 Mar 2022 10:01:59 GMT
X-Proxy-Origin: 217.64.151.32; 217.64.151.32; 692.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
AN-X-Request-Uuid: 756261d1-c57e-4539-89c9-e580f0223baf
Server: nginx/1.21.3
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Tue, 15 Mar 2022 10:01:59 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://ib.adnxs.com/setuid?entity=101&code=CAESEKyTQjFsnvbVSkYHwS3W5xY&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 290
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 8F70
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=Njg5ODY1MzQ2ODc5MjcwMDE5OA%3D%3D

170 B
188 B

23ms
19ms

Image
image/png

142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=Njg5ODY1MzQ2ODc5MjcwMDE5OA%3D%3D

Requested by

Protocol

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 15 Mar 2022 10:01:59 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Tue, 15 Mar 2022 10:01:59 GMT
X-Proxy-Origin: 217.64.151.32; 217.64.151.32; 692.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
AN-X-Request-Uuid: 28a0396a-2c67-4212-9959-4d23d2bd97f5
Server: nginx/1.21.3
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=Njg5ODY1MzQ2ODc5MjcwMDE5OA%3D%3D
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3 200 integrator.js Show response
adservice.google.de/adsid/ Frame 754D 107 B
122 B 31ms
26ms Script
application/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=nets4.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022031401.js?cb=31065652

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 15 Mar 2022 10:01:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 integrator.js Show response
adservice.google.com/adsid/ Frame 754D 107 B
122 B 28ms
26ms Script
application/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=nets4.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022031401.js?cb=31065652

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 15 Mar 2022 10:01:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame 754D 86 KB
36 KB 364ms
344ms XHR
text/plain 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=1071917673794868&correlator=1130841265062934&eid=31065631%2C31065652%2C44758228&output=ldjh&gdfp_req=1&vrg=2022031401&ptt=17&impl=fif&sc=1&iu_parts=22178702878%2Cpurpleapl%2Callsizes&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=320x50%7C320x100%7C300x250&ifi=1&adks=2992467494&sfv=1-0-38&ecs=20220315&fsapi=false&eri=4&cookie=ID%3D2ff61d35468b16dd-22374ddf5ccd007e%3AT%3D1647338518%3AS%3DALNI_MaJ9bDagqX2-JDy32dH_UqzTxCkbA&cdm=nets4.com&abxe=1&dt=1647338519551&dlt=1647338518962&idt=464&biw=1600&bih=1200&isw=345&ish=85&adxs=1244&adys=1121&oid=2&ucis=ysqi4k2jfhjb&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&nhd=1&url=https%3A%2F%2Fnets4.com%2Fdomain%2Fsecretofthieves.com%3Fcb%3D1089881647338517504&loc=https%3A%2F%2Fnets4.com%2Fdomain%2Fsecretofthieves.com&top=nets4.com&frm=23&vis=1&scr_x=0&scr_y=0&psz=345x0&msz=345x0&fws=256&ohw=0&ea=0&ga_vid=1671851228.1647338516&ga_sid=1647338520&ga_hid=1145870826&ga_fc=true&btvi=0&nvt=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022031401.js?cb=31065652

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

cafe /

Resource Hash

3276c4e249758e413d3ff0fb8b8c0891f70b3cf31b71f2d1d166382323622496

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Tue, 15 Mar 2022 10:01:59 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 36622
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://nets4.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html Show response
e18af829038623fb34c15b12baca7053.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame B5D0 6 KB
3 KB 92ms
16ms Document
text/html 2a00:1450:4001:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://e18af829038623fb34c15b12baca7053.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022031401.js?cb=31065652

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 3108
date: Tue, 15 Mar 2022 10:01:59 GMT
expires: Wed, 15 Mar 2023 10:01:59 GMT
cache-control: public, immutable, max-age=31536000
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 banner Show response
ad13.adfarm1.adition.com/ Frame 6066 568 B
723 B 40ms
8ms Script
text/javascript 217.79.188.54
MYLOC-AS IP Backb...

General

Check archive.org

Show headers Download Go to

Full URL: https://ad13.adfarm1.adition.com/banner?sid=4285695&adjsver=3&fvers=&iframe=1&ref=https%3A//nets4.com/&ro=https%3A//ab1a7e5300227e43b7d9e5ad573fa091.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html%3Fn%3D1&uao=Mozilla/5.0%20%28Windows%20NT%2010.0%3B%20Win64%3B%20x64%29%20AppleWebKit/537.36%20%28KHTML%2C%20like%20Gecko%29%20Chrome/99.0.4844.51%20Safari/537.36&os=17&browser=11&userid=0&kid=2954778&screen_res=6&wpt=J&clickurl=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCQ%2DA%5FFmQwYpHnH8qKjuwPnNKviAS1kNfhaJ28pLS8D%5FAuEAEgudvzJmCViqKCsAfIAQmpAgnD8hxgbLI%2DqAMBqgTUAU%5FQOkKsoY1vXXKwnJF2iNqcl2nvD3eCwXNYuJ%5FW2QMhfAs4zZTwZumcxMtLJ3gLhcfwpixNxVhDI94%5FM899FZhcVmzFvH2TeS4t8T9zFM9Z4t6z9cCehlp070%5F2Mgntb0y55bsdErlFlgDGbUyfp1eV3GRV%2DIUm%2DTLgX4shWEJ4Lbi5QEzRUuOPQplKeQ9yPcJjer%2DQ%5FTXXpkgZZhtUdIh3wvuC8fdUWC9YmgYGGLIyn8KEp5JvkZOK0IjhO7u%5FXzWftXW7g76opAPo0jSXq2KxGcsywAT85M%2DY0gLgBAOQBgGgBk2AB6yoy70BqAeOzhuoB5PYG6gH7paxAqgH%5Fp6xAqgHpKOxAqgH1ckbqAemvhuoB%5FPRG6gHltgbqAeqm7ECqAffn7EC2AcA0ggJCIjhgBAQARgd8ggbYWR4LXN1YnN5bi00ODIzOTY5OTg1MDgyMTM2gAoDmAsByAsBgAwBsBPdr7EN0BMA2BMD2BQB0BUB%2DBYBgBcB%26ae%3D1%26num%3D1%26cid%3DCAASKORove6umdxPidRLTanU0nXODGVXTTCoDjWH4VKy8pGfXlsFjqddW2s%26sig%3DAOD64%5F2x0LGvb8xBgE%2DYoS0H1MEiPhPcxA%26client%3Dca%2Dpub%2D4903453974745530%26dbm%5Fc%3DAKAmf%2DDY4iLNWqzicJtAwJjVgS53zQ8VTHdubqbNC%5Fmc7PosJSX0bSEjvgv%5F9UzOG85eNkJVnhtFUd4FHbD8gB6EPntWAdbIJeJ9UeezA%2DeUqHNqzkah5xNGIPc2PZXX7iDatjWn%5FnXZQ6%2DMlD7%2D3A5x2Qa2Q0yUHQ%26cry%3D1%26dbm%5Fd%3DAKAmf%2DBYp7Ahs5YCuxMHkJRyUBhI0Vqn4yg0ZomNOkI9Y9Xb%2DOt1V1CsSZRumdp%2DuE2mdOTQ7WzmBtHwkgtPPiWHRgXECe9sqMdgax%5FxYbEs83VCbvcwbYvKX%2DB5stQrqPCEdyUnANpMMRRNbRdnSX0Nb86kGtWOG84UX9d7gzyef8ZA0lzXmnhg3FVOwmjOYqc2TvhTskV6b%5Fv4ILanlQy8oTprtVSPnqHzFIjjktPs2rEI%2DUh%5FSx5FlmlZu202jQ81cnUACxGHTO%2DA%5F5RlxxuesSnFqO0Xdwt0DI430HGcCy0EtbTZLVfM%5FDsn%2D04FN%2DUVQ56u%5F8Y8qazxMSGKRcMof7B2ckIL34JxOOIXlCvuLRzh%2DzdSYyP2Xh0yls5RtYPa6mJ2U%2D5FHj7pyqgAqQaAb1VZrNbsAF7H6Qq3AxQa2vjdVU197SPOGEEDr33%2DcrC3ZUHu%2DxSx0cBKPmYs0ejfbCg9Mt1WE%5F0MbJRSgi0xPzwoygZg%5FY7Km9cIthuqWF%5FUMZJIH7pD%26adurl%3D
Requested by: Host: ad13.adfarm1.adition.com
URL: https://ad13.adfarm1.adition.com/js?wp_id=4285695&kid=2954778&clickurl=https://googleads.g.doubleclick.net/dbm/clk%3Fsa%3DL%26ai%3DCQ-A_FmQwYpHnH8qKjuwPnNKviAS1kNfhaJ28pLS8D_AuEAEgudvzJmCViqKCsAfIAQmpAgnD8hxgbLI-qAMBqgTUAU_QOkKsoY1vXXKwnJF2iNqcl2nvD3eCwXNYuJ_W2QMhfAs4zZTwZumcxMtLJ3gLhcfwpixNxVhDI94_M899FZhcVmzFvH2TeS4t8T9zFM9Z4t6z9cCehlp070_2Mgntb0y55bsdErlFlgDGbUyfp1eV3GRV-IUm-TLgX4shWEJ4Lbi5QEzRUuOPQplKeQ9yPcJjer-Q_TXXpkgZZhtUdIh3wvuC8fdUWC9YmgYGGLIyn8KEp5JvkZOK0IjhO7u_XzWftXW7g76opAPo0jSXq2KxGcsywAT85M-Y0gLgBAOQBgGgBk2AB6yoy70BqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhuoB_PRG6gHltgbqAeqm7ECqAffn7EC2AcA0ggJCIjhgBAQARgd8ggbYWR4LXN1YnN5bi00ODIzOTY5OTg1MDgyMTM2gAoDmAsByAsBgAwBsBPdr7EN0BMA2BMD2BQB0BUB-BYBgBcB%26ae%3D1%26num%3D1%26cid%3DCAASKORove6umdxPidRLTanU0nXODGVXTTCoDjWH4VKy8pGfXlsFjqddW2s%26sig%3DAOD64_2x0LGvb8xBgE-YoS0H1MEiPhPcxA%26client%3Dca-pub-4903453974745530%26dbm_c%3DAKAmf-DY4iLNWqzicJtAwJjVgS53zQ8VTHdubqbNC_mc7PosJSX0bSEjvgv_9UzOG85eNkJVnhtFUd4FHbD8gB6EPntWAdbIJeJ9UeezA-eUqHNqzkah5xNGIPc2PZXX7iDatjWn_nXZQ6-MlD7-3A5x2Qa2Q0yUHQ%26cry%3D1%26dbm_d%3DAKAmf-BYp7Ahs5YCuxMHkJRyUBhI0Vqn4yg0ZomNOkI9Y9Xb-Ot1V1CsSZRumdp-uE2mdOTQ7WzmBtHwkgtPPiWHRgXECe9sqMdgax_xYbEs83VCbvcwbYvKX-B5stQrqPCEdyUnANpMMRRNbRdnSX0Nb86kGtWOG84UX9d7gzyef8ZA0lzXmnhg3FVOwmjOYqc2TvhTskV6b_v4ILanlQy8oTprtVSPnqHzFIjjktPs2rEI-Uh_Sx5FlmlZu202jQ81cnUACxGHTO-A_5RlxxuesSnFqO0Xdwt0DI430HGcCy0EtbTZLVfM_Dsn-04FN-UVQ56u_8Y8qazxMSGKRcMof7B2ckIL34JxOOIXlCvuLRzh-zdSYyP2Xh0yls5RtYPa6mJ2U-5FHj7pyqgAqQaAb1VZrNbsAF7H6Qq3AxQa2vjdVU197SPOGEEDr33-crC3ZUHu-xSx0cBKPmYs0ejfbCg9Mt1WE_0MbJRSgi0xPzwoygZg_Y7Km9cIthuqWF_UMZJIH7pD%26adurl%3D
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 217.79.188.54 , Germany, ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE),
Reverse DNS: aa.adfarm1.adition.com
Software: ADITIONSERVER v1.0 /
Resource Hash: a7d4139a86f5c5467ae6cb400f0ae7b95995f6ed3da681d17ce1cf8fdc6a0ca1

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ab1a7e5300227e43b7d9e5ad573fa091.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 15 Mar 2022 11:01:59 +0100
content-encoding: gzip
server: ADITIONSERVER v1.0
p3p: policyref="https://imagesrv.adition.com/w3c/p3p-ssl.xml",CP="NON DSP ADM DEV PSD IVDo OTPi OUR IND STP PHY PRE NAV UNI"
cache-control: no-cache
content-type: text/javascript
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H/1.1 200
OK 4727t6qteyti Show response
hal9000.redintelligence.net/zone/ Frame 6569 11 KB
4 KB 77ms
13ms Script
text/html 78.46.23.46
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal9000.redintelligence.net/zone/4727t6qteyti?subid=&gdpr=-1&gdpr_consent=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCq1X1FmQwYt-0Jo2t3wOT_qegDrXN-YNX_Ni5q-UM8C4QASC52_MmYJWKooKwB8gBCakCCcPyHGBssj6oAwGqBNMBT9DIg2LdsS-0sv46Lkr8VGO8Kzop0nuEnC5ZZ78FX3T4puvDVF1RVm84EFBtep4Llboe6YAkQzInMFKFKW197CBrMVw8Q1PXD6dV_R2URBbr9xMXpV8yZDgO0OOh_4tocN8ZFfmYMZ6VbwEWu52nBxYDr8_ojkXTANYLlIBALRr5R98PEm5mn2OBc89hfaMlj5vLfUGaueOMKHsMksMU8mTXu7uNnqLJ1mSYxKGPdvTF2o-Pq8Ac0KKsBAtOLL_hiwO0YuHmoOBE9FRN1-YOQJWHOMAEqp38vs8B4AQDkAYBoAZNgAfr5-heqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhuoB_PRG6gHltgbqAeqm7ECqAffn7EC2AcA0ggJCIjhgBAQARgd8ggbYWR4LXN1YnN5bi00ODIzOTY5OTg1MDgyMTM2gAoDmAsByAsBgAwBsBPcmesN0BMA2BMD2BQB0BUB-BYBgBcB%26ae%3D1%26num%3D1%26cid%3DCAASKORomW0dAQeQXzatJpxSr4yTWo4y5fsE4QVUpFNyNw2DrFptxwdgQ5w%26sig%3DAOD64_0DYEluLGGkcKyfL4w4CHGQBg8_2g%26client%3Dca-pub-4903453974745530%26dbm_c%3DAKAmf-DWCpR_fwI_iKmAUVENw2FLN553m6FV9iyv_NvtVH4RNhDiMN0HymAunflXs8lydBCyt1iPEy4TCDRRSTiHpkZcpXtW2MMwPHko1ZlQTETDj40PLWx5pusHLmffadwMf_QBUjJXPF42QRf0pxz7oTzNqRWQJg%26cry%3D1%26dbm_d%3DAKAmf-Aj2yUFFpltBiYHXMbh6kxnFhzis8HqoUM5WGRTpyYioRuMxWd4TIERH9hQHDW2k23ughJG_pmNccfaKen305H3TEMHzY8qcCvyq_Fi8XvBAxd4Hve8ppvu22rxeherz_ckrin7KS1zswJM4VP4tfC1X1_EPZu6Njha0eZacrRZAKBR9k2FvnlghnFI-jsYX8z6I2zWh41tJxDekl9cP-NhNwCx-x0VHGbipaH3X9rTF--14cIbdMAdFJX6hcsjDdLjjPGvLNSuQSs4VK__vMw4WTB25I-fkyCD6JfyS2vX03CKmL6IoDtO1k9IESsblH7sqMkZt7xtb4eN6oB-5gzza8YBEbOVO-qNd4Qj0oHALz6Iwv3yLZQ13BfcGTEOyeJGiziEz9okZI1g0j3wuUJILV9Z2NL4gNuw5Quln2rAIBgFD9yoTgF2sTO0a8Ng3zjSZ2PoDg43YtYkP-3fJAKoL7os8gzzdkhMIj4mKbJjpqg9-0y9WBvp6ibKKMDh_GCdUuit%26adurl%3D
Requested by: Host: 274efeac3745f8aadcf775834b09fb6f.safeframe.googlesyndication.com
URL: https://274efeac3745f8aadcf775834b09fb6f.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 78.46.23.46 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.46.23.46.78.clients.your-server.de
Software: Apache /
Resource Hash: a8705d2536e2b5737f232bb736117a6743224b28ef7bcbe2b871d29fa218d464

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://274efeac3745f8aadcf775834b09fb6f.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Tue, 15 Mar 2022 10:01:59 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 3985
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 47C4 624 B
297 B 54ms
21ms Document
text/html 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhCn9EsYvNLFlQEwAQ&v=APEucNX-BMh-bn0EYwRW_lW6zU82ZYo3nKQ13o3uN0bnwA0tQxIkNT0PZD5_VXGACzVGpq6t68wk_w0cUCce-ioPpy4_P4I-ZfD3mCLceTzRpM-SBKpGnYHv0sBGEUUofgRAcbFV32oPrpACHBt7SIBSlPZEVk-VSYJBqZQanHdpIrblaRP_r0w

Requested by

Host: f57c03fb62f8eeee0edbee0e6d9835ea.safeframe.googlesyndication.com
URL: https://f57c03fb62f8eeee0edbee0e6d9835ea.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://f57c03fb62f8eeee0edbee0e6d9835ea.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
date: Tue, 15 Mar 2022 10:01:59 GMT
server: cafe
cache-control: private
content-length: 276
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame CC4C 26 KB
16 KB 102ms
80ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-ALq_MfgR6hLkCbuJQrM8nFVLQZewS-SOzkYPNjjEeQG1YSiPO0Z0ndAyJu7Jyqj30stnZ5yb3eoocFg4lj_q4n1lWCLi3f4iK8AXlhjB-Psd6n873hHMXknDIuzXgViLcHAvFI31ipjRYFrpy-xHY7dHyOxA&cry=1&dbm_d=AKAmf-D10fpM1L8h-wV0D1_w7dkx9_WtjlU5PmC4RwQuoQqnvu-8voH6TywNf-_Xm2KkvqqhmrvQwq1duupuOX1DumzoBTX_DDEdq_kFG-n4k0LyUrmKAooZR4Jj_x-yj1158p3L1G1SEh9nKlLg7tPJBsj3ZqmfQUYxrNGZ5ZbVrEbR0fkpAatLDd1HC77ZwURSe4ZJuqtR1p_23GxD12ihJ-yRS0KRlzUSFm2kmD1sDQlJcTXMHJZ2ku2ddFvzYdZlPw4tScB3QKhNIuY8xqY8rYhhOeIa3tHcWNOiBY7PnfgmO6YF0JfxqwuK0qpjyNk9PedfzmzJUBy78BNm6Rhuc84ENXGVRJJl8xp-b9S7Re6NB_dHNPTko-3AMBLA7H_jgCBXwIDCCVxsPVmWxkSftitBiok5IXe3DpwmKlLC5O1_U5GRNnlyv9jCZKoGhWIH7sVTissrXDRSqscJwGYtA9gvockMM77OGoMlEzbZwLFs4BkMeDYcBrj9PZlZMd9mJFzPEUB2DBw5wPnle-7oFht0huHVuolkfDKc3O3eNJ3Wy3mMxUMpcqMHO84mtGWcr3xb9WKBWsWsvA_oEMQhHIrLJaWdxYpdF1G7Z5uwZ9FfNvkkmh9yg-UYNLmMWLMfhU7LVm-7lEcDRFvc05lVnEcyXsAyZhvoRRP0TUDfT28btwyCUjihMpT-iri9EYWogUIP-BvpIWxKo7zZyoLqMCs4XIK3qO0mT5Vys5G9_7MJSONycD-RCCuKVqMV7b4XBUJUkazZu4vzj-AzQ2MeaGTAi4n1AJglhrLnM49PbsAmoyj_S4NqNhVE9lbWF0LUBfzyS1xg4wmtYB_iq8e7_Lf_QVEglSkKmvjqZb3umedoUJI8kSP1iknWjVDil3uhh_tVhqFPsrkKIfU2U4QLWlcloQcx3zLYOF0M5NeIf6dId0Kz--eYywhaZTDBsfaeY-KduR8gT4hc9aR3-guvB4pq3x2luQOGCes2hwRfsbczL_xEHcIfJaLjoTULqhWLAhMy5NxYrV7FHk0KN0GCFRjIxEqkMI9COZv-x-WGR_ARH_q_C3d-kngfv5B2_csWGaxeg2ShQoEdUOmggvV32d_d55BDbxXA64TcsRuZJ6kA_P6mFdsCVvLrso9Mct6n8IyGEprhrwAqZ-Ec1maOStERMfI_YGk0z6x0HmovYtW4WBAc49O2aliI25cleLpJH574eDrOhW4QrKEmk_w56WiY-K9D-t-Jf9YQjveVlqW4Ow9yF2l-bjSIfDtw6YkdvVBeAxRKF2U8EVzgfihREz6vu7B7MC2hSLs-rjqUrOnBDB99nwSCMhDTUcG-7mrco6cYJlDxRO4xeIZTtp-EYfLLFY6XYbNbxDkiaHd97yBMMNyOVIFgxOZok_9A3cGyNjcl0YHvYpWpDsCcTJUEaCp4YLEkiZK5Q2F9qrsbw_PYnhXCqEReUDJt3kyNtmWUwMMWugvGxTeDswBrtBKNshAunWdIdctohptyDgR1GtBFOoM-4uqCl0dn0NfGZi00cyzns6NkCszG8ad4ahaJ0glzSnEhmK-dv8OJ3wuy7oej2qq3B1M9VFENY2MFv6-avnmfWzFh8ithnly_DjrmptTEkenr35OgC72R5S2zTl7nJ5j0Y3sUwTb3lGcLSQcHOP40V_9WfFOxTxTXtpkmWebTiMONuvquAwMTuUUCA8VUeajPEgV8GrLKkZYBYOFTGUnTh9qrgmSxF8s1h3-CJR7F2Db6FkpZxCs8AioIWKeu6Qa3GfLuYsfF1od1WQyysxKulEY8eSCcvjx5YkV9dMuJVT1Jx44_wLjPzHdOmYyy9cobFIPpkRJw_FeqV5z8j7ROggTmy1k1nMnP9tDgiRHs-q58p0UWLgvMoOfyYMYeNgDCeJC0dKCOgznQV3krNIpi53OWb3LnCzA5Kmhczow5IItGlD3vBLeEL7cBXk3MOjlxtIa3N7L48YAOks1s_9CJMQfyl4hjRZMFM4wbQSZdCTfoCU0L7lNazchSPpHq6ah7eRnED6Mi1XhPY072DLADO3avjGN1LlxrGUHipC7MfZOW6kk3sBpbkbOEpoZgyY0zqMS0KLvRFole4Zk8XkDGya3MsxQ5WurxAGy7wjAgFnXDw7Gg-i3U_J335ZzwmHVmB2rVU10KfARoamxqVdRM7j97sD4bmj4WXri-suLF4kQkPEBuhLKAHp7KP_exk_haSCUW5npslxBdMrlv5TK6fEsChnZK1tO2erRTVJV-iDLpsapZMI8f6FvZgIAf2qsLeYszSZVFy-szMrPFpB8WVYPIoPQXH2nTfAOuFG-euPfCIxGORl0cALBS3ACMdFGYaejwASZp04EbKTl82EVSCMVTEs4BaWIJ51-yeRnw4XhoYPNum1RJqQByuI4uDigJuRVJhsVsC2Pu7s4TwJzjSFgwxNSGGZSwK7daTFgTHZ8BMWWN9U6inlKlDw1jxWBSml2hcMLFi1PMjof90C75CQRsm4-qlcIzG3QBuxyVOCgS-JdGn2MS1wNMYwAjEAY5X7zPeVOjVpBuSItzCshiWTQ2WNn9h275tLe3UqjU2fcsWmjwzOaKhAfn8cpIkggpelwqhcDJpuZQwbp8fKiBdcrp1SVpVZB48UM9PszlwynC6mWhy1JtvVtXdh4kgVmp7ikVJLXZzaEaXOrbD2syxN3f36ZbSdmvOZdBWzR4ACrH-y5iQa2zynEiJVWn_JLdUl-JuKh_hmtQtyCPMmSvuxuw6BOpKOi3O_0C5vCnKLJZI9Hkbzb3glSNhjPzAFlEf222QyseN_uhSBw1sWQkfqtcQGwtN6bYi3Q0yhG8AU2VypVRblLMyVXqLzQeDwqkUVKQet4PnICGMHWrWHelYtK2CranAf1tr0R-B7dE8GYNz9IYkZwYarcg96gM3SjEkkyrhJxtiCPtqvKAxK5j1T1fJZ6KbMQH5lafHjn2dcNqoSalBlziLnur5bnKYiVv5xTXzFWcML6XMZ_GQPTkEvTDRs5uK_LtOpIpVPfmHLR58PFcMNCeb2LqUArbzHIE0BM25WhQO4NZJaxn77CbDpWCq0Htx6Cw_BEy5yF4_q135M11n4LFtFFupY2v66Hd21JUlhYSNduC4D_rSL-0Q2O5260z43HwCqQzXuPPduuw22TNPHtQIh5Eerke86gHhjVlVSdmWuOabhnCPfoRO02wYSyn2vuCE5qnfTheYopsXngnjzLByXh6N9OhpnbcARCWuE0ZdAeMRSNUujk8_LAExbchMVN8DjtUSOZCkSXjz4itUuPQ2Z1Qz2xPuNQfLog&cid=CAASJ-RodOc4yWeAMAGeaDz1tgQMQRSNvrgG9oOnpL_pW9P8-k_xOx2MBg&rfl=2%2Chttps%253A%252F%252Fnets4.com%242%2Chttps%253A%252F%252Fnets4.com%252F%240

Requested by

Host: nets4.com
URL: https://nets4.com/domain/secretofthieves.com

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

82184db2e1a8c3cc82020e984195b3a93093c4fbb66d1ed31bca58895af76941

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://f57c03fb62f8eeee0edbee0e6d9835ea.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 15 Mar 2022 10:01:59 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 16102
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame CC4C 42 B
63 B 49ms
31ms Image
image/gif 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-BCy0MDcp1lgbral_ALOre6e6z9CRJqGE4iAKuw2957uabSgb8bAsmwWi6fzIdGaD_fIjyWwziBWlSMujAMgKzArXyeLY2BqCiB3FqIh_M8OHpAVLA

Requested by

Host: f57c03fb62f8eeee0edbee0e6d9835ea.safeframe.googlesyndication.com
URL: https://f57c03fb62f8eeee0edbee0e6d9835ea.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://f57c03fb62f8eeee0edbee0e6d9835ea.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 15 Mar 2022 10:01:59 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220308/r20110914/client/ Frame CC4C 2 KB
1 KB 35ms
18ms Script
text/javascript 2a00:1450:400e:80d::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220308/r20110914/client/window_focus_fy2019.js

Requested by

Host: f57c03fb62f8eeee0edbee0e6d9835ea.safeframe.googlesyndication.com
URL: https://f57c03fb62f8eeee0edbee0e6d9835ea.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400e:80d::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

68026f99511fbc5c2275b7068b5fac19797d638977ffb9db12c5c1523614c18f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://f57c03fb62f8eeee0edbee0e6d9835ea.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Tue, 15 Mar 2022 10:00:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 108
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1233
x-xss-protection: 0
server: cafe
etag: 16517525077337815633
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 29 Mar 2022 10:00:11 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame CC4C 117 KB
36 KB 70ms
43ms Script
text/javascript 2a00:1450:4001:802::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: f57c03fb62f8eeee0edbee0e6d9835ea.safeframe.googlesyndication.com
URL: https://f57c03fb62f8eeee0edbee0e6d9835ea.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c39d994e33ee115b35d7872dbea911a99508c74e34629725343b269b5d5233e4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://f57c03fb62f8eeee0edbee0e6d9835ea.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Tue, 15 Mar 2022 10:01:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 36369
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1647258231097430"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Tue, 15 Mar 2022 10:01:59 GMT

GET
H3 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220308/r20110914/client/ Frame CC4C 15 KB
6 KB 35ms
18ms Script
text/javascript 2a00:1450:400e:80d::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220308/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: f57c03fb62f8eeee0edbee0e6d9835ea.safeframe.googlesyndication.com
URL: https://f57c03fb62f8eeee0edbee0e6d9835ea.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400e:80d::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

fdecda5ee87b28e579c5b61ef0f86e7fff85c838ff0a06450feee13a5877ed0b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://f57c03fb62f8eeee0edbee0e6d9835ea.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Tue, 15 Mar 2022 09:49:04 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 775
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6397
x-xss-protection: 0
server: cafe
etag: 14404976697706490601
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 29 Mar 2022 09:49:04 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame CC4C 0
0 36ms
18ms Image
text/html 2a00:1450:4001:82b::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaSKuBDiFXKAZAzhyUGTQbXHMXRZD62dZCMPMN7IRHxTkhNk1IsTMjNer8C8EQhBve1ymNchjcFoKgZOoOslK7UnrsNvfQ
Requested by: Host: f57c03fb62f8eeee0edbee0e6d9835ea.safeframe.googlesyndication.com
URL: https://f57c03fb62f8eeee0edbee0e6d9835ea.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82b::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://f57c03fb62f8eeee0edbee0e6d9835ea.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 495F 0
0 70ms
61ms Image
text/html 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gpt_2022031001&jk=1306574979629182&rc=null
Requested by: Host: nets4.com
URL: https://nets4.com/domain/secretofthieves.com
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 142.250.184.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra24s12-in-f2.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

