gamecopyworld.eu Open in urlscan Pro
104.21.16.163 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://d2.consoletarget.com/?y=cdd07634&x=ktVrDlr%2BQZgiyDAa2CWtTJWZR7mJ%2Fya98O5DH%2BZrC1kk7R5dxzj%2F8hZb1J%2BUQ9K7ZKFIj%2B...
Effective URL:
https://gamecopyworld.eu/games/pc_mars_war_logs.shtml
Submission Tags: falconsandbox
Submission: On July 12 via api (July 12th 2021, 6:43:53 pm UTC) from US

Summary HTTP 121 Redirects Links 13 Behaviour Indicators

Summary

This website contacted 17 IPs in 4 countries across 15 domains to perform 121 HTTP transactions. The main IP is 104.21.16.163, located in United States and belongs to CLOUDFLARENET, US. The main domain is gamecopyworld.eu.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on June 28th 2021. Valid for: a year.

This is the only time gamecopyworld.eu was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
7	172.67.148.24 172.67.148.24	13335 (CLOUDFLAR...) (CLOUDFLARENET)
4	2606:4700::68... 2606:4700::6810:125e	13335 (CLOUDFLAR...) (CLOUDFLARENET)
10	2a00:1450:400... 2a00:1450:4001:827::2002	15169 (GOOGLE) (GOOGLE)
1	46.166.179.121 46.166.179.121	43350 (NFORCE) (NFORCE)
12	2a00:1450:400... 2a00:1450:4001:800::2002	15169 (GOOGLE) (GOOGLE)
2	130.185.144.4 130.185.144.4	20860 (IOMART-AS) (IOMART-AS)
1	216.58.212.130 216.58.212.130	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:828::2002	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:809::2002	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:810::2002	15169 (GOOGLE) (GOOGLE)
40	2a00:1450:400... 2a00:1450:4001:827::2001	15169 (GOOGLE) (GOOGLE)
2 3	2a00:1450:400... 2a00:1450:4001:808::2004	15169 (GOOGLE) (GOOGLE)
7	2a00:1450:400... 2a00:1450:4001:82f::2001	15169 (GOOGLE) (GOOGLE)
18	104.21.16.163 104.21.16.163	13335 (CLOUDFLAR...) (CLOUDFLARENET)
11 19	2606:4700:303... 2606:4700:3035::6815:1c6e	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2 2	104.111.239.217 104.111.239.217	16625 (AKAMAI-AS) (AKAMAI-AS)
2 2	2.16.186.144 2.16.186.144	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
2	151.101.114.110 151.101.114.110	54113 (FASTLY) (FASTLY)
121	17

7 172.67.148.24 (United States)

ASN13335 (CLOUDFLARENET, US)

d2.consoletarget.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2606:4700::6810:125e (United States)

ASN13335 (CLOUDFLARENET, US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 2a00:1450:4001:827::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 46.166.179.121 (Netherlands)

ASN43350 (NFORCE, NL)
PTR: ptr9.adreactor.com

adserver.adreactor.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 2a00:1450:4001:800::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 130.185.144.4 (United Kingdom)

ASN20860 (IOMART-AS, GB)

b.domnlk.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 216.58.212.130 (Mountain View, United States)

ASN15169 (GOOGLE, US)
PTR: ams15s21-in-f2.1e100.net

partner.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:828::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:809::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:810::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

40 2a00:1450:4001:827::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:808::2004 (Frankfurt am Main, Germany) 2 redirects

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2a00:1450:4001:82f::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

cdn.ampproject.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

18 104.21.16.163 (United States)

ASN13335 (CLOUDFLARENET, US)

gamecopyworld.eu	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

19 2606:4700:3035::6815:1c6e (United States) 11 redirects

ASN13335 (CLOUDFLARENET, US)

s1.filetarget.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.111.239.217 (Frankfurt am Main, Germany) 2 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a104-111-239-217.deploy.static.akamaitechnologies.com

www.awin1.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2.16.186.144 (Frankfurt am Main, Germany) 2 redirects

ASN20940 (AKAMAI-ASN1, NL)
PTR: a2-16-186-144.deploy.static.akamaitechnologies.com

ui2.awin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 151.101.114.110 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)

a1.awin1.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
50	googlesyndication.com pagead2.googlesyndication.com tpc.googlesyndication.com	566 KB
19	filetarget.net 11 redirects s1.filetarget.net	77 KB
18	gamecopyworld.eu gamecopyworld.eu	2 MB
12	doubleclick.net googleads.g.doubleclick.net	82 KB
7	ampproject.org cdn.ampproject.org	125 KB
7	consoletarget.com d2.consoletarget.com	66 KB
4	awin1.com 2 redirects www.awin1.com a1.awin1.com	72 KB
4	google.com 2 redirects adservice.google.com www.google.com	1 KB
4	cloudflare.com cdnjs.cloudflare.com	14 KB
3	googletagservices.com www.googletagservices.com	102 KB
2	awin.com 2 redirects ui2.awin.com	182 B
2	domnlk.com b.domnlk.com	75 KB
1	google.de adservice.google.de	853 B
1	googleadservices.com partner.googleadservices.com	663 B
1	adreactor.com adserver.adreactor.com	8 KB
121	15

	Domain	Requested by
40	tpc.googlesyndication.com	googleads.g.doubleclick.net tpc.googlesyndication.com pagead2.googlesyndication.com
19	s1.filetarget.net	11 redirects gamecopyworld.eu s1.filetarget.net
18	gamecopyworld.eu	d2.consoletarget.com gamecopyworld.eu
12	googleads.g.doubleclick.net	pagead2.googlesyndication.com googleads.g.doubleclick.net
10	pagead2.googlesyndication.com	d2.consoletarget.com pagead2.googlesyndication.com tpc.googlesyndication.com www.googletagservices.com cdn.ampproject.org
7	cdn.ampproject.org	googleads.g.doubleclick.net pagead2.googlesyndication.com
7	d2.consoletarget.com	d2.consoletarget.com
4	cdnjs.cloudflare.com	d2.consoletarget.com gamecopyworld.eu
3	www.google.com	2 redirects tpc.googlesyndication.com
3	www.googletagservices.com	pagead2.googlesyndication.com googleads.g.doubleclick.net
2	a1.awin1.com	s1.filetarget.net
2	ui2.awin.com	2 redirects
2	www.awin1.com	2 redirects
2	b.domnlk.com	d2.consoletarget.com gamecopyworld.eu
1	adservice.google.com	pagead2.googlesyndication.com
1	adservice.google.de	pagead2.googlesyndication.com
1	partner.googleadservices.com	pagead2.googlesyndication.com
1	adserver.adreactor.com	d2.consoletarget.com
121	18

This site contains links to these domains. Also see Links.

Domain
www.gamecopyworld.com
fileforums.com
gametarget.net
consolecopyworld.com
covertarget.com
cdmediaworld.com
lnkworld.com
musictarget.com
a-kabini.samenblog.com

Subject Issuer	Validity	Valid
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2021-07-09` - `2022-07-08`	a year	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2021-06-22` - `2021-09-14`	3 months	crt.sh
adserver.adreactor.com Gandi Standard SSL CA 2	`2021-04-28` - `2022-04-28`	a year	crt.sh
istripper.com R3	`2021-07-08` - `2021-10-06`	3 months	crt.sh
*.googleadservices.com GTS CA 1C3	`2021-06-22` - `2021-09-14`	3 months	crt.sh
*.google.de GTS CA 1C3	`2021-06-22` - `2021-09-14`	3 months	crt.sh
*.google.com GTS CA 1C3	`2021-06-22` - `2021-09-14`	3 months	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2021-06-22` - `2021-09-14`	3 months	crt.sh
misc-sni.google.com GTS CA 1C3	`2021-06-22` - `2021-09-14`	3 months	crt.sh
www.google.com GTS CA 1C3	`2021-06-22` - `2021-09-14`	3 months	crt.sh
a1.awin1.com GlobalSign Atlas R3 DV TLS CA 2020	`2021-03-22` - `2022-04-23`	a year	crt.sh

This page contains 17 frames:

Primary Page: https://gamecopyworld.eu/games/pc_mars_war_logs.shtml
Frame ID: F424366FFFCC103DE27C7A943A967B5B
Requests: 42 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20210708/r20190131/zrt_lookup.html
Frame ID: E2DD90609684552F578EDC651C9478A3
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9116440445344191&output=html&h=90&slotname=6663260524&adk=2451648850&adf=207028156&pi=t.ma~as.6663260524&w=728&lmt=1626115415&psa=0&format=728x90&url=https%3A%2F%2Fd2.consoletarget.com%2F%3Fy%3Dcdd07634%26x%3DktVrDlr%252BQZgiyDAa2CWtTJWZR7mJ%252Fya98O5DH%252BZrC1kk7R5dxzj%252F8hZb1J%252BUQ9K7ZKFIj%252BsfcAkMaUlwAKBB9TrU4pu%252F8UWsqpM9wqUeaXE%252F%252BJX0heuxH%252BKGSlJkpRbQleHDx6whNEqkKAmVk7J56Hl4To%252FWf26wlX1R1bkQHb4%253D&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1626115415729&bpp=4&bdt=193&idt=74&shv=r20210708&ptt=9&saldr=aa&abxe=1&correlator=1826876655041&frm=20&pv=2&ga_vid=2078670877.1626115416&ga_sid=1626115416&ga_hid=1301679109&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=438&ady=9&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44743413%2C182982100&oid=3&pvsid=2283707075996071&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CEe%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=1&uci=a!1&fsb=1&xpc=Lm0pePfyqX&p=https%3A//d2.consoletarget.com&dtd=91
Frame ID: 16FE6FBB77D0B780191570080F2B2FB4
Requests: 16 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9116440445344191&output=html&h=250&slotname=7302388926&adk=4210093258&adf=3677441513&pi=t.ma~as.7302388926&w=300&lmt=1626115415&psa=0&format=300x250&url=https%3A%2F%2Fd2.consoletarget.com%2F%3Fy%3Dcdd07634%26x%3DktVrDlr%252BQZgiyDAa2CWtTJWZR7mJ%252Fya98O5DH%252BZrC1kk7R5dxzj%252F8hZb1J%252BUQ9K7ZKFIj%252BsfcAkMaUlwAKBB9TrU4pu%252F8UWsqpM9wqUeaXE%252F%252BJX0heuxH%252BKGSlJkpRbQleHDx6whNEqkKAmVk7J56Hl4To%252FWf26wlX1R1bkQHb4%253D&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1626115415733&bpp=1&bdt=196&idt=93&shv=r20210708&ptt=9&saldr=aa&abxe=1&prev_fmts=728x90&correlator=1826876655041&frm=20&pv=1&ga_vid=2078670877.1626115416&ga_sid=1626115416&ga_hid=1301679109&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=868&ady=104&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44743413%2C182982100&oid=3&pvsid=2283707075996071&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CEe%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=2&uci=a!2&fsb=1&xpc=WxfcyZqmvt&p=https%3A//d2.consoletarget.com&dtd=97
Frame ID: 6199496C542D8B27EA6E4EE4D8D9440D
Requests: 9 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9116440445344191&output=html&h=60&slotname=8779122127&adk=4048629624&adf=4055959512&pi=t.ma~as.8779122127&w=468&lmt=1626115415&psa=0&format=468x60&url=https%3A%2F%2Fd2.consoletarget.com%2F%3Fy%3Dcdd07634%26x%3DktVrDlr%252BQZgiyDAa2CWtTJWZR7mJ%252Fya98O5DH%252BZrC1kk7R5dxzj%252F8hZb1J%252BUQ9K7ZKFIj%252BsfcAkMaUlwAKBB9TrU4pu%252F8UWsqpM9wqUeaXE%252F%252BJX0heuxH%252BKGSlJkpRbQleHDx6whNEqkKAmVk7J56Hl4To%252FWf26wlX1R1bkQHb4%253D&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1626115415734&bpp=1&bdt=198&idt=98&shv=r20210708&ptt=9&saldr=aa&abxe=1&prev_fmts=728x90%2C300x250&correlator=1826876655041&frm=20&pv=1&ga_vid=2078670877.1626115416&ga_sid=1626115416&ga_hid=1301679109&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=566&ady=411&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44743413%2C182982100&oid=3&pvsid=2283707075996071&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=3&uci=a!3&fsb=1&xpc=9IquOhmBS9&p=https%3A//d2.consoletarget.com&dtd=102
Frame ID: 5B060568D03FF214B71E001A328CA72F
Requests: 9 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9116440445344191&output=html&adk=1812271804&adf=3025194257&lmt=1626115415&plat=1%3A32776%2C2%3A32776%2C8%3A134217728%2C9%3A134250504%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&format=0x0&url=https%3A%2F%2Fd2.consoletarget.com%2F%3Fy%3Dcdd07634%26x%3DktVrDlr%252BQZgiyDAa2CWtTJWZR7mJ%252Fya98O5DH%252BZrC1kk7R5dxzj%252F8hZb1J%252BUQ9K7ZKFIj%252BsfcAkMaUlwAKBB9TrU4pu%252F8UWsqpM9wqUeaXE%252F%252BJX0heuxH%252BKGSlJkpRbQleHDx6whNEqkKAmVk7J56Hl4To%252FWf26wlX1R1bkQHb4%253D&ea=0&flash=0&pra=7&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1626115415742&bpp=1&bdt=206&idt=96&shv=r20210708&ptt=9&saldr=aa&abxe=1&prev_fmts=728x90%2C300x250%2C468x60&nras=1&correlator=1826876655041&frm=20&pv=1&ga_vid=2078670877.1626115416&ga_sid=1626115416&ga_hid=1301679109&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44743413%2C182982100&oid=3&pvsid=2283707075996071&eae=2&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=4&uci=a!4&fsb=1&dtd=99
Frame ID: 5B5F8F7D32A448EE3A7AA1609D56D400
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/13659245714350776565/index.html
Frame ID: 56E5D830A5D080ED9CA840A981E5E818
Requests: 20 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si
Frame ID: D0D83C8778623237383D79AA973865FC
Requests: 2 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/16215012808405873833/index.html
Frame ID: A3038C03EC9A276F8A6E78DD303F0688
Requests: 9 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si
Frame ID: BA96ABB4B6C92FEC90352C0A143A188B
Requests: 2 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html
Frame ID: F3E384923E2933C87D19B907E47980C6
Requests: 2 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: D20379896548C95562C290CA05A2B9D1
Requests: 1 HTTP requests in this frame

Frame: https://s1.filetarget.net/@_ff_bt.php
Frame ID: A5C4E1FC240A511DBE3D3AE92997803A
Requests: 2 HTTP requests in this frame

Frame: https://s1.filetarget.net/!_games.php?sz=bn&sn=gcweu&bg=gcw&cn=DE&df=&ns=1&id=&nf=0
Frame ID: D2F1ACFFB2548CDFA9471F03AE218B52
Requests: 2 HTTP requests in this frame

Frame: https://s1.filetarget.net/@_gsde.php?sz=sk&sn=gcweu&bg=gcw&cn=DE&df=&ns=1&id=&nf=0
Frame ID: 6E12C3C5B67C8F6B7391BD3BA7DCBB09
Requests: 2 HTTP requests in this frame

Frame: https://s1.filetarget.net/@_gsde.php?sz=bs&sn=gcweu&bg=gcw&cn=DE&df=&ns=1&id=&nf=0
Frame ID: 9EDA4A036065B13D1F2314FABC58E763
Requests: 2 HTTP requests in this frame

Frame: https://s1.filetarget.net/@_tc.php?sz=bn&sn=gcweu&bg=gcw&cn=DE&df=&ns=0&id=&nf=0&np=1
Frame ID: 392A42DDF48E8AC3F38A4ED38BDC3775
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

https://d2.consoletarget.com/?y=cdd07634&x=ktVrDlr%2BQZgiyDAa2CWtTJWZR7mJ%2Fya98O5DH%2BZrC1kk7R5dxzj%2F8h... Page URL
https://gamecopyworld.eu/games/pc_mars_war_logs.shtml Page URL

Detected technologies

CloudFlare (CDN) Expand

Overall confidence: 100%
Detected patterns

headers server /^cloudflare$/i

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i

Page Statistics

121
Requests

98 %
HTTPS

56 %
IPv6

15
Domains

18
Subdomains

17
IPs

4
Countries

2784 kB
Transfer

4802 kB
Size

1
Cookies

13 Outgoing links

These are links going to different origins than the main page.