GET
H3 200 en.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 53DD 2 KB
2 KB 23ms
14ms Image
image/png 2a00:1450:400e:80d::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/en.png

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/012202142035000/amp4ads-v0.mjs

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400e:80d::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 17:37:15 GMT
x-content-type-options: nosniff
server: cafe
age: 59084
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
etag: 14819457070020093239
vary: Accept-Encoding
content-type: image/png
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2502
x-xss-protection: 0
expires: Tue, 15 Mar 2022 17:37:15 GMT

GET
H3 200 icon.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 53DD 295 B
319 B 24ms
15ms Image
image/png 2a00:1450:400e:80d::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/icon.png

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/012202142035000/amp4ads-v0.mjs

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400e:80d::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 17:14:10 GMT
x-content-type-options: nosniff
server: cafe
age: 60469
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
etag: 426692510519060060
vary: Accept-Encoding
content-type: image/png
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 295
x-xss-protection: 0
expires: Tue, 15 Mar 2022 17:14:10 GMT

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 24DF 22 KB
8 KB 25ms
13ms Document
text/html 2a00:1450:400e:80d::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400e:80d::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://ab1a7e5300227e43b7d9e5ad573fa091.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
timing-allow-origin: *
content-length: 8395
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 14 Mar 2022 10:21:01 GMT
expires: Tue, 14 Mar 2023 10:21:01 GMT
cache-control: public, max-age=31536000
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
content-type: text/html
age: 85258
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 833C 22 KB
8 KB 26ms
13ms Document
text/html 2a00:1450:400e:80d::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400e:80d::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://274efeac3745f8aadcf775834b09fb6f.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
timing-allow-origin: *
content-length: 8395
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 14 Mar 2022 10:21:01 GMT
expires: Tue, 14 Mar 2023 10:21:01 GMT
cache-control: public, max-age=31536000
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
content-type: text/html
age: 85258
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame AD8D 0
0 79ms
67ms Image
text/html 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gpt_2022030901&jk=3772867770963712&rc=null
Requested by: Host: nets4.com
URL: https://nets4.com/domain/secretofthieves.com
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 142.250.184.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra24s12-in-f2.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

GET
H3 200 cYUZDpkDTLiaCxFKW6PIDwgD40qdhgxPHck_a-4gLzE.js Show response
pagead2.googlesyndication.com/bg/ Frame 43D6 35 KB
13 KB 17ms
11ms Script
text/javascript 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/cYUZDpkDTLiaCxFKW6PIDwgD40qdhgxPHck_a-4gLzE.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

sffe /

Resource Hash

7185190e99034cb89a0b114a5ba3c80f0803e34a9d860c4f1dc93f6bee202f31

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Tue, 15 Mar 2022 08:42:27 GMT
content-encoding: br
x-content-type-options: nosniff
age: 4772
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13775
x-xss-protection: 0
last-modified: Tue, 01 Mar 2022 17:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 15 Mar 2023 08:42:27 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 32B1 0
0 70ms
70ms Image
text/html 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gpt_2022031001&jk=2248819705474838&rc=null
Requested by: Host: nets4.com
URL: https://nets4.com/domain/secretofthieves.com
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 142.250.184.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra24s12-in-f2.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 072E 0
0 70ms
70ms Image
text/html 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gpt_2022031401&jk=1897515287488787&rc=null
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 142.250.184.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra24s12-in-f2.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

GET
H/1.1 200
OK 0s3p1fkb96mt Show response
ad.ad-srv.net/zone/ Frame 6066 10 KB
3 KB 190ms
19ms Script
text/html 138.201.84.244
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ad.ad-srv.net/zone/0s3p1fkb96mt?subid=&redirectClick=
Requested by: Host: nets4.com
URL: https://nets4.com/domain/secretofthieves.com
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.84.244 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.244.84.201.138.clients.your-server.de
Software: Apache /
Resource Hash: 9f0e521fadcc268469080eeb18bf507de78c327d982507364b5c18c226ddb681

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ab1a7e5300227e43b7d9e5ad573fa091.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Tue, 15 Mar 2022 10:02:00 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 2660
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 47C4
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEPFPSOytBkpgFiuhzkc56XY&google_cver=1

43 B
894 B

20ms
20ms

Image
image/gif

184.30.20.241
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEPFPSOytBkpgFiuhzkc56XY&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhCn9EsYvNLFlQEwAQ&v=APEucNX-BMh-bn0EYwRW_lW6zU82ZYo3nKQ13o3uN0bnwA0tQxIkNT0PZD5_VXGACzVGpq6t68wk_w0cUCce-ioPpy4_P4I-ZfD3mCLceTzRpM-SBKpGnYHv0sBGEUUofgRAcbFV32oPrpACHBt7SIBSlPZEVk-VSYJBqZQanHdpIrblaRP_r0w
Protocol: HTTP/1.1
Server: 184.30.20.241 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a184-30-20-241.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 15 Mar 2022 10:01:59 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Tue, 15 Mar 2022 10:01:59 GMT

Redirect headers

pragma: no-cache
date: Tue, 15 Mar 2022 10:01:59 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEPFPSOytBkpgFiuhzkc56XY&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 47C4
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YjBkFx3lG9aMh5s71FH9cwAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEPFPSOytBkpgFiuhzkc56XY&google_cver=1

43 B
1014 B

32ms
31ms

Image
image/gif

184.30.20.241
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEPFPSOytBkpgFiuhzkc56XY&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhCn9EsYvNLFlQEwAQ&v=APEucNX-BMh-bn0EYwRW_lW6zU82ZYo3nKQ13o3uN0bnwA0tQxIkNT0PZD5_VXGACzVGpq6t68wk_w0cUCce-ioPpy4_P4I-ZfD3mCLceTzRpM-SBKpGnYHv0sBGEUUofgRAcbFV32oPrpACHBt7SIBSlPZEVk-VSYJBqZQanHdpIrblaRP_r0w
Protocol: HTTP/1.1
Server: 184.30.20.241 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a184-30-20-241.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 15 Mar 2022 10:02:00 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Tue, 15 Mar 2022 10:02:00 GMT

Redirect headers

pragma: no-cache
date: Tue, 15 Mar 2022 10:01:59 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEPFPSOytBkpgFiuhzkc56XY&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

setuid
ib.adnxs.com/ Frame 47C4
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEKyTQjFsnvbVSkYHwS3W5xY&google_cver=1

43 B
1016 B

11ms
10ms

Image
image/gif

37.252.172.36
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=101&code=CAESEKyTQjFsnvbVSkYHwS3W5xY&google_cver=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhCn9EsYvNLFlQEwAQ&v=APEucNX-BMh-bn0EYwRW_lW6zU82ZYo3nKQ13o3uN0bnwA0tQxIkNT0PZD5_VXGACzVGpq6t68wk_w0cUCce-ioPpy4_P4I-ZfD3mCLceTzRpM-SBKpGnYHv0sBGEUUofgRAcbFV32oPrpACHBt7SIBSlPZEVk-VSYJBqZQanHdpIrblaRP_r0w

Protocol

HTTP/1.1

Server

37.252.172.36 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

692.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 15 Mar 2022 10:02:00 GMT
X-Proxy-Origin: 217.64.151.32; 217.64.151.32; 692.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
AN-X-Request-Uuid: 6cd676f1-2be9-4a47-8115-06920a5573c4
Server: nginx/1.21.3
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Tue, 15 Mar 2022 10:01:59 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://ib.adnxs.com/setuid?entity=101&code=CAESEKyTQjFsnvbVSkYHwS3W5xY&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 290
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 47C4
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MjQwMDEyNDMyOTUxMjU5NjY4OA%3D%3D

170 B
188 B

18ms
17ms

Image
image/png

142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MjQwMDEyNDMyOTUxMjU5NjY4OA%3D%3D

Requested by

Protocol

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 15 Mar 2022 10:02:00 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Tue, 15 Mar 2022 10:01:59 GMT
X-Proxy-Origin: 217.64.151.32; 217.64.151.32; 692.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
AN-X-Request-Uuid: 0c37ac62-bd59-4da1-bf72-3c70bb90e43d
Server: nginx/1.21.3
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MjQwMDEyNDMyOTUxMjU5NjY4OA%3D%3D
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3 200 cYUZDpkDTLiaCxFKW6PIDwgD40qdhgxPHck_a-4gLzE.js Show response
pagead2.googlesyndication.com/bg/ Frame 9479 35 KB
13 KB 27ms
23ms Script
text/javascript 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/cYUZDpkDTLiaCxFKW6PIDwgD40qdhgxPHck_a-4gLzE.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

sffe /

Resource Hash

7185190e99034cb89a0b114a5ba3c80f0803e34a9d860c4f1dc93f6bee202f31

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Tue, 15 Mar 2022 08:42:27 GMT
content-encoding: br
x-content-type-options: nosniff
age: 4772
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13775
x-xss-protection: 0
last-modified: Tue, 01 Mar 2022 17:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 15 Mar 2023 08:42:27 GMT

GET
H3 200 cYUZDpkDTLiaCxFKW6PIDwgD40qdhgxPHck_a-4gLzE.js Show response
pagead2.googlesyndication.com/bg/ Frame 76AD 35 KB
13 KB 28ms
24ms Script
text/javascript 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/cYUZDpkDTLiaCxFKW6PIDwgD40qdhgxPHck_a-4gLzE.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

sffe /

Resource Hash

7185190e99034cb89a0b114a5ba3c80f0803e34a9d860c4f1dc93f6bee202f31

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Tue, 15 Mar 2022 08:42:27 GMT
content-encoding: br
x-content-type-options: nosniff
age: 4772
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13775
x-xss-protection: 0
last-modified: Tue, 01 Mar 2022 17:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 15 Mar 2023 08:42:27 GMT

GET
H/1.1

200
OK

request.php Show response
hal900025.redintelligence.net/ Frame 6569
Redirect Chain

https://hal900025.redintelligence.net/request.php?zone=4727t6qteyti&nw=20&renderingType=javascript&namespace=1f40ae63b5&subid=&uid=cf8fee8512c350b8&screenSize=1600x1200&screenSizeAvail=1600x1200&cl...
https://hal900025.redintelligence.net/request.php?zone=4727t6qteyti&nw=20&renderingType=javascript&namespace=1f40ae63b5&subid=&uid=cf8fee8512c350b8&screenSize=1600x1200&screenSizeAvail=1600x1200&cl...

2 KB
1 KB

122ms
91ms

Script
application/x-javascript

138.201.84.245
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal900025.redintelligence.net/request.php?zone=4727t6qteyti&nw=20&renderingType=javascript&namespace=1f40ae63b5&subid=&uid=cf8fee8512c350b8&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=728x90&scrollPos=0x0&extData[]=&envData=&gdpr=-1&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCq1X1FmQwYt-0Jo2t3wOT_qegDrXN-YNX_Ni5q-UM8C4QASC52_MmYJWKooKwB8gBCakCCcPyHGBssj6oAwGqBNMBT9DIg2LdsS-0sv46Lkr8VGO8Kzop0nuEnC5ZZ78FX3T4puvDVF1RVm84EFBtep4Llboe6YAkQzInMFKFKW197CBrMVw8Q1PXD6dV_R2URBbr9xMXpV8yZDgO0OOh_4tocN8ZFfmYMZ6VbwEWu52nBxYDr8_ojkXTANYLlIBALRr5R98PEm5mn2OBc89hfaMlj5vLfUGaueOMKHsMksMU8mTXu7uNnqLJ1mSYxKGPdvTF2o-Pq8Ac0KKsBAtOLL_hiwO0YuHmoOBE9FRN1-YOQJWHOMAEqp38vs8B4AQDkAYBoAZNgAfr5-heqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhuoB_PRG6gHltgbqAeqm7ECqAffn7EC2AcA0ggJCIjhgBAQARgd8ggbYWR4LXN1YnN5bi00ODIzOTY5OTg1MDgyMTM2gAoDmAsByAsBgAwBsBPcmesN0BMA2BMD2BQB0BUB-BYBgBcB%26ae%3D1%26num%3D1%26cid%3DCAASKORomW0dAQeQXzatJpxSr4yTWo4y5fsE4QVUpFNyNw2DrFptxwdgQ5w%26sig%3DAOD64_0DYEluLGGkcKyfL4w4CHGQBg8_2g%26client%3Dca-pub-4903453974745530%26dbm_c%3DAKAmf-DWCpR_fwI_iKmAUVENw2FLN553m6FV9iyv_NvtVH4RNhDiMN0HymAunflXs8lydBCyt1iPEy4TCDRRSTiHpkZcpXtW2MMwPHko1ZlQTETDj40PLWx5pusHLmffadwMf_QBUjJXPF42QRf0pxz7oTzNqRWQJg%26cry%3D1%26dbm_d%3DAKAmf-Aj2yUFFpltBiYHXMbh6kxnFhzis8HqoUM5WGRTpyYioRuMxWd4TIERH9hQHDW2k23ughJG_pmNccfaKen305H3TEMHzY8qcCvyq_Fi8XvBAxd4Hve8ppvu22rxeherz_ckrin7KS1zswJM4VP4tfC1X1_EPZu6Njha0eZacrRZAKBR9k2FvnlghnFI-jsYX8z6I2zWh41tJxDekl9cP-NhNwCx-x0VHGbipaH3X9rTF--14cIbdMAdFJX6hcsjDdLjjPGvLNSuQSs4VK__vMw4WTB25I-fkyCD6JfyS2vX03CKmL6IoDtO1k9IESsblH7sqMkZt7xtb4eN6oB-5gzza8YBEbOVO-qNd4Qj0oHALz6Iwv3yLZQ13BfcGTEOyeJGiziEz9okZI1g0j3wuUJILV9Z2NL4gNuw5Quln2rAIBgFD9yoTgF2sTO0a8Ng3zjSZ2PoDg43YtYkP-3fJAKoL7os8gzzdkhMIj4mKbJjpqg9-0y9WBvp6ibKKMDh_GCdUuit%26adurl%3D&documentReferer=https%3A%2F%2Fnets4.com%2F&ancestorOrigins=https%3A%2F%2Fnets4.com%2Chttps%3A%2F%2Fnets4.com&random=174536997210&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0&uidRedirect=1
Requested by: Host: 274efeac3745f8aadcf775834b09fb6f.safeframe.googlesyndication.com
URL: https://274efeac3745f8aadcf775834b09fb6f.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1
Protocol: HTTP/1.1
Server: 138.201.84.245 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.245.84.201.138.clients.your-server.de
Software: Apache /
Resource Hash: 879972387e382f915b461c3aeeb02b93e6f6e9d0f13c91d9c9bc49863cdd0f65

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://274efeac3745f8aadcf775834b09fb6f.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 15 Mar 2022 10:02:00 GMT
Content-Encoding: gzip
Server: Apache
Vary: Accept-Encoding
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
X-NEORY-SubId: 80048500073524600710612011899025
Connection: close
Content-Type: application/x-javascript; charset=utf-8
Content-Length: 893
Expires: Tue, 15 Mar 2022 10:02:00 +0100

Redirect headers

Pragma: no-cache
Date: Tue, 15 Mar 2022 10:02:00 GMT
Server: Apache
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Location: request.php?zone=4727t6qteyti&nw=20&renderingType=javascript&namespace=1f40ae63b5&subid=&uid=cf8fee8512c350b8&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=728x90&scrollPos=0x0&extData[]=&envData=&gdpr=-1&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCq1X1FmQwYt-0Jo2t3wOT_qegDrXN-YNX_Ni5q-UM8C4QASC52_MmYJWKooKwB8gBCakCCcPyHGBssj6oAwGqBNMBT9DIg2LdsS-0sv46Lkr8VGO8Kzop0nuEnC5ZZ78FX3T4puvDVF1RVm84EFBtep4Llboe6YAkQzInMFKFKW197CBrMVw8Q1PXD6dV_R2URBbr9xMXpV8yZDgO0OOh_4tocN8ZFfmYMZ6VbwEWu52nBxYDr8_ojkXTANYLlIBALRr5R98PEm5mn2OBc89hfaMlj5vLfUGaueOMKHsMksMU8mTXu7uNnqLJ1mSYxKGPdvTF2o-Pq8Ac0KKsBAtOLL_hiwO0YuHmoOBE9FRN1-YOQJWHOMAEqp38vs8B4AQDkAYBoAZNgAfr5-heqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhuoB_PRG6gHltgbqAeqm7ECqAffn7EC2AcA0ggJCIjhgBAQARgd8ggbYWR4LXN1YnN5bi00ODIzOTY5OTg1MDgyMTM2gAoDmAsByAsBgAwBsBPcmesN0BMA2BMD2BQB0BUB-BYBgBcB%26ae%3D1%26num%3D1%26cid%3DCAASKORomW0dAQeQXzatJpxSr4yTWo4y5fsE4QVUpFNyNw2DrFptxwdgQ5w%26sig%3DAOD64_0DYEluLGGkcKyfL4w4CHGQBg8_2g%26client%3Dca-pub-4903453974745530%26dbm_c%3DAKAmf-DWCpR_fwI_iKmAUVENw2FLN553m6FV9iyv_NvtVH4RNhDiMN0HymAunflXs8lydBCyt1iPEy4TCDRRSTiHpkZcpXtW2MMwPHko1ZlQTETDj40PLWx5pusHLmffadwMf_QBUjJXPF42QRf0pxz7oTzNqRWQJg%26cry%3D1%26dbm_d%3DAKAmf-Aj2yUFFpltBiYHXMbh6kxnFhzis8HqoUM5WGRTpyYioRuMxWd4TIERH9hQHDW2k23ughJG_pmNccfaKen305H3TEMHzY8qcCvyq_Fi8XvBAxd4Hve8ppvu22rxeherz_ckrin7KS1zswJM4VP4tfC1X1_EPZu6Njha0eZacrRZAKBR9k2FvnlghnFI-jsYX8z6I2zWh41tJxDekl9cP-NhNwCx-x0VHGbipaH3X9rTF--14cIbdMAdFJX6hcsjDdLjjPGvLNSuQSs4VK__vMw4WTB25I-fkyCD6JfyS2vX03CKmL6IoDtO1k9IESsblH7sqMkZt7xtb4eN6oB-5gzza8YBEbOVO-qNd4Qj0oHALz6Iwv3yLZQ13BfcGTEOyeJGiziEz9okZI1g0j3wuUJILV9Z2NL4gNuw5Quln2rAIBgFD9yoTgF2sTO0a8Ng3zjSZ2PoDg43YtYkP-3fJAKoL7os8gzzdkhMIj4mKbJjpqg9-0y9WBvp6ibKKMDh_GCdUuit%26adurl%3D&documentReferer=https%3A%2F%2Fnets4.com%2F&ancestorOrigins=https%3A%2F%2Fnets4.com%2Chttps%3A%2F%2Fnets4.com&random=174536997210&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0&uidRedirect=1
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 0
Expires: Tue, 15 Mar 2022 10:02:00 +0100

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame 754D 13 KB
10 KB 28ms
28ms XHR
application/json 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2022031401&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022031401.js?cb=31065652

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

310ab7b255ff139f0d9b57a9392448542b6fd99ceea81e9c09d8c67aeef06b85

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 15 Mar 2022 10:01:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10468
x-xss-protection: 0

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20220308/r20110914/ Frame CC4C 25 KB
9 KB 9ms
9ms Script
text/javascript 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20220308/r20110914/abg_lite.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-ALq_MfgR6hLkCbuJQrM8nFVLQZewS-SOzkYPNjjEeQG1YSiPO0Z0ndAyJu7Jyqj30stnZ5yb3eoocFg4lj_q4n1lWCLi3f4iK8AXlhjB-Psd6n873hHMXknDIuzXgViLcHAvFI31ipjRYFrpy-xHY7dHyOxA&cry=1&dbm_d=AKAmf-D10fpM1L8h-wV0D1_w7dkx9_WtjlU5PmC4RwQuoQqnvu-8voH6TywNf-_Xm2KkvqqhmrvQwq1duupuOX1DumzoBTX_DDEdq_kFG-n4k0LyUrmKAooZR4Jj_x-yj1158p3L1G1SEh9nKlLg7tPJBsj3ZqmfQUYxrNGZ5ZbVrEbR0fkpAatLDd1HC77ZwURSe4ZJuqtR1p_23GxD12ihJ-yRS0KRlzUSFm2kmD1sDQlJcTXMHJZ2ku2ddFvzYdZlPw4tScB3QKhNIuY8xqY8rYhhOeIa3tHcWNOiBY7PnfgmO6YF0JfxqwuK0qpjyNk9PedfzmzJUBy78BNm6Rhuc84ENXGVRJJl8xp-b9S7Re6NB_dHNPTko-3AMBLA7H_jgCBXwIDCCVxsPVmWxkSftitBiok5IXe3DpwmKlLC5O1_U5GRNnlyv9jCZKoGhWIH7sVTissrXDRSqscJwGYtA9gvockMM77OGoMlEzbZwLFs4BkMeDYcBrj9PZlZMd9mJFzPEUB2DBw5wPnle-7oFht0huHVuolkfDKc3O3eNJ3Wy3mMxUMpcqMHO84mtGWcr3xb9WKBWsWsvA_oEMQhHIrLJaWdxYpdF1G7Z5uwZ9FfNvkkmh9yg-UYNLmMWLMfhU7LVm-7lEcDRFvc05lVnEcyXsAyZhvoRRP0TUDfT28btwyCUjihMpT-iri9EYWogUIP-BvpIWxKo7zZyoLqMCs4XIK3qO0mT5Vys5G9_7MJSONycD-RCCuKVqMV7b4XBUJUkazZu4vzj-AzQ2MeaGTAi4n1AJglhrLnM49PbsAmoyj_S4NqNhVE9lbWF0LUBfzyS1xg4wmtYB_iq8e7_Lf_QVEglSkKmvjqZb3umedoUJI8kSP1iknWjVDil3uhh_tVhqFPsrkKIfU2U4QLWlcloQcx3zLYOF0M5NeIf6dId0Kz--eYywhaZTDBsfaeY-KduR8gT4hc9aR3-guvB4pq3x2luQOGCes2hwRfsbczL_xEHcIfJaLjoTULqhWLAhMy5NxYrV7FHk0KN0GCFRjIxEqkMI9COZv-x-WGR_ARH_q_C3d-kngfv5B2_csWGaxeg2ShQoEdUOmggvV32d_d55BDbxXA64TcsRuZJ6kA_P6mFdsCVvLrso9Mct6n8IyGEprhrwAqZ-Ec1maOStERMfI_YGk0z6x0HmovYtW4WBAc49O2aliI25cleLpJH574eDrOhW4QrKEmk_w56WiY-K9D-t-Jf9YQjveVlqW4Ow9yF2l-bjSIfDtw6YkdvVBeAxRKF2U8EVzgfihREz6vu7B7MC2hSLs-rjqUrOnBDB99nwSCMhDTUcG-7mrco6cYJlDxRO4xeIZTtp-EYfLLFY6XYbNbxDkiaHd97yBMMNyOVIFgxOZok_9A3cGyNjcl0YHvYpWpDsCcTJUEaCp4YLEkiZK5Q2F9qrsbw_PYnhXCqEReUDJt3kyNtmWUwMMWugvGxTeDswBrtBKNshAunWdIdctohptyDgR1GtBFOoM-4uqCl0dn0NfGZi00cyzns6NkCszG8ad4ahaJ0glzSnEhmK-dv8OJ3wuy7oej2qq3B1M9VFENY2MFv6-avnmfWzFh8ithnly_DjrmptTEkenr35OgC72R5S2zTl7nJ5j0Y3sUwTb3lGcLSQcHOP40V_9WfFOxTxTXtpkmWebTiMONuvquAwMTuUUCA8VUeajPEgV8GrLKkZYBYOFTGUnTh9qrgmSxF8s1h3-CJR7F2Db6FkpZxCs8AioIWKeu6Qa3GfLuYsfF1od1WQyysxKulEY8eSCcvjx5YkV9dMuJVT1Jx44_wLjPzHdOmYyy9cobFIPpkRJw_FeqV5z8j7ROggTmy1k1nMnP9tDgiRHs-q58p0UWLgvMoOfyYMYeNgDCeJC0dKCOgznQV3krNIpi53OWb3LnCzA5Kmhczow5IItGlD3vBLeEL7cBXk3MOjlxtIa3N7L48YAOks1s_9CJMQfyl4hjRZMFM4wbQSZdCTfoCU0L7lNazchSPpHq6ah7eRnED6Mi1XhPY072DLADO3avjGN1LlxrGUHipC7MfZOW6kk3sBpbkbOEpoZgyY0zqMS0KLvRFole4Zk8XkDGya3MsxQ5WurxAGy7wjAgFnXDw7Gg-i3U_J335ZzwmHVmB2rVU10KfARoamxqVdRM7j97sD4bmj4WXri-suLF4kQkPEBuhLKAHp7KP_exk_haSCUW5npslxBdMrlv5TK6fEsChnZK1tO2erRTVJV-iDLpsapZMI8f6FvZgIAf2qsLeYszSZVFy-szMrPFpB8WVYPIoPQXH2nTfAOuFG-euPfCIxGORl0cALBS3ACMdFGYaejwASZp04EbKTl82EVSCMVTEs4BaWIJ51-yeRnw4XhoYPNum1RJqQByuI4uDigJuRVJhsVsC2Pu7s4TwJzjSFgwxNSGGZSwK7daTFgTHZ8BMWWN9U6inlKlDw1jxWBSml2hcMLFi1PMjof90C75CQRsm4-qlcIzG3QBuxyVOCgS-JdGn2MS1wNMYwAjEAY5X7zPeVOjVpBuSItzCshiWTQ2WNn9h275tLe3UqjU2fcsWmjwzOaKhAfn8cpIkggpelwqhcDJpuZQwbp8fKiBdcrp1SVpVZB48UM9PszlwynC6mWhy1JtvVtXdh4kgVmp7ikVJLXZzaEaXOrbD2syxN3f36ZbSdmvOZdBWzR4ACrH-y5iQa2zynEiJVWn_JLdUl-JuKh_hmtQtyCPMmSvuxuw6BOpKOi3O_0C5vCnKLJZI9Hkbzb3glSNhjPzAFlEf222QyseN_uhSBw1sWQkfqtcQGwtN6bYi3Q0yhG8AU2VypVRblLMyVXqLzQeDwqkUVKQet4PnICGMHWrWHelYtK2CranAf1tr0R-B7dE8GYNz9IYkZwYarcg96gM3SjEkkyrhJxtiCPtqvKAxK5j1T1fJZ6KbMQH5lafHjn2dcNqoSalBlziLnur5bnKYiVv5xTXzFWcML6XMZ_GQPTkEvTDRs5uK_LtOpIpVPfmHLR58PFcMNCeb2LqUArbzHIE0BM25WhQO4NZJaxn77CbDpWCq0Htx6Cw_BEy5yF4_q135M11n4LFtFFupY2v66Hd21JUlhYSNduC4D_rSL-0Q2O5260z43HwCqQzXuPPduuw22TNPHtQIh5Eerke86gHhjVlVSdmWuOabhnCPfoRO02wYSyn2vuCE5qnfTheYopsXngnjzLByXh6N9OhpnbcARCWuE0ZdAeMRSNUujk8_LAExbchMVN8DjtUSOZCkSXjz4itUuPQ2Z1Qz2xPuNQfLog&cid=CAASJ-RodOc4yWeAMAGeaDz1tgQMQRSNvrgG9oOnpL_pW9P8-k_xOx2MBg&rfl=2%2Chttps%253A%252F%252Fnets4.com%242%2Chttps%253A%252F%252Fnets4.com%252F%240

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

cafe /

Resource Hash

947e22d9ed05fbe3f5ed3c4ee35618a1910a85968f48a22c0277f9936f2eb769

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://f57c03fb62f8eeee0edbee0e6d9835ea.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Tue, 15 Mar 2022 10:01:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 49
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9657
x-xss-protection: 0
server: cafe
etag: 5177785407398320510
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 29 Mar 2022 10:01:10 GMT

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame CC4C 41 KB
15 KB 12ms
12ms Script
text/javascript 2a00:1450:400e:80d::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400e:80d::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://f57c03fb62f8eeee0edbee0e6d9835ea.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 10:21:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 85258
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 14 Mar 2023 10:21:01 GMT

GET
H3 200 cYUZDpkDTLiaCxFKW6PIDwgD40qdhgxPHck_a-4gLzE.js Show response
pagead2.googlesyndication.com/bg/ Frame FB53 35 KB
13 KB 10ms
9ms Script
text/javascript 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/cYUZDpkDTLiaCxFKW6PIDwgD40qdhgxPHck_a-4gLzE.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

sffe /

Resource Hash

7185190e99034cb89a0b114a5ba3c80f0803e34a9d860c4f1dc93f6bee202f31

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Tue, 15 Mar 2022 08:42:27 GMT
content-encoding: br
x-content-type-options: nosniff
age: 4772
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13775
x-xss-protection: 0
last-modified: Tue, 01 Mar 2022 17:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 15 Mar 2023 08:42:27 GMT

GET
H3 200 container.html Show response
e18af829038623fb34c15b12baca7053.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 879E 6 KB
3 KB 8ms
8ms Document
text/html 2a00:1450:4001:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://e18af829038623fb34c15b12baca7053.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022031401.js?cb=31065652

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 3108
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 15 Mar 2022 10:01:59 GMT
expires: Wed, 15 Mar 2023 10:01:59 GMT
cache-control: public, immutable, max-age=31536000
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
content-type: text/html
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

OPTIONS
H2 200 i
api.purpleads.io/x/a/dc2d217501bc68c69926adb85140362e:ba2f9584c02467443e787797b2af01f73c5caa8632bca853062779f3ff600f44b185f5e50015fec15d846236a3ecb71cdb45bc2d88105b6b5848b27fafbf6a78252123ae4d824fd... Frame 0
0 101ms
100ms Preflight 52.205.246.54
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://api.purpleads.io/x/a/dc2d217501bc68c69926adb85140362e:ba2f9584c02467443e787797b2af01f73c5caa8632bca853062779f3ff600f44b185f5e50015fec15d846236a3ecb71cdb45bc2d88105b6b5848b27fafbf6a78252123ae4d824fd15f9517d41e88c8e021cbd8600eb447a02bb0d74aa69000e0/i?id=ad00394d-ef62-4306-aa06-42a95357d9a4&ts=1647338520026
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.205.246.54 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-205-246-54.compute-1.amazonaws.com
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: GET
Access-Control-Request-Headers: authorization,content-type,x-purpleads-version,x-request-url
Origin: https://nets4.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

date: Tue, 15 Mar 2022 10:02:00 GMT
access-control-allow-origin: https://nets4.com
access-control-allow-credentials: true
access-control-allow-methods: GET, PUT, POST, DELETE, HEAD, OPTIONS
access-control-allow-headers: authorization,content-type,x-purpleads-version,x-request-url
x-request-id: f67d0595-c9dc-42d4-9011-8396b5726c1a

GET
H2 200 i Show response
api.purpleads.io/x/a/dc2d217501bc68c69926adb85140362e:ba2f9584c02467443e787797b2af01f73c5caa8632bca853062779f3ff600f44b185f5e50015fec15d846236a3ecb71cdb45bc2d88105b6b5848b27fafbf6a78252123ae4d824fd... 0
199 B 120ms
120ms Fetch 52.205.246.54
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://api.purpleads.io/x/a/dc2d217501bc68c69926adb85140362e:ba2f9584c02467443e787797b2af01f73c5caa8632bca853062779f3ff600f44b185f5e50015fec15d846236a3ecb71cdb45bc2d88105b6b5848b27fafbf6a78252123ae4d824fd15f9517d41e88c8e021cbd8600eb447a02bb0d74aa69000e0/i?id=ad00394d-ef62-4306-aa06-42a95357d9a4&ts=1647338520026
Requested by: Host: cdn.purpleads.io
URL: https://cdn.purpleads.io/load.js?publisherId=344ad2e45bc351c4ada152793585a015:8aed5d81ec539e8e6c45776fc6ee38d0aa92f5aeb356bf9114996f6476591916247996f56f76a9fe14770cd4806b54edb29d6938615ba1769d3b435fb1fcd83b
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.205.246.54 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-205-246-54.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Authorization: Bearer 344ad2e45bc351c4ada152793585a015:8aed5d81ec539e8e6c45776fc6ee38d0aa92f5aeb356bf9114996f6476591916247996f56f76a9fe14770cd4806b54edb29d6938615ba1769d3b435fb1fcd83b
x-request-url: aHR0cHM6Ly9uZXRzNC5jb20vZG9tYWluL3NlY3JldG9mdGhpZXZlcy5jb20=
Accept: application/json
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: application/json
x-purpleads-version: 0.4.13

Response headers

access-control-allow-origin: https://nets4.com
date: Tue, 15 Mar 2022 10:02:00 GMT
access-control-allow-methods: GET, PUT, POST, DELETE, HEAD, OPTIONS
access-control-allow-credentials: true
x-request-id: 4df5bd94-3ebe-4b68-b272-af055072df03

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame 754D 17 KB
6 KB 24ms
24ms Script
text/javascript 2a00:1450:400e:80d::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022031401.js?cb=31065652

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400e:80d::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Tue, 15 Mar 2022 10:02:00 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Tue, 15 Mar 2022 10:02:00 GMT

GET
H/1.1

200
OK

request.php Show response
ad30.ad-srv.net/ Frame 6066
Redirect Chain

https://ad30.ad-srv.net/request.php?zone=0s3p1fkb96mt&nw=11&renderingType=javascript&namespace=565662a7fc&subid=&uid=2406ad0a285289fc&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=728x9...
https://ad30.ad-srv.net/request.php?zone=0s3p1fkb96mt&nw=11&renderingType=javascript&namespace=565662a7fc&subid=&uid=2406ad0a285289fc&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=728x9...