URL: https://www.gamecopyworld.com/
Title: Switch > GCW.com

Search URL Search Domain Scan URL

URL: https://fileforums.com/
Title: FileForums

Search URL Search Domain Scan URL

URL: https://fileforums.com/forumdisplay.php?f=38
Title: Backup FAQ

Search URL Search Domain Scan URL

URL: https://gametarget.net/
Title: GameTarget

Search URL Search Domain Scan URL

URL: https://consolecopyworld.com/
Title: Console CopyWorld

Search URL Search Domain Scan URL

URL: https://covertarget.com/
Title: Cover Target

Search URL Search Domain Scan URL

URL: https://cdmediaworld.com/
Title: CD Media World

Search URL Search Domain Scan URL

URL: https://lnkworld.com/
Title: LinkWorld

Search URL Search Domain Scan URL

URL: https://musictarget.com/
Title: Music Target

Search URL Search Domain Scan URL

URL: https://covertarget.com/sr.php?cat=4&search=Mars:%20War%20Logs
Title: Cover Target

Search URL Search Domain Scan URL

URL: http://fileforums.com/search.php?s=&do=process&query=Mars:%20War%20Logs
Title: Mars: War Logs

Search URL Search Domain Scan URL

URL: https://fileforums.com/showthread.php?t=73906#CrackProblems_CrackContainsMalware
Title: PC Games FAQ

Search URL Search Domain Scan URL

URL: http://a-kabini.samenblog.com/
Title: Site

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://d2.consoletarget.com/?y=cdd07634&x=ktVrDlr%2BQZgiyDAa2CWtTJWZR7mJ%2Fya98O5DH%2BZrC1kk7R5dxzj%2F8hZb1J%2BUQ9K7ZKFIj%2BsfcAkMaUlwAKBB9TrU4pu%2F8UWsqpM9wqUeaXE%2F%2BJX0heuxH%2BKGSlJkpRbQleHDx6whNEqkKAmVk7J56Hl4To%2FWf26wlX1R1bkQHb4%3D Page URL
https://gamecopyworld.eu/games/pc_mars_war_logs.shtml Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 32

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si

Request Chain 56

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si

Request Chain 109

https://s1.filetarget.net/!_bt.php?sz=bn&sn=gcweu&bg=gcw_hdr&do=1&ns=0&nf= HTTP 302
https://s1.filetarget.net/@_ff_bt.php

Request Chain 110

https://s1.filetarget.net/!_top.php?sz=bn&sn=gcweu&bg=gcw&ns=0&nf= HTTP 302
https://s1.filetarget.net/!_bn.php?sz=bn&sn=gcweu&bg=gcw&cn=DE&df=&ns=0&id=&nf=0&kw= HTTP 302
https://s1.filetarget.net/!_games.php?sz=bn&sn=gcweu&bg=gcw&cn=DE&df=&ns=1&id=&nf=0

Request Chain 111

https://s1.filetarget.net/!_sk.php?sz=sk&sn=gcweu&bg=gcw&ns=0&nf= HTTP 302
https://s1.filetarget.net/!_geo.php?sz=sk&sn=gcweu&bg=gcw&cn=DE&df=&ns=1&id=&nf=0&sk= HTTP 302
https://s1.filetarget.net/@_gsde.php?sz=sk&sn=gcweu&bg=gcw&cn=DE&df=&ns=1&id=&nf=0

Request Chain 112

https://s1.filetarget.net/!_bs.php?sz=bs&bl=1&sn=gcweu&bg=gcw&ns=0&nf= HTTP 302
https://s1.filetarget.net/!_geo.php?sz=bs&sn=gcweu&bg=gcw&cn=DE&df=&ns=1&id=&nf=0&sk= HTTP 302
https://s1.filetarget.net/@_mwb.php?sz=bs&sn=gcweu&bg=gcw&cn=DE&df=&ns=1&id=&nf=0 HTTP 302
https://s1.filetarget.net/!_bs.php?sz=bs&sn=gcweu&bg=gcw&ng=&ns=1&cn=DE&kw=&bt=&nu=&sk=&dn=&id= HTTP 302
https://s1.filetarget.net/!_geo.php?sz=bs&sn=gcweu&bg=gcw&cn=DE&df=&ns=1&id=&nf=0&sk= HTTP 302
https://s1.filetarget.net/@_gsde.php?sz=bs&sn=gcweu&bg=gcw&cn=DE&df=&ns=1&id=&nf=0

Request Chain 113

https://s1.filetarget.net/!_btm.php?sz=bn&sn=gcweu&bg=gcw&ns=0&nf= HTTP 302
https://s1.filetarget.net/@_tc.php?sz=bn&sn=gcweu&bg=gcw&cn=DE&df=&ns=0&id=&nf=0&np=1

Request Chain 117

https://www.awin1.com/cshow.php?s=2180716&v=13542&q=339306&r=389935 HTTP 302
https://ui2.awin.com/ads/awin/13542/img120x600-1525857981437.gif HTTP 301
https://a1.awin1.com/ads/awin/13542/img120x600-1525857981437.gif

Request Chain 120

https://www.awin1.com/cshow.php?s=2180713&v=13542&q=339306&r=389935 HTTP 302
https://ui2.awin.com/ads/awin/13542/img160x600-1525857932440.gif HTTP 301
https://a1.awin1.com/ads/awin/13542/img160x600-1525857932440.gif

121 HTTP transactions
3 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 / Show response
d2.consoletarget.com/ 8 KB
3 KB 202ms
148ms Document
text/html 172.67.148.24
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://d2.consoletarget.com/?y=cdd07634&x=ktVrDlr%2BQZgiyDAa2CWtTJWZR7mJ%2Fya98O5DH%2BZrC1kk7R5dxzj%2F8hZb1J%2BUQ9K7ZKFIj%2BsfcAkMaUlwAKBB9TrU4pu%2F8UWsqpM9wqUeaXE%2F%2BJX0heuxH%2BKGSlJkpRbQleHDx6whNEqkKAmVk7J56Hl4To%2FWf26wlX1R1bkQHb4%3D
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.67.148.24 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0c5035615489403ef871fb74d138225ecac5a146fe920fdcbafd4e5ed349e738

Request headers

:method: GET
:authority: d2.consoletarget.com
:scheme: https
:path: /?y=cdd07634&x=ktVrDlr%2BQZgiyDAa2CWtTJWZR7mJ%2Fya98O5DH%2BZrC1kk7R5dxzj%2F8hZb1J%2BUQ9K7ZKFIj%2BsfcAkMaUlwAKBB9TrU4pu%2F8UWsqpM9wqUeaXE%2F%2BJX0heuxH%2BKGSlJkpRbQleHDx6whNEqkKAmVk7J56Hl4To%2FWf26wlX1R1bkQHb4%3D
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 12 Jul 2021 18:43:35 GMT
content-type: text/html; charset=UTF-8
set-cookie: PHPSESSID=1skf2hvve3tdohaqeqajjnfs70; path=/
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate, max-age=0 post-check=0, pre-check=0
pragma: no-cache
x-robots-tag: noindex, nofollow, noarchive, nosnippet
vary: Accept-Encoding
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=fZ8wqWwKt28pT%2B5pPBYfF7xYVRhhu6wJs%2Bm2x%2BdtK0OmvtP8bbnQCm%2Fbse8IOgz11SFAU3HGbUJRFf87U55bl8PuU2GqNu25xygMbJRy9cdJpcEhwczOVNC8TJaNme7gaZc%3D"}],"group":"cf-nel","max_age":604800}
nel: {"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 66dc6b023adb0b4f-AMS
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400

GET
H3-29 200 site.css
d2.consoletarget.com/ 3 KB
1 KB 133ms
105ms Stylesheet
text/css 172.67.148.24
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://d2.consoletarget.com/site.css?1587
Requested by: Host: d2.consoletarget.com
URL: https://d2.consoletarget.com/?y=cdd07634&x=ktVrDlr%2BQZgiyDAa2CWtTJWZR7mJ%2Fya98O5DH%2BZrC1kk7R5dxzj%2F8hZb1J%2BUQ9K7ZKFIj%2BsfcAkMaUlwAKBB9TrU4pu%2F8UWsqpM9wqUeaXE%2F%2BJX0heuxH%2BKGSlJkpRbQleHDx6whNEqkKAmVk7J56Hl4To%2FWf26wlX1R1bkQHb4%3D
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 172.67.148.24 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 060c126a38460626d946329d21b142e8549a27661bd40dbb5b61dd015b5bc44c

Request headers

:path: /site.css?1587
pragma: no-cache
cookie: PHPSESSID=1skf2hvve3tdohaqeqajjnfs70
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: d2.consoletarget.com
referer: https://d2.consoletarget.com/?y=cdd07634&x=ktVrDlr%2BQZgiyDAa2CWtTJWZR7mJ%2Fya98O5DH%2BZrC1kk7R5dxzj%2F8hZb1J%2BUQ9K7ZKFIj%2BsfcAkMaUlwAKBB9TrU4pu%2F8UWsqpM9wqUeaXE%2F%2BJX0heuxH%2BKGSlJkpRbQleHDx6whNEqkKAmVk7J56Hl4To%2FWf26wlX1R1bkQHb4%3D
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://d2.consoletarget.com/?y=cdd07634&x=ktVrDlr%2BQZgiyDAa2CWtTJWZR7mJ%2Fya98O5DH%2BZrC1kk7R5dxzj%2F8hZb1J%2BUQ9K7ZKFIj%2BsfcAkMaUlwAKBB9TrU4pu%2F8UWsqpM9wqUeaXE%2F%2BJX0heuxH%2BKGSlJkpRbQleHDx6whNEqkKAmVk7J56Hl4To%2FWf26wlX1R1bkQHb4%3D
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 12 Jul 2021 18:43:35 GMT
content-encoding: br
cf-cache-status: MISS
last-modified: Sat, 26 May 2018 08:15:24 GMT
server: cloudflare
etag: W/"af1-56d177c825814-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=rg02OPHZNI23jN4%2BVffTypQsxjNpGzEIvyZ%2Bi3%2FtiBPN8BrzngyaC7GAeIX3H6xBTfJw%2BnQ%2FhL1khgIP72TBbh%2FrJ7MZFSOWhewDaWI2mJ%2Bj5iVFug%2BhUyY%2Bw%2F87KQjwUmA%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=604800
nel: {"report_to":"cf-nel","max_age":604800}
cf-ray: 66dc6b0359e40b53-AMS
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
expires: Mon, 19 Jul 2021 18:43:35 GMT

GET
H3-29 200 jquery.min.js Show response
d2.consoletarget.com/js/ 94 KB
32 KB 60ms
33ms Script
application/javascript 172.67.148.24
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://d2.consoletarget.com/js/jquery.min.js
Requested by: Host: d2.consoletarget.com
URL: https://d2.consoletarget.com/?y=cdd07634&x=ktVrDlr%2BQZgiyDAa2CWtTJWZR7mJ%2Fya98O5DH%2BZrC1kk7R5dxzj%2F8hZb1J%2BUQ9K7ZKFIj%2BsfcAkMaUlwAKBB9TrU4pu%2F8UWsqpM9wqUeaXE%2F%2BJX0heuxH%2BKGSlJkpRbQleHDx6whNEqkKAmVk7J56Hl4To%2FWf26wlX1R1bkQHb4%3D
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 172.67.148.24 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2ecd295d295bec062cedebe177e54b9d6b19fc0a841dc5c178c654c9ccff09c0

Request headers

:path: /js/jquery.min.js
pragma: no-cache
cookie: PHPSESSID=1skf2hvve3tdohaqeqajjnfs70
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: d2.consoletarget.com
referer: https://d2.consoletarget.com/?y=cdd07634&x=ktVrDlr%2BQZgiyDAa2CWtTJWZR7mJ%2Fya98O5DH%2BZrC1kk7R5dxzj%2F8hZb1J%2BUQ9K7ZKFIj%2BsfcAkMaUlwAKBB9TrU4pu%2F8UWsqpM9wqUeaXE%2F%2BJX0heuxH%2BKGSlJkpRbQleHDx6whNEqkKAmVk7J56Hl4To%2FWf26wlX1R1bkQHb4%3D
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://d2.consoletarget.com/?y=cdd07634&x=ktVrDlr%2BQZgiyDAa2CWtTJWZR7mJ%2Fya98O5DH%2BZrC1kk7R5dxzj%2F8hZb1J%2BUQ9K7ZKFIj%2BsfcAkMaUlwAKBB9TrU4pu%2F8UWsqpM9wqUeaXE%2F%2BJX0heuxH%2BKGSlJkpRbQleHDx6whNEqkKAmVk7J56Hl4To%2FWf26wlX1R1bkQHb4%3D
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 12 Jul 2021 18:43:35 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 8152
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Sat, 03 Oct 2015 22:24:22 GMT
server: cloudflare
etag: W/"176bb-5213abdf01180-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=1vrJbK1jnKk1jDKdCi4I2olbaBviSPgjuedT8DiLiMb2HkO1zMdRfH%2BX6RpfAucS1WJVZy209TGOLNa9iO5YQ7vq%2FtpP1vje6Qv2iiF3vhpB46orj3awwBcTNw2kMam6Pjc%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=604800
cf-ray: 66dc6b0359e70b53-AMS
expires: Mon, 19 Jul 2021 16:27:43 GMT

GET
H2 200 cookieconsent.min.css
cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.0.3/ 4 KB
1 KB 98ms
97ms Stylesheet
text/css 2606:4700::6810:125e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.0.3/cookieconsent.min.css

Requested by

Host: d2.consoletarget.com
URL: https://d2.consoletarget.com/?y=cdd07634&x=ktVrDlr%2BQZgiyDAa2CWtTJWZR7mJ%2Fya98O5DH%2BZrC1kk7R5dxzj%2F8hZb1J%2BUQ9K7ZKFIj%2BsfcAkMaUlwAKBB9TrU4pu%2F8UWsqpM9wqUeaXE%2F%2BJX0heuxH%2BKGSlJkpRbQleHDx6whNEqkKAmVk7J56Hl4To%2FWf26wlX1R1bkQHb4%3D

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:125e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

456ab1a71507ed91abae14c9d08faffb373a7bc711a66e44341b7b8b7bb72ab4

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Referer: https://d2.consoletarget.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 12 Jul 2021 18:43:35 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 874658
cross-origin-resource-policy: cross-origin
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 948
timing-allow-origin: *
last-modified: Mon, 04 May 2020 16:09:17 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03e2d-f62"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=ptX4yjmn5jaV%2F7OZMQ5lKPs62V%2BbSwAydYeLzThKTDFxThl50QCJALa4aUScM7hMEZl%2FDvV%2BAkjLENd8slfz0IVDdhX9r6v5hjJ9FX7ylmQWayv1KYCjc0LHqNZ9olKhGAoYLJ743knuIdqSSw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=30672000
accept-ranges: bytes
cf-ray: 66dc6b032971176e-FRA
expires: Sat, 02 Jul 2022 18:43:35 GMT

GET
H2 200 cookieconsent.min.js Show response
cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.0.3/ 19 KB
6 KB 108ms
107ms Script
application/javascript 2606:4700::6810:125e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.0.3/cookieconsent.min.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:125e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

af4c6683814aa527caf53bde3d021e6aafe00833b45f2dead043c87ed7864674

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Referer: https://d2.consoletarget.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 12 Jul 2021 18:43:35 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 2149634
cross-origin-resource-policy: cross-origin
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 5676
cf-request-id: 0abd80662c00004a91fc1f4000000001
timing-allow-origin: *
last-modified: Mon, 04 May 2020 16:09:17 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03e2d-4d5a"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=T18EkdYbt16KNEpj%2BQQGaaTdvG0LnB3ozjG6JUniC0kFAUVQwlMAlo7utoMmzaN6H761eLYBjJS5D3bXm1%2FmOFsvnNUn%2Fm5LzivNnieeHRjlOas7lTVHNtUNjJSfoiKHoudExNxjcg%2FAr4FDAg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=30672000
accept-ranges: bytes
cf-ray: 66dc6b032973176e-FRA
expires: Sat, 02 Jul 2022 18:43:35 GMT

GET
H2 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ 135 KB
48 KB 45ms
24ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

6820117e5678654591060a9aa9e74271e87e7bba543c8c7238de7e243ae8036f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://d2.consoletarget.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 12 Jul 2021 18:43:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 48605
x-xss-protection: 0
server: cafe
etag: 4455031317033499397
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Mon, 12 Jul 2021 18:43:35 GMT

GET
H/1.1 200
OK libcode3.js Show response
adserver.adreactor.com/js/ 25 KB
8 KB 79ms
24ms Script
text/javascript 46.166.179.121
NFORCE

General

Check archive.org

Show headers Download Go to

Full URL: https://adserver.adreactor.com/js/libcode3.js
Requested by: Host: d2.consoletarget.com
URL: https://d2.consoletarget.com/?y=cdd07634&x=ktVrDlr%2BQZgiyDAa2CWtTJWZR7mJ%2Fya98O5DH%2BZrC1kk7R5dxzj%2F8hZb1J%2BUQ9K7ZKFIj%2BsfcAkMaUlwAKBB9TrU4pu%2F8UWsqpM9wqUeaXE%2F%2BJX0heuxH%2BKGSlJkpRbQleHDx6whNEqkKAmVk7J56Hl4To%2FWf26wlX1R1bkQHb4%3D
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server: 46.166.179.121 , Netherlands, ASN43350 (NFORCE, NL),
Reverse DNS: ptr9.adreactor.com
Software: nginx /
Resource Hash: ccca0dba2f0d3225f8c05ff7e36c3897965d5a37f1d41318d99075c92f368383

Request headers

Referer: https://d2.consoletarget.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 12 Jul 2021 18:43:35 GMT
Content-Encoding: gzip
Last-Modified: Thu, 18 Feb 2021 14:52:02 GMT
Server: nginx
Vary: Accept-Encoding, Accept-Encoding
Content-Type: text/javascript;charset=UTF-8
Cache-Control: public, max-age=86400
Transfer-Encoding: chunked
Connection: keep-alive
Expires: Tue, 13 Jul 2021 18:43:35 GMT

GET
H3-29 404 p1.js
d2.consoletarget.com/js/ 0
0 100ms
99ms Script
text/html 172.67.148.24
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://d2.consoletarget.com/js/p1.js
Requested by: Host: d2.consoletarget.com
URL: https://d2.consoletarget.com/?y=cdd07634&x=ktVrDlr%2BQZgiyDAa2CWtTJWZR7mJ%2Fya98O5DH%2BZrC1kk7R5dxzj%2F8hZb1J%2BUQ9K7ZKFIj%2BsfcAkMaUlwAKBB9TrU4pu%2F8UWsqpM9wqUeaXE%2F%2BJX0heuxH%2BKGSlJkpRbQleHDx6whNEqkKAmVk7J56Hl4To%2FWf26wlX1R1bkQHb4%3D
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 172.67.148.24 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

:path: /js/p1.js
pragma: no-cache
cookie: PHPSESSID=1skf2hvve3tdohaqeqajjnfs70
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: d2.consoletarget.com
referer: https://d2.consoletarget.com/?y=cdd07634&x=ktVrDlr%2BQZgiyDAa2CWtTJWZR7mJ%2Fya98O5DH%2BZrC1kk7R5dxzj%2F8hZb1J%2BUQ9K7ZKFIj%2BsfcAkMaUlwAKBB9TrU4pu%2F8UWsqpM9wqUeaXE%2F%2BJX0heuxH%2BKGSlJkpRbQleHDx6whNEqkKAmVk7J56Hl4To%2FWf26wlX1R1bkQHb4%3D
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://d2.consoletarget.com/?y=cdd07634&x=ktVrDlr%2BQZgiyDAa2CWtTJWZR7mJ%2Fya98O5DH%2BZrC1kk7R5dxzj%2F8hZb1J%2BUQ9K7ZKFIj%2BsfcAkMaUlwAKBB9TrU4pu%2F8UWsqpM9wqUeaXE%2F%2BJX0heuxH%2BKGSlJkpRbQleHDx6whNEqkKAmVk7J56Hl4To%2FWf26wlX1R1bkQHb4%3D
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 12 Jul 2021 18:43:35 GMT
content-encoding: br
cf-cache-status: BYPASS
nel: {"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=57ZNFRzmMBSS9xV4nOTXTHV0HW2Vvnb5%2BtQMJN3kFTQKGKPswvBWw4Cm18kg%2BP17yCT5xfXKYodKCEG33cit8DHew1m2x4zbinJyP%2BJVN1HLDVEcaIEGBiC%2BL7RjWqkxPpo%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/html; charset=UTF-8
cache-control: no-store, no-cache, must-revalidate, max-age=0 post-check=0, pre-check=0
cf-ray: 66dc6b042ba40b53-AMS
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400

GET
H3-29 200 show_ads_impl_with_ama_fy2019.js Show response
pagead2.googlesyndication.com/pagead/js/r20210708/r20190131/ 243 KB
90 KB 45ms
31ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20210708/r20190131/show_ads_impl_with_ama_fy2019.js?client=ca-pub-9116440445344191&plah=d2.consoletarget.com&amaexp=1

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7d7731cd19278dd8d68435b1df5709fd2e12e8f13e43d86409ccc26f3354ea52

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://d2.consoletarget.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 12 Jul 2021 18:43:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 92103
x-xss-protection: 0
server: cafe
etag: 18322328620552464558
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Mon, 12 Jul 2021 18:43:35 GMT

GET
H2 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20210708/r20190131/ Frame E2DD 10 KB
5 KB 6ms
6ms Document
text/html 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20210708/r20190131/zrt_lookup.html

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

20b3bad1427e2212dd847357841f993f025b5061c4af1d382dcc727e102cc1e4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/html/r20210708/r20190131/zrt_lookup.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://d2.consoletarget.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://d2.consoletarget.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Mon, 12 Jul 2021 00:45:58 GMT
expires: Mon, 26 Jul 2021 00:45:58 GMT
content-type: text/html; charset=UTF-8
etag: 15579341980913220427
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 4579
x-xss-protection: 0
age: 64657
cache-control: public, max-age=1209600
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H/1.1 200
OK p2.js Show response
b.domnlk.com/ 37 KB
38 KB 185ms
52ms Script
application/javascript 130.185.144.4
IOMART-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://b.domnlk.com/p2.js
Requested by: Host: d2.consoletarget.com
URL: https://d2.consoletarget.com/?y=cdd07634&x=ktVrDlr%2BQZgiyDAa2CWtTJWZR7mJ%2Fya98O5DH%2BZrC1kk7R5dxzj%2F8hZb1J%2BUQ9K7ZKFIj%2BsfcAkMaUlwAKBB9TrU4pu%2F8UWsqpM9wqUeaXE%2F%2BJX0heuxH%2BKGSlJkpRbQleHDx6whNEqkKAmVk7J56Hl4To%2FWf26wlX1R1bkQHb4%3D
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 130.185.144.4 , United Kingdom, ASN20860 (IOMART-AS, GB),
Reverse DNS
Software: nginx/1.8.0 /
Resource Hash: 1cf71fa97f15051da62cf4c9d6a61ca5c0a49ff7d0f15454aad0a7f48b7300b9

Request headers

Referer: https://d2.consoletarget.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 12 Jul 2021 18:43:35 GMT
Last-Modified: Tue, 04 Feb 2020 15:36:16 GMT
Server: nginx/1.8.0
ETag: "5e398f70-94e7"
Content-Type: application/javascript
Cache-control: private
Accept-Ranges: bytes
Content-Length: 38119

GET
H2 200 cookie.js Show response
partner.googleadservices.com/gampad/ 207 B
663 B 94ms
33ms Script
text/javascript 216.58.212.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://partner.googleadservices.com/gampad/cookie.js?domain=d2.consoletarget.com&callback=_gfp_s_&client=ca-pub-9116440445344191

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20210708/r20190131/show_ads_impl_with_ama_fy2019.js?client=ca-pub-9116440445344191&plah=d2.consoletarget.com&amaexp=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

216.58.212.130 Mountain View, United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s21-in-f2.1e100.net

Software

cafe /

Resource Hash

7ab1d6095049c65a7a628a1da2119bcd61018f3016b1804638eee1a2840b53ac

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://d2.consoletarget.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 12 Jul 2021 18:43:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: text/javascript; charset=UTF-8
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 197
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
853 B 37ms
15ms Script
application/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=d2.consoletarget.com

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://d2.consoletarget.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 12 Jul 2021 18:43:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
570 B 36ms
14ms Script
application/javascript 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=d2.consoletarget.com

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://d2.consoletarget.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 12 Jul 2021 18:43:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-29 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 16FE 73 KB
13 KB 1065ms
1063ms Document
text/html 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9116440445344191&output=html&h=90&slotname=6663260524&adk=2451648850&adf=207028156&pi=t.ma~as.6663260524&w=728&lmt=1626115415&psa=0&format=728x90&url=https%3A%2F%2Fd2.consoletarget.com%2F%3Fy%3Dcdd07634%26x%3DktVrDlr%252BQZgiyDAa2CWtTJWZR7mJ%252Fya98O5DH%252BZrC1kk7R5dxzj%252F8hZb1J%252BUQ9K7ZKFIj%252BsfcAkMaUlwAKBB9TrU4pu%252F8UWsqpM9wqUeaXE%252F%252BJX0heuxH%252BKGSlJkpRbQleHDx6whNEqkKAmVk7J56Hl4To%252FWf26wlX1R1bkQHb4%253D&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1626115415729&bpp=4&bdt=193&idt=74&shv=r20210708&ptt=9&saldr=aa&abxe=1&correlator=1826876655041&frm=20&pv=2&ga_vid=2078670877.1626115416&ga_sid=1626115416&ga_hid=1301679109&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=438&ady=9&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44743413%2C182982100&oid=3&pvsid=2283707075996071&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CEe%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=1&uci=a!1&fsb=1&xpc=Lm0pePfyqX&p=https%3A//d2.consoletarget.com&dtd=91

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9be5a61b7fa7ff8f71bc1c0fa08917a483d8f750dac2c337ea8fa077f4c3d004

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/ads?client=ca-pub-9116440445344191&output=html&h=90&slotname=6663260524&adk=2451648850&adf=207028156&pi=t.ma~as.6663260524&w=728&lmt=1626115415&psa=0&format=728x90&url=https%3A%2F%2Fd2.consoletarget.com%2F%3Fy%3Dcdd07634%26x%3DktVrDlr%252BQZgiyDAa2CWtTJWZR7mJ%252Fya98O5DH%252BZrC1kk7R5dxzj%252F8hZb1J%252BUQ9K7ZKFIj%252BsfcAkMaUlwAKBB9TrU4pu%252F8UWsqpM9wqUeaXE%252F%252BJX0heuxH%252BKGSlJkpRbQleHDx6whNEqkKAmVk7J56Hl4To%252FWf26wlX1R1bkQHb4%253D&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1626115415729&bpp=4&bdt=193&idt=74&shv=r20210708&ptt=9&saldr=aa&abxe=1&correlator=1826876655041&frm=20&pv=2&ga_vid=2078670877.1626115416&ga_sid=1626115416&ga_hid=1301679109&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=438&ady=9&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44743413%2C182982100&oid=3&pvsid=2283707075996071&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CEe%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=1&uci=a!1&fsb=1&xpc=Lm0pePfyqX&p=https%3A//d2.consoletarget.com&dtd=91
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://d2.consoletarget.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://d2.consoletarget.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
access-control-expose-headers: x-google-amp-ad-validated-version
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Mon, 12 Jul 2021 18:43:36 GMT
server: cafe
content-length: 13472
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Mon, 12-Jul-2021 18:58:35 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Mon, 12 Jul 2021 18:43:36 GMT
cache-control: private

GET
H2 200 osd.js Show response
www.googletagservices.com/activeview/js/current/ 73 KB
28 KB 35ms
14ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/osd.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ff43600c228c39295ac3c0768717186ef6d68e1358a325b310a757bf53d265b3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://d2.consoletarget.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 12 Jul 2021 18:43:35 GMT
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
server: sffe
etag: "1625830134516437"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
x-content-type-options: nosniff
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 27897
x-xss-protection: 0
expires: Mon, 12 Jul 2021 18:43:35 GMT

GET
H3-29 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 6199 92 KB
32 KB 526ms
524ms Document
text/html 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9116440445344191&output=html&h=250&slotname=7302388926&adk=4210093258&adf=3677441513&pi=t.ma~as.7302388926&w=300&lmt=1626115415&psa=0&format=300x250&url=https%3A%2F%2Fd2.consoletarget.com%2F%3Fy%3Dcdd07634%26x%3DktVrDlr%252BQZgiyDAa2CWtTJWZR7mJ%252Fya98O5DH%252BZrC1kk7R5dxzj%252F8hZb1J%252BUQ9K7ZKFIj%252BsfcAkMaUlwAKBB9TrU4pu%252F8UWsqpM9wqUeaXE%252F%252BJX0heuxH%252BKGSlJkpRbQleHDx6whNEqkKAmVk7J56Hl4To%252FWf26wlX1R1bkQHb4%253D&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1626115415733&bpp=1&bdt=196&idt=93&shv=r20210708&ptt=9&saldr=aa&abxe=1&prev_fmts=728x90&correlator=1826876655041&frm=20&pv=1&ga_vid=2078670877.1626115416&ga_sid=1626115416&ga_hid=1301679109&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=868&ady=104&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44743413%2C182982100&oid=3&pvsid=2283707075996071&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CEe%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=2&uci=a!2&fsb=1&xpc=WxfcyZqmvt&p=https%3A//d2.consoletarget.com&dtd=97

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e420b0cb6a004f43c168c8c7f29bfe3ed45e7068dc698dfd83765a85a378f182

Security Headers

Name	Value
Content-Security-Policy	child-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/16215012808405873833/index.html;frame-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/16215012808405873833/index.html;report-uri https://pagead2.googlesyndication.com/pagead/gen_csp?id=adbundle&qqi=CPaG5_2X3vECFYuJOAodD90AYw&gqi=V43sYIuxM4-QgQeQxqzoDA&layout=/sadbundle/%24csp%253Der3%24/16215012808405873833/index.html
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/ads?client=ca-pub-9116440445344191&output=html&h=250&slotname=7302388926&adk=4210093258&adf=3677441513&pi=t.ma~as.7302388926&w=300&lmt=1626115415&psa=0&format=300x250&url=https%3A%2F%2Fd2.consoletarget.com%2F%3Fy%3Dcdd07634%26x%3DktVrDlr%252BQZgiyDAa2CWtTJWZR7mJ%252Fya98O5DH%252BZrC1kk7R5dxzj%252F8hZb1J%252BUQ9K7ZKFIj%252BsfcAkMaUlwAKBB9TrU4pu%252F8UWsqpM9wqUeaXE%252F%252BJX0heuxH%252BKGSlJkpRbQleHDx6whNEqkKAmVk7J56Hl4To%252FWf26wlX1R1bkQHb4%253D&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1626115415733&bpp=1&bdt=196&idt=93&shv=r20210708&ptt=9&saldr=aa&abxe=1&prev_fmts=728x90&correlator=1826876655041&frm=20&pv=1&ga_vid=2078670877.1626115416&ga_sid=1626115416&ga_hid=1301679109&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=868&ady=104&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44743413%2C182982100&oid=3&pvsid=2283707075996071&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CEe%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=2&uci=a!2&fsb=1&xpc=WxfcyZqmvt&p=https%3A//d2.consoletarget.com&dtd=97
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://d2.consoletarget.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://d2.consoletarget.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-security-policy: child-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/16215012808405873833/index.html;frame-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/16215012808405873833/index.html;report-uri https://pagead2.googlesyndication.com/pagead/gen_csp?id=adbundle&qqi=CPaG5_2X3vECFYuJOAodD90AYw&gqi=V43sYIuxM4-QgQeQxqzoDA&layout=/sadbundle/%24csp%253Der3%24/16215012808405873833/index.html
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Mon, 12 Jul 2021 18:43:36 GMT
server: cafe
content-length: 32741
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Mon, 12-Jul-2021 18:58:35 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Mon, 12 Jul 2021 18:43:36 GMT
cache-control: private