2 KB
1 KB

92ms
52ms

Script
application/x-javascript

136.243.149.243
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ad30.ad-srv.net/request.php?zone=0s3p1fkb96mt&nw=11&renderingType=javascript&namespace=565662a7fc&subid=&uid=2406ad0a285289fc&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=728x90&scrollPos=0x0&extData[]=&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=&documentReferer=https%3A%2F%2Fnets4.com%2F&ancestorOrigins=https%3A%2F%2Fnets4.com%2Chttps%3A%2F%2Fnets4.com&random=8049008805720&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0&uidRedirect=1
Requested by: Host: ab1a7e5300227e43b7d9e5ad573fa091.safeframe.googlesyndication.com
URL: https://ab1a7e5300227e43b7d9e5ad573fa091.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1
Protocol: HTTP/1.1
Server: 136.243.149.243 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.243.149.243.136.clients.your-server.de
Software: Apache /
Resource Hash: bf9468ef98c7e0b3ece27755d809d6a362fe69ed7fc1b6e71a3ea8cd499e474e

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ab1a7e5300227e43b7d9e5ad573fa091.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 15 Mar 2022 10:02:00 GMT
Content-Encoding: gzip
Server: Apache
Vary: Accept-Encoding
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
X-NEORY-SubId: 12485700074866400383828011899030
Connection: close
Content-Type: application/x-javascript; charset=utf-8
Content-Length: 900
Expires: Tue, 15 Mar 2022 10:02:00 +0100

Redirect headers

Pragma: no-cache
Date: Tue, 15 Mar 2022 10:02:00 GMT
Server: Apache
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Location: request.php?zone=0s3p1fkb96mt&nw=11&renderingType=javascript&namespace=565662a7fc&subid=&uid=2406ad0a285289fc&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=728x90&scrollPos=0x0&extData[]=&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=&documentReferer=https%3A%2F%2Fnets4.com%2F&ancestorOrigins=https%3A%2F%2Fnets4.com%2Chttps%3A%2F%2Fnets4.com&random=8049008805720&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0&uidRedirect=1
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 0
Expires: Tue, 15 Mar 2022 10:02:00 +0100

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame F945 640 B
316 B 30ms
21ms Document
text/html 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CPjqRhC5lOngAhjLzZmxATAB&v=APEucNWqKzhZgV3NsfrC5U1EMaK6DfCk64QNDfr1ZbxU7Q5HjyMSvy6DtL72iud5AIUO9lk8XQSavkB6q7M0d5kuBjY9W6NlKjHq7DSueTO7yyUtxDvwHNQzLqC-I75XX2fWzcoYdcQcooVNVivtWcLrfFg28SHDJnnKqkbiuDw03DCX1Rmwc4w

Requested by

Host: e18af829038623fb34c15b12baca7053.safeframe.googlesyndication.com
URL: https://e18af829038623fb34c15b12baca7053.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d0e8821e889280c3b745b859e6b3971924723a4562bac65ba8aa0fe44bfc83b2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://e18af829038623fb34c15b12baca7053.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
date: Tue, 15 Mar 2022 10:02:00 GMT
server: cafe
cache-control: private
content-length: 295
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 express_html_inpage_rendering_lib_200_275.js Show response
s0.2mdn.net/879366/ Frame 879E 106 KB
38 KB 71ms
6ms Script
text/javascript 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_275.js

Requested by

Host: nets4.com
URL: https://nets4.com/domain/secretofthieves.com

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a23e44d9d02a2a9641a9bd3b47693656054c00b71890aed2fa7fc90151750f73

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://e18af829038623fb34c15b12baca7053.safeframe.googlesyndication.com/
Origin: https://e18af829038623fb34c15b12baca7053.safeframe.googlesyndication.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 12:47:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 76458
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37892
x-xss-protection: 0
last-modified: Mon, 27 Sep 2021 18:44:52 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 15 Mar 2022 12:47:42 GMT

GET
H3 200 omrhp_fy2019.js Show response
pagead2.googlesyndication.com/pagead/js/r20220308/r20110914/elements/html/ Frame 879E 6 KB
3 KB 13ms
12ms Script
text/javascript 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20220308/r20110914/elements/html/omrhp_fy2019.js

Requested by

Host: nets4.com
URL: https://nets4.com/domain/secretofthieves.com

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

cafe /

Resource Hash

2d0744b54be7eab148245653f8fad2e4a0e8875b886bcacbb2c70741872eda55

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://e18af829038623fb34c15b12baca7053.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Tue, 15 Mar 2022 09:54:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 444
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2626
x-xss-protection: 0
server: cafe
etag: 8548655983161038638
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 29 Mar 2022 09:54:36 GMT

GET
H3 200 abg_lite_fy2019.js Show response
pagead2.googlesyndication.com/pagead/js/r20220308/r20110914/ Frame 879E 19 KB
8 KB 14ms
12ms Script
text/javascript 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20220308/r20110914/abg_lite_fy2019.js

Requested by

Host: nets4.com
URL: https://nets4.com/domain/secretofthieves.com

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

cafe /

Resource Hash

d7e3f3f9a87439492d58ee8a90cdc8741bd44e9f5ebc5a1be461ded2df7a155e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://e18af829038623fb34c15b12baca7053.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Tue, 15 Mar 2022 09:58:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 183
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7865
x-xss-protection: 0
server: cafe
etag: 17470246482903461409
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 29 Mar 2022 09:58:57 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 879E 42 B
66 B 33ms
32ms Image
image/gif 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-Ac__4t0d1kIYmxDHRAEVRcPrLH7u2BdLWx7DSl4FDduSS65CQUxxXW6mv73P-tQJoXa98TzAlOkctw2MLwe5p8WmZ5JYh25Oc30lqmHGwOaMF2TAU

Requested by

Host: e18af829038623fb34c15b12baca7053.safeframe.googlesyndication.com
URL: https://e18af829038623fb34c15b12baca7053.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://e18af829038623fb34c15b12baca7053.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 15 Mar 2022 10:02:00 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

px.gif
d.adtriba.com/ Frame 879E
Redirect Chain

https://d.adtriba.com/collect?atb_ptid=e774d0b4&atb_dpuid=nayoki&atb_dcaid=display-pp_paket_s_alw-on
https://d.adtriba.com/px.gif

42 B
227 B

8ms
7ms

Image
image/gif

3.64.242.218
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://d.adtriba.com/px.gif
Requested by: Host: e18af829038623fb34c15b12baca7053.safeframe.googlesyndication.com
URL: https://e18af829038623fb34c15b12baca7053.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1
Protocol: HTTP/1.1
Server: 3.64.242.218 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-64-242-218.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.1 /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://e18af829038623fb34c15b12baca7053.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Tue, 15 Mar 2022 10:02:00 GMT
Cache-Control: public, max-age=86400
Server: nginx/1.16.1
Connection: keep-alive
Content-Length: 42
Content-Type: image/gif

Redirect headers

Date: Tue, 15 Mar 2022 10:02:00 GMT
Last-Modified: Tue, 15 Mar 2022 10:02:00 GMT
Server: nginx/1.16.1
P3P: CP="This is not a P3P policy! See https://www.adtriba.com/privacy-policy.html for more info."
Location: /px.gif
Cache-Control: no-cache, no-store, must-revalidate
Connection: keep-alive
Content-Length: 0
Expires: Sat, 01 Jan 2000 01:00:00 GMT

GET
H3 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220308/r20110914/client/ Frame 879E 2 KB
1 KB 15ms
14ms Script
text/javascript 2a00:1450:400e:80d::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220308/r20110914/client/window_focus_fy2019.js

Requested by

Host: e18af829038623fb34c15b12baca7053.safeframe.googlesyndication.com
URL: https://e18af829038623fb34c15b12baca7053.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400e:80d::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

68026f99511fbc5c2275b7068b5fac19797d638977ffb9db12c5c1523614c18f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://e18af829038623fb34c15b12baca7053.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Tue, 15 Mar 2022 10:00:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 109
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1233
x-xss-protection: 0
server: cafe
etag: 16517525077337815633
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 29 Mar 2022 10:00:11 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 879E 117 KB
36 KB 37ms
36ms Script
text/javascript 2a00:1450:4001:802::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: e18af829038623fb34c15b12baca7053.safeframe.googlesyndication.com
URL: https://e18af829038623fb34c15b12baca7053.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c39d994e33ee115b35d7872dbea911a99508c74e34629725343b269b5d5233e4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://e18af829038623fb34c15b12baca7053.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Tue, 15 Mar 2022 10:02:00 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 36369
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1647258231097430"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Tue, 15 Mar 2022 10:02:00 GMT

GET
H3 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220308/r20110914/client/ Frame 879E 15 KB
6 KB 15ms
14ms Script
text/javascript 2a00:1450:400e:80d::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220308/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: e18af829038623fb34c15b12baca7053.safeframe.googlesyndication.com
URL: https://e18af829038623fb34c15b12baca7053.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400e:80d::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

fdecda5ee87b28e579c5b61ef0f86e7fff85c838ff0a06450feee13a5877ed0b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://e18af829038623fb34c15b12baca7053.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Tue, 15 Mar 2022 09:49:04 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 776
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6397
x-xss-protection: 0
server: cafe
etag: 14404976697706490601
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 29 Mar 2022 09:49:04 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame 879E 0
0 18ms
18ms Image
text/html 2a00:1450:4001:82b::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaTKTsml3t0P6FgYSJkjFT4n4LIQME_pV1NPEyha9O_G3qn9e2B2c0Wrjz59OYxi6t33y4n6zMOeR6D_pDL75NWiGDh08w
Requested by: Host: e18af829038623fb34c15b12baca7053.safeframe.googlesyndication.com
URL: https://e18af829038623fb34c15b12baca7053.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82b::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://e18af829038623fb34c15b12baca7053.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

GET
H3 200 cYUZDpkDTLiaCxFKW6PIDwgD40qdhgxPHck_a-4gLzE.js Show response
pagead2.googlesyndication.com/bg/ Frame 24DF 35 KB
13 KB 10ms
9ms Script
text/javascript 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/cYUZDpkDTLiaCxFKW6PIDwgD40qdhgxPHck_a-4gLzE.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

sffe /

Resource Hash

7185190e99034cb89a0b114a5ba3c80f0803e34a9d860c4f1dc93f6bee202f31

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Tue, 15 Mar 2022 08:42:27 GMT
content-encoding: br
x-content-type-options: nosniff
age: 4773
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13775
x-xss-protection: 0
last-modified: Tue, 01 Mar 2022 17:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 15 Mar 2023 08:42:27 GMT

GET
H3 200 cYUZDpkDTLiaCxFKW6PIDwgD40qdhgxPHck_a-4gLzE.js Show response
pagead2.googlesyndication.com/bg/ Frame 833C 35 KB
13 KB 8ms
6ms Script
text/javascript 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/cYUZDpkDTLiaCxFKW6PIDwgD40qdhgxPHck_a-4gLzE.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

sffe /

Resource Hash

7185190e99034cb89a0b114a5ba3c80f0803e34a9d860c4f1dc93f6bee202f31

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Tue, 15 Mar 2022 08:42:27 GMT
content-encoding: br
x-content-type-options: nosniff
age: 4773
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13775
x-xss-protection: 0
last-modified: Tue, 01 Mar 2022 17:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 15 Mar 2023 08:42:27 GMT

GET
H/1.1 200
OK 4727t6qteyti Show response
hal9000.redintelligence.net/zone/ Frame CC4C 11 KB
4 KB 48ms
26ms Script
text/html 78.46.23.46
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal9000.redintelligence.net/zone/4727t6qteyti?subid=&gdpr=-1&gdpr_consent=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCPVcgFmQwYpbNK4yArATHiIbIBrXN-YNX_Ni5q-UM8C4QASC52_MmYJWKooKwB8gBCakCCcPyHGBssj6oAwGqBNMBT9BSVpp_4_Bs1H_NBrKfhFnRqCYB18IsPWrOp3BYxxTkN39-xe1nGY2FF1XOD4fo3N0IS9Umv5gr_g7aoSt9RjjV3D8HJi8SivyUICmXK4KKs4_L6PPzKpu2LiiEPL2fzhtVr-1YoQFoy8V6uwSX0E3d0lnOsTwCEhE866PEPRta6QqfkNcTAWN_UZuC0ZjsdqLf354fU3hMx0n6dnV-vHvchnAYEfGC6uatXHfbpBDzhZYKZHUIEhx3OysFXR2xddnZTJtUVCfkh5bjiEfvcuYevcAEqp38vs8B4AQDkAYBoAZNgAfr5-heqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhuoB_PRG6gHltgbqAeqm7ECqAffn7EC2AcA0ggJCIjhgBAQARgd8ggbYWR4LXN1YnN5bi00ODIzOTY5OTg1MDgyMTM2gAoDmAsByAsBgAwBsBPcmesN0BMA2BMD2BQB0BUB-BYBgBcB%26ae%3D1%26num%3D1%26cid%3DCAASJ-RodOc4yWeAMAGeaDz1tgQMQRSNvrgG9oOnpL_pW9P8-k_xOx2MBg%26sig%3DAOD64_2SISxIIFOsBjKOI2zHyJXirRx6IA%26client%3Dca-pub-4903453974745530%26dbm_c%3DAKAmf-DHv8QCFRWJaf7hY5RMMvp4GpaIJOWFwKoUvYItlbAFOgnvfVfGZ3BZ8zPFvPl4hZc753k2bpram5_xvZitFI5hlQYTtl5lGTVhBvmh7Qxbn-P0gu-wus671cf4Jf9qOpU1rR7w6Lp1yGcnskQNfaCF5mrMqg%26cry%3D1%26dbm_d%3DAKAmf-C9ux7QbJZPY9FdAhagAy3DOJOR-lh2zMYtcCfRz2YX1BrAMfCYSZDst-1zUF_M3Zid7pDh4KmI1rP9K4hUbpD02MjoxlgqhiqvaiqEA-C5ndisDWSvJ6D4Z5X6dtkMKPnI3OWiBSWZJeidQghYUebCSq5sbZJ0egEr9jX3VL8XCJ4vsLS4--_ByDvGZ3xvmsxAuc9O4_UfFJwOIa-NvMHp2-EC_wRWsc44H2VnyJOh_0AXhD1Ber-dol41e4-dJNEy2706uZO-dexvCoSrKwi-BL_nOLxtYSUU2vDLXiIRpIMJQAR3slp_cS5OWB_cU_t6z23pVdZ3sky4Q_UeTN3gm_oaRBwv3Bqw8BG6nnVwgeE0_ZuayjFVNm6dVvxcAyqYte1fZIs22-Hcg7GfN4EamsAc2W75JrlBN73s4YTFBYVl0QjQCGEGCNrr1huiJEr60ib5Pf6laBWVUlo2jvToOLkP9IIjCoaCW_Q26sGwvuCnMzPwH6m9QVkek7_BVSJxu2Eb%26adurl%3D
Requested by: Host: f57c03fb62f8eeee0edbee0e6d9835ea.safeframe.googlesyndication.com
URL: https://f57c03fb62f8eeee0edbee0e6d9835ea.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 78.46.23.46 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.46.23.46.78.clients.your-server.de
Software: Apache /
Resource Hash: 88b49eb8bb39a8b123e77ed5bd55ce2d8f8ab2d3c6aefe3a53ff95e65d63bb8d

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://f57c03fb62f8eeee0edbee0e6d9835ea.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Tue, 15 Mar 2022 10:02:00 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 3984
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame B25B 22 KB
8 KB 24ms
22ms Document
text/html 2a00:1450:400e:80d::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400e:80d::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://f57c03fb62f8eeee0edbee0e6d9835ea.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
timing-allow-origin: *
content-length: 8395
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 14 Mar 2022 10:21:01 GMT
expires: Tue, 14 Mar 2023 10:21:01 GMT
cache-control: public, max-age=31536000
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
content-type: text/html
age: 85259
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3

200

sd
us-u.openx.net/w/1.0/ Frame F945
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_dbm
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESELWozsqmmEsqTWIewOHXmyA&google_cver=1

43 B
61 B

32ms
21ms

Image
image/gif

35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESELWozsqmmEsqTWIewOHXmyA&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPjqRhC5lOngAhjLzZmxATAB&v=APEucNWqKzhZgV3NsfrC5U1EMaK6DfCk64QNDfr1ZbxU7Q5HjyMSvy6DtL72iud5AIUO9lk8XQSavkB6q7M0d5kuBjY9W6NlKjHq7DSueTO7yyUtxDvwHNQzLqC-I75XX2fWzcoYdcQcooVNVivtWcLrfFg28SHDJnnKqkbiuDw03DCX1Rmwc4w
Protocol: H3
Server: 35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/17.2.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 15 Mar 2022 10:02:00 GMT
via: 1.1 google
server: OXGW/17.2.0
vary: Accept
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma: no-cache
date: Tue, 15 Mar 2022 10:02:00 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESELWozsqmmEsqTWIewOHXmyA&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 295
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 cm
us-u.openx.net/w/1.0/ Frame F945 43 B
305 B 103ms
47ms Image
image/gif 35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/cm?id=9ca165a9-d9fe-2ff6-d83d-d145a80b0d37&r=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dopenx%26google_hm%3D%7Bopenx_uuid_base64%7D
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPjqRhC5lOngAhjLzZmxATAB&v=APEucNWqKzhZgV3NsfrC5U1EMaK6DfCk64QNDfr1ZbxU7Q5HjyMSvy6DtL72iud5AIUO9lk8XQSavkB6q7M0d5kuBjY9W6NlKjHq7DSueTO7yyUtxDvwHNQzLqC-I75XX2fWzcoYdcQcooVNVivtWcLrfFg28SHDJnnKqkbiuDw03DCX1Rmwc4w
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/17.2.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 15 Mar 2022 10:02:00 GMT
content-encoding: gzip
server: OXGW/17.2.0
vary: Accept, Accept-Encoding
p3p: CP="CUR ADM OUR NOR STA NID"
via: 1.1 google
cache-control: private, max-age=0, no-cache
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 56
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H2

200

um
sync.teads.tv/ Frame F945
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=teadstv_dbm&google_cm&google_dbm
https://sync.teads.tv/um?eid=3&uid=CAESEMdywhitQ7pp3lczITNhpeg&google_cver=1

23 B
172 B

43ms
43ms

Image
image/gif

104.111.242.245
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.teads.tv/um?eid=3&uid=CAESEMdywhitQ7pp3lczITNhpeg&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPjqRhC5lOngAhjLzZmxATAB&v=APEucNWqKzhZgV3NsfrC5U1EMaK6DfCk64QNDfr1ZbxU7Q5HjyMSvy6DtL72iud5AIUO9lk8XQSavkB6q7M0d5kuBjY9W6NlKjHq7DSueTO7yyUtxDvwHNQzLqC-I75XX2fWzcoYdcQcooVNVivtWcLrfFg28SHDJnnKqkbiuDw03DCX1Rmwc4w
Protocol: H2
Server: 104.111.242.245 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-111-242-245.deploy.static.akamaitechnologies.com
Software: akka-http/10.2.7 /
Resource Hash: 328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 15 Mar 2022 10:02:00 GMT
cache-control: max-age=0, no-cache, no-store
expires: Tue, 15 Mar 2022 10:02:00 GMT
server: akka-http/10.2.7
content-length: 23
content-type: image/gif

Redirect headers

pragma: no-cache
date: Tue, 15 Mar 2022 10:02:00 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://sync.teads.tv/um?eid=3&uid=CAESEMdywhitQ7pp3lczITNhpeg&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 281
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 um
sync.teads.tv/ Frame F945 23 B
172 B 154ms
51ms Image
image/gif 104.111.242.245
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.teads.tv/um?eid=3&uid=&fb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dteadstv_dbm%26google_hm%3D%5BVID_B64%5D
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPjqRhC5lOngAhjLzZmxATAB&v=APEucNWqKzhZgV3NsfrC5U1EMaK6DfCk64QNDfr1ZbxU7Q5HjyMSvy6DtL72iud5AIUO9lk8XQSavkB6q7M0d5kuBjY9W6NlKjHq7DSueTO7yyUtxDvwHNQzLqC-I75XX2fWzcoYdcQcooVNVivtWcLrfFg28SHDJnnKqkbiuDw03DCX1Rmwc4w
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.111.242.245 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-111-242-245.deploy.static.akamaitechnologies.com
Software: akka-http/10.2.7 /
Resource Hash: 328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 15 Mar 2022 10:02:00 GMT
cache-control: max-age=0, no-cache, no-store
expires: Tue, 15 Mar 2022 10:02:00 GMT
server: akka-http/10.2.7
content-length: 23
content-type: image/gif

GET
H3

200

activityi;dc_pre=CO2d15rux_YCFSdAHQkdtRkCBw;src=8019191;type=invmedia;cat=1up4h04i;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=4512883054029.222 Show response
8019191.fls.doubleclick.net/ Frame B062
Redirect Chain

https://8019191.fls.doubleclick.net/activityi;src=8019191;type=invmedia;cat=1up4h04i;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=4512883054029.222?
https://8019191.fls.doubleclick.net/activityi;dc_pre=CO2d15rux_YCFSdAHQkdtRkCBw;src=8019191;type=invmedia;cat=1up4h04i;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=4512883054029.222?

391 B
345 B

42ms
24ms

Document
text/html

142.250.185.230
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://8019191.fls.doubleclick.net/activityi;dc_pre=CO2d15rux_YCFSdAHQkdtRkCBw;src=8019191;type=invmedia;cat=1up4h04i;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=4512883054029.222?

Requested by

Host: nets4.com
URL: https://nets4.com/domain/secretofthieves.com

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.230 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f6.1e100.net

Software

cafe /

Resource Hash

8cbe6754bb665374835757bbd186087144ef34d2423d71a8aba8a20343cae733

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://274efeac3745f8aadcf775834b09fb6f.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Tue, 15 Mar 2022 10:02:00 GMT
expires: Tue, 15 Mar 2022 10:02:00 GMT
cache-control: private, max-age=0
strict-transport-security: max-age=21600
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 322
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

Redirect headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Tue, 15 Mar 2022 10:02:00 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
follow-only-when-prerender-shown: 1
strict-transport-security: max-age=21600
location: https://8019191.fls.doubleclick.net/activityi;dc_pre=CO2d15rux_YCFSdAHQkdtRkCBw;src=8019191;type=invmedia;cat=1up4h04i;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=4512883054029.222?
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
server: cafe
content-length: 0
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H/1.1 200
OK request_content.php Show response
hal900025.redintelligence.net/ Frame C2E9 7 KB
3 KB 54ms
11ms Document
text/html 138.201.84.245
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal900025.redintelligence.net/request_content.php?s=80048500073524600710612011899025&a=eba617cb
Requested by: Host: hal900025.redintelligence.net
URL: https://hal900025.redintelligence.net/request.php?zone=4727t6qteyti&nw=20&renderingType=javascript&namespace=1f40ae63b5&subid=&uid=cf8fee8512c350b8&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=728x90&scrollPos=0x0&extData[]=&envData=&gdpr=-1&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCq1X1FmQwYt-0Jo2t3wOT_qegDrXN-YNX_Ni5q-UM8C4QASC52_MmYJWKooKwB8gBCakCCcPyHGBssj6oAwGqBNMBT9DIg2LdsS-0sv46Lkr8VGO8Kzop0nuEnC5ZZ78FX3T4puvDVF1RVm84EFBtep4Llboe6YAkQzInMFKFKW197CBrMVw8Q1PXD6dV_R2URBbr9xMXpV8yZDgO0OOh_4tocN8ZFfmYMZ6VbwEWu52nBxYDr8_ojkXTANYLlIBALRr5R98PEm5mn2OBc89hfaMlj5vLfUGaueOMKHsMksMU8mTXu7uNnqLJ1mSYxKGPdvTF2o-Pq8Ac0KKsBAtOLL_hiwO0YuHmoOBE9FRN1-YOQJWHOMAEqp38vs8B4AQDkAYBoAZNgAfr5-heqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhuoB_PRG6gHltgbqAeqm7ECqAffn7EC2AcA0ggJCIjhgBAQARgd8ggbYWR4LXN1YnN5bi00ODIzOTY5OTg1MDgyMTM2gAoDmAsByAsBgAwBsBPcmesN0BMA2BMD2BQB0BUB-BYBgBcB%26ae%3D1%26num%3D1%26cid%3DCAASKORomW0dAQeQXzatJpxSr4yTWo4y5fsE4QVUpFNyNw2DrFptxwdgQ5w%26sig%3DAOD64_0DYEluLGGkcKyfL4w4CHGQBg8_2g%26client%3Dca-pub-4903453974745530%26dbm_c%3DAKAmf-DWCpR_fwI_iKmAUVENw2FLN553m6FV9iyv_NvtVH4RNhDiMN0HymAunflXs8lydBCyt1iPEy4TCDRRSTiHpkZcpXtW2MMwPHko1ZlQTETDj40PLWx5pusHLmffadwMf_QBUjJXPF42QRf0pxz7oTzNqRWQJg%26cry%3D1%26dbm_d%3DAKAmf-Aj2yUFFpltBiYHXMbh6kxnFhzis8HqoUM5WGRTpyYioRuMxWd4TIERH9hQHDW2k23ughJG_pmNccfaKen305H3TEMHzY8qcCvyq_Fi8XvBAxd4Hve8ppvu22rxeherz_ckrin7KS1zswJM4VP4tfC1X1_EPZu6Njha0eZacrRZAKBR9k2FvnlghnFI-jsYX8z6I2zWh41tJxDekl9cP-NhNwCx-x0VHGbipaH3X9rTF--14cIbdMAdFJX6hcsjDdLjjPGvLNSuQSs4VK__vMw4WTB25I-fkyCD6JfyS2vX03CKmL6IoDtO1k9IESsblH7sqMkZt7xtb4eN6oB-5gzza8YBEbOVO-qNd4Qj0oHALz6Iwv3yLZQ13BfcGTEOyeJGiziEz9okZI1g0j3wuUJILV9Z2NL4gNuw5Quln2rAIBgFD9yoTgF2sTO0a8Ng3zjSZ2PoDg43YtYkP-3fJAKoL7os8gzzdkhMIj4mKbJjpqg9-0y9WBvp6ibKKMDh_GCdUuit%26adurl%3D&documentReferer=https%3A%2F%2Fnets4.com%2F&ancestorOrigins=https%3A%2F%2Fnets4.com%2Chttps%3A%2F%2Fnets4.com&random=174536997210&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.84.245 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.245.84.201.138.clients.your-server.de
Software: Apache /
Resource Hash: 8ac1f62e5443c2c129eb0c76824dc4011bc81770a5749be29832d11b9fe69cb2

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://274efeac3745f8aadcf775834b09fb6f.safeframe.googlesyndication.com/

Response headers

Date: Tue, 15 Mar 2022 10:02:00 GMT
Server: Apache
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Expires: Tue, 15 Mar 2022 10:02:00 +0100
Pragma: no-cache
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 2321
Connection: close
Content-Type: text/html; charset=utf-8

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 79F2 13 KB
5 KB 17ms
13ms Document
text/html 2a00:1450:400e:80d::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400e:80d::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-length: 5046
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 15 Mar 2022 08:12:04 GMT
expires: Wed, 15 Mar 2023 08:12:04 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
content-type: text/html
age: 6596
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 4F49 783 B
536 B 19ms
16ms Document
text/html 2a00:1450:4001:82b::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

5da5c8d1c76bd21b09076434c7450fc36ed4c8d54813d2c1d00bb2ce9647d730

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-S/6JaQ9WhMI5PFYSg+2WZw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/

Response headers

cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
expires: Tue, 15 Mar 2022 10:02:00 GMT
date: Tue, 15 Mar 2022 10:02:00 GMT
cache-control: private, max-age=300
content-type: text/html; charset=utf-8
content-security-policy: script-src 'report-sample' 'nonce-S/6JaQ9WhMI5PFYSg+2WZw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 514
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
DATA 200
OK truncated
/ Frame 6569 211 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 8d83dfc66cd57235c5cae7559ab315b669828c45056f42a490c1c597cd505507

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 index.html Show response
s0.2mdn.net/sadbundle/2753383143326280557/ Frame 1C31 38 KB
6 KB 26ms
11ms Document
text/html 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/2753383143326280557/index.html

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_275.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

de24e1eed5d9105cafd245df0b2ee43e6f3a900c77c862dbcd6c9b10fbc9dc56

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://e18af829038623fb34c15b12baca7053.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
timing-allow-origin: *
x-content-type-options: nosniff
x-dns-prefetch-control: off
content-encoding: gzip
server: sffe
x-xss-protection: 0
date: Tue, 15 Mar 2022 01:20:08 GMT
expires: Wed, 15 Mar 2023 01:20:08 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 09 Mar 2022 16:20:37 GMT
content-type: text/html
content-length: 5784
age: 31312
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

POST
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame 879E 0
571 B 82ms
42ms Ping
image/gif 142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjstRDySjaBYB0QOml_pOXBl1CJRRLSdcozURlnWzBCa8N4Pk7OrOnBd0hlrJ1fFxECSi2lBdNc4LjEeD1AjQqj_rw8mqBGTPI4EO-LeTB5CUUbKFpWvdVGmMo_UD0tRO4cMdw2rhLCjtnius0L4yrTOMseJ33g6vCGRBN__v49c0SnmEyK7s5V6oL3wGSvohI9LoIj0VBRCVGTVr0VDCYFrPpUGgBU2EGtfixocs9XWns3l4H9A4mSm8lZ0D5aSCaTCXJImUczrtW7xCuke-JbWQM9YoPQfiD9OSXjszd6mgO0LRcrzMFkcKSKcVM3pY6GXK70ypbYXkJYj-INo-zfahkIZw2fKCL_R0VXHX36yTYKq6T4q1U7iEgFIl5BcrAKBLHxTSlUAuLRP1A3AaEEqvQKOPI4vZF0JtBA6kmYRHJFiWAFKLXeUT0woxAbCI-Q_IyHJB1HnCCtc9hD1tfGpF79geGGevpuVJvNyxvRgxbeTt1ibc6RvM8vfjvlgwLCXT_jsS6REU6hnR4OjcesZ1u9nYoaVV3cFtoKE0LK_SApE3oCmkUzxDsJlsyi4gN0bhzPoxOYinpq8-UDNJa7EUwAM7reGkaN9n98ErhphqCtxbikSIEREOVWcT9JwPRsElTzxXbgGIbNNjgCCh--A76rQ2JXRtom0pCvuG5DPH9m0NQS__949RhYo3aaboFWgBW5u9T0Ud2C96kmhJiiat_FXfZ2EkYFsbNcSFdEsKd90UvYRFpE-aQzWsJyQmNHLHTh5Wp80DUvIzYSojbDVyN-dHMppDusfIMFFxVeFnWLEps0-vSVRmsla8vVnOKoUx-QBFvOZBgF_d1mt1FseUcdiapa5NoymCCrDZ38xbMtEbVekvpIlmpvlHGsb04q9-PSiOo4AvFhGUT5bR-oEw9xZkqF8a-hM6NMZOPQPy8qvwdAdPF4BKlTPo9HK1rDwuwzGUfbEFIxXINs-afKIQFMoTsxgczbmzo_2LUUppAx_qDuLW5eQnn3osk9UcMM5v5cSdOYSOWBJjW-xkAvAwmke_0oI2G8lInqeXjufzZ0lJUi3wPj43TuES9gRy20A7W-0v6k-B1HEE6qQDW8JRDlH6UEWzPoQkZZVhrLthgSMaUIUBtDr9vC8Tq3ReFr09sQ3oXfPRq_IbM4K-P7IxIF7HOgpM4Y65hZWihx2pdRP-QaG5C00l12-R&sai=AMfl-YR18y6_UY_cT536wMVrlFeCsRqdh5-YgBUZz1o1KbKumvcG9O5dEqGgfxFlT_3cbpx64f9rsXM6z3V7N8JOfHBdjrmdRyAEsyWlTOzB7swoo2pRV9n3caooxuwstcGyo0YaJ_4P5T8PZ2Qsf9b9QSjxKXa8YwCP2bNTZVIJISol91XaxWYJJIL9fy6LLDMwDAVt0QL8ZLSxzvEomsT6L8xR_Uzsu8amky93bqgMK91AWMmxnorhv8wy7qx5ga4fARAozg--UyCJShl7J50QVzEXRzsCtkPE-9aK79U&sig=Cg0ArKJSzLPAR7CAMJDCEAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=376&cbvp=1&cstd=367&cisv=r20220308.50177&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&adurl=

Requested by

Host: nets4.com
URL: https://nets4.com/domain/secretofthieves.com

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://e18af829038623fb34c15b12baca7053.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
date: Tue, 15 Mar 2022 10:02:00 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H/1.1 200
OK request.php Show response
hal900028.redintelligence.net/ Frame CC4C 611 B
936 B 118ms
82ms Script
application/x-javascript 88.99.165.19
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal900028.redintelligence.net/request.php?zone=4727t6qteyti&nw=20&renderingType=javascript&namespace=0377bf53a5&subid=&uid=5b7461d4454f9981&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=728x90&scrollPos=0x0&extData[]=&envData=&gdpr=-1&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCPVcgFmQwYpbNK4yArATHiIbIBrXN-YNX_Ni5q-UM8C4QASC52_MmYJWKooKwB8gBCakCCcPyHGBssj6oAwGqBNMBT9BSVpp_4_Bs1H_NBrKfhFnRqCYB18IsPWrOp3BYxxTkN39-xe1nGY2FF1XOD4fo3N0IS9Umv5gr_g7aoSt9RjjV3D8HJi8SivyUICmXK4KKs4_L6PPzKpu2LiiEPL2fzhtVr-1YoQFoy8V6uwSX0E3d0lnOsTwCEhE866PEPRta6QqfkNcTAWN_UZuC0ZjsdqLf354fU3hMx0n6dnV-vHvchnAYEfGC6uatXHfbpBDzhZYKZHUIEhx3OysFXR2xddnZTJtUVCfkh5bjiEfvcuYevcAEqp38vs8B4AQDkAYBoAZNgAfr5-heqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhuoB_PRG6gHltgbqAeqm7ECqAffn7EC2AcA0ggJCIjhgBAQARgd8ggbYWR4LXN1YnN5bi00ODIzOTY5OTg1MDgyMTM2gAoDmAsByAsBgAwBsBPcmesN0BMA2BMD2BQB0BUB-BYBgBcB%26ae%3D1%26num%3D1%26cid%3DCAASJ-RodOc4yWeAMAGeaDz1tgQMQRSNvrgG9oOnpL_pW9P8-k_xOx2MBg%26sig%3DAOD64_2SISxIIFOsBjKOI2zHyJXirRx6IA%26client%3Dca-pub-4903453974745530%26dbm_c%3DAKAmf-DHv8QCFRWJaf7hY5RMMvp4GpaIJOWFwKoUvYItlbAFOgnvfVfGZ3BZ8zPFvPl4hZc753k2bpram5_xvZitFI5hlQYTtl5lGTVhBvmh7Qxbn-P0gu-wus671cf4Jf9qOpU1rR7w6Lp1yGcnskQNfaCF5mrMqg%26cry%3D1%26dbm_d%3DAKAmf-C9ux7QbJZPY9FdAhagAy3DOJOR-lh2zMYtcCfRz2YX1BrAMfCYSZDst-1zUF_M3Zid7pDh4KmI1rP9K4hUbpD02MjoxlgqhiqvaiqEA-C5ndisDWSvJ6D4Z5X6dtkMKPnI3OWiBSWZJeidQghYUebCSq5sbZJ0egEr9jX3VL8XCJ4vsLS4--_ByDvGZ3xvmsxAuc9O4_UfFJwOIa-NvMHp2-EC_wRWsc44H2VnyJOh_0AXhD1Ber-dol41e4-dJNEy2706uZO-dexvCoSrKwi-BL_nOLxtYSUU2vDLXiIRpIMJQAR3slp_cS5OWB_cU_t6z23pVdZ3sky4Q_UeTN3gm_oaRBwv3Bqw8BG6nnVwgeE0_ZuayjFVNm6dVvxcAyqYte1fZIs22-Hcg7GfN4EamsAc2W75JrlBN73s4YTFBYVl0QjQCGEGCNrr1huiJEr60ib5Pf6laBWVUlo2jvToOLkP9IIjCoaCW_Q26sGwvuCnMzPwH6m9QVkek7_BVSJxu2Eb%26adurl%3D&documentReferer=https%3A%2F%2Fnets4.com%2F&ancestorOrigins=https%3A%2F%2Fnets4.com%2Chttps%3A%2F%2Fnets4.com&random=8071673289593&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0
Requested by: Host: hal9000.redintelligence.net
URL: https://hal9000.redintelligence.net/zone/4727t6qteyti?subid=&gdpr=-1&gdpr_consent=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCPVcgFmQwYpbNK4yArATHiIbIBrXN-YNX_Ni5q-UM8C4QASC52_MmYJWKooKwB8gBCakCCcPyHGBssj6oAwGqBNMBT9BSVpp_4_Bs1H_NBrKfhFnRqCYB18IsPWrOp3BYxxTkN39-xe1nGY2FF1XOD4fo3N0IS9Umv5gr_g7aoSt9RjjV3D8HJi8SivyUICmXK4KKs4_L6PPzKpu2LiiEPL2fzhtVr-1YoQFoy8V6uwSX0E3d0lnOsTwCEhE866PEPRta6QqfkNcTAWN_UZuC0ZjsdqLf354fU3hMx0n6dnV-vHvchnAYEfGC6uatXHfbpBDzhZYKZHUIEhx3OysFXR2xddnZTJtUVCfkh5bjiEfvcuYevcAEqp38vs8B4AQDkAYBoAZNgAfr5-heqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhuoB_PRG6gHltgbqAeqm7ECqAffn7EC2AcA0ggJCIjhgBAQARgd8ggbYWR4LXN1YnN5bi00ODIzOTY5OTg1MDgyMTM2gAoDmAsByAsBgAwBsBPcmesN0BMA2BMD2BQB0BUB-BYBgBcB%26ae%3D1%26num%3D1%26cid%3DCAASJ-RodOc4yWeAMAGeaDz1tgQMQRSNvrgG9oOnpL_pW9P8-k_xOx2MBg%26sig%3DAOD64_2SISxIIFOsBjKOI2zHyJXirRx6IA%26client%3Dca-pub-4903453974745530%26dbm_c%3DAKAmf-DHv8QCFRWJaf7hY5RMMvp4GpaIJOWFwKoUvYItlbAFOgnvfVfGZ3BZ8zPFvPl4hZc753k2bpram5_xvZitFI5hlQYTtl5lGTVhBvmh7Qxbn-P0gu-wus671cf4Jf9qOpU1rR7w6Lp1yGcnskQNfaCF5mrMqg%26cry%3D1%26dbm_d%3DAKAmf-C9ux7QbJZPY9FdAhagAy3DOJOR-lh2zMYtcCfRz2YX1BrAMfCYSZDst-1zUF_M3Zid7pDh4KmI1rP9K4hUbpD02MjoxlgqhiqvaiqEA-C5ndisDWSvJ6D4Z5X6dtkMKPnI3OWiBSWZJeidQghYUebCSq5sbZJ0egEr9jX3VL8XCJ4vsLS4--_ByDvGZ3xvmsxAuc9O4_UfFJwOIa-NvMHp2-EC_wRWsc44H2VnyJOh_0AXhD1Ber-dol41e4-dJNEy2706uZO-dexvCoSrKwi-BL_nOLxtYSUU2vDLXiIRpIMJQAR3slp_cS5OWB_cU_t6z23pVdZ3sky4Q_UeTN3gm_oaRBwv3Bqw8BG6nnVwgeE0_ZuayjFVNm6dVvxcAyqYte1fZIs22-Hcg7GfN4EamsAc2W75JrlBN73s4YTFBYVl0QjQCGEGCNrr1huiJEr60ib5Pf6laBWVUlo2jvToOLkP9IIjCoaCW_Q26sGwvuCnMzPwH6m9QVkek7_BVSJxu2Eb%26adurl%3D
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 88.99.165.19 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.19.165.99.88.clients.your-server.de
Software: Apache /
Resource Hash: 95fe4bf0ddf917864e9c0756f6f215ab35f8a840f169d8a2cbdf8b02b07bee3f

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://f57c03fb62f8eeee0edbee0e6d9835ea.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 15 Mar 2022 10:02:00 GMT
Content-Encoding: gzip
Server: Apache
Vary: Accept-Encoding
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
X-NEORY-SubId: 67083300076119400710612011899028
Connection: close
Content-Type: application/x-javascript; charset=utf-8
Content-Length: 330
Expires: Tue, 15 Mar 2022 10:02:00 +0100

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame 879E 41 KB
15 KB 15ms
15ms Script
text/javascript 2a00:1450:400e:80d::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: e18af829038623fb34c15b12baca7053.safeframe.googlesyndication.com
URL: https://e18af829038623fb34c15b12baca7053.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400e:80d::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://e18af829038623fb34c15b12baca7053.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 10:21:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 85259
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 14 Mar 2023 10:21:01 GMT

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 5E09 1 KB
753 B 7ms
7ms Document
text/html 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: e18af829038623fb34c15b12baca7053.safeframe.googlesyndication.com
URL: https://e18af829038623fb34c15b12baca7053.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://e18af829038623fb34c15b12baca7053.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 724
x-xss-protection: 0
date: Mon, 14 Mar 2022 13:26:12 GMT
expires: Tue, 15 Mar 2022 13:26:12 GMT
cache-control: public, max-age=86400
age: 74148
etag: 48472445140208031
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H/1.1 200
OK up_loader.1.1.0.js Show response
js.adsrvr.org/ Frame 6066 4 KB
2 KB 71ms
11ms Script
application/x-javascript 108.138.15.119
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://js.adsrvr.org/up_loader.1.1.0.js
Requested by: Host: ad30.ad-srv.net
URL: https://ad30.ad-srv.net/request.php?zone=0s3p1fkb96mt&nw=11&renderingType=javascript&namespace=565662a7fc&subid=&uid=2406ad0a285289fc&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=728x90&scrollPos=0x0&extData[]=&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=&documentReferer=https%3A%2F%2Fnets4.com%2F&ancestorOrigins=https%3A%2F%2Fnets4.com%2Chttps%3A%2F%2Fnets4.com&random=8049008805720&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 108.138.15.119 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-108-138-15-119.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: ee3a7301fe1e0c0f6bf6acff0d7a8d107f5cb3f62a2566740c0416d8e61f00b9

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ab1a7e5300227e43b7d9e5ad573fa091.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Tue, 15 Mar 2022 06:00:42 GMT
Content-Encoding: gzip
Last-Modified: Thu, 24 Sep 2020 15:15:34 GMT
Server: AmazonS3
Age: 14479
ETag: W/"98d98b3499058b76d58073cf8ede2f10"
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Content-Type: application/x-javascript
Via: 1.1 d76db2cbee553c8bb2de7fd88a960646.cloudfront.net (CloudFront)
Connection: keep-alive
Transfer-Encoding: chunked
X-Amz-Cf-Pop: FRA56-P7
X-Amz-Cf-Id: Z03B78SJJBEhOhVPul6z7X7rfIxAeynnqNDNzgJkHFvkuOFaKHMbrQ==

GET
H2 200 pixel_loader.js Show response
static2.creative-serving.com/ Frame 6066 527 B
694 B 74ms
15ms Script
text/javascript 151.139.128.11
STACKPATH-CDN

General

Check archive.org

Show headers Download Go to

Full URL: https://static2.creative-serving.com/pixel_loader.js
Requested by: Host: ad30.ad-srv.net
URL: https://ad30.ad-srv.net/request.php?zone=0s3p1fkb96mt&nw=11&renderingType=javascript&namespace=565662a7fc&subid=&uid=2406ad0a285289fc&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=728x90&scrollPos=0x0&extData[]=&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=&documentReferer=https%3A%2F%2Fnets4.com%2F&ancestorOrigins=https%3A%2F%2Fnets4.com%2Chttps%3A%2F%2Fnets4.com&random=8049008805720&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.139.128.11 , United States, ASN20446 (STACKPATH-CDN, US),
Reverse DNS
Software: UploadServer /
Resource Hash: 9bbde4e879f5cc6d8e98b1e5605898a933825190f867b66285b084bc3ee785e9

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ab1a7e5300227e43b7d9e5ad573fa091.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Tue, 15 Mar 2022 10:02:00 GMT
content-encoding: gzip
last-modified: Wed, 29 Sep 2021 21:32:00 GMT
server: UploadServer
age: 0
etag: "68faa1738e44f8aabb6f53cba51f29d3"
x-hw: 1647338520.cds248.fr8.hn,1647338520.cds290.fr8.c
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=3600
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 320

GET
H2 200 jquery.min.js Show response
ajax.googleapis.com/ajax/libs/jquery/1.6.2/ Frame C2E9 89 KB
32 KB 44ms
10ms Script
text/javascript 2a00:1450:4001:813::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ajax.googleapis.com/ajax/libs/jquery/1.6.2/jquery.min.js

Requested by

Host: hal900025.redintelligence.net
URL: https://hal900025.redintelligence.net/request_content.php?s=80048500073524600710612011899025&a=eba617cb

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d16d07a0353405fcec95f7efc50a2621bc7425f9a5e8895078396fb0dc460c4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hal900025.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Tue, 15 Mar 2022 07:35:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 8818
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 32245
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
vary: Accept-Encoding
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 15 Mar 2023 07:35:02 GMT

GET
H/1.1 200
OK 728x90_OMAC_2016_Launch%20(4).jpg
cdn.contentspread.net/24i/advertiser/32995/creativesup/ Frame C2E9 44 KB
44 KB 81ms
33ms Image
image/jpeg 85.114.131.233
MYLOC-AS IP Backb...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.contentspread.net/24i/advertiser/32995/creativesup/728x90_OMAC_2016_Launch%20(4).jpg
Requested by: Host: hal900025.redintelligence.net
URL: https://hal900025.redintelligence.net/request_content.php?s=80048500073524600710612011899025&a=eba617cb
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 85.114.131.233 , Germany, ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE),
Reverse DNS: srv21037.dus4.fastwebserver.de
Software: nginx /
Resource Hash: e8ec2a4d84f51a4860526181c3822b954b3a134dc14446ba753b37708470171d

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hal900025.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Tue, 15 Mar 2022 10:02:00 GMT
Last-Modified: Mon, 20 Jun 2016 09:28:47 GMT
Server: nginx
ETag: "5767b74f-af88"
Content-Type: image/jpeg
Connection: close
Accept-Ranges: bytes
Content-Length: 44936

GET
H3 200 dc_pre=CO2d15rux_YCFSdAHQkdtRkCBw;src=8019191;type=invmedia;cat=1up4h04i;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=4512883054029.222
adservice.google.com/ddm/fls/z/ Frame B062 42 B
63 B 34ms
33ms Image
image/gif 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://adservice.google.com/ddm/fls/z/dc_pre=CO2d15rux_YCFSdAHQkdtRkCBw;src=8019191;type=invmedia;cat=1up4h04i;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=4512883054029.222

Requested by

Host: 8019191.fls.doubleclick.net
URL: https://8019191.fls.doubleclick.net/activityi;dc_pre=CO2d15rux_YCFSdAHQkdtRkCBw;src=8019191;type=invmedia;cat=1up4h04i;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=4512883054029.222?

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://8019191.fls.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 15 Mar 2022 10:02:00 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
DATA 200
OK truncated
/ Frame 879E 211 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 80c81cc14e088e5219ac0b946ae8afc5d1b69dd3c805f63373d89115295e3f28

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 a8355064648aa7a1ab68278019a58f4a.js Show response
s0.2mdn.net/sadbundle/2753383143326280557/ Frame 1C31 65 KB
17 KB 9ms
9ms Script
application/x-javascript 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/2753383143326280557/a8355064648aa7a1ab68278019a58f4a.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/2753383143326280557/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

096ddcd6353390a194d3a68b5f7c2fbf5ccf142dbb32421c927042af27e9c400

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/2753383143326280557/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Tue, 15 Mar 2022 02:59:40 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 25340
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 17337
x-xss-protection: 0
last-modified: Wed, 09 Mar 2022 16:20:37 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 15 Mar 2023 02:59:40 GMT

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame 43D6 0
9 B 13ms
13ms Image
text/plain 2a00:1450:400e:80d::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?TYSubw
Requested by: Host: nets4.com
URL: https://nets4.com/domain/secretofthieves.com
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:400e:80d::2001 , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Tue, 15 Mar 2022 10:02:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0

GET
H/1.1 200
OK request_content.php Show response
hal900028.redintelligence.net/ Frame 127A 7 KB
3 KB 34ms
11ms Document
text/html 88.99.165.19
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal900028.redintelligence.net/request_content.php?s=67083300076119400710612011899028&a=1839b5aa
Requested by: Host: hal900028.redintelligence.net
URL: https://hal900028.redintelligence.net/request.php?zone=4727t6qteyti&nw=20&renderingType=javascript&namespace=0377bf53a5&subid=&uid=5b7461d4454f9981&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=728x90&scrollPos=0x0&extData[]=&envData=&gdpr=-1&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCPVcgFmQwYpbNK4yArATHiIbIBrXN-YNX_Ni5q-UM8C4QASC52_MmYJWKooKwB8gBCakCCcPyHGBssj6oAwGqBNMBT9BSVpp_4_Bs1H_NBrKfhFnRqCYB18IsPWrOp3BYxxTkN39-xe1nGY2FF1XOD4fo3N0IS9Umv5gr_g7aoSt9RjjV3D8HJi8SivyUICmXK4KKs4_L6PPzKpu2LiiEPL2fzhtVr-1YoQFoy8V6uwSX0E3d0lnOsTwCEhE866PEPRta6QqfkNcTAWN_UZuC0ZjsdqLf354fU3hMx0n6dnV-vHvchnAYEfGC6uatXHfbpBDzhZYKZHUIEhx3OysFXR2xddnZTJtUVCfkh5bjiEfvcuYevcAEqp38vs8B4AQDkAYBoAZNgAfr5-heqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhuoB_PRG6gHltgbqAeqm7ECqAffn7EC2AcA0ggJCIjhgBAQARgd8ggbYWR4LXN1YnN5bi00ODIzOTY5OTg1MDgyMTM2gAoDmAsByAsBgAwBsBPcmesN0BMA2BMD2BQB0BUB-BYBgBcB%26ae%3D1%26num%3D1%26cid%3DCAASJ-RodOc4yWeAMAGeaDz1tgQMQRSNvrgG9oOnpL_pW9P8-k_xOx2MBg%26sig%3DAOD64_2SISxIIFOsBjKOI2zHyJXirRx6IA%26client%3Dca-pub-4903453974745530%26dbm_c%3DAKAmf-DHv8QCFRWJaf7hY5RMMvp4GpaIJOWFwKoUvYItlbAFOgnvfVfGZ3BZ8zPFvPl4hZc753k2bpram5_xvZitFI5hlQYTtl5lGTVhBvmh7Qxbn-P0gu-wus671cf4Jf9qOpU1rR7w6Lp1yGcnskQNfaCF5mrMqg%26cry%3D1%26dbm_d%3DAKAmf-C9ux7QbJZPY9FdAhagAy3DOJOR-lh2zMYtcCfRz2YX1BrAMfCYSZDst-1zUF_M3Zid7pDh4KmI1rP9K4hUbpD02MjoxlgqhiqvaiqEA-C5ndisDWSvJ6D4Z5X6dtkMKPnI3OWiBSWZJeidQghYUebCSq5sbZJ0egEr9jX3VL8XCJ4vsLS4--_ByDvGZ3xvmsxAuc9O4_UfFJwOIa-NvMHp2-EC_wRWsc44H2VnyJOh_0AXhD1Ber-dol41e4-dJNEy2706uZO-dexvCoSrKwi-BL_nOLxtYSUU2vDLXiIRpIMJQAR3slp_cS5OWB_cU_t6z23pVdZ3sky4Q_UeTN3gm_oaRBwv3Bqw8BG6nnVwgeE0_ZuayjFVNm6dVvxcAyqYte1fZIs22-Hcg7GfN4EamsAc2W75JrlBN73s4YTFBYVl0QjQCGEGCNrr1huiJEr60ib5Pf6laBWVUlo2jvToOLkP9IIjCoaCW_Q26sGwvuCnMzPwH6m9QVkek7_BVSJxu2Eb%26adurl%3D&documentReferer=https%3A%2F%2Fnets4.com%2F&ancestorOrigins=https%3A%2F%2Fnets4.com%2Chttps%3A%2F%2Fnets4.com&random=8071673289593&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 88.99.165.19 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.19.165.99.88.clients.your-server.de
Software: Apache /
Resource Hash: 923b8a364ebd2d883e56c544c34bd2b466cab1d0ffabdd6b2eb40b49b2b21fdb

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://f57c03fb62f8eeee0edbee0e6d9835ea.safeframe.googlesyndication.com/

Response headers

Date: Tue, 15 Mar 2022 10:02:00 GMT
Server: Apache
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Expires: Tue, 15 Mar 2022 10:02:00 +0100
Pragma: no-cache
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 2323
Connection: close
Content-Type: text/html; charset=utf-8

GET
H3 200 cYUZDpkDTLiaCxFKW6PIDwgD40qdhgxPHck_a-4gLzE.js Show response
pagead2.googlesyndication.com/bg/ Frame B25B 35 KB
13 KB 11ms
11ms Script
text/javascript 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/cYUZDpkDTLiaCxFKW6PIDwgD40qdhgxPHck_a-4gLzE.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

sffe /

Resource Hash

7185190e99034cb89a0b114a5ba3c80f0803e34a9d860c4f1dc93f6bee202f31

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Tue, 15 Mar 2022 08:42:27 GMT
content-encoding: br
x-content-type-options: nosniff
age: 4773
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13775
x-xss-protection: 0
last-modified: Tue, 01 Mar 2022 17:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 15 Mar 2023 08:42:27 GMT

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame F363 22 KB
8 KB 14ms
12ms Document
text/html 2a00:1450:400e:80d::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400e:80d::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://e18af829038623fb34c15b12baca7053.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
timing-allow-origin: *
content-length: 8395
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 14 Mar 2022 10:21:01 GMT
expires: Tue, 14 Mar 2023 10:21:01 GMT
cache-control: public, max-age=31536000
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
content-type: text/html
age: 85259
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 4F49 0
0 59ms
59ms Image
text/html 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gpt_2022031401&jk=1071917673794868&rc=null
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 142.250.184.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra24s12-in-f2.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

GET
DATA 200
OK truncated
/ Frame CC4C 215 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 42b98e4662e2e8f10e9d90751af5b669b95d7ae61e205aa78bd67f3161c3098c