GET
H3-29 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 5B06 92 KB
32 KB 322ms
322ms Document
text/html 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9116440445344191&output=html&h=60&slotname=8779122127&adk=4048629624&adf=4055959512&pi=t.ma~as.8779122127&w=468&lmt=1626115415&psa=0&format=468x60&url=https%3A%2F%2Fd2.consoletarget.com%2F%3Fy%3Dcdd07634%26x%3DktVrDlr%252BQZgiyDAa2CWtTJWZR7mJ%252Fya98O5DH%252BZrC1kk7R5dxzj%252F8hZb1J%252BUQ9K7ZKFIj%252BsfcAkMaUlwAKBB9TrU4pu%252F8UWsqpM9wqUeaXE%252F%252BJX0heuxH%252BKGSlJkpRbQleHDx6whNEqkKAmVk7J56Hl4To%252FWf26wlX1R1bkQHb4%253D&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1626115415734&bpp=1&bdt=198&idt=98&shv=r20210708&ptt=9&saldr=aa&abxe=1&prev_fmts=728x90%2C300x250&correlator=1826876655041&frm=20&pv=1&ga_vid=2078670877.1626115416&ga_sid=1626115416&ga_hid=1301679109&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=566&ady=411&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44743413%2C182982100&oid=3&pvsid=2283707075996071&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=3&uci=a!3&fsb=1&xpc=9IquOhmBS9&p=https%3A//d2.consoletarget.com&dtd=102

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d3eb8dee7dcc695df464819e6276c1b2a99dc0884ddb53ed4c75d3b3aca25f7b

Security Headers

Name	Value
Content-Security-Policy	child-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/13659245714350776565/index.html;frame-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/13659245714350776565/index.html;report-uri https://pagead2.googlesyndication.com/pagead/gen_csp?id=adbundle&qqi=CI6Y5_2X3vECFUqM3god_coLzw&gqi=V43sYOXSM8icgAeAmIToBg&layout=/sadbundle/%24csp%253Der3%24/13659245714350776565/index.html
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/ads?client=ca-pub-9116440445344191&output=html&h=60&slotname=8779122127&adk=4048629624&adf=4055959512&pi=t.ma~as.8779122127&w=468&lmt=1626115415&psa=0&format=468x60&url=https%3A%2F%2Fd2.consoletarget.com%2F%3Fy%3Dcdd07634%26x%3DktVrDlr%252BQZgiyDAa2CWtTJWZR7mJ%252Fya98O5DH%252BZrC1kk7R5dxzj%252F8hZb1J%252BUQ9K7ZKFIj%252BsfcAkMaUlwAKBB9TrU4pu%252F8UWsqpM9wqUeaXE%252F%252BJX0heuxH%252BKGSlJkpRbQleHDx6whNEqkKAmVk7J56Hl4To%252FWf26wlX1R1bkQHb4%253D&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1626115415734&bpp=1&bdt=198&idt=98&shv=r20210708&ptt=9&saldr=aa&abxe=1&prev_fmts=728x90%2C300x250&correlator=1826876655041&frm=20&pv=1&ga_vid=2078670877.1626115416&ga_sid=1626115416&ga_hid=1301679109&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=566&ady=411&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44743413%2C182982100&oid=3&pvsid=2283707075996071&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=3&uci=a!3&fsb=1&xpc=9IquOhmBS9&p=https%3A//d2.consoletarget.com&dtd=102
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://d2.consoletarget.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://d2.consoletarget.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-security-policy: child-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/13659245714350776565/index.html;frame-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/13659245714350776565/index.html;report-uri https://pagead2.googlesyndication.com/pagead/gen_csp?id=adbundle&qqi=CI6Y5_2X3vECFUqM3god_coLzw&gqi=V43sYOXSM8icgAeAmIToBg&layout=/sadbundle/%24csp%253Der3%24/13659245714350776565/index.html
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Mon, 12 Jul 2021 18:43:36 GMT
server: cafe
content-length: 32769
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Mon, 12-Jul-2021 18:58:35 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Mon, 12 Jul 2021 18:43:36 GMT
cache-control: private

GET
H3-29 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 5B5F 0
19 B 17ms
17ms Document
text/html 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9116440445344191&output=html&adk=1812271804&adf=3025194257&lmt=1626115415&plat=1%3A32776%2C2%3A32776%2C8%3A134217728%2C9%3A134250504%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&format=0x0&url=https%3A%2F%2Fd2.consoletarget.com%2F%3Fy%3Dcdd07634%26x%3DktVrDlr%252BQZgiyDAa2CWtTJWZR7mJ%252Fya98O5DH%252BZrC1kk7R5dxzj%252F8hZb1J%252BUQ9K7ZKFIj%252BsfcAkMaUlwAKBB9TrU4pu%252F8UWsqpM9wqUeaXE%252F%252BJX0heuxH%252BKGSlJkpRbQleHDx6whNEqkKAmVk7J56Hl4To%252FWf26wlX1R1bkQHb4%253D&ea=0&flash=0&pra=7&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1626115415742&bpp=1&bdt=206&idt=96&shv=r20210708&ptt=9&saldr=aa&abxe=1&prev_fmts=728x90%2C300x250%2C468x60&nras=1&correlator=1826876655041&frm=20&pv=1&ga_vid=2078670877.1626115416&ga_sid=1626115416&ga_hid=1301679109&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44743413%2C182982100&oid=3&pvsid=2283707075996071&eae=2&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=4&uci=a!4&fsb=1&dtd=99

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/ads?client=ca-pub-9116440445344191&output=html&adk=1812271804&adf=3025194257&lmt=1626115415&plat=1%3A32776%2C2%3A32776%2C8%3A134217728%2C9%3A134250504%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&format=0x0&url=https%3A%2F%2Fd2.consoletarget.com%2F%3Fy%3Dcdd07634%26x%3DktVrDlr%252BQZgiyDAa2CWtTJWZR7mJ%252Fya98O5DH%252BZrC1kk7R5dxzj%252F8hZb1J%252BUQ9K7ZKFIj%252BsfcAkMaUlwAKBB9TrU4pu%252F8UWsqpM9wqUeaXE%252F%252BJX0heuxH%252BKGSlJkpRbQleHDx6whNEqkKAmVk7J56Hl4To%252FWf26wlX1R1bkQHb4%253D&ea=0&flash=0&pra=7&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1626115415742&bpp=1&bdt=206&idt=96&shv=r20210708&ptt=9&saldr=aa&abxe=1&prev_fmts=728x90%2C300x250%2C468x60&nras=1&correlator=1826876655041&frm=20&pv=1&ga_vid=2078670877.1626115416&ga_sid=1626115416&ga_hid=1301679109&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44743413%2C182982100&oid=3&pvsid=2283707075996071&eae=2&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=4&uci=a!4&fsb=1&dtd=99
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://d2.consoletarget.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://d2.consoletarget.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Mon, 12 Jul 2021 18:43:35 GMT
server: cafe
content-length: 0
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Mon, 12-Jul-2021 18:58:35 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Mon, 12 Jul 2021 18:43:35 GMT
cache-control: private

GET
H3-29 206 f0431_1.mp4
d2.consoletarget.com/i/tc/pm/ 36 KB
0 99ms
99ms Media
video/mp4 172.67.148.24
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://d2.consoletarget.com/i/tc/pm/f0431_1.mp4
Requested by: Host: d2.consoletarget.com
URL: https://d2.consoletarget.com/?y=cdd07634&x=ktVrDlr%2BQZgiyDAa2CWtTJWZR7mJ%2Fya98O5DH%2BZrC1kk7R5dxzj%2F8hZb1J%2BUQ9K7ZKFIj%2BsfcAkMaUlwAKBB9TrU4pu%2F8UWsqpM9wqUeaXE%2F%2BJX0heuxH%2BKGSlJkpRbQleHDx6whNEqkKAmVk7J56Hl4To%2FWf26wlX1R1bkQHb4%3D
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 172.67.148.24 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

sec-fetch-mode: cors
accept-encoding: identity;q=1, *;q=0
accept-language: en-US
sec-fetch-dest: video
cookie: PHPSESSID=1skf2hvve3tdohaqeqajjnfs70; __gads=ID=c34851acc0f2e086-227956f27ac80013:T=1626115415:RT=1626115415:S=ALNI_MbwebX54Gv1EZklbOqW6pHdElQh3Q
:path: /i/tc/pm/f0431_1.mp4
pragma: no-cache
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: */*
cache-control: no-cache
:authority: d2.consoletarget.com
referer: https://d2.consoletarget.com/?y=cdd07634&x=ktVrDlr%2BQZgiyDAa2CWtTJWZR7mJ%2Fya98O5DH%2BZrC1kk7R5dxzj%2F8hZb1J%2BUQ9K7ZKFIj%2BsfcAkMaUlwAKBB9TrU4pu%2F8UWsqpM9wqUeaXE%2F%2BJX0heuxH%2BKGSlJkpRbQleHDx6whNEqkKAmVk7J56Hl4To%2FWf26wlX1R1bkQHb4%3D
:scheme: https
sec-fetch-site: same-origin
range: bytes=0-
:method: GET
Referer: https://d2.consoletarget.com/?y=cdd07634&x=ktVrDlr%2BQZgiyDAa2CWtTJWZR7mJ%2Fya98O5DH%2BZrC1kk7R5dxzj%2F8hZb1J%2BUQ9K7ZKFIj%2BsfcAkMaUlwAKBB9TrU4pu%2F8UWsqpM9wqUeaXE%2F%2BJX0heuxH%2BKGSlJkpRbQleHDx6whNEqkKAmVk7J56Hl4To%2FWf26wlX1R1bkQHb4%3D
Accept-Encoding: identity;q=1, *;q=0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Range: bytes=0-

Response headers

date: Mon, 12 Jul 2021 18:43:36 GMT
cf-cache-status: DYNAMIC
nel: {"report_to":"cf-nel","max_age":604800}
Content-Range: bytes 0-554220/554221
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
Content-Length: 554221
last-modified: Fri, 15 Mar 2019 13:24:53 GMT
server: cloudflare
etag: "874ed-58421f6d998e8"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=C8vMPcrDTV4ToW61POmTijzKmFRRsT9IL1LoDyJAjGFbEFmHZ%2FGbE0BO5BmY7tFVVEqtnjjbZAyhLpQXXcPPmsQvkYPXhFWySoekJZEideeuHQc4POW%2FFGXNwmZD3GKEcX8%3D"}],"group":"cf-nel","max_age":604800}
content-type: video/mp4
cache-control: max-age=0
accept-ranges: bytes
cf-ray: 66dc6b064f3e0b53-AMS
expires: Mon, 12 Jul 2021 18:43:36 GMT

GET
H2 200 abg_lite_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210708/r20110914/ Frame 5B06 17 KB
7 KB 28ms
7ms Script
text/javascript 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210708/r20110914/abg_lite_fy2019.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9116440445344191&output=html&h=60&slotname=8779122127&adk=4048629624&adf=4055959512&pi=t.ma~as.8779122127&w=468&lmt=1626115415&psa=0&format=468x60&url=https%3A%2F%2Fd2.consoletarget.com%2F%3Fy%3Dcdd07634%26x%3DktVrDlr%252BQZgiyDAa2CWtTJWZR7mJ%252Fya98O5DH%252BZrC1kk7R5dxzj%252F8hZb1J%252BUQ9K7ZKFIj%252BsfcAkMaUlwAKBB9TrU4pu%252F8UWsqpM9wqUeaXE%252F%252BJX0heuxH%252BKGSlJkpRbQleHDx6whNEqkKAmVk7J56Hl4To%252FWf26wlX1R1bkQHb4%253D&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1626115415734&bpp=1&bdt=198&idt=98&shv=r20210708&ptt=9&saldr=aa&abxe=1&prev_fmts=728x90%2C300x250&correlator=1826876655041&frm=20&pv=1&ga_vid=2078670877.1626115416&ga_sid=1626115416&ga_hid=1301679109&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=566&ady=411&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44743413%2C182982100&oid=3&pvsid=2283707075996071&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=3&uci=a!3&fsb=1&xpc=9IquOhmBS9&p=https%3A//d2.consoletarget.com&dtd=102

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ed045b94f4874ac13890f9c4370e2b14b30c2a12a79d22e52d20872440b60ede

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 12 Jul 2021 18:40:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 190
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7114
x-xss-protection: 0
server: cafe
etag: 15784850791818150134
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 26 Jul 2021 18:40:26 GMT

GET
H2 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210708/r20110914/client/ Frame 5B06 3 KB
1 KB 33ms
12ms Script
text/javascript 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210708/r20110914/client/window_focus_fy2019.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d1c009c83f73450bedc9ef5decc272e84e1acf87fd721112bd6b6fa270e44caa

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 12 Jul 2021 18:43:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1385
x-xss-protection: 0
server: cafe
etag: 10711834930267210186
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 26 Jul 2021 18:43:35 GMT

GET
H3-29 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 5B06 123 KB
37 KB 27ms
13ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0dfc6963fb114588887432268114a1bb0a5e4692eaeafc9e755c7d4ad92546e2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 12 Jul 2021 18:43:36 GMT
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
server: sffe
etag: "1625830140585725"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
x-content-type-options: nosniff
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37948
x-xss-protection: 0
expires: Mon, 12 Jul 2021 18:43:36 GMT

GET
H2 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210708/r20110914/client/ Frame 5B06 14 KB
6 KB 31ms
10ms Script
text/javascript 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210708/r20110914/client/qs_click_protection_fy2019.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7e5e8d7a52cffab98c6c3957e1c30af475c697d4d50ba91aeab0b11eea32a166

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 12 Jul 2021 18:43:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 3
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6198
x-xss-protection: 0
server: cafe
etag: 11976405653130873325
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 26 Jul 2021 18:43:33 GMT

GET
H2 200 index.html Show response
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/13659245714350776565/ Frame 56E5 15 KB
5 KB 21ms
8ms Document
text/html 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/13659245714350776565/index.html

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9aacffae789edc1230cd8aa312a2c9c976905c6629df6d04225469cfc424e0d0

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sadbundle/$csp%3Der3$/13659245714350776565/index.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://googleads.g.doubleclick.net/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://googleads.g.doubleclick.net/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-type: text/html
access-control-allow-origin: *
content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 3762
date: Tue, 06 Jul 2021 09:48:30 GMT
expires: Wed, 06 Jul 2022 09:48:30 GMT
last-modified: Thu, 21 Jan 2021 14:16:16 GMT
x-content-type-options: nosniff
x-dns-prefetch-control: off
content-encoding: gzip
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 550506
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 adview
googleads.g.doubleclick.net/pagead/ Frame 5B06 0
0 42ms
42ms Fetch
text/html 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=C0xRfV43sYM6QNMqY-gb9la_4DL3hwJFirZGroYgN5-LEjo4iEAEg9YWtCGCVAqAB0uTXkgLIAQmpAizdo8QR6LM-qAMByANIqgSUA0_QRSWYA8XcD5HMXK-cj26qTPHTYO1e-HKF-hsi9qMEz2sfLmYfSUAgLI887zI0TBQp69LsMPwKt3Qpw-2IPfkGniWfceIDNQrXKeyfc2QvESN_OKLHMieZtT5n83dh3sutWhat_rDOEo5hA8sn1i0QS0cimYpgwXOobMIpk6iTI66drglF35Z7DHJSKc9q0o18GQ_X0j4ZetomnTzLndYE6ZnBLVti9Ad9b5p1kpSKDgJOseeCyJdQt-L84iao9kbgt1XDoSKC6wfH3SQlCyX9OqVDa7_vq_XmjYtU0p34HiU28bzorb8u2AThIWOCx8Uo1QGErvR2RU1G7AMfDr9HHPhTZHzTV7iVXS8a211NMxxnWjw4iM9BEbMGfxs9t7bbJ2WEVvip-AeMGedR2U4JcCayBj4G0dRHy6EUcJhPLUWx0RLTzKao7-CpiGnDAp0gnRH15Vod073lAH_i5gn_ZNChWtU7r1u9xh3PcSiCcYjg9hr79NqnJVNnn0LniKBQxsVYxbyZ5QJLcU5Lq-DhXxhJwATPuPnGwwOSBQQIBBgBkgUECAUYBJIFBAgFGBiSBQUIBRioAaAGLoAHlpuo7QGoB9XJG6gH8NkbqAfy2RuoB47OG6gHk9gbqAe6BqgH7paxAqgHpr4bqAfs1RvYBwDyBwQQlP4B0ggJCIDhgBAQARgfgAoByAsB2BMN0BUBgBcBshcaChgIABIUcHViLTkxMTY0NDA0NDUzNDQxOTE&sigh=lRtI7Keyfeg&template_id=419

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9116440445344191&output=html&h=60&slotname=8779122127&adk=4048629624&adf=4055959512&pi=t.ma~as.8779122127&w=468&lmt=1626115415&psa=0&format=468x60&url=https%3A%2F%2Fd2.consoletarget.com%2F%3Fy%3Dcdd07634%26x%3DktVrDlr%252BQZgiyDAa2CWtTJWZR7mJ%252Fya98O5DH%252BZrC1kk7R5dxzj%252F8hZb1J%252BUQ9K7ZKFIj%252BsfcAkMaUlwAKBB9TrU4pu%252F8UWsqpM9wqUeaXE%252F%252BJX0heuxH%252BKGSlJkpRbQleHDx6whNEqkKAmVk7J56Hl4To%252FWf26wlX1R1bkQHb4%253D&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1626115415734&bpp=1&bdt=198&idt=98&shv=r20210708&ptt=9&saldr=aa&abxe=1&prev_fmts=728x90%2C300x250&correlator=1826876655041&frm=20&pv=1&ga_vid=2078670877.1626115416&ga_sid=1626115416&ga_hid=1301679109&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=566&ady=411&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44743413%2C182982100&oid=3&pvsid=2283707075996071&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=3&uci=a!3&fsb=1&xpc=9IquOhmBS9&p=https%3A//d2.consoletarget.com&dtd=102
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
date: Mon, 12 Jul 2021 18:43:36 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Mon, 12 Jul 2021 18:43:36 GMT

GET
H3-29 206 f0431_1.mp4
d2.consoletarget.com/i/tc/pm/ 29 KB
30 KB 101ms
100ms Media
video/mp4 172.67.148.24
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://d2.consoletarget.com/i/tc/pm/f0431_1.mp4
Requested by: Host: d2.consoletarget.com
URL: https://d2.consoletarget.com/?y=cdd07634&x=ktVrDlr%2BQZgiyDAa2CWtTJWZR7mJ%2Fya98O5DH%2BZrC1kk7R5dxzj%2F8hZb1J%2BUQ9K7ZKFIj%2BsfcAkMaUlwAKBB9TrU4pu%2F8UWsqpM9wqUeaXE%2F%2BJX0heuxH%2BKGSlJkpRbQleHDx6whNEqkKAmVk7J56Hl4To%2FWf26wlX1R1bkQHb4%3D
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 172.67.148.24 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 565723bb2491c70903a0415d4b4284e5cb6ae4b14a93d9f8ec3c5bf56c928c41

Request headers

sec-fetch-mode: cors
accept-encoding: identity;q=1, *;q=0
accept-language: en-US
sec-fetch-dest: video
cookie: PHPSESSID=1skf2hvve3tdohaqeqajjnfs70; __gads=ID=c34851acc0f2e086-227956f27ac80013:T=1626115415:RT=1626115415:S=ALNI_MbwebX54Gv1EZklbOqW6pHdElQh3Q
:path: /i/tc/pm/f0431_1.mp4
pragma: no-cache
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: */*
cache-control: no-cache
:authority: d2.consoletarget.com
referer: https://d2.consoletarget.com/?y=cdd07634&x=ktVrDlr%2BQZgiyDAa2CWtTJWZR7mJ%2Fya98O5DH%2BZrC1kk7R5dxzj%2F8hZb1J%2BUQ9K7ZKFIj%2BsfcAkMaUlwAKBB9TrU4pu%2F8UWsqpM9wqUeaXE%2F%2BJX0heuxH%2BKGSlJkpRbQleHDx6whNEqkKAmVk7J56Hl4To%2FWf26wlX1R1bkQHb4%3D
:scheme: https
sec-fetch-site: same-origin
range: bytes=524288-
:method: GET
Referer: https://d2.consoletarget.com/?y=cdd07634&x=ktVrDlr%2BQZgiyDAa2CWtTJWZR7mJ%2Fya98O5DH%2BZrC1kk7R5dxzj%2F8hZb1J%2BUQ9K7ZKFIj%2BsfcAkMaUlwAKBB9TrU4pu%2F8UWsqpM9wqUeaXE%2F%2BJX0heuxH%2BKGSlJkpRbQleHDx6whNEqkKAmVk7J56Hl4To%2FWf26wlX1R1bkQHb4%3D
Accept-Encoding: identity;q=1, *;q=0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Range: bytes=524288-

Response headers

date: Mon, 12 Jul 2021 18:43:36 GMT
cf-cache-status: DYNAMIC
nel: {"report_to":"cf-nel","max_age":604800}
Content-Range: bytes 524288-554220/554221
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
Content-Length: 29933
last-modified: Fri, 15 Mar 2019 13:24:53 GMT
server: cloudflare
etag: "874ed-58421f6d998e8"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=VSGLempfSQVplB4FpDwwrPvg78juSEykmwF4%2B72Sdds%2FhtB7AHyTFuw4eUe2JGuaU9rQd0tGG678nI3%2FYkObmHEYIbUy1o3gYpguwQJNs%2FT6KHXeCEylUM6kvlWL%2FsPWRQA%3D"}],"group":"cf-nel","max_age":604800}
content-type: video/mp4
cache-control: max-age=0
accept-ranges: bytes
cf-ray: 66dc6b0738500b53-AMS
expires: Mon, 12 Jul 2021 18:43:36 GMT

GET
H3-29 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame D0D8 143 B
163 B 6ms
6ms Document
text/html 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

safe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/drt/s?v=r20120211
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-origin
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9116440445344191&output=html&h=60&slotname=8779122127&adk=4048629624&adf=4055959512&pi=t.ma~as.8779122127&w=468&lmt=1626115415&psa=0&format=468x60&url=https%3A%2F%2Fd2.consoletarget.com%2F%3Fy%3Dcdd07634%26x%3DktVrDlr%252BQZgiyDAa2CWtTJWZR7mJ%252Fya98O5DH%252BZrC1kk7R5dxzj%252F8hZb1J%252BUQ9K7ZKFIj%252BsfcAkMaUlwAKBB9TrU4pu%252F8UWsqpM9wqUeaXE%252F%252BJX0heuxH%252BKGSlJkpRbQleHDx6whNEqkKAmVk7J56Hl4To%252FWf26wlX1R1bkQHb4%253D&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1626115415734&bpp=1&bdt=198&idt=98&shv=r20210708&ptt=9&saldr=aa&abxe=1&prev_fmts=728x90%2C300x250&correlator=1826876655041&frm=20&pv=1&ga_vid=2078670877.1626115416&ga_sid=1626115416&ga_hid=1301679109&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=566&ady=411&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44743413%2C182982100&oid=3&pvsid=2283707075996071&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=3&uci=a!3&fsb=1&xpc=9IquOhmBS9&p=https%3A//d2.consoletarget.com&dtd=102
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: test_cookie=CheckForPermission
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9116440445344191&output=html&h=60&slotname=8779122127&adk=4048629624&adf=4055959512&pi=t.ma~as.8779122127&w=468&lmt=1626115415&psa=0&format=468x60&url=https%3A%2F%2Fd2.consoletarget.com%2F%3Fy%3Dcdd07634%26x%3DktVrDlr%252BQZgiyDAa2CWtTJWZR7mJ%252Fya98O5DH%252BZrC1kk7R5dxzj%252F8hZb1J%252BUQ9K7ZKFIj%252BsfcAkMaUlwAKBB9TrU4pu%252F8UWsqpM9wqUeaXE%252F%252BJX0heuxH%252BKGSlJkpRbQleHDx6whNEqkKAmVk7J56Hl4To%252FWf26wlX1R1bkQHb4%253D&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1626115415734&bpp=1&bdt=198&idt=98&shv=r20210708&ptt=9&saldr=aa&abxe=1&prev_fmts=728x90%2C300x250&correlator=1826876655041&frm=20&pv=1&ga_vid=2078670877.1626115416&ga_sid=1626115416&ga_hid=1301679109&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=566&ady=411&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44743413%2C182982100&oid=3&pvsid=2283707075996071&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=3&uci=a!3&fsb=1&xpc=9IquOhmBS9&p=https%3A//d2.consoletarget.com&dtd=102

Response headers

content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
date: Mon, 12 Jul 2021 18:16:24 GMT
server: safe
content-length: 145
x-xss-protection: 0
cache-control: public, max-age=3600
age: 1632
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
DATA 200
OK truncated
/ Frame 5B06 217 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 72251fc8fc87b6900f8c81e8b8024af89a8c020f83a660620edea545cb320b55

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H3-29 200 exitapi-impl.js Show response
tpc.googlesyndication.com/pagead/gadgets/html5/api/ Frame 56E5 9 KB
3 KB 23ms
7ms Script
text/javascript 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/gadgets/html5/api/exitapi-impl.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/13659245714350776565/index.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d661244532ddce6a92fb96fde511e23ea4de69ff2e41a5bffb884caa71166e01

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 11 Jul 2021 23:05:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 70668
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3271
x-xss-protection: 0
server: cafe
etag: 7483759447172721109
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=86400
timing-allow-origin: *
expires: Mon, 12 Jul 2021 23:05:48 GMT

GET
H3-29 200 addata.js Show response
tpc.googlesyndication.com/pagead/gadgets/html5/ Frame 56E5 26 KB
10 KB 21ms
6ms Script
text/javascript 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/gadgets/html5/addata.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/13659245714350776565/index.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

54a66c4693bfd79901040269ae7d7304508cbd02859797a1780f2bbe72176e23

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 12 Jul 2021 18:31:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 743
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10382
x-xss-protection: 0
server: cafe
etag: 12806417668659483808
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=86400
timing-allow-origin: *
expires: Tue, 13 Jul 2021 18:31:13 GMT

GET
H3-29 200 f9fc0da50439b070fb89f19aa22323c5.js Show response
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/13659245714350776565/ Frame 56E5 69 KB
18 KB 23ms
8ms Script
application/x-javascript 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/13659245714350776565/f9fc0da50439b070fb89f19aa22323c5.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/13659245714350776565/index.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

432b2106c06e364521fa2e262e0dfe4f0279e76e00da0b9521ce26a2c2b35710

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
content-encoding: gzip
x-content-type-options: nosniff
age: 539727
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 18242
x-xss-protection: 0
last-modified: Thu, 21 Jan 2021 14:16:16 GMT
server: sffe
date: Tue, 06 Jul 2021 12:48:09 GMT
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 06 Jul 2022 12:48:09 GMT

GET
H3-29

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame D0D8
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si

0
16 B

39ms
39ms

Document
text/html

2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

safe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/drt/si
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://googleads.g.doubleclick.net/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: IDE=AHWqTUncwQviidLTZPtxlpb3GZfY328v6tKzZXQZw3tx-CxywvKx3e9dPZ0zLiE106E
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Mon, 12 Jul 2021 18:43:36 GMT
server: safe
content-length: 0
x-xss-protection: 0
set-cookie: DSID=NO_DATA; expires=Mon, 12-Jul-2021 19:43:36 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Mon, 12 Jul 2021 18:43:36 GMT
cache-control: private

Redirect headers

location: https://googleads.g.doubleclick.net/pagead/drt/si
cache-control: private
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Mon, 12 Jul 2021 18:43:36 GMT
server: safe
content-length: 246
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 4c67588552dc70d4b3ca868a449d9856.svg
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/13659245714350776565/media/ Frame 56E5 10 KB
2 KB 8ms
7ms Image
image/svg+xml 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/13659245714350776565/media/4c67588552dc70d4b3ca868a449d9856.svg

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/13659245714350776565/index.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

568596ff729d6d745852cde3508e7ee7254812bbbfcb8cccedc81164dae9d99c

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
content-encoding: gzip
x-content-type-options: nosniff
age: 585236
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1988
x-xss-protection: 0
last-modified: Thu, 21 Jan 2021 14:16:16 GMT
server: sffe
date: Tue, 06 Jul 2021 00:09:40 GMT
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 06 Jul 2022 00:09:40 GMT

GET
H3-29 200 728bbfe79397530f88ed93f3cdd37280.svg
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/13659245714350776565/media/ Frame 56E5 995 B
630 B 9ms
9ms Image
image/svg+xml 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/13659245714350776565/media/728bbfe79397530f88ed93f3cdd37280.svg

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/13659245714350776565/index.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d3d28833e9d74c8a2b9c6291c9031508253f6573e9071fcab4e9616e9e989aeb

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
content-encoding: gzip
x-content-type-options: nosniff
age: 554720
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 602
x-xss-protection: 0
last-modified: Thu, 21 Jan 2021 14:16:16 GMT
server: sffe
date: Tue, 06 Jul 2021 08:38:16 GMT
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 06 Jul 2022 08:38:16 GMT

GET
H3-29 200 0635dc1dbf18540298cb9593ccf43d51.png
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/13659245714350776565/media/ Frame 56E5 48 KB
48 KB 11ms
10ms Image
image/png 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/13659245714350776565/media/0635dc1dbf18540298cb9593ccf43d51.png

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/13659245714350776565/index.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

dafd9e905da149b0bddd8a4af6c1e616753e898b521e5236228f977f595bf4d0

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options: nosniff
age: 567935
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 49175
x-xss-protection: 0
last-modified: Thu, 21 Jan 2021 14:16:16 GMT
server: sffe
date: Tue, 06 Jul 2021 04:58:01 GMT
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 06 Jul 2022 04:58:01 GMT

GET
H3-29 200 4ce9893f75a9f19d121e5ecbe8689fc7.png
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/13659245714350776565/media/ Frame 56E5 119 B
145 B 15ms
14ms Image
image/png 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/13659245714350776565/media/4ce9893f75a9f19d121e5ecbe8689fc7.png

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/13659245714350776565/index.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b4c0de90e2221a47e6dafa7801953b2f9a131da8eda30311020e10182d244e87

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options: nosniff
age: 600335
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 119
x-xss-protection: 0
last-modified: Thu, 21 Jan 2021 14:16:16 GMT
server: sffe
date: Mon, 05 Jul 2021 19:58:01 GMT
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 05 Jul 2022 19:58:01 GMT

GET
H3-29 200 72aea2e95013c964c0ebf5f25b27e668.svg
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/13659245714350776565/media/ Frame 56E5 8 KB
2 KB 10ms
9ms Image
image/svg+xml 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/13659245714350776565/media/72aea2e95013c964c0ebf5f25b27e668.svg

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/13659245714350776565/index.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4848c8d9ba59d4efc25bea3bf4c0cbeb573b236ae624dad3d6e444c459d0c13f

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
content-encoding: gzip
x-content-type-options: nosniff
age: 571045
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1783
x-xss-protection: 0
last-modified: Thu, 21 Jan 2021 14:16:16 GMT
server: sffe
date: Tue, 06 Jul 2021 04:06:11 GMT
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 06 Jul 2022 04:06:11 GMT

GET
H3-29 200 4878a3f4f1482514c5e167b9d3a23dd4.svg
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/13659245714350776565/media/ Frame 56E5 4 KB
1 KB 10ms
9ms Image
image/svg+xml 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/13659245714350776565/media/4878a3f4f1482514c5e167b9d3a23dd4.svg

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/13659245714350776565/index.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c15d09678d7f43208eb6618ad9a6a5308207166dddedd9f3592f4af5c0ac79ce

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
content-encoding: gzip
x-content-type-options: nosniff
age: 591696
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1267
x-xss-protection: 0
last-modified: Thu, 21 Jan 2021 14:16:16 GMT
server: sffe
date: Mon, 05 Jul 2021 22:22:00 GMT
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 05 Jul 2022 22:22:00 GMT