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Content-Type: image/png

GET /
google2waycm.netmng.com/cm/ Frame 5E09 0
0

GET
H2

200

/
r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/ Frame 5E09
Redirect Chain

https://ad.turn.com/r/cs?pid=3&google_gid=CAESEBzwd33NIqFzX_sBCdHiY2Y&google_cver=1&google_push=AYg5qPKxxr7W0LtCDl0UXaGw7U2t9vx_iR2nlvwD_LCYGmyGzEdnqmeG89dudW4milAqt1EWmZwM5oVWkcKBlsimYRNwqDoIWLuL
https://cm.g.doubleclick.net/pixel?google_nid=turn1&google_cm&google_sc&google_hm=MjU0NDIwNzY5MjA5NzAzNjU4OA==&gdpr=&gdpr_consent=
https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?gdpr=&gdpr_consent=&google_gid=CAESEBzwd33NIqFzX_sBCdHiY2Y&google_cver=1

43 B
398 B

63ms
14ms

Image
image/gif

2001:678:cb4:bbbb::11
AMOBEE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?gdpr=&gdpr_consent=&google_gid=CAESEBzwd33NIqFzX_sBCdHiY2Y&google_cver=1
Requested by: Host: e18af829038623fb34c15b12baca7053.safeframe.googlesyndication.com
URL: https://e18af829038623fb34c15b12baca7053.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1
Protocol: H2
Server: 2001:678:cb4:bbbb::11 , United Kingdom, ASN56396 (AMOBEE, GB),
Reverse DNS
Software: /
Resource Hash: 48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 15 Mar 2022 10:02:01 GMT
cache-control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
content-type: image/gif
content-length: 43
p3p: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"

Redirect headers

pragma: no-cache
date: Tue, 15 Mar 2022 10:02:01 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?gdpr=&gdpr_consent=&google_gid=CAESEBzwd33NIqFzX_sBCdHiY2Y&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 329
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 204 current
dclk-match.dotomi.com/match/bounce/ Frame 5E09 0
104 B 102ms
28ms Image
text/plain 2a02:fa8:8806:16::1370
VCLK-EU-SE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dclk-match.dotomi.com/match/bounce/current?networkId=14000&version=1&google_gid=CAESEOWKhRHIjdEVRfKfa1-__K4&google_cver=1&google_push=AYg5qPIVBXFY2sNAaaDJUUQfC6enRvnBI051q57iFxn_O3tfvmi55lRpjjAaD7lefLtUz-DqfL17IntoicFeG9FCUzh1WPCCsAed5g
Requested by: Host: e18af829038623fb34c15b12baca7053.safeframe.googlesyndication.com
URL: https://e18af829038623fb34c15b12baca7053.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2a02:fa8:8806:16::1370 , Singapore, ASN41041 (VCLK-EU-SE, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 15 Mar 2022 10:02:01 GMT
cache-control: no-cache, private, max-age=0, no-store
server: nginx
expires: 0

GET
H2 204 AdxPixel
tr.blismedia.com/v1/api/sync/ Frame 5E09 0
173 B 53ms
18ms Image
text/plain 34.96.105.8
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tr.blismedia.com/v1/api/sync/AdxPixel?google_gid=CAESEOug89x7cQ1VHw5WnDZpR30&google_cver=1&google_push=AYg5qPLsprGx4PQkze18ld-0h67BlfaWM6Xpcc3dtURtnGNguNia0NoxtJrQ-yf30MU2fDZxGFsBSqNZH_o_m6PkXy-Ze-CD-dZH2Q
Requested by: Host: e18af829038623fb34c15b12baca7053.safeframe.googlesyndication.com
URL: https://e18af829038623fb34c15b12baca7053.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.96.105.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.105.96.34.bc.googleusercontent.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Tue, 15 Mar 2022 10:02:01 GMT
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

GET
H3 200 dot.gif
s0.2mdn.net/ Frame 5E09 43 B
65 B 23ms
18ms Image
image/gif 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/dot.gif?google_gid=CAESEFETByvaO5VQzG6HcJYcZ_Y&google_cver=1&google_push=AYg5qPIvdzbI1V7rULBPpshn1FA-id7aR3qW1RhV2YQA-LzzDo01nW7Nyrhxv6OhZ72-EEGaQrIG4eD2lUYWfQn7kB93TUTYkjL8bg

Requested by

Host: e18af829038623fb34c15b12baca7053.safeframe.googlesyndication.com
URL: https://e18af829038623fb34c15b12baca7053.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Tue, 15 Mar 2022 10:02:01 GMT
x-content-type-options: nosniff
last-modified: Sun, 01 Feb 2009 08:00:00 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/gif
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 43
x-xss-protection: 0
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 16 Mar 2022 10:02:01 GMT

GET

pixel
cm.g.doubleclick.net/ Frame 5E09
Redirect Chain

https://match.360yield.com/match/ebda?google_gid=CAESEOqCTCyh9w9NbgfvwFM3lcY&google_cver=1&google_push=AYg5qPLpQbB8tH5HV7IyCm6Eo39WUof2UhYyp3fiVZz7Gr3ZCwOrJmEjG1SJDSZ2jwA3CiTbRRFzvlIH6Fd28wBISGmFwd...
https://match.360yield.com/ul_cb/match/ebda?google_gid=CAESEOqCTCyh9w9NbgfvwFM3lcY&google_cver=1&google_push=AYg5qPLpQbB8tH5HV7IyCm6Eo39WUof2UhYyp3fiVZz7Gr3ZCwOrJmEjG1SJDSZ2jwA3CiTbRRFzvlIH6Fd28wBI...
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=v3jNNAFmTJGVHwy6c2gSKQ&google_push=AYg5qPLpQbB8tH5HV7IyCm6Eo39WUof2UhYyp3fiVZz7Gr3ZCwOrJmEjG1SJDSZ2jwA3CiTbRRFzvlIH6Fd28wB...
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=v3jNNAFmTJGVHwy6c2gSKQ&google_push=AYg5qPLpQbB8tH5HV7IyCm6Eo39WUof2UhYyp3fiVZz7Gr3ZCwOrJmEjG1SJDSZ2jwA3CiTbRRFzvlIH6Fd28wB...
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=v3jNNAFmTJGVHwy6c2gSKQ&google_push=AYg5qPLpQbB8tH5HV7IyCm6Eo39WUof2UhYyp3fiVZz7Gr3ZCwOrJmEjG1SJDSZ2jwA3CiTbRRFzvlIH6Fd28wB...
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=v3jNNAFmTJGVHwy6c2gSKQ&google_push=AYg5qPLpQbB8tH5HV7IyCm6Eo39WUof2UhYyp3fiVZz7Gr3ZCwOrJmEjG1SJDSZ2jwA3CiTbRRFzvlIH6Fd28wB...
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=v3jNNAFmTJGVHwy6c2gSKQ&google_push=AYg5qPLpQbB8tH5HV7IyCm6Eo39WUof2UhYyp3fiVZz7Gr3ZCwOrJmEjG1SJDSZ2jwA3CiTbRRFzvlIH6Fd28wB...
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=v3jNNAFmTJGVHwy6c2gSKQ&google_push=AYg5qPLpQbB8tH5HV7IyCm6Eo39WUof2UhYyp3fiVZz7Gr3ZCwOrJmEjG1SJDSZ2jwA3CiTbRRFzvlIH6Fd28wB...
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=v3jNNAFmTJGVHwy6c2gSKQ&google_push=AYg5qPLpQbB8tH5HV7IyCm6Eo39WUof2UhYyp3fiVZz7Gr3ZCwOrJmEjG1SJDSZ2jwA3CiTbRRFzvlIH6Fd28wB...
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=v3jNNAFmTJGVHwy6c2gSKQ&google_push=AYg5qPLpQbB8tH5HV7IyCm6Eo39WUof2UhYyp3fiVZz7Gr3ZCwOrJmEjG1SJDSZ2jwA3CiTbRRFzvlIH6Fd28wB...
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=v3jNNAFmTJGVHwy6c2gSKQ&google_push=AYg5qPLpQbB8tH5HV7IyCm6Eo39WUof2UhYyp3fiVZz7Gr3ZCwOrJmEjG1SJDSZ2jwA3CiTbRRFzvlIH6Fd28wB...
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=v3jNNAFmTJGVHwy6c2gSKQ&google_push=AYg5qPLpQbB8tH5HV7IyCm6Eo39WUof2UhYyp3fiVZz7Gr3ZCwOrJmEjG1SJDSZ2jwA3CiTbRRFzvlIH6Fd28wB...
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=v3jNNAFmTJGVHwy6c2gSKQ&google_push=AYg5qPLpQbB8tH5HV7IyCm6Eo39WUof2UhYyp3fiVZz7Gr3ZCwOrJmEjG1SJDSZ2jwA3CiTbRRFzvlIH6Fd28wB...
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=v3jNNAFmTJGVHwy6c2gSKQ&google_push=AYg5qPLpQbB8tH5HV7IyCm6Eo39WUof2UhYyp3fiVZz7Gr3ZCwOrJmEjG1SJDSZ2jwA3CiTbRRFzvlIH6Fd28wB...
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=v3jNNAFmTJGVHwy6c2gSKQ&google_push=AYg5qPLpQbB8tH5HV7IyCm6Eo39WUof2UhYyp3fiVZz7Gr3ZCwOrJmEjG1SJDSZ2jwA3CiTbRRFzvlIH6Fd28wB...
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=v3jNNAFmTJGVHwy6c2gSKQ&google_push=AYg5qPLpQbB8tH5HV7IyCm6Eo39WUof2UhYyp3fiVZz7Gr3ZCwOrJmEjG1SJDSZ2jwA3CiTbRRFzvlIH6Fd28wB...
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=v3jNNAFmTJGVHwy6c2gSKQ&google_push=AYg5qPLpQbB8tH5HV7IyCm6Eo39WUof2UhYyp3fiVZz7Gr3ZCwOrJmEjG1SJDSZ2jwA3CiTbRRFzvlIH6Fd28wB...
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=v3jNNAFmTJGVHwy6c2gSKQ&google_push=AYg5qPLpQbB8tH5HV7IyCm6Eo39WUof2UhYyp3fiVZz7Gr3ZCwOrJmEjG1SJDSZ2jwA3CiTbRRFzvlIH6Fd28wB...
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=v3jNNAFmTJGVHwy6c2gSKQ&google_push=AYg5qPLpQbB8tH5HV7IyCm6Eo39WUof2UhYyp3fiVZz7Gr3ZCwOrJmEjG1SJDSZ2jwA3CiTbRRFzvlIH6Fd28wB...
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=v3jNNAFmTJGVHwy6c2gSKQ&google_push=AYg5qPLpQbB8tH5HV7IyCm6Eo39WUof2UhYyp3fiVZz7Gr3ZCwOrJmEjG1SJDSZ2jwA3CiTbRRFzvlIH6Fd28wB...
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=v3jNNAFmTJGVHwy6c2gSKQ&google_push=AYg5qPLpQbB8tH5HV7IyCm6Eo39WUof2UhYyp3fiVZz7Gr3ZCwOrJmEjG1SJDSZ2jwA3CiTbRRFzvlIH6Fd28wB...

0
0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 5E09
Redirect Chain

https://ups.analytics.yahoo.com/ups/58281/sync?redir=true&google_gid=CAESEPwRFbNPVGeguKQ32xoJtqE&google_cver=1&google_push=AYg5qPIRS9IkXjOGGoIy_fYt-5ZdpOHb7r2OqRBOqWm3L4yCPCyX5DKiz6CpxMPmoJzfQw6el1...
https://ups.analytics.yahoo.com/ups/58281/sync?redir=true&google_gid=CAESEPwRFbNPVGeguKQ32xoJtqE&google_cver=1&google_push=AYg5qPIRS9IkXjOGGoIy_fYt-5ZdpOHb7r2OqRBOqWm3L4yCPCyX5DKiz6CpxMPmoJzfQw6el1...
https://cm.g.doubleclick.net/pixel?google_nid=oath__display__app_eb_&google_hm=eS1JT1BSVjhWRTJ1R0VpY2ZZVHJBZXgwUU50RC44d3pGZn5B&google_push=AYg5qPIRS9IkXjOGGoIy_fYt-5ZdpOHb7r2OqRBOqWm3L4yCPCyX5DKiz...

170 B
188 B

17ms
16ms

Image
image/png

142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=oath__display__app_eb_&google_hm=eS1JT1BSVjhWRTJ1R0VpY2ZZVHJBZXgwUU50RC44d3pGZn5B&google_push=AYg5qPIRS9IkXjOGGoIy_fYt-5ZdpOHb7r2OqRBOqWm3L4yCPCyX5DKiz6CpxMPmoJzfQw6el1nUZJJ76KvgyQUA-fJadtIVj8qoqg

Requested by

Host: e18af829038623fb34c15b12baca7053.safeframe.googlesyndication.com
URL: https://e18af829038623fb34c15b12baca7053.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 15 Mar 2022 10:02:01 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=oath__display__app_eb_&google_hm=eS1JT1BSVjhWRTJ1R0VpY2ZZVHJBZXgwUU50RC44d3pGZn5B&google_push=AYg5qPIRS9IkXjOGGoIy_fYt-5ZdpOHb7r2OqRBOqWm3L4yCPCyX5DKiz6CpxMPmoJzfQw6el1nUZJJ76KvgyQUA-fJadtIVj8qoqg
date: Tue, 15 Mar 2022 10:02:01 GMT
server: ATS/9.1.0.33
age: 0
content-length: 0
strict-transport-security: max-age=31536000
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame 5E09 0
12 B 26ms
21ms Image
text/html 142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13JFiAz4znMToW1k3mwUiIf9LQ_Bu5KnhAPRvAaCU82wz_XyBHoL2PyexNXIrk376KgvAdgCSQ

Requested by

Host: e18af829038623fb34c15b12baca7053.safeframe.googlesyndication.com
URL: https://e18af829038623fb34c15b12baca7053.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Tue, 15 Mar 2022 10:02:01 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H2 200 pixel.js Show response
static2.creative-serving.com/ Frame 6066 4 KB
2 KB 313ms
10ms Script
application/javascript 151.139.128.11
STACKPATH-CDN

General

Check archive.org

Show headers Download Go to

Full URL: https://static2.creative-serving.com/pixel.js
Requested by: Host: static2.creative-serving.com
URL: https://static2.creative-serving.com/pixel_loader.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.139.128.11 , United States, ASN20446 (STACKPATH-CDN, US),
Reverse DNS
Software: UploadServer /
Resource Hash: df16ae2f3f4c003e55aa93796b78c0ab73e0155ae32bea72cee59d1e0832f92d

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ab1a7e5300227e43b7d9e5ad573fa091.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Tue, 15 Mar 2022 10:02:01 GMT
content-encoding: gzip
last-modified: Wed, 29 Sep 2021 21:32:00 GMT
server: UploadServer
etag: "ddebe66232ec2ff147a8664e2ecc6e4f"
x-hw: 1647338521.cds248.fr8.hn,1647338521.cds159.fr8.c
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=3600
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1505

GET
H/1.1 200
OK request_content.php Show response
ad30.ad-srv.net/ Frame 758C 3 KB
1 KB 60ms
16ms Document
text/html 136.243.149.243
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ad30.ad-srv.net/request_content.php?s=12485700074866400383828011899030&a=d5ddb445
Requested by: Host: ab1a7e5300227e43b7d9e5ad573fa091.safeframe.googlesyndication.com
URL: https://ab1a7e5300227e43b7d9e5ad573fa091.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 136.243.149.243 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.243.149.243.136.clients.your-server.de
Software: Apache /
Resource Hash: 01595d489887decf687435b25f13038495f62d431ef150d8e356cf9a0f3eee25

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://ab1a7e5300227e43b7d9e5ad573fa091.safeframe.googlesyndication.com/

Response headers

Date: Tue, 15 Mar 2022 10:02:01 GMT
Server: Apache
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Expires: Tue, 15 Mar 2022 10:02:01 +0100
Pragma: no-cache
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 1068
Connection: close
Content-Type: text/html; charset=utf-8

GET
DATA 200
OK truncated
/ Frame 6066 208 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 79ed6a0e53ce94bc13c7dfed65077d0579c12ebadab11ba4415f424964574642

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Content-Type: image/png

GET
H/1.1 200
OK viewability Show response
hal900025.redintelligence.net/ Frame C2E9 0
150 B 33ms
12ms Script
text/html 138.201.84.245
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal900025.redintelligence.net/viewability?s=80048500073524600710612011899025&a=3fe5b829&vb=m
Requested by: Host: hal900025.redintelligence.net
URL: https://hal900025.redintelligence.net/request_content.php?s=80048500073524600710612011899025&a=eba617cb
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.84.245 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.245.84.201.138.clients.your-server.de
Software: Apache /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hal900025.redintelligence.net/request_content.php?s=80048500073524600710612011899025&a=eba617cb
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Tue, 15 Mar 2022 10:02:01 GMT
Server: Apache
Connection: close
Content-Length: 0
Content-Type: text/html; charset=UTF-8

GET
DATA 200
OK truncated
/ Frame C2E9 43 B
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Content-Type: image/gif

GET
H3 200 jquery.min.js Show response
ajax.googleapis.com/ajax/libs/jquery/1.6.2/ Frame 127A 89 KB
32 KB 51ms
8ms Script
text/javascript 2a00:1450:4001:813::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ajax.googleapis.com/ajax/libs/jquery/1.6.2/jquery.min.js

Requested by

Host: hal900028.redintelligence.net
URL: https://hal900028.redintelligence.net/request_content.php?s=67083300076119400710612011899028&a=1839b5aa

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d16d07a0353405fcec95f7efc50a2621bc7425f9a5e8895078396fb0dc460c4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hal900028.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Tue, 15 Mar 2022 07:35:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 8819
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 32245
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
vary: Accept-Encoding
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 15 Mar 2023 07:35:02 GMT

GET
H/1.1 200
OK 728x90_OMAC_2016_Launch%20(4).jpg
cdn.contentspread.net/24i/advertiser/32995/creativesup/ Frame 127A 44 KB
44 KB 93ms
24ms Image
image/jpeg 85.114.131.233
MYLOC-AS IP Backb...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.contentspread.net/24i/advertiser/32995/creativesup/728x90_OMAC_2016_Launch%20(4).jpg
Requested by: Host: hal900028.redintelligence.net
URL: https://hal900028.redintelligence.net/request_content.php?s=67083300076119400710612011899028&a=1839b5aa
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 85.114.131.233 , Germany, ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE),
Reverse DNS: srv21037.dus4.fastwebserver.de
Software: nginx /
Resource Hash: e8ec2a4d84f51a4860526181c3822b954b3a134dc14446ba753b37708470171d

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hal900028.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Tue, 15 Mar 2022 10:02:01 GMT
Last-Modified: Mon, 20 Jun 2016 09:28:47 GMT
Server: nginx
ETag: "5767b74f-af88"
Content-Type: image/jpeg
Connection: close
Accept-Ranges: bytes
Content-Length: 44936

GET
H3 200 activeview
pagead2.googlesyndication.com/pcs/ Frame 53DD 42 B
67 B 42ms
39ms Image
image/gif 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjstnlpeiUpXi5-QY71vkCedSkcEES42DjdQg0TYO_GlNUOIpGdW54N_xxY1kekSzpbfbNiRyt0VNJa0LGscPLAyyc1vwquCNESG2_3vqEkFwP3_r_O7MAg&sai=AMfl-YSzMbzueB_oLNBE1emF1Yn636LaM1YSu26YSV_z84_5WZkmY4nsEF9rtCUciK6fxhC07deN4j7Fm0fR36gnK-JzMJi2pIfBUiUWI3J-za5AKWK2Ef7v6BAsuy8O2hI&sig=Cg0ArKJSzGjCYFG_KEVgEAE&id=ampim&o=294,555&d=728,200&ss=1600,1200&bs=1600,1200&mcvt=1141&mtos=0,0,1141,1141,1141&tos=0,0,1141,0,0&tfs=683&tls=1824&g=100&h=100&tt=1824&r=v&avms=ampa&uap=&uapv=&uaa=&uam=&uafv=&uab=&adk=4203880072

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 15 Mar 2022 10:02:01 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 cYUZDpkDTLiaCxFKW6PIDwgD40qdhgxPHck_a-4gLzE.js Show response
pagead2.googlesyndication.com/bg/ Frame 79F2 35 KB
13 KB 30ms
27ms Script
text/javascript 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/cYUZDpkDTLiaCxFKW6PIDwgD40qdhgxPHck_a-4gLzE.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

sffe /

Resource Hash

7185190e99034cb89a0b114a5ba3c80f0803e34a9d860c4f1dc93f6bee202f31

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Tue, 15 Mar 2022 08:42:27 GMT
content-encoding: br
x-content-type-options: nosniff
age: 4774
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13775
x-xss-protection: 0
last-modified: Tue, 01 Mar 2022 17:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 15 Mar 2023 08:42:27 GMT

GET
H3 200 62cb648c2b03099a9d7af6cb0f943ca4.svg
s0.2mdn.net/sadbundle/2753383143326280557/media/ Frame 1C31 4 KB
2 KB 12ms
11ms Image
image/svg+xml 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/2753383143326280557/media/62cb648c2b03099a9d7af6cb0f943ca4.svg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/2753383143326280557/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a1a7e0734e57be7f5ca3f90c5e30ac070e93a1f2f55100884920da36aaf57705

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/2753383143326280557/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 14:48:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 69196
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1717
x-xss-protection: 0
last-modified: Wed, 09 Mar 2022 16:20:37 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 14 Mar 2023 14:48:45 GMT

GET
H3 200 9b623992979c2c99451765094199c43a.svg
s0.2mdn.net/sadbundle/2753383143326280557/media/ Frame 1C31 1 KB
709 B 13ms
10ms Image
image/svg+xml 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/2753383143326280557/media/9b623992979c2c99451765094199c43a.svg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/2753383143326280557/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b3ae1be851de91fea1d6c42b19df2f1a35df8fa626b30c879b090324eda44ce6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/2753383143326280557/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 09 Mar 2022 16:21:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 495627
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 680
x-xss-protection: 0
last-modified: Wed, 09 Mar 2022 16:20:37 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 09 Mar 2023 16:21:34 GMT

GET
H3 200 3212338bb0be0b574ad231e216e32f4c.jpg
s0.2mdn.net/sadbundle/2753383143326280557/media/ Frame 1C31 6 KB
6 KB 21ms
17ms Image
image/jpeg 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/2753383143326280557/media/3212338bb0be0b574ad231e216e32f4c.jpg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/2753383143326280557/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1e01229bbb5b2f75d84278ab92afb8d3613223493bb7f58700b7f26b5bd7c71d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/2753383143326280557/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Tue, 15 Mar 2022 02:23:50 GMT
x-content-type-options: nosniff
age: 27491
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6140
x-xss-protection: 0
last-modified: Wed, 09 Mar 2022 16:20:37 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 15 Mar 2023 02:23:50 GMT

GET
H3 200 0e882d2e9d695c89581c4d3d88957eec.svg
s0.2mdn.net/sadbundle/2753383143326280557/media/ Frame 1C31 3 KB
990 B 21ms
17ms Image
image/svg+xml 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/2753383143326280557/media/0e882d2e9d695c89581c4d3d88957eec.svg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/2753383143326280557/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8cca43627e4d80bb78c2437c793b99da78310efaf2d7f6d041671c73d3a693f3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/2753383143326280557/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 23:00:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 39689
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 961
x-xss-protection: 0
last-modified: Wed, 09 Mar 2022 16:20:37 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 14 Mar 2023 23:00:32 GMT

GET
H3 200 46a20774c1da411f51bca4b8ca9b3774.svg
s0.2mdn.net/sadbundle/2753383143326280557/media/ Frame 1C31 2 KB
751 B 22ms
17ms Image
image/svg+xml 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/2753383143326280557/media/46a20774c1da411f51bca4b8ca9b3774.svg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/2753383143326280557/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

475316d3002b7bf04d39e01825b8443b2748411e616908cbc2a87e49faa1f1ef

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/2753383143326280557/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 18:51:28 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 54633
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 722
x-xss-protection: 0
last-modified: Wed, 09 Mar 2022 16:20:37 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 14 Mar 2023 18:51:28 GMT

GET
H3 200 41086e9e644dfd6edb1dee1a27276fbe.svg
s0.2mdn.net/sadbundle/2753383143326280557/media/ Frame 1C31 1 KB
518 B 22ms
17ms Image
image/svg+xml 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/2753383143326280557/media/41086e9e644dfd6edb1dee1a27276fbe.svg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/2753383143326280557/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

06e0e91a01af508f9eb830feafe8dbf0b381e0333ce3667489e6cf48809c927b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/2753383143326280557/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 16:29:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 63172
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 489
x-xss-protection: 0
last-modified: Wed, 09 Mar 2022 16:20:37 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 14 Mar 2023 16:29:09 GMT

GET
H3 200 edab4929a40146fb821d586457d137e6.svg
s0.2mdn.net/sadbundle/2753383143326280557/media/ Frame 1C31 5 KB
2 KB 21ms
17ms Image
image/svg+xml 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/2753383143326280557/media/edab4929a40146fb821d586457d137e6.svg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/2753383143326280557/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e5c486bf7d530918b59fe569c9b232ff2356ec265bdd25c3977a4dbbd9da123e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/2753383143326280557/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 19:01:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 54052
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1633
x-xss-protection: 0
last-modified: Wed, 09 Mar 2022 16:20:37 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 14 Mar 2023 19:01:09 GMT

GET
H3 200 756d757e6528c3a0a9338cc41f9a61b1.svg
s0.2mdn.net/sadbundle/2753383143326280557/media/ Frame 1C31 299 B
262 B 27ms
22ms Image
image/svg+xml 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/2753383143326280557/media/756d757e6528c3a0a9338cc41f9a61b1.svg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/2753383143326280557/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

572bc0584a0476c0e03db0b475dcf119873378e8e950ddd66ba027264432f2b2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/2753383143326280557/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Tue, 15 Mar 2022 01:20:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 31308
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 227
x-xss-protection: 0
last-modified: Wed, 09 Mar 2022 16:20:37 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 15 Mar 2023 01:20:13 GMT

GET
H3 200 9c31fe11844006970ffaccbcad1fd41f.svg
s0.2mdn.net/sadbundle/2753383143326280557/media/ Frame 1C31 4 KB
2 KB 25ms
21ms Image
image/svg+xml 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/2753383143326280557/media/9c31fe11844006970ffaccbcad1fd41f.svg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/2753383143326280557/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

43a9a2154c658cf0a3a1aebe3d5ce4ea817564fc27e85b90f2651cf46f37deda

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/2753383143326280557/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 21:04:50 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 46631
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1712
x-xss-protection: 0
last-modified: Wed, 09 Mar 2022 16:20:37 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 14 Mar 2023 21:04:50 GMT

GET
H3 200 20cd3c9c87a3dcad42074ff89b4391e0.svg
s0.2mdn.net/sadbundle/2753383143326280557/media/ Frame 1C31 8 KB
2 KB 26ms
21ms Image
image/svg+xml 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/2753383143326280557/media/20cd3c9c87a3dcad42074ff89b4391e0.svg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/2753383143326280557/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

16dde9a1942cbd39c1f882ebd1e6f3768b933c64051c589feb1243c4fcd050ba

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/2753383143326280557/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 13:25:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 74190
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2458
x-xss-protection: 0
last-modified: Wed, 09 Mar 2022 16:20:37 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 14 Mar 2023 13:25:31 GMT

GET
H3 200 ccddd80afeb32369f13a2e1a87086966.png
s0.2mdn.net/sadbundle/2753383143326280557/media/ Frame 1C31 2 KB
2 KB 25ms
21ms Image
image/png 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/2753383143326280557/media/ccddd80afeb32369f13a2e1a87086966.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/2753383143326280557/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1b78344a18cc46582ecbd6c65057aa0d36c76a8f2d9d23a738eba4a905f27a51

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/2753383143326280557/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 21:45:34 GMT
x-content-type-options: nosniff
age: 44187
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1855
x-xss-protection: 0
last-modified: Wed, 09 Mar 2022 16:20:37 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 14 Mar 2023 21:45:34 GMT

GET
H3 200 d4759bcbd6e2fc771310419f7fc638e2.svg
s0.2mdn.net/sadbundle/2753383143326280557/media/ Frame 1C31 921 B
432 B 27ms
22ms Image
image/svg+xml 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/2753383143326280557/media/d4759bcbd6e2fc771310419f7fc638e2.svg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/2753383143326280557/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1cf6723bc6fdabc360afa8360ff6fa68bbaf5678344c2ef5367019c1c68f9e39

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/2753383143326280557/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 23:46:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 36954
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 394
x-xss-protection: 0
last-modified: Wed, 09 Mar 2022 16:20:37 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 14 Mar 2023 23:46:07 GMT

GET
H3 200 2b6305a7c8bdb2e12dccb485473bf946.svg
s0.2mdn.net/sadbundle/2753383143326280557/media/ Frame 1C31 333 B
271 B 26ms
22ms Image
image/svg+xml 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/2753383143326280557/media/2b6305a7c8bdb2e12dccb485473bf946.svg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/2753383143326280557/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9d99d5dc2e523d10581441a4c4de7cf29527063bd6c1198f601f863ceba76913

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/2753383143326280557/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 21:05:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 46602
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 234
x-xss-protection: 0
last-modified: Wed, 09 Mar 2022 16:20:37 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 14 Mar 2023 21:05:19 GMT

GET
H3 200 563d35e070b536fe99ac6f90cc143021.svg
s0.2mdn.net/sadbundle/2753383143326280557/media/ Frame 1C31 262 B
226 B 25ms
21ms Image
image/svg+xml 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/2753383143326280557/media/563d35e070b536fe99ac6f90cc143021.svg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/2753383143326280557/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4f824255471c27fa4d1711fb3dc95cd1abb01d4267cddb88a80da9de0ad9e568