GET
H3-29 200 30710e99d951ba3e42eba1e34d3baa37.png
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/13659245714350776565/media/ Frame 56E5 2 KB
2 KB 9ms
8ms Image
image/png 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/13659245714350776565/media/30710e99d951ba3e42eba1e34d3baa37.png

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/13659245714350776565/index.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a76203da9589f28f505d80ad0598ce2093fce9c24e3c615517d8e9eaa5cc150b

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options: nosniff
age: 571045
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2395
x-xss-protection: 0
last-modified: Thu, 21 Jan 2021 14:16:16 GMT
server: sffe
date: Tue, 06 Jul 2021 04:06:11 GMT
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 06 Jul 2022 04:06:11 GMT

GET
H3-29 200 157fb7fa16af8777e1fe2396d108e35d.png
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/13659245714350776565/media/ Frame 56E5 3 KB
3 KB 14ms
13ms Image
image/png 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/13659245714350776565/media/157fb7fa16af8777e1fe2396d108e35d.png

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/13659245714350776565/index.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e5fd0f16250556b63841b0945f6f37104eac8a403e95cfa57915f64aa7201ba4

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options: nosniff
age: 564874
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2786
x-xss-protection: 0
last-modified: Thu, 21 Jan 2021 14:16:16 GMT
server: sffe
date: Tue, 06 Jul 2021 05:49:02 GMT
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 06 Jul 2022 05:49:02 GMT

GET
H3-29 200 0ca6aeec935f6bf0c23dd1a01acda156.png
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/13659245714350776565/media/ Frame 56E5 3 KB
3 KB 13ms
13ms Image
image/png 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/13659245714350776565/media/0ca6aeec935f6bf0c23dd1a01acda156.png

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/13659245714350776565/index.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a086a993c1c5a71e90ad33b752fe975866822a8d2db7bad23b4684d10e94651a

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options: nosniff
age: 593119
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2892
x-xss-protection: 0
last-modified: Thu, 21 Jan 2021 14:16:16 GMT
server: sffe
date: Mon, 05 Jul 2021 21:58:17 GMT
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 05 Jul 2022 21:58:17 GMT

GET
H3-29 200 s-OE46cnkXGFQoo4r8zhnqxzG88VmeLG6mk72mZMPyg.js Show response
pagead2.googlesyndication.com/bg/ Frame 56E5 35 KB
13 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/s-OE46cnkXGFQoo4r8zhnqxzG88VmeLG6mk72mZMPyg.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/pagead/gadgets/html5/addata.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b3e384e3a727917185428a38afcce19eac731bcf1599e2c6ea693bda664c3f28

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 08 Jul 2021 16:05:51 GMT
content-encoding: br
x-content-type-options: nosniff
age: 355065
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13247
x-xss-protection: 0
last-modified: Tue, 06 Jul 2021 09:28:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 08 Jul 2022 16:05:51 GMT

GET
H3-29 206 f0431_1.mp4
d2.consoletarget.com/i/tc/pm/ 489 KB
0 98ms
98ms Media
video/mp4 172.67.148.24
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://d2.consoletarget.com/i/tc/pm/f0431_1.mp4
Requested by: Host: d2.consoletarget.com
URL: https://d2.consoletarget.com/?y=cdd07634&x=ktVrDlr%2BQZgiyDAa2CWtTJWZR7mJ%2Fya98O5DH%2BZrC1kk7R5dxzj%2F8hZb1J%2BUQ9K7ZKFIj%2BsfcAkMaUlwAKBB9TrU4pu%2F8UWsqpM9wqUeaXE%2F%2BJX0heuxH%2BKGSlJkpRbQleHDx6whNEqkKAmVk7J56Hl4To%2FWf26wlX1R1bkQHb4%3D
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 172.67.148.24 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

sec-fetch-mode: cors
accept-encoding: identity;q=1, *;q=0
accept-language: en-US
sec-fetch-dest: video
cookie: PHPSESSID=1skf2hvve3tdohaqeqajjnfs70; __gads=ID=c34851acc0f2e086-227956f27ac80013:T=1626115415:RT=1626115415:S=ALNI_MbwebX54Gv1EZklbOqW6pHdElQh3Q
:path: /i/tc/pm/f0431_1.mp4
pragma: no-cache
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: */*
cache-control: no-cache
:authority: d2.consoletarget.com
referer: https://d2.consoletarget.com/?y=cdd07634&x=ktVrDlr%2BQZgiyDAa2CWtTJWZR7mJ%2Fya98O5DH%2BZrC1kk7R5dxzj%2F8hZb1J%2BUQ9K7ZKFIj%2BsfcAkMaUlwAKBB9TrU4pu%2F8UWsqpM9wqUeaXE%2F%2BJX0heuxH%2BKGSlJkpRbQleHDx6whNEqkKAmVk7J56Hl4To%2FWf26wlX1R1bkQHb4%3D
:scheme: https
sec-fetch-site: same-origin
range: bytes=32768-
:method: GET
Referer: https://d2.consoletarget.com/?y=cdd07634&x=ktVrDlr%2BQZgiyDAa2CWtTJWZR7mJ%2Fya98O5DH%2BZrC1kk7R5dxzj%2F8hZb1J%2BUQ9K7ZKFIj%2BsfcAkMaUlwAKBB9TrU4pu%2F8UWsqpM9wqUeaXE%2F%2BJX0heuxH%2BKGSlJkpRbQleHDx6whNEqkKAmVk7J56Hl4To%2FWf26wlX1R1bkQHb4%3D
Accept-Encoding: identity;q=1, *;q=0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Range: bytes=32768-

Response headers

date: Mon, 12 Jul 2021 18:43:36 GMT
cf-cache-status: DYNAMIC
nel: {"report_to":"cf-nel","max_age":604800}
Content-Range: bytes 32768-554220/554221
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
Content-Length: 521453
last-modified: Fri, 15 Mar 2019 13:24:53 GMT
server: cloudflare
etag: "874ed-58421f6d998e8"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=Vx43am%2FOZbJK8WwJ0YJRHHZa7uoSddOznxd2biTmOHZyGe%2Bjitq201ATwThIlFVpWd3UyYSpAVov08bFg%2FHi5kI9Okbu4V4dMePzqKV45Rdscg1C59Ee501p8LDUawFzwak%3D"}],"group":"cf-nel","max_age":604800}
content-type: video/mp4
cache-control: max-age=0
accept-ranges: bytes
cf-ray: 66dc6b0819730b53-AMS
expires: Mon, 12 Jul 2021 18:43:36 GMT

GET
H3-29 200 abg_lite_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210708/r20110914/ Frame 6199 17 KB
7 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210708/r20110914/abg_lite_fy2019.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9116440445344191&output=html&h=250&slotname=7302388926&adk=4210093258&adf=3677441513&pi=t.ma~as.7302388926&w=300&lmt=1626115415&psa=0&format=300x250&url=https%3A%2F%2Fd2.consoletarget.com%2F%3Fy%3Dcdd07634%26x%3DktVrDlr%252BQZgiyDAa2CWtTJWZR7mJ%252Fya98O5DH%252BZrC1kk7R5dxzj%252F8hZb1J%252BUQ9K7ZKFIj%252BsfcAkMaUlwAKBB9TrU4pu%252F8UWsqpM9wqUeaXE%252F%252BJX0heuxH%252BKGSlJkpRbQleHDx6whNEqkKAmVk7J56Hl4To%252FWf26wlX1R1bkQHb4%253D&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1626115415733&bpp=1&bdt=196&idt=93&shv=r20210708&ptt=9&saldr=aa&abxe=1&prev_fmts=728x90&correlator=1826876655041&frm=20&pv=1&ga_vid=2078670877.1626115416&ga_sid=1626115416&ga_hid=1301679109&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=868&ady=104&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44743413%2C182982100&oid=3&pvsid=2283707075996071&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CEe%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=2&uci=a!2&fsb=1&xpc=WxfcyZqmvt&p=https%3A//d2.consoletarget.com&dtd=97

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ed045b94f4874ac13890f9c4370e2b14b30c2a12a79d22e52d20872440b60ede

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 12 Jul 2021 18:40:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 190
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7114
x-xss-protection: 0
server: cafe
etag: 15784850791818150134
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 26 Jul 2021 18:40:26 GMT

GET
H3-29 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210708/r20110914/client/ Frame 6199 3 KB
1 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210708/r20110914/client/window_focus_fy2019.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d1c009c83f73450bedc9ef5decc272e84e1acf87fd721112bd6b6fa270e44caa

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 12 Jul 2021 18:43:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1385
x-xss-protection: 0
server: cafe
etag: 10711834930267210186
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 26 Jul 2021 18:43:35 GMT

GET
H3-29 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 6199 123 KB
37 KB 15ms
14ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0dfc6963fb114588887432268114a1bb0a5e4692eaeafc9e755c7d4ad92546e2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 12 Jul 2021 18:43:36 GMT
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
server: sffe
etag: "1625830140585725"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
x-content-type-options: nosniff
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37948
x-xss-protection: 0
expires: Mon, 12 Jul 2021 18:43:36 GMT

GET
H3-29 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210708/r20110914/client/ Frame 6199 14 KB
6 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210708/r20110914/client/qs_click_protection_fy2019.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7e5e8d7a52cffab98c6c3957e1c30af475c697d4d50ba91aeab0b11eea32a166

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 12 Jul 2021 18:43:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 3
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6198
x-xss-protection: 0
server: cafe
etag: 11976405653130873325
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 26 Jul 2021 18:43:33 GMT

GET
H3-29 200 index.html Show response
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/16215012808405873833/ Frame A303 2 KB
815 B 7ms
6ms Document
text/html 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/16215012808405873833/index.html

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1ef5da18f8b87352f7274273f3a801336d73b18dd24bff1a4633fabe73bcb363

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sadbundle/$csp%3Der3$/16215012808405873833/index.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://googleads.g.doubleclick.net/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://googleads.g.doubleclick.net/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-type: text/html
access-control-allow-origin: *
content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 782
date: Tue, 06 Jul 2021 05:26:08 GMT
expires: Wed, 06 Jul 2022 05:26:08 GMT
last-modified: Mon, 15 Mar 2021 09:48:27 GMT
x-content-type-options: nosniff
x-dns-prefetch-control: off
content-encoding: gzip
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 566248
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 adview
googleads.g.doubleclick.net/pagead/ Frame 6199 0
0 42ms
42ms Fetch
text/html 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=Clv9HV43sYLb_M4uT4gGPuoOYBs2m_bxjnZzyyKcN-p3coNQBEAEg9YWtCGCVAqABrp7MuwLIAQmpAiuucJbP3bM-qAMByANIqgSbA0_Qq-WROpglkEEWgelVWtAVmbwZXKOArmNk-8FCvU0WhpVDgbBXRuyhHn2mrTb--u810CvzyKTPx4kZ0E1miYt1aumEir6t_2MXR-CMicZlteEQTLW2zNpj-6Oo8aiqUmDhgzcTwvHBGEMHoRZd676TP71CrkIUWe6f7NQuRBOEPfzbAvvh_rnFAFJDlwCLCSzS2Gg6ah8hENnLzaEEr5YzuNbmgBEOwS_rRhcpLhkFEQKcHJaxrObIATKCbWWsGQV4XCm43iN7dHF61BWb2ziVSvQWfphGpbQZ0lguJSSDJbhqajfEnWYYGlScWrltMzLqOmIZ-OjqO7V2DflFKqA2yi2VSMV-MDLVbwy3DTYB1p-sJbmMHh4q19o0RFu45Tr5YUNp0WQb_AEXSscekwI5RaSfTaTigeqOGODcLHbnX0SyUwChSvgaVIW9fKpexNtA9yxCftcpcLABuYPQSX-X39W-yiDIysIXj5_BZ9As_fZ2nE6C1Qt1XDNQDabl3F2JFL3CpUF3GotNwdzB34Pg_ikY3cK9uPZmzsAElIyppLoDkgUECAQYAZIFBAgFGASgBi6AB6yG1YMCqAfVyRuoB_DZG6gH8tkbqAeOzhuoB5PYG6gHugaoB-6WsQKoB6a-G6gH7NUb2AcA8gcEEJysENIICQiA4YAQEAEYH4AKAcgLAdgTDdAVAYAXAbIXGgoYCAASFHB1Yi05MTE2NDQwNDQ1MzQ0MTkx&sigh=-yOzAP7bn0M&template_id=419

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9116440445344191&output=html&h=250&slotname=7302388926&adk=4210093258&adf=3677441513&pi=t.ma~as.7302388926&w=300&lmt=1626115415&psa=0&format=300x250&url=https%3A%2F%2Fd2.consoletarget.com%2F%3Fy%3Dcdd07634%26x%3DktVrDlr%252BQZgiyDAa2CWtTJWZR7mJ%252Fya98O5DH%252BZrC1kk7R5dxzj%252F8hZb1J%252BUQ9K7ZKFIj%252BsfcAkMaUlwAKBB9TrU4pu%252F8UWsqpM9wqUeaXE%252F%252BJX0heuxH%252BKGSlJkpRbQleHDx6whNEqkKAmVk7J56Hl4To%252FWf26wlX1R1bkQHb4%253D&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1626115415733&bpp=1&bdt=196&idt=93&shv=r20210708&ptt=9&saldr=aa&abxe=1&prev_fmts=728x90&correlator=1826876655041&frm=20&pv=1&ga_vid=2078670877.1626115416&ga_sid=1626115416&ga_hid=1301679109&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=868&ady=104&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44743413%2C182982100&oid=3&pvsid=2283707075996071&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CEe%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=2&uci=a!2&fsb=1&xpc=WxfcyZqmvt&p=https%3A//d2.consoletarget.com&dtd=97
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
date: Mon, 12 Jul 2021 18:43:36 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
H3-29 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame BA96 143 B
163 B 6ms
6ms Document
text/html 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

safe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/drt/s?v=r20120211
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-origin
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9116440445344191&output=html&h=250&slotname=7302388926&adk=4210093258&adf=3677441513&pi=t.ma~as.7302388926&w=300&lmt=1626115415&psa=0&format=300x250&url=https%3A%2F%2Fd2.consoletarget.com%2F%3Fy%3Dcdd07634%26x%3DktVrDlr%252BQZgiyDAa2CWtTJWZR7mJ%252Fya98O5DH%252BZrC1kk7R5dxzj%252F8hZb1J%252BUQ9K7ZKFIj%252BsfcAkMaUlwAKBB9TrU4pu%252F8UWsqpM9wqUeaXE%252F%252BJX0heuxH%252BKGSlJkpRbQleHDx6whNEqkKAmVk7J56Hl4To%252FWf26wlX1R1bkQHb4%253D&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1626115415733&bpp=1&bdt=196&idt=93&shv=r20210708&ptt=9&saldr=aa&abxe=1&prev_fmts=728x90&correlator=1826876655041&frm=20&pv=1&ga_vid=2078670877.1626115416&ga_sid=1626115416&ga_hid=1301679109&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=868&ady=104&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44743413%2C182982100&oid=3&pvsid=2283707075996071&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CEe%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=2&uci=a!2&fsb=1&xpc=WxfcyZqmvt&p=https%3A//d2.consoletarget.com&dtd=97
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: IDE=AHWqTUncwQviidLTZPtxlpb3GZfY328v6tKzZXQZw3tx-CxywvKx3e9dPZ0zLiE106E; DSID=NO_DATA; test_cookie=CheckForPermission
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9116440445344191&output=html&h=250&slotname=7302388926&adk=4210093258&adf=3677441513&pi=t.ma~as.7302388926&w=300&lmt=1626115415&psa=0&format=300x250&url=https%3A%2F%2Fd2.consoletarget.com%2F%3Fy%3Dcdd07634%26x%3DktVrDlr%252BQZgiyDAa2CWtTJWZR7mJ%252Fya98O5DH%252BZrC1kk7R5dxzj%252F8hZb1J%252BUQ9K7ZKFIj%252BsfcAkMaUlwAKBB9TrU4pu%252F8UWsqpM9wqUeaXE%252F%252BJX0heuxH%252BKGSlJkpRbQleHDx6whNEqkKAmVk7J56Hl4To%252FWf26wlX1R1bkQHb4%253D&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1626115415733&bpp=1&bdt=196&idt=93&shv=r20210708&ptt=9&saldr=aa&abxe=1&prev_fmts=728x90&correlator=1826876655041&frm=20&pv=1&ga_vid=2078670877.1626115416&ga_sid=1626115416&ga_hid=1301679109&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=868&ady=104&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44743413%2C182982100&oid=3&pvsid=2283707075996071&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CEe%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=2&uci=a!2&fsb=1&xpc=WxfcyZqmvt&p=https%3A//d2.consoletarget.com&dtd=97

Response headers

content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
date: Mon, 12 Jul 2021 18:16:24 GMT
server: safe
content-length: 145
x-xss-protection: 0
cache-control: public, max-age=3600
age: 1632
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
DATA 200
OK truncated
/ Frame 6199 215 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e750ca47a0074b28387009e1fe06ce0c685e4b429923066b12694a7e90d25e6f

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H3-29 200 exitapi-impl.js Show response
tpc.googlesyndication.com/pagead/gadgets/html5/api/ Frame A303 9 KB
3 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/gadgets/html5/api/exitapi-impl.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/16215012808405873833/index.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d661244532ddce6a92fb96fde511e23ea4de69ff2e41a5bffb884caa71166e01

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 11 Jul 2021 23:05:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 70668
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3271
x-xss-protection: 0
server: cafe
etag: 7483759447172721109
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=86400
timing-allow-origin: *
expires: Mon, 12 Jul 2021 23:05:48 GMT

GET
H3-29 200 addata.js Show response
tpc.googlesyndication.com/pagead/gadgets/html5/ Frame A303 26 KB
10 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/gadgets/html5/addata.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/16215012808405873833/index.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

54a66c4693bfd79901040269ae7d7304508cbd02859797a1780f2bbe72176e23

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 12 Jul 2021 18:31:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 743
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10382
x-xss-protection: 0
server: cafe
etag: 12806417668659483808
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=86400
timing-allow-origin: *
expires: Tue, 13 Jul 2021 18:31:13 GMT

GET
H3-29 200 style.css
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/16215012808405873833/css/ Frame A303 6 KB
2 KB 9ms
9ms Stylesheet
text/css 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/16215012808405873833/css/style.css

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/16215012808405873833/index.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

53508370870f07a8e0622c65b014e420acf79651a6a58343427f1032c76d91dd

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
content-encoding: gzip
x-content-type-options: nosniff
age: 593711
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1632
x-xss-protection: 0
last-modified: Mon, 15 Mar 2021 09:48:27 GMT
server: sffe
date: Mon, 05 Jul 2021 21:48:25 GMT
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 05 Jul 2022 21:48:25 GMT

GET
H3-29 200 script.js Show response
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/16215012808405873833/js/ Frame A303 3 KB
630 B 10ms
9ms Script
application/x-javascript 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/16215012808405873833/js/script.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/16215012808405873833/index.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ecdc50d52c709dcee691a38026d3fd60a962e65db82c697ebdc2d0e23bff66fb

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
content-encoding: gzip
x-content-type-options: nosniff
age: 591799
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 594
x-xss-protection: 0
last-modified: Mon, 15 Mar 2021 09:48:27 GMT
server: sffe
date: Mon, 05 Jul 2021 22:20:17 GMT
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 05 Jul 2022 22:20:17 GMT

GET
H3-29

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame BA96
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si

0
16 B

39ms
38ms

Document
text/html

2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

safe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/drt/si
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://googleads.g.doubleclick.net/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: IDE=AHWqTUncwQviidLTZPtxlpb3GZfY328v6tKzZXQZw3tx-CxywvKx3e9dPZ0zLiE106E; DSID=NO_DATA; test_cookie=CheckForPermission
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Mon, 12 Jul 2021 18:43:36 GMT
server: safe
content-length: 0
x-xss-protection: 0
set-cookie: DSID=NO_DATA; expires=Mon, 12-Jul-2021 19:43:36 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Mon, 12 Jul 2021 18:43:36 GMT
cache-control: private

Redirect headers

location: https://googleads.g.doubleclick.net/pagead/drt/si
cache-control: private
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Mon, 12 Jul 2021 18:43:36 GMT
server: safe
content-length: 246
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 bg_1.jpg
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/16215012808405873833/img/ Frame A303 40 KB
40 KB 7ms
7ms Image
image/jpeg 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/16215012808405873833/img/bg_1.jpg

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/16215012808405873833/css/style.css

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

41a23e11eb8676f49330e9b6076c7020b1203a6439975333019d27be5f1d775c

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/16215012808405873833/css/style.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options: nosniff
age: 566726
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 40814
x-xss-protection: 0
last-modified: Mon, 15 Mar 2021 09:48:27 GMT
server: sffe
date: Tue, 06 Jul 2021 05:18:10 GMT
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 06 Jul 2022 05:18:10 GMT

GET
H3-29 200 bg_2.jpg
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/16215012808405873833/img/ Frame A303 27 KB
27 KB 8ms
8ms Image
image/jpeg 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/16215012808405873833/img/bg_2.jpg

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/16215012808405873833/css/style.css

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ca1a8b33b9235387ccc62f6feef01676f8788c02fa1b235efdf0a36b600b9b1e

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/16215012808405873833/css/style.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options: nosniff
age: 569751
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 27549
x-xss-protection: 0
last-modified: Mon, 15 Mar 2021 09:48:27 GMT
server: sffe
date: Tue, 06 Jul 2021 04:27:45 GMT
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 06 Jul 2022 04:27:45 GMT

GET
H3-29 200 banner.png
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/16215012808405873833/img/ Frame A303 18 KB
18 KB 9ms
9ms Image
image/png 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/16215012808405873833/img/banner.png

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/16215012808405873833/css/style.css

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d3471bb0a9d265d444a4d6dcb3be99a684cc8348f97f4ad425de8c9922e41183

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/16215012808405873833/css/style.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options: nosniff
age: 595723
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 18669
x-xss-protection: 0
last-modified: Mon, 15 Mar 2021 09:48:27 GMT
server: sffe
date: Mon, 05 Jul 2021 21:14:53 GMT
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 05 Jul 2022 21:14:53 GMT

GET
H3-29 200 s-OE46cnkXGFQoo4r8zhnqxzG88VmeLG6mk72mZMPyg.js Show response
pagead2.googlesyndication.com/bg/ Frame A303 35 KB
13 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/s-OE46cnkXGFQoo4r8zhnqxzG88VmeLG6mk72mZMPyg.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/pagead/gadgets/html5/addata.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b3e384e3a727917185428a38afcce19eac731bcf1599e2c6ea693bda664c3f28

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 08 Jul 2021 16:05:51 GMT
content-encoding: br
x-content-type-options: nosniff
age: 355065
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13247
x-xss-protection: 0
last-modified: Tue, 06 Jul 2021 09:28:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 08 Jul 2022 16:05:51 GMT

GET
H2 200 amp4ads-v0.mjs Show response
cdn.ampproject.org/rtv/012106212012000/ Frame 16FE 188 KB
55 KB 27ms
5ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012106212012000/amp4ads-v0.mjs

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9116440445344191&output=html&h=90&slotname=6663260524&adk=2451648850&adf=207028156&pi=t.ma~as.6663260524&w=728&lmt=1626115415&psa=0&format=728x90&url=https%3A%2F%2Fd2.consoletarget.com%2F%3Fy%3Dcdd07634%26x%3DktVrDlr%252BQZgiyDAa2CWtTJWZR7mJ%252Fya98O5DH%252BZrC1kk7R5dxzj%252F8hZb1J%252BUQ9K7ZKFIj%252BsfcAkMaUlwAKBB9TrU4pu%252F8UWsqpM9wqUeaXE%252F%252BJX0heuxH%252BKGSlJkpRbQleHDx6whNEqkKAmVk7J56Hl4To%252FWf26wlX1R1bkQHb4%253D&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1626115415729&bpp=4&bdt=193&idt=74&shv=r20210708&ptt=9&saldr=aa&abxe=1&correlator=1826876655041&frm=20&pv=2&ga_vid=2078670877.1626115416&ga_sid=1626115416&ga_hid=1301679109&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=438&ady=9&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44743413%2C182982100&oid=3&pvsid=2283707075996071&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CEe%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=1&uci=a!1&fsb=1&xpc=Lm0pePfyqX&p=https%3A//d2.consoletarget.com&dtd=91

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e872cbf02c8b399de0bc02a3120c525d1397d73e6fe9b396ddb9fb8ca645421f

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 537846
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 55206
x-xss-protection: 0
server: sffe
date: Tue, 06 Jul 2021 13:19:30 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "08e7b47afdadb9c9"
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 06 Jul 2022 13:19:30 GMT

GET
H2 200 amp-ad-exit-0.1.mjs Show response
cdn.ampproject.org/rtv/012106212012000/v0/ Frame 16FE 13 KB
5 KB 36ms
15ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012106212012000/v0/amp-ad-exit-0.1.mjs

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

42c0019ac2f32d24160ef9f53853c7caeb65ea3b21bcbcd8e3b90a5a230dfba4

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 590089
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4815
x-xss-protection: 0
server: sffe
date: Mon, 05 Jul 2021 22:48:47 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "9c6d4b511682de4a"
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 05 Jul 2022 22:48:47 GMT

GET
H2 200 amp-analytics-0.1.mjs Show response
cdn.ampproject.org/rtv/012106212012000/v0/ Frame 16FE 86 KB
27 KB 34ms
16ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012106212012000/v0/amp-analytics-0.1.mjs

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ac42f28820c1a06584cf80f69fc888b8d19d7b87197bef5ea6ea355b712df62c

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 592530
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 27658
x-xss-protection: 0
server: sffe
date: Mon, 05 Jul 2021 22:08:06 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "89763648e638c628"
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 05 Jul 2022 22:08:06 GMT

GET
H2 200 amp-animation-0.1.mjs Show response
cdn.ampproject.org/rtv/012106212012000/v0/ Frame 16FE 71 KB
16 KB 36ms
18ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012106212012000/v0/amp-animation-0.1.mjs

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

eb881ad28cd027cf3d912ca2a5f9ba9333484d1e747d2ff8e76506c8fd62ae99

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 587264
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 16640
x-xss-protection: 0
server: sffe
date: Mon, 05 Jul 2021 23:35:52 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "b02f0c672db8c610"
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 05 Jul 2022 23:35:52 GMT

GET
H2 200 amp-fit-text-0.1.mjs Show response
cdn.ampproject.org/rtv/012106212012000/v0/ Frame 16FE 4 KB
2 KB 35ms
17ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012106212012000/v0/amp-fit-text-0.1.mjs

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

48f9695743d1ea7156fe612eb25beb3be6ca81d94a30891b848d0177137dfaa6

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 574558
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1490
x-xss-protection: 0
server: sffe
date: Tue, 06 Jul 2021 03:07:38 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "e9b373dc53e7b532"
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 06 Jul 2022 03:07:38 GMT

GET
H2 200 amp-form-0.1.mjs Show response
cdn.ampproject.org/rtv/012106212012000/v0/ Frame 16FE 40 KB
13 KB 35ms
18ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012106212012000/v0/amp-form-0.1.mjs

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e54b897cb477a0ce61dc7c6900e1c57a4f127c24716662b84313be238e0f7abb

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 603233
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12852
x-xss-protection: 0
server: sffe
date: Mon, 05 Jul 2021 19:09:43 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "432397294f345717"
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 05 Jul 2022 19:09:43 GMT

GET
H2 200 en.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 16FE 2 KB
3 KB 8ms
6ms Image
image/png 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/en.png

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 12 Jul 2021 03:19:18 GMT
x-content-type-options: nosniff
server: cafe
age: 55458
etag: 14819457070020093239
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
content-type: image/png
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2502
x-xss-protection: 0
expires: Tue, 13 Jul 2021 03:19:18 GMT

GET
H2 200 icon.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 16FE 295 B
399 B 9ms
7ms Image
image/png 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/icon.png

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 12 Jul 2021 13:07:41 GMT
x-content-type-options: nosniff
server: cafe
age: 20155
etag: 426692510519060060
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
content-type: image/png
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 295
x-xss-protection: 0
expires: Tue, 13 Jul 2021 13:07:41 GMT

GET
H3-29 200 adview
googleads.g.doubleclick.net/pagead/ Frame 16FE 0
21 B 43ms
42ms Image
text/html 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=Cst8IV43sYIPnM42NgQePpImQD6-y_bxj0pjSzcINsNy5v80hEAEg9YWtCGCVAqABrp7MuwLIAQmpAiuucJbP3bM-qAMByAMIqgSXA0_QZsCqhCrbgt8sD2rKxBlbaTyAzLOJRawfql8dD57CkI7kIS3uRMcULKxgRDcUZns2LX9aYnyzPWfilx8C4X4Ob_ogdLnZVc9_ywwBDCUkFGweMAlc087nnuMXD6h0JmMZY0aC8Q6Qnc4EHOhwo8Yquju68j1iglTeWjHog5i4vtdKHRRFnoBVwoxPSiCDqtp9N1AbkGRL7NTY_h-CAFkK1xFpNVKvEDw0tWUWx_ayrXaDyqwPAzS-M6kRxb-Ww8L8NMVQGKNXWykTvbbV1hLKVysS4qC5CZt4I3nR6B-eL03wU8vH7Jyo7FjFiWS92_MvJYCnVLyXFyo8XhTB9EXPkpBp0oIQ9uF9iTNataBWOHbd6ofFU6QIMwUTUCPOT5giOLf0p_BxKdJwp_Zw3rOyHFqq8RkvGC5DA-U7rRp6mHiC9Trg573-c706I0i18XDquZiX8dTF73n66ujtxXqTV0xAPe_OgQczVE9TaRQHVsbp6885JaenaCyXHo1XbDfQntW3VkcYyrU7O97kzTzhlkc0U-QewASUnuPExwOSBQQIBBgBkgUECAUYBJIFBAgFGBiSBQUIBRioAaAGLoAHrIbVgwKoB9XJG6gH8NkbqAfy2RuoB47OG6gHk9gbqAe6BqgH7paxAqgHpr4bqAfs1RvYBwDyBwQQ5_kJ0ggJCIDhgBAQARgfgAoByAsB2BMN0BUBgBcBshcaChgIABIUcHViLTkxMTY0NDA0NDUzNDQxOTE&sigh=Ggu3lfY0_UM&template_id=419

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9116440445344191&output=html&h=90&slotname=6663260524&adk=2451648850&adf=207028156&pi=t.ma~as.6663260524&w=728&lmt=1626115415&psa=0&format=728x90&url=https%3A%2F%2Fd2.consoletarget.com%2F%3Fy%3Dcdd07634%26x%3DktVrDlr%252BQZgiyDAa2CWtTJWZR7mJ%252Fya98O5DH%252BZrC1kk7R5dxzj%252F8hZb1J%252BUQ9K7ZKFIj%252BsfcAkMaUlwAKBB9TrU4pu%252F8UWsqpM9wqUeaXE%252F%252BJX0heuxH%252BKGSlJkpRbQleHDx6whNEqkKAmVk7J56Hl4To%252FWf26wlX1R1bkQHb4%253D&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1626115415729&bpp=4&bdt=193&idt=74&shv=r20210708&ptt=9&saldr=aa&abxe=1&correlator=1826876655041&frm=20&pv=2&ga_vid=2078670877.1626115416&ga_sid=1626115416&ga_hid=1301679109&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=438&ady=9&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44743413%2C182982100&oid=3&pvsid=2283707075996071&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CEe%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=1&uci=a!1&fsb=1&xpc=Lm0pePfyqX&p=https%3A//d2.consoletarget.com&dtd=91
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
date: Mon, 12 Jul 2021 18:43:36 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Mon, 12 Jul 2021 18:43:36 GMT

GET
DATA 200
OK truncated
/ Frame 16FE 212 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 9b294d86f6464bb747dd3eb1db71f2acff3cb5be807a30b3b4d75f05832e5b09

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 bg_1.jpg
tpc.googlesyndication.com/sadbundle/5046470227751670248/img/ Frame 16FE 32 KB
32 KB 7ms
6ms Image
image/jpeg 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/5046470227751670248/img/bg_1.jpg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7a35e58ed27adb2b3898f7fac4959e9400e56991a06771cd3fa1e2471c8f7d31