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/2753383143326280557/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 23:00:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 39689
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 190
x-xss-protection: 0
last-modified: Wed, 09 Mar 2022 16:20:37 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 14 Mar 2023 23:00:32 GMT

GET
H3 200 14e32be1039d7747a8b5345c4a4b813f.svg
s0.2mdn.net/sadbundle/2753383143326280557/media/ Frame 1C31 764 B
482 B 27ms
21ms Image
image/svg+xml 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/2753383143326280557/media/14e32be1039d7747a8b5345c4a4b813f.svg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/2753383143326280557/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

bb609adfb919b1b06ba838c242ceeb6351bdfd1917ac381e841b3c68c107fd94

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/2753383143326280557/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Tue, 15 Mar 2022 00:24:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 34627
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 444
x-xss-protection: 0
last-modified: Wed, 09 Mar 2022 16:20:37 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 15 Mar 2023 00:24:54 GMT

GET
H3 200 0cde5efc0567bcab21474422961ea657.svg
s0.2mdn.net/sadbundle/2753383143326280557/media/ Frame 1C31 904 B
409 B 26ms
13ms Image
image/svg+xml 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/2753383143326280557/media/0cde5efc0567bcab21474422961ea657.svg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/2753383143326280557/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ce4076cd760ba035ee9d326f3a1bf9157dfeac50fb058a9aedfe53b2fd10ad91

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/2753383143326280557/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 09 Mar 2022 16:21:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 495627
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 371
x-xss-protection: 0
last-modified: Wed, 09 Mar 2022 16:20:37 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 09 Mar 2023 16:21:34 GMT

GET
H3 200 e2b684e2986ea6141e36de2511a816c1.svg
s0.2mdn.net/sadbundle/2753383143326280557/media/ Frame 1C31 1 KB
636 B 29ms
9ms Image
image/svg+xml 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/2753383143326280557/media/e2b684e2986ea6141e36de2511a816c1.svg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/2753383143326280557/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0aca9d549981e9a27a786545ba75fed3bc70738752aa299e95af6669f199464a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/2753383143326280557/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 15:45:04 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 65817
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 598
x-xss-protection: 0
last-modified: Wed, 09 Mar 2022 16:20:37 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 14 Mar 2023 15:45:04 GMT

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame 9479 0
9 B 13ms
12ms Image
text/plain 2a00:1450:400e:80d::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?em8rCQ
Requested by: Host: nets4.com
URL: https://nets4.com/domain/secretofthieves.com
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:400e:80d::2001 , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Tue, 15 Mar 2022 10:02:01 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame 76AD 0
9 B 12ms
12ms Image
text/plain 2a00:1450:400e:80d::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?Ppvb3g
Requested by: Host: nets4.com
URL: https://nets4.com/domain/secretofthieves.com
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:400e:80d::2001 , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Tue, 15 Mar 2022 10:02:01 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0

GET
H/1.1 200
OK 69250fcfc588cf5d562560cf28a612b4 Show response
pv.medialead.de/trck/epv/ Frame 758C 927 B
1 KB 119ms
83ms Script
application/javascript 145.239.193.130
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://pv.medialead.de/trck/epv/69250fcfc588cf5d562560cf28a612b4?subid=12485700074866400383828011899030&ctrack=https%3A%2F%2Fad30.ad-srv.net%2Fc%2Fcjwhpb02zwve9lo%3Ftprde%3D

Requested by

Host: ad30.ad-srv.net
URL: https://ad30.ad-srv.net/request_content.php?s=12485700074866400383828011899030&a=d5ddb445

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

145.239.193.130 , France, ASN16276 (OVH, FR),

Reverse DNS

Software

nginx/1.17.5 /

Resource Hash

fd0b0f5c8eaa2035901d30cb7b236cd9f77b01f7f3d5838cd33d23d0fbcf38d5

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ad30.ad-srv.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Tue, 15 Mar 2022 10:02:01 GMT
Server: nginx/1.17.5
Host: pv.medialead.de
X-IPLB-Request-ID: D9409720:968E_91EFC182:01BB_62306419_D1CC8C3:F725
X-IPLB-Instance: 40027
Strict-Transport-Security: max-age=15768000
Content-Type: application/javascript; charset=utf-8
Cache-control: private
Keep-Alive: timeout=20
Content-Length: 927
Proxy-Host: pv.medialead.de

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame FB53 0
9 B 13ms
13ms Image
text/plain 2a00:1450:400e:80d::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?FglEzw
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:400e:80d::2001 , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Tue, 15 Mar 2022 10:02:01 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0

GET
H/1.1 200
OK viewability Show response
ad30.ad-srv.net/ Frame 758C 0
150 B 35ms
12ms Script
text/html 136.243.149.243
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ad30.ad-srv.net/viewability?s=12485700074866400383828011899030&a=c27a9787&vb=m
Requested by: Host: ad30.ad-srv.net
URL: https://ad30.ad-srv.net/request_content.php?s=12485700074866400383828011899030&a=d5ddb445
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 136.243.149.243 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.243.149.243.136.clients.your-server.de
Software: Apache /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ad30.ad-srv.net/request_content.php?s=12485700074866400383828011899030&a=d5ddb445
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Tue, 15 Mar 2022 10:02:01 GMT
Server: Apache
Connection: close
Content-Length: 0
Content-Type: text/html; charset=UTF-8

GET
H3 200 1f919b0412977966595ef751686a6826.svg
s0.2mdn.net/sadbundle/2753383143326280557/media/ Frame 1C31 4 KB
1 KB 32ms
13ms Image
image/svg+xml 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/2753383143326280557/media/1f919b0412977966595ef751686a6826.svg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/2753383143326280557/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c24a4ad3d4e23f8037feb38744e17fabeb0c2d3b5714c049d091dfc5f6811280

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/2753383143326280557/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 23:00:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 39689
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1396
x-xss-protection: 0
last-modified: Wed, 09 Mar 2022 16:20:37 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 14 Mar 2023 23:00:32 GMT

GET
H3 200 16e2073035968668e0268512ee5031a5.jpg
s0.2mdn.net/sadbundle/2753383143326280557/media/ Frame 1C31 17 KB
17 KB 29ms
17ms Image
image/jpeg 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/2753383143326280557/media/16e2073035968668e0268512ee5031a5.jpg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/2753383143326280557/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

bfd1106b87f96ff783e71e722d5ea8cd707006bca6b293d2860c20e03cf864e0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/2753383143326280557/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 09 Mar 2022 16:21:34 GMT
x-content-type-options: nosniff
age: 495627
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 17252
x-xss-protection: 0
last-modified: Wed, 09 Mar 2022 16:20:37 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 09 Mar 2023 16:21:34 GMT

GET
H3 200 hbjI8xylHpjavQyfdphvo41Bfdkh_RgUM1b0sbpcRZI.js Show response
pagead2.googlesyndication.com/bg/ Frame F363 35 KB
13 KB 11ms
10ms Script
text/javascript 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/hbjI8xylHpjavQyfdphvo41Bfdkh_RgUM1b0sbpcRZI.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

sffe /

Resource Hash

85b8c8f31ca51e98dabd0c9f76986fa38d417dd921fd18143356f4b1ba5c4592

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Tue, 15 Mar 2022 09:30:54 GMT
content-encoding: br
x-content-type-options: nosniff
age: 1867
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13728
x-xss-protection: 0
last-modified: Tue, 01 Mar 2022 17:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 15 Mar 2023 09:30:54 GMT

GET
H/1.1 200
OK viewability Show response
hal900028.redintelligence.net/ Frame 127A 0
150 B 52ms
18ms Script
text/html 88.99.165.19
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal900028.redintelligence.net/viewability?s=67083300076119400710612011899028&a=c6746765&vb=m
Requested by: Host: hal900028.redintelligence.net
URL: https://hal900028.redintelligence.net/request_content.php?s=67083300076119400710612011899028&a=1839b5aa
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 88.99.165.19 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.19.165.99.88.clients.your-server.de
Software: Apache /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hal900028.redintelligence.net/request_content.php?s=67083300076119400710612011899028&a=1839b5aa
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Tue, 15 Mar 2022 10:02:01 GMT
Server: Apache
Connection: close
Content-Length: 0
Content-Type: text/html; charset=UTF-8

GET
DATA 200
OK truncated
/ Frame 127A 43 B
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Content-Type: image/gif

GET
H2 200 view.aspx Show response
pb.media01.eu/ Frame F251 0
629 B 209ms
142ms Document
text/html 88.198.250.30
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://pb.media01.eu/view.aspx?trackid=529D4F146E3238B0FD87AE72E1190AD4&dt_subid1=50099&dt_subid2=12485700074866400383828011899030&actionid=981741&produktid=&dt_url=

Requested by

Host: pv.medialead.de
URL: https://pv.medialead.de/trck/epv/69250fcfc588cf5d562560cf28a612b4?subid=12485700074866400383828011899030&ctrack=https%3A%2F%2Fad30.ad-srv.net%2Fc%2Fcjwhpb02zwve9lo%3Ftprde%3D

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

88.198.250.30 Hamburg, Germany, ASN24940 (HETZNER-AS, DE),

Reverse DNS

static.88-198-250-30.clients.your-server.de

Software

Microsoft-IIS/10.0 / ASP.NET

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://ad30.ad-srv.net/

Response headers

cache-control: no-cache, must-revalidate
pragma: no-cache
content-type: text/html; charset=UTF-8
expires: Mon, 26 Jul 1997 05:00:00 GMT
last-modified: Tue, 15 Mar 2022 11:02:01 GMT
server: Microsoft-IIS/10.0
p3p: policyref="https://pb.media01.eu/pb.media01.eu/p3p.xml", CP="NOI NID PSA OUR BUS NAV STA"
access-control-allow-origin: *
access-control-allow-credentials: true
x-xss-protection: 1; mode=block
access-control-allow-methods: GET,POST
access-control-allow-headers: Content-Type, Content-Range, Content-Disposition, Content-Description, X-XSRF-TOKEN, X-Location
x-aspnet-version: 4.0.30319
x-powered-by: ASP.NET
date: Tue, 15 Mar 2022 10:02:00 GMT
content-length: 0

GET
H/1.1 200
OK Postbank_Autokredit_728x90.gif
ad-server.eu/wm/pb/auto/ Frame 758C 30 KB
30 KB 199ms
58ms Image
image/gif 54.76.176.197
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ad-server.eu/wm/pb/auto/Postbank_Autokredit_728x90.gif
Requested by: Host: ad30.ad-srv.net
URL: https://ad30.ad-srv.net/request_content.php?s=12485700074866400383828011899030&a=d5ddb445
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.76.176.197 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-76-176-197.eu-west-1.compute.amazonaws.com
Software: nginx/1.4.6 (Ubuntu) /
Resource Hash: ad9e9cd2805dda878347f2e588f938c0ffeb92b2b4eeea7b148b86bf7bf356e0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ad30.ad-srv.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Tue, 15 Mar 2022 10:07:35 GMT
Last-Modified: Fri, 14 Aug 2020 12:20:34 GMT
Server: nginx/1.4.6 (Ubuntu)
ETag: "5f368192-787c"
Content-Type: image/gif
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 30844

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 879E 42 B
64 B 52ms
38ms Fetch
image/gif 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsuu5VdT4Z06uyItkJ2qQzRCb3wE55pGELYuDrGu6QSpWDV1vL5x1XXUWxtaERq-0UVhp65djHY-vSpasZd_H87FYTItt--wyw3qCzdpbselBnfzkC_V7Q&sai=AMfl-YR_UbzjRQTVTsKQMUrTFADnsvfz-iLoRqyZdRFI4d4WuOxqz5bDpG15-HSYFDpN3JNGOS9p_zniE1Zij06xviGBVggQZ3IlITftGrBaQsg462kM520h0KiCRSs&sig=Cg0ArKJSzNV39QVmofbnEAE&cid=CAASJORozE0oAIkBkvqIHh8zU-KujC_ZQyNFNDxqef6THrXw_DZt6Q&id=lidar2&mcvt=1105&p=939,1289,1207,1589&mtos=0,1105,1105,1105,1105&tos=0,1105,0,0,0&v=20220314&bin=7&avms=nio&bs=0,0&mc=0.93&if=1&vu=1&app=0&itpl=20&adk=2992467494&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0%3D&vs=4&r=v&rst=1647338520022&rpt=671&isd=0&lsd=0&met=mue&wmsd=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://e18af829038623fb34c15b12baca7053.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 15 Mar 2022 10:02:01 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame 879E 0
23 B 55ms
37ms Ping
image/gif 142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjstRDySjaBYB0QOml_pOXBl1CJRRLSdcozURlnWzBCa8N4Pk7OrOnBd0hlrJ1fFxECSi2lBdNc4LjEeD1AjQqj_rw8mqBGTPI4EO-LeTB5CUUbKFpWvdVGmMo_UD0tRO4cMdw2rhLCjtnius0L4yrTOMseJ33g6vCGRBN__v49c0SnmEyK7s5V6oL3wGSvohI9LoIj0VBRCVGTVr0VDCYFrPpUGgBU2EGtfixocs9XWns3l4H9A4mSm8lZ0D5aSCaTCXJImUczrtW7xCuke-JbWQM9YoPQfiD9OSXjszd6mgO0LRcrzMFkcKSKcVM3pY6GXK70ypbYXkJYj-INo-zfahkIZw2fKCL_R0VXHX36yTYKq6T4q1U7iEgFIl5BcrAKBLHxTSlUAuLRP1A3AaEEqvQKOPI4vZF0JtBA6kmYRHJFiWAFKLXeUT0woxAbCI-Q_IyHJB1HnCCtc9hD1tfGpF79geGGevpuVJvNyxvRgxbeTt1ibc6RvM8vfjvlgwLCXT_jsS6REU6hnR4OjcesZ1u9nYoaVV3cFtoKE0LK_SApE3oCmkUzxDsJlsyi4gN0bhzPoxOYinpq8-UDNJa7EUwAM7reGkaN9n98ErhphqCtxbikSIEREOVWcT9JwPRsElTzxXbgGIbNNjgCCh--A76rQ2JXRtom0pCvuG5DPH9m0NQS__949RhYo3aaboFWgBW5u9T0Ud2C96kmhJiiat_FXfZ2EkYFsbNcSFdEsKd90UvYRFpE-aQzWsJyQmNHLHTh5Wp80DUvIzYSojbDVyN-dHMppDusfIMFFxVeFnWLEps0-vSVRmsla8vVnOKoUx-QBFvOZBgF_d1mt1FseUcdiapa5NoymCCrDZ38xbMtEbVekvpIlmpvlHGsb04q9-PSiOo4AvFhGUT5bR-oEw9xZkqF8a-hM6NMZOPQPy8qvwdAdPF4BKlTPo9HK1rDwuwzGUfbEFIxXINs-afKIQFMoTsxgczbmzo_2LUUppAx_qDuLW5eQnn3osk9UcMM5v5cSdOYSOWBJjW-xkAvAwmke_0oI2G8lInqeXjufzZ0lJUi3wPj43TuES9gRy20A7W-0v6k-B1HEE6qQDW8JRDlH6UEWzPoQkZZVhrLthgSMaUIUBtDr9vC8Tq3ReFr09sQ3oXfPRq_IbM4K-P7IxIF7HOgpM4Y65hZWihx2pdRP-QaG5C00l12-R&sai=AMfl-YR18y6_UY_cT536wMVrlFeCsRqdh5-YgBUZz1o1KbKumvcG9O5dEqGgfxFlT_3cbpx64f9rsXM6z3V7N8JOfHBdjrmdRyAEsyWlTOzB7swoo2pRV9n3caooxuwstcGyo0YaJ_4P5T8PZ2Qsf9b9QSjxKXa8YwCP2bNTZVIJISol91XaxWYJJIL9fy6LLDMwDAVt0QL8ZLSxzvEomsT6L8xR_Uzsu8amky93bqgMK91AWMmxnorhv8wy7qx5ga4fARAozg--UyCJShl7J50QVzEXRzsCtkPE-9aK79U&sig=Cg0ArKJSzLPAR7CAMJDCEAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=1668&vt=11&dtpt=1292&dett=3&cstd=367&cisv=r20220308.50177&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&adurl=

Requested by

Host: nets4.com
URL: https://nets4.com/domain/secretofthieves.com

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://e18af829038623fb34c15b12baca7053.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 15 Mar 2022 10:02:01 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 8440 0
24 B 78ms
40ms Image
image/gif 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=225&t=2&li=gpt_2022031001&jk=1306574979629182&bg=!ERKlElbNAAb7UztL-1M7ACkAdvg8WpztRR2OvgTbQQwPp-Pccas4VoWX0ja1PCAXvdINZjeNN_gj1gIAAARLUgAAAAFoAQeZAu6dpBsH_PY0c0GGnoVPzWI6EDFoJ_QUPB2MIYdk_GN0Wxy73KbWPCH5-wOHrheKsGukoBiR-AJyRvYiQC40FaJlfq6ZF9N1x6gAjIj7sd3LOJMCLUoHynwgl22tJEZ8oGzBwR71qFklGIobEEwT4-9_R-YqQ8f1s3LiP9NSHWhWQJj5xAQWwXHwvP8lsn6MC-416kabixv2efWP37nY_6uibWlR_7PL3yS-g5lIUyIMDr8N1Y-31I9i_MkJb9devC8sGzKEsBgNN5_bh02DOefhiMK_pViRFKPxTQAXOD0tA4q2nA46GBcTW7t1YoodECNgE9nl4qP-EmQuq_wTA0m32l5HQpyqsiYLWLbYXtiLIDwCkrH-yfos2YpkOjIiHXBLZIur28d7OyRA3D9FHylMAeR2nsHfSTXtfnch5U3lX28cekpwCY545x68Cl5EVX6mqY7MyhApmYomg4M5_dNG_PM1u30n8remXczcc8latIREMMnRUhCDR4KJnd3NVz_qAqcZMvRDd4KFpYKu5dpdRI4CsFXup2PSY6RNc0vVoGmAdIjDZcqNZSu-zhWcrN2oON4U5bYj-PI6ahfnkshBt_VjAb5tOwLAPW9EnWNPrBiH1GMUTvnNtbGG__w-EQ2Fj0KteA2AYPqRICVQcFFZk288-uQnwzZhk0iZpoylvfT--T9DmiW5Sv8_tKi5KDavIfs8UeJ9JXS0yBW_X818haGKpu6TjRuRIDoYE5E4uGMlBX6VwZ_A-2dlNOEieytzqZ5eTEsR2b6wQF7XqAv-4H-H3wgBXnMrCxtKvYXTPQtHZygTQ-Pr-toUuqsmbRh4l5u9DskxobHQglobn1__YyWkf_UOc6knuNpqj2DkJw1N6BuU50wJ5iJnDiKH7HXJXSUTQ8BnpM-2bA2GGvK8Do0ZgeEWjSSTUfhpcV6ubbzr5cd34evCxbHztmgqirJ5w9iV1poX5GO4fuCh1oda__ieTwolPPOMVceFr2I

Requested by

Host: nets4.com
URL: https://nets4.com/domain/secretofthieves.com

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 15 Mar 2022 10:02:02 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 833C 0
24 B 76ms
33ms Image
image/gif 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BHUQRF2QwYvPnCc7X7_UP-M6DmAEAAAAAOAHgBAI&bg=!Li2lLWnNAAb7UztL-1M7ACkAdvg8Wi_RDwBcF9QmfNhC4LR9FJDOt-rUQtVoMru-dZUCLBtcy1syuQIAAAVlUgAAAAxoAQeZA0PCuUu2RkJObhGXsIWN3LNRPD-tduX6CHAtKlcplkxfIsG2WVqXNWNF3oi4vAFZa3OZnXkYBdDuPrSKRZrZ7IjrCP0IxVrtduOOzkgAF8lzPZxVmcQAUeUwl3UNi7skgLs34Z_jmQX8N0fs948OQMsdzKYASVe8I5vfTvkLpA5BpJN7SlUI1ySmsyzH2y1rlU-wkEW9aNrqojvkkbrrrhyQ3YF-bJDwZrvf5rXNUFrG4HCONtx8bAGDqqWiVh6okB7C7CpO0IyA4FXcSp-ygxYXHUoHphU6A2sm5EiGCWpZdm5gN7UFLk0xc13XPaPz1C3P9NdD0M487cRQzCgXXuCPsJAICJ-6Cjlcef-46xQGn-1xi2WJtJum-wM5P20usx7VuRypKBVU6BhLkgA4h4ey0mmjBkcDdRHj6Y5zQa8sc_z_KF83Lsphj83YzCDvMuQ6PBdHCzLqneo-E9ErjMUOYBtm3ywij85Xa-34xnXj2N8sIFnxoMnQ8kgcOMDr4cqor61ktISGRDmW0X1uXCYx5DEKDT_gHbeyAZ8rciR9LlKLRALV8f92UVBO5nao9wUmu45OPB4mlLn1963mm7VvBPGsgpjiry2fdHhssxj79XthIsgz_eH8WbHWJGn73TmoLY6ruDbwbeNQRR9-xVm5F7GyyLQbDLZaunDFlyiK4WN72VVd8R-1rHAURysNsv6bDKhV7gcWDQ92M9n_IKp5QRw3f4zIDounH6tUJ-M6Gel4IORQPVTWu9AoKEG06OmTGmJHjH4sdzMPwDceFljv5FYXG0Y_Tmrj_lZjPJqKhfNkd_oizREstgpl4gNObsMc9bFXhTfJwxlRDd9k8ZbaA-trEzrennpKA80a2pA4aUz7qZNDy-OZFFkYmBmG7KhnCm_P_55wWL2I46GfwFwsoHtjSsBe2P0mRnNvJkGaRIql4Ae2hTVBbavUW_irPuABCA45UZ_CgxQiSJblxVYp7pTxVbPBagEzjJRCVWVPkahve8tvkaqJBqtBnZO99Ir3DSRf1ySkP0f-EEHJ0VirBqnngLKosMaLxG6avVFWTsMwoPVj-ILk9gNQTrLfiyw_4uNkq1VLB688vImtQQgLzQvC

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 15 Mar 2022 10:02:02 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 24DF 0
24 B 32ms
30ms Image
image/gif 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BX0xlF2QwYov-B5GOgQfSoIyABwAAAAA4AeAEAg&bg=!29il2JzNAAb7UztL-1M7ACkAdvg8WrdK5BoTDLYAVuXM7GgJAlm8Y-bxDPNgTHsK7Vt1lXevYRe2zwIAAAXzUgAAAAJoAQcKAEZnnx3-08Kp1JfGqKhV_KpOXXpW8tuR7OjLUulgmjSwXwfI2EocYQnR9D_pF304C56z5LWSADouaXjuMqnBErbQZlkvQnJmmQNDjc_h9SY0tr6oyCdar42LYhZO6gaUnW0IKClZzRpKPRgfP9L9iYVWjKL9U2zHQomacj8shABgLg2d46NwXJrT78IMDQfJkNAmbUrcU3ayQFHc4P0pKhgnYEoqS2C48avxGMK7-9ifxEuvDaPIqRStyt08wkQNTRbZGJT4-1gzK0k6sWjAl6zB1qqUzEjo3GAxsOvx3g23XEYmEKO9asUhdUwaqO-1AeiOuK1hqVefkexuGslkYLd0SREER7wG0gOnosmn8kdnLkArkTiXAATJvyA-Lsh6NimLeJN9FnQocHkUen9_pJ9vp64t90rcSbNbqVgiIVC1g__bF8zZqG0xhY1KQd9xKhGcM18D98HR3NDt4jZjmHhFvo64nSSMslnHOD8JBA0AiLzmNDY_wVk7jIilD3qQR95Zgg44-iBhiOHdCngoJ-4X5eh3AOawZeKQlzbmUsfFIfsO6VPSFZ9LvDYTMpnr7MwmwYDfjVobuX-f0WZLlTpyOqXQPdeymekCrHoF3zL-LLLbMqE_FOZDYlhKwHmnOY0cBOnorsjd1mQwnhRJdSpWO2HWT19MnX4J8ua372SWUg_LWyO2QzRWUvPfnl1ftVjXm-51WZeRyt0H4WXQmGjyMEiW9Fiho0M7ZjHNirNeqtesvSEFcZsamNJ_1cs2ZmttYgE6qQVmZOyMvHZ8EApdPoFxt7yTX9BpYaC-S_ZuxRwLZK6-XMUvvOCBrQUNr97bHQU1OXRtLgczQ_hU-Mqdt92GWgaYnsVR9kE3oTTN7-3589-ywj6GuhUbl6-_vqtHK4GY6EneIpXcom-BdQ-XWwJgllgH7oXcIhc-TmU5ByE0xVyUU33CdICvqcEUrDrG7EiodK41uA_JWXe0Ne0nB8XrQAlQsFr35il1rBR3bjEAjpN2bt6RsV88QEjnEeij_qapOyoYTz7wfAWNYpfze_cWxkU7YcX6hovyeLEvOtbAJyZID_RUknFl8gcpJEKYw42ra7x61P-LaMqIjGvJd713oECYnK7W9ipX_-qHsKG2qbHLS1kynATsXelDEp7WqyRRoudH4vXobD1l_4swp2Xb27KaOo__dTd0JlRGELTSecd5OQ06i5yGDw

Requested by

Host: ab1a7e5300227e43b7d9e5ad573fa091.safeframe.googlesyndication.com
URL: https://ab1a7e5300227e43b7d9e5ad573fa091.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 15 Mar 2022 10:02:02 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 up Show response
insight.adsrvr.org/track/ Frame 7BC5 0
182 B 100ms
32ms Document
text/html 35.71.131.137
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://insight.adsrvr.org/track/up?adv=4qqx4oo&ref=https%3A%2F%2Fnets4.com%2F&upid=t9831l4&upv=1.1.0
Requested by: Host: js.adsrvr.org
URL: https://js.adsrvr.org/up_loader.1.1.0.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.71.131.137 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a6370ebea231e0c9a.awsglobalaccelerator.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://ab1a7e5300227e43b7d9e5ad573fa091.safeframe.googlesyndication.com/

Response headers

date: Tue, 15 Mar 2022 10:02:02 GMT
content-type: text/html
cache-control: private,no-cache, must-revalidate
pragma: no-cache
x-aspnet-version: 4.0.30319
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame 79F2 0
9 B 19ms
18ms Image
text/plain 2a00:1450:400e:80d::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?-5jaHA
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:400e:80d::2001 , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Tue, 15 Mar 2022 10:02:02 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame B25B 0
24 B 38ms
37ms Image
image/gif 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BcSJ9F2QwYtvgL56C9u8P75uagAoAAAAAOAHgBAI&bg=!cXKlcjbNAAb7UztL-1M7ACkAdvg8Wtd_8SrvDecXxHn7BabUzZ4iBZ2DNoSa4LQzJf7CntbCjJ52wwIAAAQ5UgAAAAJoAQeZAyHcA1WGadrxMXUA2MGlelKpGq3r2wL1LK8HrULVZf_jfyKmpIp62mkB3M_o8j_g71Y9u3pmp4OTgSPWbH2wqH2z0-4aTu3n5gOqIJw-ZtiI4ssJKoTFzuiPww_ztWUmfswSduX49PvUs0YKsx1D7s_xxJHMffZeGPjZC6QV16F-_P6ynvRGtuXVP-BGeEr53E0lufD9NRkcQFPeQoKI5EuY9Kws79bYCcUQq0DyMRR83GoqsFgRrWEh6H4lvM0uOUIqUfNn3dKnUU9bCvZBeh8pSvcCbEfmpQ9lUJEz3H2zHprz-KElHOApPW93jVaHb1yoSKorOEPf03hZ03Nw1_T9UnswfiWEtJzReFS9OIiSCbvYbOSMsBzR5eSspsXXjh5hZUyKVmh5qbKEsFpp9r0WAuqu6xbo9VhaW1JpYfHLKIyaRWoELaFVg-7xA4XscLiqOzyt6OZLaxgZobcNbGOwQlyBv7eZsdKk-7GMf6QxZypAAtWskNMglWD5o3ePJmtl_hNeakRXSUN66tqMfWRTiLVQk2xMj0bdUmXjfJPsOWi-5LaywuhvBNlv0W1tk7urjXRIX3ZSSD05jxoKv9QA1uUmbkDZE79YFgiy-YEMKgavmhZglQzcO2VejOsCehxvhVmPa03yWLl2h8hhxL8kFZcEeMzdWxOZG5SJA7BPSXUlegf3fdY3kfmhLe5-lDfqT4rvGLJa-NPSP4kqToiQUxksoszIgC28Q6Jc9G9ZYhtxhH1rgyBRcWW_u6aPXibl6pHFVZYiANIgX-nODDSmVkdj1gRAjX7p-vmMVUx7MpI0D9F-jx7WRB8otOIX3mPh4QQgVli5rbZgdH3w503aI4PK_oAB6WxDmWxhQxlaNJsFM_gkRENkSa914eYwxbL9ACqvCYVEcAe4MjTFOEIGL-QS5MWjzuxvZuWL7lR9PYyyl5Sew4xTbPheX-yESJwwuGo1YUhhQ5uUtTkPMaktzEoPsfG9c0n-GzSv1t2cUq_6SxOshC52Ps2R6Fk8-rmxFnfN3E2NCfSwM3ymYam9g7exqnhc4UXtCFVDdsiNgks

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 15 Mar 2022 10:02:02 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame DADC 0
24 B 31ms
31ms Image
image/gif 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=225&t=2&li=gpt_2022030901&jk=3772867770963712&bg=!enmleT3NAAb7UztL-1M7ACkAdvg8WqEsxnU34rR5J77giV5Dhoa32IXkCeiHs1eKAQf1SLu-dwVa5wIAAAYoUgAAAANoAQeZAucgTih8Eg_iVnuQDY4OnuQPndW6dFoNypdlIYOJg5T5630uzM7_FWr662_Tu9EOG9ZYM2v2hlNo7LChO7qBjYAlfmpxyVT8b1no_dtxKtr7Q1TVo8oCHHgr4fqJzhIW2LWP1nopBFqHSsDOCKeN8QN-AKJIMzvqnFrUm9_4x7iaVvlXLnY_9TxFZVQzqLZ9MPkOzdXmqQMFmSWg3TV7rxE7zrZqywvx_B2vZgMPEvidZIhTWmWZB5x6OMqLSMaxviVtL5-bLPl2jYRoaFCN48seHwMWzOsTozDKzSlojdA04wvL9ysDOwXiOJM522xDhLblkUcxrnk67cB_NNMq2kyngKgvY9ZpD6OiiSSVvb_e-botHFpHpszRpwICm6bA3wgJN9A7oaX5cjM-oW5ZWGk1mbUjSevCjWjgoxbeHirxvwC9GNlK3zkGgdsnIm_2foMK-67t-O0aeCIpPZOIAjHKEcKweAKg7z4bBqzubYjBMD9coiutXuy3n3WKBdAJKCUvesJaizubgh9u16gNRheAiTXJzYRXCm-8k9rR305kuXqsF3D-9lkf6Hs5Avqd7Kn3IUm0_ECicTxvOSFB6X2w4WMxTGoVvFz2eETa-JlN5ewsdwkwSvxDIw-8apbtoEdz1wUT2gH8b7HntcBzUO4Fz_Kw0Wye2GQ1ZOOgc39xq60ANZFjdZjWjK68LxSFYLkB__6mI0f0ND-9z1XCO7YA66uFH9y3o7d7vyWAAJaAY-esXxQKJiOZx6hK-Ml9MjBK3_nQwnFiAeCJ1ghMj1e0q-I7g90ur9TEMpqZ1-n3QnTzARIlnONMifHIV6N7KgzAlRto708RJKPB_aQSpvCsMCtQ0rkhmYOq2lJ1YAjMR6iVOBLUWSkkgilzbis-wDaKM22sns1alydyKOE0cxgopQS2dZFPZejOFy8tLDtohmyu13iPebdrOg3YqSssnOt5ndJA5TBCw29ZK9mo46MavFOj8Wjx5g

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 15 Mar 2022 10:02:02 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 207E 0
24 B 31ms
30ms Image
image/gif 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=225&t=2&li=gpt_2022031401&jk=1897515287488787&bg=!WFulWx_NAAb7UztL-1M7ACkAdvg8WnKhaS0yXW7LZW0Q2jA9J5IyasY1YhNczVcivDUteuzLSzp5NgIAAAYYUgAAAAtoAQeZAs2hylnccxReKPPu82rsAF8IotQqOypNaiEDNVpY0yqkGNhoqYbItygVD1LPp4JokakhkvAT2XCTWpnYDSTWWKE6CTG_IYJrICkgJd5iZSjhUX8Oecn6Y4GW2ddKLgeyiefTvUh6hEnbEoQo_QY6coCxHYhCMf3XnX30JbM61qxxH_iapXRPvYpbKOxny9UhzQpEfRGDA_KE6Z0TwVWuv7E3TykGgrVszhyDj2eqawxfYEm34-HVJI0j7JIDvFAQitCS0EcxAPO65xZvKe2uz5MJNUc4shHzIFRKJPhSM-QGzKnX37439ChE-sceX-Hl9u-n3scqA4M8_4y06Dec90QHXNWssd7iv88kEdsvEnpiBKjFfX0Ytl2Nv8jT1qMWhjv7GIfpjEqedHysVZC3dqpxJE2vnyhqdSXw2_GaUEuNcQwFuUkzv5ADOJeO3gt7zqSR2sVXJmiR4VVdN9Wpv5ApvvEKP5a_vg8MSu7w5OHP7qBgRFRnqg2dmKNC3Nli4y2bhOkJZBUN-sZtTZnGEEnQ_Yf1iYI-ebeCpg64D_HbgoWlGzitRbqCx2N5Atoo5E0uQo24xBTVfhIFpjv3x1WfBjmzAs1MtETQx8j5MUt-3jMrSRP8wPhVx4Q0cxwqXiU1_2qTnqIm_LRjumA41GBgEzgAIAczhfI3DiM8xpZx0U2OQn4nGj7vYLnDSdP_iV8gCwUle5cUpDxCnBiQg1jWv2ExWEJLf2KtbLAJ_FBFsMHZXUaZZe5nFjBjZpKbeYFKa82Q5v-3UxChG2XY_ej9R-cnsroMbHW153W2Bt8OHwl44MK4FhZ7qUbKosvErmubRBY7B27JQGcJDyRPwntunKh86tcgUKKA9yEZsCXlmWihXWnGgfW4SmWcV9RHYM_MzDOtCmZfqfLYu3kiEo-5D7xcidXGG-oR8lCSzbCDP_A_rXcMPozJzn97NAI

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 15 Mar 2022 10:02:02 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame D732 0
24 B 31ms
31ms Image
image/gif 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=225&t=2&li=gpt_2022031001&jk=2248819705474838&bg=!CQqlCk7NAAb7UztL-1M7ACkAdvg8WrEdTMvh5Fg2XM4O3oFq0EqCMdPJ8PwKvLvqXsCUZ0JyW7sAsAIAAAYoUgAAACxoAQcKAExR5jI7X-zkKrcFQ82GcTy1hj-eq7qv7yvwhPDmK45uYmsdqdgnNc543lbBgtWCkb-HaHh3R5H7148KiakllxtkkMt9TYDVlHL7_p2UmQMIgmeRAC_pv80Xwf0XdRWwTFXLJ9_TmFhIdMIpCjmCvNRK9Pru1bUNq6z7UiVdp5u2anCJaqho3QkdxwaoKpB-PUeojpy1DN8tIWnoJ4n6RzrRQN0DrdgfXVlQpbcTOAPpvxZN0XKDDn8-C_O9fBfWQL8Yvw_-m5JlPA806vs9wRGXsQXZ_nSZvaaS511FmOq-QSDweTgc8h_OKkuQjkhEkSrW4jQG8sn19Uf83z390DzgtC6R-SDYo1TRD9G4YVs9IPSQUonQxTEHUWWshkbyhbbKBUWVbwvEqv2gGw1V-h7tnIR2hGmpXE6DLNs_Hd9oyLecdNnmvVaXtCgZdZpAvzpCZoafqhmoEJa5WLVJFFPZb_W6hFzQ9HSPK9VoCKugpggVTIvqld42Z2hwzyok_oculJ8wi9ae-0rgBGALzRfWJzPPywFMYcRgCOoQjq80gnNbOCJL9nu-r2LxeRAt8rETTsvdT6amohNdOSjUdchFPGISbeYT-xDU8qqYGmNu77LMoRqz75JFQog9zqCxQwnADeHRe0TyZngKx8jnjKAdpuhzv5O7JRU0iOGyTETDpp0q49jUpkVWs0hlShfEGWh571vXOqSQJBRBEkLPO6iznAe3vc1q3WnmFuFFlBP9eO3MWgxqQEy_eJxGC5b2EmcjQqo4ITJ5unTuD7vXtpAkrcNkfnA0VhWIJAUR-BarJETDqhtEghH5YNrFU-1QCw7OVXULaAnbqxveGt_eLFRQSjLvbrdbl8Wf_l5zIf1sVmIvrGLk5N_CwJRCFV396Yc6JSPw7mI0frSLLdN_l7mxsqijlXyVfm9zpwuXmxBZJw70VKHCdpzBwh_CouqL5YnkJVIQvMvFZMAq6IosnHKuX8prYBuwr-vSmOBHEx5yY6szwUVRD1GbtrFxK_xf1Nz4h8P4_ErDhwOps9ReNPkiuazsYrQAnpmjPU76h0BZtTDGyxLvl1j9GXGQvexkrLlFP3c6yK766AfAL6vTr2xM8xYYW2zmZV47Ncc0yedL2dwJP-K9Sm8

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 15 Mar 2022 10:02:02 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame F363 0
24 B 32ms
32ms Image
image/gif 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=Bb54-F2QwYpCqJ5OS3gPQxa2ADgAAAAA4AeAEAg&bg=!ICOlI2fNAAb7UztL-1M7ACkAdvg8Wp6YPARHcA90iE_s4O5TM49L78zb0ARWarWnNYbZBY6yLrVwawIAAAHwUgAAAAJoAQeZAyVlTMbN73SzUSRKlavwFoMLomRpB9aRWNMAHEbZbLbClDJAfiA4N3zhb5NlNu_xe8B6hrFqWh7yGsRbXHMAJLfIN8QNfONazH8C2x3vAv-QFbXBkEuzGr21zagPj-6mn2B9XCk-sMmD7dygmgXq2pR0HtpVMJ4_zfQsEouuN0EWaN-SmOLy5dba-9BZqY4bOFrJVRBSeF1siserHWqcKzMfw7_-s9N478DPs9NNiRTdLClVDQVqyRbt8aSL--O93ToYVy_qnXT30tUWRY6ve34eszJBrGDHVvd19HZImKrxHlwK_O6V5Bjm1tuQDVviA0SkILw0-DFAW_M_5lbqhsUhoC8qUcPeAYsu5J6OcTcP-2LX11Gwuv2zPF0Tm60ZaXsDv-5_g__wnja_SLXRLE0k80FXb5gaFiDUbpyU9HZsJksaH3KidnwHJc3ThGJJcGLsY-WpWvnHXl6jEsRrBl9pweOYhcuAx7dJ5Xg7K8KmWaZrljG-ZvIuE2SyHAT1goXoc1m2-DYxTsg8TJdzdHre3kPZT0d_GMP1JepgeonzIB4-7HYqvqYAWbMOgb5Anpu3sCLaoS-4gOH3bBxWHAqj2eBTLTUa6b7wwvuJzPrCm0Ls01rIV4Km51q0yoovVr2mONqrGoDJnHCGT3UHzunmxZ8nwLUI8VT96QQGm5mek_H8gSLrPxf77Y0gQgHfxqL3dzF79Sk5KF541fYQgP6t5iFTNcjtWuv66ASV53GWNG8EjI6669fs_Kn4ekRSSRxoY2fPHDly6eCOHccG8VsZyjzogAZh1DYPzg4oSaXkA18z9SQjdD0e1LTi83ef_GzX9ZFYQChLorXfPYt30_vZCrcPUrV5VaQt7cd4_DIsCTIDPIbAWLixWFnyqgZlcx9BjnJOm7aEWlUu8ntMDty7BOpYCXaa-te8GQKrZvXSZtN7imIv1z3LOInJwEQlUqCeBaRo31fRn2-sFvNUKsMrSNVjPqFGPop2loqLBCgAfCPteLULO87eq4R0LYmGdgs8vzOHgRGLiHpk6YadMNqcLEORoI4waDuyRoWLz7Gq_05eLlnf

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 15 Mar 2022 10:02:02 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 collect Show response
j.clarity.ms/ 0
48 B 390ms
197ms XHR
text/plain 20.85.30.134
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://j.clarity.ms/collect
Requested by: Host: j.clarity.ms
URL: https://j.clarity.ms/s/0.6.32/clarity.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 20.85.30.134 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: application/x-clarity-gzip
Referer: https://nets4.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

access-control-allow-origin: https://nets4.com
date: Tue, 15 Mar 2022 10:02:02 GMT
access-control-allow-credentials: true
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET
request-context: appId=cid-v1:3f60b293-70d6-4805-b0bb-3484f0a73bf0

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 754D 0
25 B 34ms
33ms Image
image/gif 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=225&t=2&li=gpt_2022031401&jk=1071917673794868&bg=!ZWalZiLNAAb7UztL-1M7ACkAdvg8Wr-zAn2rEr_QJkMRwNpk76iLeLyeE9ju60yNiqii904wtVgGEwIAAALaUgAAAAdoAQcKALci1i6e0jWTdHy4Z399I-l38NcKYSV0JdVquvgTq0bCDILtmLh4qnJTzzra18tF3ZU3QSLCD_7GA0TcwcdH81CTrFPy_Y7YwUISsihicRNmfWhtRIBCFYrGjg-COgivV-QIbueKe0Dc3oJtDEELujcA4UoCMRLEnbya0BJ_uzSXMcbyoL2zX9eP3IvvJ9MyyaMslSxA4p5TXCAN20GBnozY6APJGUxSb7C4isVCnV9zByWL-ebtlteZAt3PU40YqAm3wxJpZLno4y4gKJ052T3fDtZnuHkvaWJNseGScsiI1dr_LTgsFOAz3lOwdHrCNDEztmgHhW54AgiLNznVV_jTjyaquokUI3uG2EvRCNIZgjb3k1prErzT11fYb-kQ6LwSoBINtRxpbDH3_YJScA7jyhno-FuHwzTUFT4B_02wkH8NJU1pDgGzVGXF2g23WdoBLUdyges1uQU_D2lkW6PKhW6fWkMfY8LgQY3pfuZS4gHl7eONqbzlYaNuszYnIyFu8FwFw17FxYEY8tN-oLEnnes7tcdJbs3Ig9wLtruS3uwcphSwgCrdwcENk5mNTVD6mwQGYTY-hdC5ib1Q2xxvHdtd8Sohk_eykBERyqqVSDInJ_vaQ5jh50shHAdnslWFcR64j6SlPeNy7vHY8Wfp0fA3XPOoZ07ljmzPOHm9bjCn1cslaFxmM8dRkkabOAyVXsUU6S8Q_tUzCO0vCjeGQKFDd6YF5K4IAFf6QYZ-BODdidchry9c38SlqqjKm3a64tYKYSxQZMuNx_eCuzuB85Zi6Vyr8tBDjHCelv4KGiGw9jp15Um-mbfvqPoMEORBU4eWM4hOjOhSZiTB8G6qEEC4GIgYpgAecRUrxpYZ5KLx5xqViMUBdi79T-AfuRj6cH1LOXjMxKylUhsyyONhZB1xydR2jVxQ08SMYTqFnHzJDVeUqnY4Lfd_yB2AUMyPWrQYMWnNw6f9nZONaVx_aMmOpzYl3Ybu8TM7wVTaUJJ4sZBsA8uh0ebZYHBteMzTYjPX8CZxK5MBxSOqOpP7Er9NAWebIz13_WnH838g0gdArK3WNv6qrpOyIgAPSX9EIZleoLADmSnp3C8E7-ePxTTb-edYXbXAb2Mhqf_54-6t9-2ne95wKIlr53YTktW3pm8NgQMYnxKqiv4zDInh77DKHhhhywuyImpeDEevSyoEY__BdVCrZ8fn6699Cr08kv8bJ8NV

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 15 Mar 2022 10:02:03 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 id5-api-2.js Show response
static2.creative-serving.com/ Frame 6066 33 KB
10 KB 318ms
17ms Script
text/javascript 151.139.128.11
STACKPATH-CDN

General

Check archive.org

Show headers Download Go to

Full URL: https://static2.creative-serving.com/id5-api-2.js
Requested by: Host: static2.creative-serving.com
URL: https://static2.creative-serving.com/pixel.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.139.128.11 , United States, ASN20446 (STACKPATH-CDN, US),
Reverse DNS
Software: UploadServer /
Resource Hash: b9f590b71a56c0601f7977e5fb4a4126964a8324cae426e43d454ee92978f8eb

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ab1a7e5300227e43b7d9e5ad573fa091.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Tue, 15 Mar 2022 10:02:03 GMT
content-encoding: gzip
last-modified: Wed, 29 Sep 2021 19:23:14 GMT
server: UploadServer
age: 0
etag: "43e554f8c9787fa63a85955c07ba1918"
x-hw: 1647338523.cds248.fr8.hn,1647338523.cds208.fr8.c
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=3600
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9982

POST
H/1.1 200 101.json Show response
id5-sync.com/g/v2/ Frame 6066 213 B
582 B 46ms
9ms XHR
application/json 51.89.20.87
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://id5-sync.com/g/v2/101.json

Requested by

Host: static2.creative-serving.com
URL: https://static2.creative-serving.com/id5-api-2.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

51.89.20.87 London, United Kingdom, ASN16276 (OVH, FR),

Reverse DNS

p19.id5-sync.com

Software

Resource Hash

2e78ab7ec5cc11e26866548da5f6baac6c693872ce72628cf65c716e28ae045c

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

Referer: https://ab1a7e5300227e43b7d9e5ad573fa091.safeframe.googlesyndication.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: text/plain

Response headers

Access-Control-Allow-Origin: https://ab1a7e5300227e43b7d9e5ad573fa091.safeframe.googlesyndication.com
Date: Tue, 15 Mar 2022 10:02:03 GMT
Access-Control-Allow-Credentials: true
Vary: Origin
Transfer-Encoding: chunked
Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
Content-Type: application/json;charset=UTF-8

GET
H/1.1

200
OK

pixel Show response
ads.creative-serving.com/ul_cb/ Frame 6066
Redirect Chain

https://ads.creative-serving.com/pixel?id=3156564&id5id=0&type=jsonp&cb=syncResponse
https://ads.creative-serving.com/ul_cb/pixel?id=3156564&id5id=0&type=jsonp&cb=syncResponse

771 B
1 KB

164ms
163ms

Script
text/javascript

54.183.143.74
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.creative-serving.com/ul_cb/pixel?id=3156564&id5id=0&type=jsonp&cb=syncResponse
Protocol: HTTP/1.1
Server: 54.183.143.74 San Jose, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-183-143-74.us-west-1.compute.amazonaws.com
Software: /
Resource Hash: a27f78172c8cfc70399911c8fd4b8fa127179a956db57860717f7ceef141181d

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ab1a7e5300227e43b7d9e5ad573fa091.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Tue, 15 Mar 2022 10:02:04 GMT
Cache-Control: no-cache, no-store, must-revalidate
Connection: keep-alive
Content-Length: 771
Content-Type: text/javascript

Redirect headers

Location: https://ads.creative-serving.com/ul_cb/pixel?id=3156564&id5id=0&type=jsonp&cb=syncResponse
Date: Tue, 15 Mar 2022 10:02:04 GMT
Cache-Control: no-cache, no-store, must-revalidate
Connection: keep-alive
Content-Length: 0

GET
H/1.1

200
OK

google_sync_status
x.bidswitch.net/ Frame 6066
Redirect Chain

https://x.bidswitch.net/sync?dsp_id=4&user_id=84986f46-ca6f-49d5-a439-3ae164ae9d0d&ssp=&expires=5&user_group=4&cb=420
https://x.bidswitch.net/ul_cb/sync?dsp_id=4&user_id=84986f46-ca6f-49d5-a439-3ae164ae9d0d&ssp=&expires=5&user_group=4&cb=420
https://cm.g.doubleclick.net/pixel?google_nid=bdsw&google_cm=1&google_hm=4Jd1IpIPRwSb9Y71IhsZxQ==
https://x.bidswitch.net/google_sync_status?ssp_name=google&google_gid=CAESEH3ecFjkIGWfE27kCDxqo2g&google_cver=1

43 B
235 B

103ms
103ms

Image
image/gif

35.211.178.172
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://x.bidswitch.net/google_sync_status?ssp_name=google&google_gid=CAESEH3ecFjkIGWfE27kCDxqo2g&google_cver=1
Protocol: HTTP/1.1
Server: 35.211.178.172 North Charleston, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 172.178.211.35.bc.googleusercontent.com
Software: nginx /
Resource Hash: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ab1a7e5300227e43b7d9e5ad573fa091.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Tue, 15 Mar 2022 10:02:05 GMT
Cache-Control: no-cache, no-store, must-revalidate
Server: nginx
Connection: keep-alive
Content-Length: 43
Content-Type: image/gif

Redirect headers

pragma: no-cache
date: Tue, 15 Mar 2022 10:02:05 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://x.bidswitch.net/google_sync_status?ssp_name=google&google_gid=CAESEH3ecFjkIGWfE27kCDxqo2g&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 316
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

google_sync_status
x.bidswitch.net/ Frame 6066
Redirect Chain

https://x.bidswitch.net/sync?dsp_id=4&user_id=84986f46-ca6f-49d5-a439-3ae164ae9d0d&ssp=&expires=5&user_group=4&cb=213
https://x.bidswitch.net/ul_cb/sync?dsp_id=4&user_id=84986f46-ca6f-49d5-a439-3ae164ae9d0d&ssp=&expires=5&user_group=4&cb=213
https://cm.g.doubleclick.net/pixel?google_nid=bdsw&google_cm=1&google_hm=r772hVCkS-e3UL2d_FDjxw==
https://x.bidswitch.net/google_sync_status?ssp_name=google&google_gid=CAESEH3ecFjkIGWfE27kCDxqo2g&google_cver=1

43 B
235 B

115ms
114ms

Image
image/gif

35.211.178.172
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://x.bidswitch.net/google_sync_status?ssp_name=google&google_gid=CAESEH3ecFjkIGWfE27kCDxqo2g&google_cver=1
Protocol: HTTP/1.1
Server: 35.211.178.172 North Charleston, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 172.178.211.35.bc.googleusercontent.com
Software: nginx /
Resource Hash: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ab1a7e5300227e43b7d9e5ad573fa091.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Tue, 15 Mar 2022 10:02:05 GMT
Cache-Control: no-cache, no-store, must-revalidate
Server: nginx
Connection: keep-alive
Content-Length: 43
Content-Type: image/gif

Redirect headers

pragma: no-cache
date: Tue, 15 Mar 2022 10:02:05 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://x.bidswitch.net/google_sync_status?ssp_name=google&google_gid=CAESEH3ecFjkIGWfE27kCDxqo2g&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 316
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

cm_nst
ads.creative-serving.com/ Frame 6066
Redirect Chain

https://adadvisor.net/adscores/g.pixel?sid=9212282158
https://aa.agkn.com/adscores/g.pixel?sid=9212282158&&bounced=1
https://ads.creative-serving.com/cm_nst?cookie_id=164920104091000163230

43 B
220 B

163ms
162ms

Image
image/gif

54.183.143.74
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ads.creative-serving.com/cm_nst?cookie_id=164920104091000163230
Protocol: HTTP/1.1
Server: 54.183.143.74 San Jose, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-183-143-74.us-west-1.compute.amazonaws.com
Software: /
Resource Hash: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ab1a7e5300227e43b7d9e5ad573fa091.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Tue, 15 Mar 2022 10:02:05 GMT
Cache-Control: no-cache, no-store, must-revalidate
Connection: keep-alive
Content-Length: 43
Content-Type: image/gif

Redirect headers

pragma: no-cache
date: Tue, 15 Mar 2022 10:02:05 GMT
server: AAWebServer
p3p: policyref="https://www.agkn.com/p3p/p3p.xml",CP="NOI NID"
location: https://ads.creative-serving.com/cm_nst?cookie_id=164920104091000163230
cache-control: no-cache, no-store, must-revalidate
content-length: 0
expires: 0

GET
H/1.1 200 1.gif
id5-sync.com/s/101/84986f46-ca6f-49d5-a439-3ae164ae9d0d/ Frame 6066 43 B
1009 B 9ms
8ms Image
image/gif 51.89.20.87
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://id5-sync.com/s/101/84986f46-ca6f-49d5-a439-3ae164ae9d0d/1.gif

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

51.89.20.87 London, United Kingdom, ASN16276 (OVH, FR),

Reverse DNS

p19.id5-sync.com

Software

Resource Hash

a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ab1a7e5300227e43b7d9e5ad573fa091.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Tue, 15 Mar 2022 10:02:04 GMT
Transfer-Encoding: chunked
Content-Type: image/gif;charset=UTF-8
Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
P3P: CP="CAO PSA OUR"

GET
H/1.1

200
OK

demconf.jpg
dpm.demdex.net/ Frame 6066
Redirect Chain

https://dpm.demdex.net/ibs:dpid=393426&dpuuid=84986f46-ca6f-49d5-a439-3ae164ae9d0d
https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=393426&dpuuid=84986f46-ca6f-49d5-a439-3ae164ae9d0d

42 B
945 B

35ms
35ms

Image
image/gif

54.76.200.156
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=393426&dpuuid=84986f46-ca6f-49d5-a439-3ae164ae9d0d

Protocol

HTTP/1.1

Server

54.76.200.156 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-54-76-200-156.eu-west-1.compute.amazonaws.com

Software

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ab1a7e5300227e43b7d9e5ad573fa091.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

DCS: dcs-prod-irl1-1-v029-09529d652.edge-irl1.demdex.com UNKNOWN
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
content-encoding: gzip
X-Content-Type-Options: nosniff
X-TID: be08l7WQQkA=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Type: image/gif
Content-Length: 59
Expires: Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

DCS: dcs-prod-irl1-1-v029-064b6ccfa.edge-irl1.demdex.com UNKNOWN
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-TID: Xvfgj2HhQpc=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Location: https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=393426&dpuuid=84986f46-ca6f-49d5-a439-3ae164ae9d0d
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Length: 0
Expires: Thu, 01 Jan 1970 00:00:00 UTC

GET
H/1.1

200
OK

gcm
ads.creative-serving.com/ Frame 6066
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=platform161_direct_new&google_cm&google_sc
https://ads.creative-serving.com/gcm?google_gid=CAESEJZr6WdlqbzClGYrAXySSsY&google_cver=1

43 B
220 B

163ms
163ms

Image
image/gif

54.183.143.74
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ads.creative-serving.com/gcm?google_gid=CAESEJZr6WdlqbzClGYrAXySSsY&google_cver=1
Protocol: HTTP/1.1
Server: 54.183.143.74 San Jose, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-183-143-74.us-west-1.compute.amazonaws.com
Software: /
Resource Hash: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ab1a7e5300227e43b7d9e5ad573fa091.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Tue, 15 Mar 2022 10:02:04 GMT
Cache-Control: no-cache, no-store, must-revalidate
Connection: keep-alive
Content-Length: 43
Content-Type: image/gif

Redirect headers

pragma: no-cache
date: Tue, 15 Mar 2022 10:02:04 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://ads.creative-serving.com/gcm?google_gid=CAESEJZr6WdlqbzClGYrAXySSsY&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 290
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 3212338bb0be0b574ad231e216e32f4c.jpg
s0.2mdn.net/sadbundle/2753383143326280557/media/ Frame 1C31 6 KB
6 KB 9ms
8ms Image
image/jpeg 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/2753383143326280557/media/3212338bb0be0b574ad231e216e32f4c.jpg

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1e01229bbb5b2f75d84278ab92afb8d3613223493bb7f58700b7f26b5bd7c71d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/2753383143326280557/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Tue, 15 Mar 2022 02:23:50 GMT
x-content-type-options: nosniff
age: 27496
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6140
x-xss-protection: 0
last-modified: Wed, 09 Mar 2022 16:20:37 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 15 Mar 2023 02:23:50 GMT

GET
H3 200 16e2073035968668e0268512ee5031a5.jpg
s0.2mdn.net/sadbundle/2753383143326280557/media/ Frame 1C31 17 KB
17 KB 10ms
9ms Image
image/jpeg 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/2753383143326280557/media/16e2073035968668e0268512ee5031a5.jpg

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

bfd1106b87f96ff783e71e722d5ea8cd707006bca6b293d2860c20e03cf864e0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/2753383143326280557/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 09 Mar 2022 16:21:34 GMT
x-content-type-options: nosniff
age: 495632
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 17252
x-xss-protection: 0
last-modified: Wed, 09 Mar 2022 16:20:37 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 09 Mar 2023 16:21:34 GMT

GET
H3 200 ccddd80afeb32369f13a2e1a87086966.png
s0.2mdn.net/sadbundle/2753383143326280557/media/ Frame 1C31 2 KB
2 KB 9ms
8ms Image
image/png 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/2753383143326280557/media/ccddd80afeb32369f13a2e1a87086966.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1b78344a18cc46582ecbd6c65057aa0d36c76a8f2d9d23a738eba4a905f27a51

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/2753383143326280557/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 21:45:34 GMT
x-content-type-options: nosniff
age: 44192
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1855
x-xss-protection: 0
last-modified: Wed, 09 Mar 2022 16:20:37 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 14 Mar 2023 21:45:34 GMT

POST
H2 204 collect Show response
j.clarity.ms/ 0
48 B 95ms
95ms XHR
text/plain 20.85.30.134
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://j.clarity.ms/collect
Requested by: Host: j.clarity.ms
URL: https://j.clarity.ms/s/0.6.32/clarity.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 20.85.30.134 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: application/x-clarity-gzip
Referer: https://nets4.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

access-control-allow-origin: https://nets4.com
date: Tue, 15 Mar 2022 10:02:06 GMT
access-control-allow-credentials: true
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET
request-context: appId=cid-v1:3f60b293-70d6-4805-b0bb-3484f0a73bf0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: ab1a7e5300227e43b7d9e5ad573fa091.safeframe.googlesyndication.com
URL: https://ab1a7e5300227e43b7d9e5ad573fa091.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Domain: google2waycm.netmng.com
URL: https://google2waycm.netmng.com/cm/?google_gid=CAESEOqjWEEAvjCJGw-AeQXp4Vg&google_cver=1&google_push=AYg5qPKArzVI-DQxVYMbqwkKnzF5EPrFHfpwry71Y-zdinjMKRKm8aa0Mjmji36EkIQhhNp2Ab1g29LEA0KlyrfZ98fgk2JmrPGfwQ

Domain: cm.g.doubleclick.net
URL: https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=v3jNNAFmTJGVHwy6c2gSKQ&google_push=AYg5qPLpQbB8tH5HV7IyCm6Eo39WUof2UhYyp3fiVZz7Gr3ZCwOrJmEjG1SJDSZ2jwA3CiTbRRFzvlIH6Fd28wBISGmFwd-iBuQ4

Verdicts & Comments Add Verdict or Comment

68 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

47 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.nets4.com/	1970-01-20 19:06:50	Name: _ga Value: GA1.2.1671851228.1647338516
.nets4.com/	1970-01-20 01:37:04	Name: _gid Value: GA1.2.520835375.1647338516
.nets4.com/	1970-01-20 01:35:38	Name: _gat Value: 1
www.clarity.ms/	1970-01-20 10:21:14	Name: CLID Value: 23b48e40c25b4fab974825c048f72f67.20220315.20230315
.nets4.com/	1970-01-20 10:21:14	Name: _clck Value: jc3nau\|1\|ezs\|0
.nets4.com/	1970-01-20 01:37:04	Name: _clsk Value: z19848\|1647338517103\|1\|1\|j.clarity.ms/collect
.c.bing.com/	1970-01-20 10:57:14	Name: SRM_B Value: 2B4C9FBB567663C808F88ED357A46224
.c.clarity.ms/	1969-12-31 23:59:59	Name: SM Value: C
.clarity.ms/	1970-01-20 10:57:14	Name: MUID Value: 2B4C9FBB567663C808F88ED357A46224
.c.clarity.ms/	1970-01-20 01:35:39	Name: ANONCHK Value: 0
.nets4.com/	1970-01-20 01:35:40	Name: __cf_bm Value: IAXqKrjhoMidUUbeE7Ep8njZivqH_gYxTzJ905LfD6U-1647338517-0-AaPXs5+tHhT7RPVwISgN9ggev9rDbBR81TIWiLUKyGJEQYchLweveZVgOlXx4zkdIEppjK9Wm6bWhFdWxCkOgmRZL2fSKOnd9Y3VaNJPY21xXUS8bE2i/eLA3aucOG3jsw==
.adfarm1.adition.com/	1970-01-20 03:45:18	Name: UserID1 Value: 7075265064551843047
.doubleclick.net/	1970-01-20 10:57:14	Name: IDE Value: AHWqTUlGw_1ON6tN4pTbxkQAj5eO1RF6NuPklxH9DXamwPfggAD5w-ZvU0GQk5wrjWo
.casalemedia.com/	1970-01-20 03:45:14	Name: CMPS Value: 5203
.casalemedia.com/	1970-01-20 10:21:14	Name: CMID Value: YjBkFx3lG9aMh5s71FH9cwAA
.casalemedia.com/	1970-01-20 03:45:14	Name: CMPRO Value: 1206
.adnxs.com/	1970-01-20 03:45:14	Name: uuid2 Value: 2400124329512596688
.nets4.com/	1970-01-20 10:57:14	Name: __gads Value: ID=2ff61d35468b16dd:T=1647338518:S=ALNI_MYyqI85RuUN-hv6m-IgtgtToPckIQ
.redintelligence.net/	1970-01-20 03:45:14	Name: 8lcfmzhxc8d6_uid Value: 7b0d94e55da1bf35
.adnxs.com/	1970-01-20 03:45:14	Name: anj Value: dTM7k!M41.D>6NRF']wIg2GU(9Q#^0!A#En.TOKKnyW<U1`VROYQM-:KDf@UU@WC<Ab2DDK/1[V^b:3j:EVd])-kso<QG=%9sk@3@'s>T%u^TW
.casalemedia.com/	1970-01-20 01:37:04	Name: CMST Value: YjBkF2IwZBgA
.casalemedia.com/	1970-01-20 10:21:14	Name: CMRUM3 Value: 2d623064182760CAESEPFPSOytBkpgFiuhzkc56XY
.ad-srv.net/	1970-01-20 03:45:14	Name: pwzdy6wsn8n7_uid Value: a99d186173c2a94c
.adtriba.com/	1970-01-20 19:08:16	Name: atbgdid Value: f5daa148-be0a-4d85-8539-2eb7ad3c3074
.yahoo.com/	1970-01-20 10:21:36	Name: A3 Value: d=AQABBBlkMGICENxpCbiQFN4hxHg2bYBtr7kFEgEBAQG1MWI6YgAAAAAA_eMAAA&S=AQAAAjT9_TwdCgRXOdjxCf0b-EE
.blismedia.com/	1970-01-20 10:21:18	Name: b Value: 62306419CEDB4875A0DC4267BLIS
.360yield.com/	1970-01-20 03:45:14	Name: tuuid Value: bf78cd34-0166-4c91-951f-0cba73681229
.360yield.com/	1970-01-20 03:45:14	Name: tuuid_lu Value: 1647338521
.turn.com/	1970-01-20 05:54:50	Name: uid Value: 2544207692097036588
.analytics.yahoo.com/	1970-01-20 10:21:14	Name: IDSYNC Value: 18yx~23rm
pb.media01.eu/	1969-12-31 23:59:59	Name: ASP.NET_SessionId Value: ulzrtwmrrrubz4sexq2li4ke
pb.media01.eu/	1970-01-20 19:08:16	Name: DTU Value: D58D6FC4CB27AE22A9AB91C6A40FE54B
.creative-serving.com/	1970-01-20 10:57:14	Name: tuuid Value: 84986f46-ca6f-49d5-a439-3ae164ae9d0d
.creative-serving.com/	1970-01-20 10:57:14	Name: c Value: 1647338524
.creative-serving.com/	1970-01-20 10:57:14	Name: tuuid_lu Value: 1647338524
.id5-sync.com/	1970-01-20 01:35:38	Name: cf Value:
.id5-sync.com/	1970-01-20 01:35:38	Name: cip Value:
.id5-sync.com/	1970-01-20 01:35:38	Name: cnac Value:
.id5-sync.com/	1970-01-20 01:35:38	Name: car Value:
.id5-sync.com/	1970-01-20 01:35:38	Name: gdpr Value:
.id5-sync.com/	1970-01-20 01:35:38	Name: callback Value:
.demdex.net/	1970-01-20 05:54:50	Name: demdex Value: 00105610081147455132088628851393830789
.dpm.demdex.net/	1970-01-20 05:54:50	Name: dpm Value: 00105610081147455132088628851393830789
.bidswitch.net/	1970-01-20 10:21:14	Name: c Value: 1647338524
.bidswitch.net/	1970-01-20 10:21:14	Name: tuuid_lu Value: 1647338524
.bidswitch.net/	1970-01-20 10:21:14	Name: tuuid Value: afbef685-50a4-4be7-b750-bd9dfc50e3c7
.agkn.com/	1970-01-20 10:21:14	Name: ab Value: 0001%3AEDXTNSq67wPxZWa1Bac4Bmfdb16trIjh

2 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
other	warning	URL: https://cdn.ampproject.org/rtv/012202142035000/v0/amp-ad-exit-0.1.mjs(Line 1) Message: Unrecognized feature: 'attribution-reporting'.
network	error	URL: https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=v3jNNAFmTJGVHwy6c2gSKQ&google_push=AYg5qPLpQbB8tH5HV7IyCm6Eo39WUof2UhYyp3fiVZz7Gr3ZCwOrJmEjG1SJDSZ2jwA3CiTbRRFzvlIH6Fd28wBISGmFwd-iBuQ4 Message: Failed to load resource: net::ERR_TOO_MANY_REDIRECTS

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

274efeac3745f8aadcf775834b09fb6f.safeframe.googlesyndication.com
5cd600e3fb4a5c0fae13201f123d650f.safeframe.googlesyndication.com
8019191.fls.doubleclick.net
a.tile.openstreetmap.org
aa.agkn.com
ab1a7e5300227e43b7d9e5ad573fa091.safeframe.googlesyndication.com
ad-server.eu
ad.ad-srv.net
ad.turn.com
ad13.adfarm1.adition.com
ad30.ad-srv.net
adadvisor.net
ads.creative-serving.com
adservice.google.com
adservice.google.de
ajax.googleapis.com
api.purpleads.io
b.tile.openstreetmap.org
c.bing.com
c.clarity.ms
c.tile.openstreetmap.org
cdn.ampproject.org
cdn.contentspread.net
cdn.purpleads.io
cdnjs.cloudflare.com
cloudflareinsights.com
cm.g.doubleclick.net
d.adtriba.com
dclk-match.dotomi.com
dpm.demdex.net
dsum-sec.casalemedia.com
e18af829038623fb34c15b12baca7053.safeframe.googlesyndication.com
f57c03fb62f8eeee0edbee0e6d9835ea.safeframe.googlesyndication.com
fonts.googleapis.com
fonts.gstatic.com
google2waycm.netmng.com
googleads.g.doubleclick.net
googleads4.g.doubleclick.net
hal9000.redintelligence.net
hal900025.redintelligence.net
hal900028.redintelligence.net
ib.adnxs.com
id5-sync.com
images.outbrainimg.com
imagesrv.adition.com
img.nets4.com
insight.adsrvr.org
j.clarity.ms
js.adsrvr.org
log.outbrainimg.com
nets4.com
pagead2.googlesyndication.com
pb.media01.eu
pv.medialead.de
r.turn.com
s0.2mdn.net
s0.nets4.com
securepubads.g.doubleclick.net
static.addtoany.com
static.cloudflareinsights.com
static2.creative-serving.com
sync.teads.tv
tpc.googlesyndication.com
tr.blismedia.com
ups.analytics.yahoo.com
us-u.openx.net
www.clarity.ms
www.google-analytics.com
www.google.com
www.googletagservices.com
www.gstatic.com
x.bidswitch.net
ab1a7e5300227e43b7d9e5ad573fa091.safeframe.googlesyndication.com
cm.g.doubleclick.net
google2waycm.netmng.com
104.111.242.245
108.138.15.119
13.32.99.102
136.243.149.243
138.201.84.244
138.201.84.245
142.250.184.194
142.250.184.226
142.250.185.230
142.250.185.98
145.239.193.130
151.139.128.11
156.154.200.32
18.134.175.161
18.156.0.31
184.30.20.241
184.30.25.193
20.85.30.134
2001:678:cb4:bbbb::11
217.79.188.11
217.79.188.54
2606:4700:10::6816:47c5
2606:4700::6810:135e
2606:4700::6810:5e41
2606:4700::6810:5f41
2620:1ec:27::cafe:2193
2620:1ec:c11::200
2a00:1450:4001:802::2002
2a00:1450:4001:803::200e
2a00:1450:4001:808::2001
2a00:1450:4001:810::2003
2a00:1450:4001:813::2002
2a00:1450:4001:813::200a
2a00:1450:4001:827::2003
2a00:1450:4001:828::2006
2a00:1450:4001:82b::2001
2a00:1450:4001:82b::2004
2a00:1450:4001:82f::2002
2a00:1450:4001:830::2002
2a00:1450:4001:830::200a
2a00:1450:400e:80d::2001
2a02:fa8:8806:16::1370
2a04:4e42:400::649
2a04:4e42:600::649
2a06:98c1:3121::7
3.64.242.218
34.96.105.8
35.211.178.172
35.244.159.8
35.71.131.137
37.252.172.36
51.89.20.87
52.142.114.2
52.205.246.54
54.183.143.74
54.76.176.197
54.76.200.156
64.202.112.223
78.46.23.46
85.114.131.233
88.198.250.30
88.99.165.19
01595d489887decf687435b25f13038495f62d431ef150d8e356cf9a0f3eee25
032bfb2ff87753a4d3761d04e94e16791dacdfd107a18ecaea1f64e72aeb9c64
046d80c6905892cc5f9631073e1057b4c084d48dcb5fdd280bf9ff7b2e1f2f97
06e0e91a01af508f9eb830feafe8dbf0b381e0333ce3667489e6cf48809c927b
080b5d151fa93bf62abd2e13eaf283b353bf59a4a5d6907257f360a4975e5d72
096ddcd6353390a194d3a68b5f7c2fbf5ccf142dbb32421c927042af27e9c400
0aca9d549981e9a27a786545ba75fed3bc70738752aa299e95af6669f199464a
0b779b25e7ead2586d3bd38c2642843ed1e276e805598a45a9495fda0a99bf49
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0b8ffe36078e2825883e837b8003a164f9e28470da2cec71a359d8a5f18b1671
0cee2ce5c67a141ab39f27408093684e2f5818b0bc275ccc3f501c677f3b0391
0e7cf325af635a5572ae38abca8fe760e39f59a08c1dfd641c7cf99c5e98103e
127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b
138bda822534d4aad891af1546a31653dbb472110704e5371e396773293c3457
14bc30928b69dc755262170d33c94e3d26e7ab45071936e21b9a5e5cadb3ee51
15f97543ff4d546609111ebf1c117bbe16c5fe852fa7e826204b74566e91a8f7
15f9c75454fbc8c7a512938af4ebbe852cd2fe82b8bd32ec98222a231b8a7e12
16dde9a1942cbd39c1f882ebd1e6f3768b933c64051c589feb1243c4fcd050ba
17a97981604a1fe56f8804e77655010e70cbfbbac2c66e03a303e876dfd72640
1b78344a18cc46582ecbd6c65057aa0d36c76a8f2d9d23a738eba4a905f27a51
1cf6723bc6fdabc360afa8360ff6fa68bbaf5678344c2ef5367019c1c68f9e39
1d07bcab4c15f3ff3b56d0b5c9f44c3dd1c7266eb5788bfbc09f02822b07de0c
1e01229bbb5b2f75d84278ab92afb8d3613223493bb7f58700b7f26b5bd7c71d
1e02189b6990b38c43207a8c0c206a2fda1833e7b7401fa42af72671e62f43a5
1e046a89bb90f44dadb24f5fdfbe412b5f6d320b790f7317fad956b193234726
1e85ec81b9800b4c443d39caca0d0926089a3ac201120db1ceb45b93789480b8
21af66f64bb18b1159ee363a933d5630e27419c83915d4d5ef42d8154f3921da
21ddbb670b925ac2565a058717c095e39a1425ea03ffda175cfa73956f327877
230f27646f2460a7e13106d06ec50cb822acf254ae08fba4058aa06ca57b9dab
23cc8f32949c8b6960b1a4ca216ccaff2db4b769f6565bef2ee1fa954e072029
23e311959c8fa176ea4b2ef0de17b6b19e25a2e4c31a86bae8ca4316fd542220
2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8
260dde3e525c2a0fbdfe743a029fd2572c31c9ec0468ce6e31dace8ac18283f0
264f5c640339f042dd729062cfc04c17f8ea0f29882b538e3848ed8f10edb4da
2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df
2992f81c53d1d7ea9f1abce38ccea77eec5e76c0e8907c2aa4ed2a055cc812a5
2a954a84b07f4ca8aec86ea484ea85506c7a4af07c54404fe505f2bda8ed50da
2d0744b54be7eab148245653f8fad2e4a0e8875b886bcacbb2c70741872eda55
2e78ab7ec5cc11e26866548da5f6baac6c693872ce72628cf65c716e28ae045c
2fa3103806ec53fb0e95a0b28ca8b6ff105212961406e7074f9e67c1dca13dfc
310ab7b255ff139f0d9b57a9392448542b6fd99ceea81e9c09d8c67aeef06b85
3110966fa73dac64901ac2cec67656155bb9717286b7b0da0544cdd8ae7c888d
3276c4e249758e413d3ff0fb8b8c0891f70b3cf31b71f2d1d166382323622496
328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7
32b8fae56a7edbfe89e7f7fd22aa7df75546183f81660692c9cf03d3c8d914ba
36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1
361f858c2132844e57d29662dcff1d748f9d3a8560af25b4e6ca0a2c91c31a22
3701cadc5fc84e8ad639f83a87e20d82575e3cc28d479d73a0e66e5230e71c65
3b322c9030883acdb559f857024b4ef3ab7574712b635b6e3db135749e32e1fe
3c865f9ba19b80bbab61230ac6f099d6c605af2b21615415338a9bfa471c863a
42b98e4662e2e8f10e9d90751af5b669b95d7ae61e205aa78bd67f3161c3098c
43a9a2154c658cf0a3a1aebe3d5ce4ea817564fc27e85b90f2651cf46f37deda
44eefef34507164f4234b958d8f6906488a2521071379498041568bae9499b2e
475316d3002b7bf04d39e01825b8443b2748411e616908cbc2a87e49faa1f1ef
48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438
493e135eca273ccbbf63e0ad01a16c4b8103b4497fb2e8dac7ab56e879ae40ba
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4d44b03d4e4d1df9a852bf35460f5584c94b37c52d08742682a1a03d20d2f6d1
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
4f824255471c27fa4d1711fb3dc95cd1abb01d4267cddb88a80da9de0ad9e568
4fef239ebd936e96f316dee1aca599952e7adaaba26fab72b45328871855ac4b
5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f
50ef77c247263fdc6e0308a69334a3064176a1f4803e90eb0b45370231044fb2
50fb88e3a2d413c5c0a0294b71e0da34829b2ec9444ba55af7e1d6935a4029a3
511c0854b9aa16abb7e293306727a8c5f988063cfa9f45fc98d81398df8d582c
516fadf20aefdc9565d38ff12fd35aa4262d20408dace2f5849cd191119496c0
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
56386db6fedf5475ff6ac57939cfaac58722f519fdce666cee7494b993c84e81
572bc0584a0476c0e03db0b475dcf119873378e8e950ddd66ba027264432f2b2
574c3a5cca85f4114085b6841596d62f00d7c892c7b03f28cbfa301deb1dc437
587259314084a04755f0dfb2d0f0e9f07bdf03a575352e366e308d2e19cfc70a
5ad4775e1fe1f79812db4a03e8a5385a2b542639587bbadfed3f6fe83752f8b5
5da5c8d1c76bd21b09076434c7450fc36ed4c8d54813d2c1d00bb2ce9647d730
613603afe8c5203c59d7f9df1cbac87109df7ffdf245fd20becfa6bd95b92155
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
65cce875889f9f28bdcd8739c872caef27b641ec9411334dbd32004be611b596
6605ccb3114d55813d617bac19d3187b1ab91bbada11057f4a471fef463d7ef7
660c1de66828dedae7d74267ec4a565f052281ae190aa13b80b7a3089954f5ec
68026f99511fbc5c2275b7068b5fac19797d638977ffb9db12c5c1523614c18f
691d4bd7b9b31f9ab1b1837e7d956e0e3041ef63c1ee0edee8ca6208a4234efd
6ad584690f7fa3e788ea1df9a6a567211be5d9d627908e9339e84e99efe70126
70e0a3b2c82384039a2e4b31c305c9ef1f72a59b585acad421c54a6101a25237
7185190e99034cb89a0b114a5ba3c80f0803e34a9d860c4f1dc93f6bee202f31
722c5b95144aaf980dafacd36b1df0a3a0cff78962e8eee8f56e40c423f00b6f
785ed2c8ca9cfd6d174d97dcbbe1bfde22d2d4b17287136b146a213508a223f8
79373591ace012b7d28489349643b3632d9464f39c2257bb9fb06118eb55eaa4
79ed6a0e53ce94bc13c7dfed65077d0579c12ebadab11ba4415f424964574642
7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b
80c81cc14e088e5219ac0b946ae8afc5d1b69dd3c805f63373d89115295e3f28
82184db2e1a8c3cc82020e984195b3a93093c4fbb66d1ed31bca58895af76941
85b8c8f31ca51e98dabd0c9f76986fa38d417dd921fd18143356f4b1ba5c4592
879972387e382f915b461c3aeeb02b93e6f6e9d0f13c91d9c9bc49863cdd0f65
88b49eb8bb39a8b123e77ed5bd55ce2d8f8ab2d3c6aefe3a53ff95e65d63bb8d
8ac1f62e5443c2c129eb0c76824dc4011bc81770a5749be29832d11b9fe69cb2
8c5656ef4e633866c2affb4fb114eacbe235c813d15e51c491c24e26745139d2
8cbe6754bb665374835757bbd186087144ef34d2423d71a8aba8a20343cae733
8cca43627e4d80bb78c2437c793b99da78310efaf2d7f6d041671c73d3a693f3
8d83dfc66cd57235c5cae7559ab315b669828c45056f42a490c1c597cd505507
8f52ae059ebd18fcb45ca5d2f81ab410ade2b54e096aa1284fd4b2b97bf3ddc9
908896e473d27277bd0cbad43b35965e0de3f517f55cc22d04cb16b5fcb39893
912fa3094520c8407511db6ba89d2896806103a3d91119b6a187d6aaf91b84ee
918b7dc3e2e2d015c16ce08b57bcb64d2253bafc1707658f361e72865498e537
923b8a364ebd2d883e56c544c34bd2b466cab1d0ffabdd6b2eb40b49b2b21fdb
947e22d9ed05fbe3f5ed3c4ee35618a1910a85968f48a22c0277f9936f2eb769
95fe4bf0ddf917864e9c0756f6f215ab35f8a840f169d8a2cbdf8b02b07bee3f
9681c0a0a13d8581f202bfaf62e53563ea6d0d6bd8e542b35b6d7c09b0e7b41b
99464ceb71bc9bbdcc72275faefe44f98eb5cbb6b5d8ee665b87b35376f1a96e
99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12
9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062
9b3f9e0eec5b585b86c19bc175b155922daf524f542bba4703c5d1675e0f01b7
9bbde4e879f5cc6d8e98b1e5605898a933825190f867b66285b084bc3ee785e9
9d99d5dc2e523d10581441a4c4de7cf29527063bd6c1198f601f863ceba76913
9e5e995f0936d63304195ab72af99edee3c10d218a5d57719b13c94780631127
9f0e521fadcc268469080eeb18bf507de78c327d982507364b5c18c226ddb681
9f835bb439e855a8ef85db64c1a8cff422242136ae46a20f083d96b6f3a5d4d9
9f847e3f9f8e574d2e5f3975b6297ebc7d3a38a3642a8ba1b9a1e610cc0b0742
9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120
a048e640908046be06e00eab37742b5d5ff80964af58cfd22f7cb2de4dfe375f
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7
a10574b58fc72ab64f657a8c2f7147f0ecacd97a06c5a94b76efb1f5f3f7b190
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
a1a7e0734e57be7f5ca3f90c5e30ac070e93a1f2f55100884920da36aaf57705
a23e44d9d02a2a9641a9bd3b47693656054c00b71890aed2fa7fc90151750f73
a24f9e1cc485e496d52ee617721481335ccda16631c4059c8980c03c75713651
a27f78172c8cfc70399911c8fd4b8fa127179a956db57860717f7ceef141181d
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a67d07f733785876b3192826e76f537e2b9dc0be172ce52c773d30d65f712a07
a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb
a7d4139a86f5c5467ae6cb400f0ae7b95995f6ed3da681d17ce1cf8fdc6a0ca1
a82240ba5865f16da8ec7166c0b769aabc15f1f7ddcb4af1bc2f84d04de4ce57
a8705d2536e2b5737f232bb736117a6743224b28ef7bcbe2b871d29fa218d464
a8ac5207255ea6beff6ba2971bea9ea5fdf48560a6f78f167398a3b259164ee9
a91cc75a3b72310604165f6e0f6052e16db225f18820f2deba8b425cd3e436be
ac2a6bdf3640e1213ba9a0a900ea6864a0274b080ba3bcf05ff245bfabb5eba0
ad0ae7783fece9c7ae50c981a1fc308444ae00d9b1be6fed5d2d7165d082b63e
ad9e9cd2805dda878347f2e588f938c0ffeb92b2b4eeea7b148b86bf7bf356e0
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b3ae1be851de91fea1d6c42b19df2f1a35df8fa626b30c879b090324eda44ce6
b9f590b71a56c0601f7977e5fb4a4126964a8324cae426e43d454ee92978f8eb
bafa1db2a6708b6401e11e0b2ac4c5bb6eddf4c25e5a83b7eb391fe42ab34a2f
bb609adfb919b1b06ba838c242ceeb6351bdfd1917ac381e841b3c68c107fd94
bc195df1fc403c366f67054271b339dbd1ca599f26a63863e15e848f5caaf9ab
bf2f851aba887c7afd0965b3257fe29148ab997e0d447a449b28c130abdaca11
bf9468ef98c7e0b3ece27755d809d6a362fe69ed7fc1b6e71a3ea8cd499e474e
bfd1106b87f96ff783e71e722d5ea8cd707006bca6b293d2860c20e03cf864e0
c172e11bec93c507453d7b26b16905a491aa5ccaaddfc9bac286f70b3abc5a10
c24a4ad3d4e23f8037feb38744e17fabeb0c2d3b5714c049d091dfc5f6811280
c39d994e33ee115b35d7872dbea911a99508c74e34629725343b269b5d5233e4
c3c899e001eb8d2f672a18b0caca760855ec4bdcd895e88d079343ff5f94af0d
c3cab72bd89b5bce5f3fbf4bbfdd1023b3dcb510f388b940bbe5165b465e3d73
c6cd28b8f48cd9c890723dbd16c6847083e7c322af81fc3da91b9730ac576658
c7a1121133dd1c72a57e9240a527eec6eb0d9cad6f795b95cd4d6da0553b777c
c837347a297c1a35852aa375392cc74950a2b868214e8b1909c4637b8b63ee24
c87dc7d9c212984118785676c741a202f5cac746b7b003298a930ed56316e51f
cc031991108ea40da43220de92b33b6b88d3cd7e3b7ee53deae4fd6e2a7684d7
ccf00d1923b0131a10e0c6d26f95e5dee6ebf8621a27e83c5a2f68a2e0093142
ce4076cd760ba035ee9d326f3a1bf9157dfeac50fb058a9aedfe53b2fd10ad91
ce99119296796e0237baa683015065c50e906a629500223b180fca801acdf1a6
cf28085afb907c4ca71172b900b318601e2e305ecc4e68948447107bf001cbca
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
d0e8821e889280c3b745b859e6b3971924723a4562bac65ba8aa0fe44bfc83b2
d16d07a0353405fcec95f7efc50a2621bc7425f9a5e8895078396fb0dc460c4f
d3660a2d5bb96b0556aaec05d61a6a7f3b60eee4052d0a7423c59835959bf497
d7e3f3f9a87439492d58ee8a90cdc8741bd44e9f5ebc5a1be461ded2df7a155e
d8968086f7509df34c3278563dab87399da4f9dcdfb419818e3a309eedc70b88
dd1892cb87a74dac682a6207344909a96f23d342670b32063a4f4bae614805dd
de24e1eed5d9105cafd245df0b2ee43e6f3a900c77c862dbcd6c9b10fbc9dc56
dea6d9b977b06e1be6dbf3fc5118a1d8bfca410f14b6c4ad64ec07c057d4783c
df16ae2f3f4c003e55aa93796b78c0ab73e0155ae32bea72cee59d1e0832f92d
e1037972c154832e1e264bf0eca73556104f337ebf33574e41b495245f0e0929
e30f848c353b8ab801c18d2109527cb32a27f145262dccb3cd4db9f309cc53bb
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e5c486bf7d530918b59fe569c9b232ff2356ec265bdd25c3977a4dbbd9da123e
e5dc577d94f9f87f94a797846949133a3184e78e0832261a841188d3d65966b0
e65b94317efdb4299d67fc6bc85d4846d8190612d816fc5850b5c866c46a7bbf
e67eb1f6afa159440d1ffe5f613d79f907ea551d79a16fdbf906f8af9f8581c7
e8ec2a4d84f51a4860526181c3822b954b3a134dc14446ba753b37708470171d
eba88ef6b1f09543b0b3f34bc3c1d401da36d590354cd7728e2aae4d3c1abc91
ed7385b2ca535f7f90bb14266ddd68d64393f41d1559cbb4af01ece4dd36b8fb
ee3a7301fe1e0c0f6bf6acff0d7a8d107f5cb3f62a2566740c0416d8e61f00b9
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f0f382f3320ade05dd14f969ff7dd9d894c6a6571165ab6d7fcdade2f4836dfc
f6d032132eed5aa1a417456f07864c51fe631858b190224cf7d1a50116d15f48
f70751d4b3f5d5c9f208ea16e8cbcac3c6abf1bda80357da3fcd21dde4333449
f77c0d1739b618edc4a01ca3f6b2990b01a3009030af49ee8cf68e83052df194
f98ff8ab059bdef9ea7fe9165a4e74fce15166abdbb8dd25307b7b7d9ac26ddd
fd0a1ac929c11b08e819fe4b0a18c5574012c44f09de8987c6be99a0f055a505
fd0b0f5c8eaa2035901d30cb7b236cd9f77b01f7f3d5838cd33d23d0fbcf38d5
fdecda5ee87b28e579c5b61ef0f86e7fff85c838ff0a06450feee13a5877ed0b
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e
ff5aa4577f7bcbab0d05acc34e5135fc2888cb23ecdd5bdde79d4eaf0d574b93

nets4.com Open in urlscan Pro 2a06:98c1:3121::7 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

336 Requests

91 %HTTPS

40 %IPv6

43 Domains

72 Subdomains

59 IPs

6 Countries

3272 kBTransfer

7918 kBSize

47 Cookies

15 Outgoing links

Redirected requests

336 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 11 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

nets4.com Open in urlscan Pro
2a06:98c1:3121::7 Public Scan

Screenshot
Live screenshot

Full Image

336
Requests

91 %
HTTPS

40 %
IPv6

43
Domains

72
Subdomains

59
IPs

6
Countries

3272 kB
Transfer

7918 kB
Size

47
Cookies

336 HTTP transactions
11 data transactions