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 05 Jul 2021 23:02:39 GMT
x-content-type-options: nosniff
age: 589257
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 32696
x-xss-protection: 0
last-modified: Tue, 20 Apr 2021 01:41:50 GMT
server: sffe
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 05 Jul 2022 23:02:39 GMT

GET
H2 200 bg_2.jpg
tpc.googlesyndication.com/sadbundle/5046470227751670248/img/ Frame 16FE 27 KB
27 KB 13ms
12ms Image
image/jpeg 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/5046470227751670248/img/bg_2.jpg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

90c5ec26f06ae4c04369e48776d3b81a6db293f669ccf466e7aa2fe0077ded3a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 06 Jul 2021 12:47:12 GMT
x-content-type-options: nosniff
age: 539784
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 27500
x-xss-protection: 0
last-modified: Tue, 20 Apr 2021 01:41:50 GMT
server: sffe
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 06 Jul 2022 12:47:12 GMT

GET
H2 200 banner.png
tpc.googlesyndication.com/sadbundle/5046470227751670248/img/ Frame 16FE 20 KB
20 KB 11ms
10ms Image
image/png 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/5046470227751670248/img/banner.png

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

81e9cd9c4c8b4bd3d53880fb36277e1cc6ff1fd39f54a83be6af7f4b4a79db77

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 12 Jul 2021 18:31:43 GMT
x-content-type-options: nosniff
age: 713
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20412
x-xss-protection: 0
last-modified: Tue, 20 Apr 2021 01:41:50 GMT
server: sffe
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 12 Jul 2022 18:31:43 GMT

GET
H3-29 200 amp4ads-host-v0.js Show response
cdn.ampproject.org/rtv/012106212012000/ 21 KB
7 KB 20ms
6ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012106212012000/amp4ads-host-v0.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cbd0f8eff9d195eb363c39b70077cb7c4f7345d09d1cf41fa5db573916a92163

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://d2.consoletarget.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 578518
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7366
x-xss-protection: 0
server: sffe
date: Tue, 06 Jul 2021 02:01:38 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "7145e499bf1cae68"
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 06 Jul 2022 02:01:38 GMT

GET
H2 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 11 KB
9 KB 38ms
18ms XHR
application/json 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20210708&st=env

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8439658df1f8aa1b1a6e3c12d744c275392cb35a7e8c29430c518a13370f2620

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://d2.consoletarget.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 12 Jul 2021 18:43:37 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8450
x-xss-protection: 0

GET
H3-29 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
6 KB 14ms
14ms Script
text/javascript 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a5ead9037af4a0e749e217f63b25a25493a7705e17d98f04b336ab1370a353db

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://d2.consoletarget.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 12 Jul 2021 18:43:37 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1624308425655142"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6467
x-xss-protection: 0
expires: Mon, 12 Jul 2021 18:43:37 GMT

GET
H3-29 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/224/ Frame F3E3 12 KB
5 KB 9ms
6ms Document
text/html 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4fa0156d693856f79289525c8e4db988a188d55ce0283351c96d811c7ce3e2c3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sodar/sodar2/224/runner.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://d2.consoletarget.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://d2.consoletarget.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
content-length: 5029
date: Mon, 12 Jul 2021 16:43:08 GMT
expires: Tue, 12 Jul 2022 16:43:08 GMT
last-modified: Wed, 02 Jun 2021 17:09:45 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 7229
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 aframe Show response
www.google.com/recaptcha/api2/ Frame D203 783 B
781 B 15ms
14ms Document
text/html 2a00:1450:4001:808::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

1573e57e51c6171b240caf25f94367fbd901e9c5bfddfdd2a8dc54528d9f131b

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-PCkiMt8Ipnj52aXHgrvRPw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: www.google.com
:scheme: https
:path: /recaptcha/api2/aframe
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://d2.consoletarget.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://d2.consoletarget.com/

Response headers

expires: Mon, 12 Jul 2021 18:43:37 GMT
date: Mon, 12 Jul 2021 18:43:37 GMT
cache-control: private, max-age=300
content-type: text/html; charset=utf-8
content-security-policy: script-src 'report-sample' 'nonce-PCkiMt8Ipnj52aXHgrvRPw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 513
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 s-OE46cnkXGFQoo4r8zhnqxzG88VmeLG6mk72mZMPyg.js Show response
pagead2.googlesyndication.com/bg/ Frame F3E3 35 KB
13 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/s-OE46cnkXGFQoo4r8zhnqxzG88VmeLG6mk72mZMPyg.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b3e384e3a727917185428a38afcce19eac731bcf1599e2c6ea693bda664c3f28

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 08 Jul 2021 16:05:51 GMT
content-encoding: br
x-content-type-options: nosniff
age: 355066
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13247
x-xss-protection: 0
last-modified: Tue, 06 Jul 2021 09:28:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 08 Jul 2022 16:05:51 GMT

GET
H3-29 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 5B06 42 B
64 B 31ms
17ms Fetch
image/gif 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjssPu7AS22Ak4fJK-VE-ElLNhKiOCO02W58DUjUvh6A2N1ap732v-pAa9lLqG-YFWGs1xVBsDZ1CO2tOzfqye8fToaqr-ts6Brx9xJB957NirppRutoPJnDZ8Bfb0g&sai=AMfl-YRMcbvFmqd9skZIZ78TUns-Ei6anKy6MgjGRSb2mkH8ZCh9uz9OJwaQLb0t8Xytf0MMB_EczJ8UoFzW&sig=Cg0ArKJSzA8aYYbbMQuaEAE&id=lidar2&mcvt=1002&p=411,566,469,1034&mtos=1002,1002,1002,1002,1002&tos=1002,0,0,0,0&v=20210709&bin=7&avms=nio&bs=0,0&mc=1&if=1&app=0&itpl=2&adk=4048629624&rs=2&met=mue&la=0&cr=0&osd=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ%3D%3D&vs=4&eosm=0&rst=1626115415838&dlt=325&rpt=54&isd=0&msd=0&r=v

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 12 Jul 2021 18:43:37 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
20 B 43ms
42ms Image
image/gif 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=224&t=2&li=gda_r20210708&jk=2283707075996071&bg=!ExClEFTNAAZjFomlYxY7ACkAdvg8Wt_VtuC-DQVU9RoCUrKyi2HHV-5WKcgpRtTEe13gM6tcW93whQIAAAB1UgAAAA1oAQcKAQM5OPd-MomurWtM6XNT4i-tvxm3DpqilmCdY53xeLX88SW5RkI5OpGfjSEaDx6ijLTIJYcxrUjknsbQ2wR3hz_x5VfZJKavKjHNmkWq0G-9vXQ_cxNPA7zgitaCqKtyg4cR1OAJenqphCLao0Vs3jqGRE4brSpwm7qcAMmEkEj2DER-SQAtL9eBbcKtTrcjQdzSv3ezrrPFrwBGgeR_3aDjTNsYevxjQHj5tGAgst6CK7DXY2gSoxwczvQ8KbokUpOasTq3GcblmCB84Y4CIVbwXl_wd_cAuWr3MJIHMJwH3F1v6KQpH9NgWEe4k91QulOLWaBuZSvDYONeIk575noqpic5mQJ2w0tMjPXMf3g8PIpKRNhKk5QL59bNvCnCvnOEJK-qOtRDKOhk05PTP4yhnqqZjtW9kQnq285Hyj_nXfsoVrAMCCfuEL1kP3VlGzyKGCsgRrdmuhGCDdIWUlWy2blWKtZlwrzF47ti1Tek0RYaU4TIDExNGRqKWRhJC--M02dD6-ECpNJ2NEHM95GLmLnkjj7BzNP4iepmmAj492wrCA7bZE627iTRMmNRr-gm6POBa692K4AAIAxl-S1wJkH1M3PUqvWM5LDDnuuVph9M7aLFTIQWsA4lzHu0OgS-SRBAmXH5LsjXo5Xl0YYsG0Mb3lW0YDZRefN1lrdoDgN_UUfBC1HcvPjMFF3kOymcC2mVQ5EDPRbOHhv6oA4tZic0XxyvLSTOxzxCjjvNmc_hWCN6FSca7C7Iia0qIhjM6OFXFbaTChM6u0NtVhu9uCQbXG0EkyYwA_KWeNejO32fnG9pqSoNB1-2Vpyl-HI6nhiLYJjxNAIrUdxE19wT0hZKp4S4V0UznNatgmqJKAjlk4R2VrBdRCLip5sV5RTxNRmLncpvTpZlVFgeKMDHkHxRAR8pb27yhmu-H1coKd14Kb0NfLivwyY5KVp1Kr4vz0QVZb5GztqoBN-y_7PeJODsv-RHfwe4aPi_0dyGlE-IIcdnFF9qSy88yvZ_e2Dy1iX6XM36w9WhoGA5cpHfAmRQYRlTySEp43G4cbeJMW0-rACCgEDPdchXP1hTNp5HdDmwLNgtMk5BP7C8ICqY86EHGpYwTO2yUsb0gisM0UXn2q-yXiRreeJhbTt9DahVYMkVG0KrZUHygyOBfWNve1M0EgvlEMf1Ep9R

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://d2.consoletarget.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 12 Jul 2021 18:43:37 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 6199 42 B
64 B 29ms
29ms Fetch
image/gif 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsvEKUXMVPbubaXYc3qU4UsJSca90GWmwgQNDGDpxkBX6-uVkQtIFxLDQYR14paVgs6HThi_rXS6fSb4Y8WbJ5qmQl_Tv5Ku50FNIaYt0ZXKUan9wnqa6o1nn3SV6w&sai=AMfl-YQtvu3rDX4XhpmLfjyNY3m2xBol1xTXSEwFvDJ7gPnWFX-OWwxvUCBVeG9hopevaLCMR41u11OLs59k&sig=Cg0ArKJSzOgCRc_O0H5jEAE&id=lidar2&mcvt=1000&p=104,868,354,1168&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20210709&bin=7&avms=nio&bs=0,0&mc=1&if=1&app=0&itpl=2&adk=4210093258&rs=2&met=mue&la=0&cr=0&osd=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ%3D%3D&vs=4&eosm=0&rst=1626115415831&dlt=553&rpt=56&isd=0&msd=0&r=v

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 12 Jul 2021 18:43:37 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 activeview
pagead2.googlesyndication.com/pcs/ Frame 16FE 42 B
176 B 26ms
15ms Image
image/gif 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjstscOMN2edHzkZ5Mdq9OIahvOBPdDRtlVZPToFLjgephniKlutzwkpMcAlXIY3pLSjPmH4Xx4nSXp8lAqcfDmD7Ki-rSZhe4dJnVKkBkWiN5gc_D1RzKNCMVxFuLw&sai=AMfl-YSCrum9USCoBCcNqLb-nS88i_4ilEJqf9xHdajeHoC-OXExnvJTVCfQ8xnnTCpfrtI_JvMNsxeC4UXD&sig=Cg0ArKJSzEdGb5vOEu3gEAE&id=ampim&o=438,9&d=728,90&ss=1600,1200&bs=1600,1200&mcvt=1004&mtos=0,0,1004,1004,1004&tos=0,0,1004,0,0&tfs=110&tls=1114&g=100&h=100&tt=1114&r=v&avms=ampa&adk=2451648850

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 12 Jul 2021 18:43:38 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 0635dc1dbf18540298cb9593ccf43d51.png
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/13659245714350776565/media/ Frame 56E5 48 KB
48 KB 8ms
7ms Image
image/png 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/13659245714350776565/media/0635dc1dbf18540298cb9593ccf43d51.png

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

dafd9e905da149b0bddd8a4af6c1e616753e898b521e5236228f977f595bf4d0

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options: nosniff
age: 567940
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 49175
x-xss-protection: 0
last-modified: Thu, 21 Jan 2021 14:16:16 GMT
server: sffe
date: Tue, 06 Jul 2021 04:58:01 GMT
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 06 Jul 2022 04:58:01 GMT

GET
H2 200 4ce9893f75a9f19d121e5ecbe8689fc7.png
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/13659245714350776565/media/ Frame 56E5 119 B
211 B 7ms
5ms Image
image/png 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/13659245714350776565/media/4ce9893f75a9f19d121e5ecbe8689fc7.png

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b4c0de90e2221a47e6dafa7801953b2f9a131da8eda30311020e10182d244e87

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options: nosniff
age: 600340
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 119
x-xss-protection: 0
last-modified: Thu, 21 Jan 2021 14:16:16 GMT
server: sffe
date: Mon, 05 Jul 2021 19:58:01 GMT
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 05 Jul 2022 19:58:01 GMT

GET
H2 200 ab6c14c68ab0d1ff072274bc120698b5.svg
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/13659245714350776565/media/ Frame 56E5 2 KB
946 B 8ms
6ms Image
image/svg+xml 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/13659245714350776565/media/ab6c14c68ab0d1ff072274bc120698b5.svg

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8aa37122ff64c66dac4a68e9cee5722341700415d8f0905d311845fbc4832b37

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
content-encoding: gzip
x-content-type-options: nosniff
age: 541006
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 839
x-xss-protection: 0
last-modified: Thu, 21 Jan 2021 14:16:16 GMT
server: sffe
date: Tue, 06 Jul 2021 12:26:55 GMT
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 06 Jul 2022 12:26:55 GMT

GET
H2 200 30710e99d951ba3e42eba1e34d3baa37.png
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/13659245714350776565/media/ Frame 56E5 2 KB
2 KB 9ms
7ms Image
image/png 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/13659245714350776565/media/30710e99d951ba3e42eba1e34d3baa37.png

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a76203da9589f28f505d80ad0598ce2093fce9c24e3c615517d8e9eaa5cc150b

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options: nosniff
age: 571050
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2395
x-xss-protection: 0
last-modified: Thu, 21 Jan 2021 14:16:16 GMT
server: sffe
date: Tue, 06 Jul 2021 04:06:11 GMT
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 06 Jul 2022 04:06:11 GMT

GET
H2 200 157fb7fa16af8777e1fe2396d108e35d.png
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/13659245714350776565/media/ Frame 56E5 3 KB
3 KB 9ms
7ms Image
image/png 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/13659245714350776565/media/157fb7fa16af8777e1fe2396d108e35d.png

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e5fd0f16250556b63841b0945f6f37104eac8a403e95cfa57915f64aa7201ba4

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options: nosniff
age: 564879
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2786
x-xss-protection: 0
last-modified: Thu, 21 Jan 2021 14:16:16 GMT
server: sffe
date: Tue, 06 Jul 2021 05:49:02 GMT
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 06 Jul 2022 05:49:02 GMT

GET
H2 200 0ca6aeec935f6bf0c23dd1a01acda156.png
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/13659245714350776565/media/ Frame 56E5 3 KB
3 KB 9ms
8ms Image
image/png 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/13659245714350776565/media/0ca6aeec935f6bf0c23dd1a01acda156.png

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a086a993c1c5a71e90ad33b752fe975866822a8d2db7bad23b4684d10e94651a

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options: nosniff
age: 593124
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2892
x-xss-protection: 0
last-modified: Thu, 21 Jan 2021 14:16:16 GMT
server: sffe
date: Mon, 05 Jul 2021 21:58:17 GMT
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 05 Jul 2022 21:58:17 GMT

GET
H2 200 Primary Request pc_mars_war_logs.shtml Show response
gamecopyworld.eu/games/ 34 KB
6 KB 104ms
39ms Document
text/html 104.21.16.163
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://gamecopyworld.eu/games/pc_mars_war_logs.shtml
Requested by: Host: d2.consoletarget.com
URL: https://d2.consoletarget.com/?y=cdd07634&x=ktVrDlr%2BQZgiyDAa2CWtTJWZR7mJ%2Fya98O5DH%2BZrC1kk7R5dxzj%2F8hZb1J%2BUQ9K7ZKFIj%2BsfcAkMaUlwAKBB9TrU4pu%2F8UWsqpM9wqUeaXE%2F%2BJX0heuxH%2BKGSlJkpRbQleHDx6whNEqkKAmVk7J56Hl4To%2FWf26wlX1R1bkQHb4%3D
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.21.16.163 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3dc3ce3148a6f2749b2768225a9571dc190416b32f4c63f726c9986760efdaec

Request headers

:method: GET
:authority: gamecopyworld.eu
:scheme: https
:path: /games/pc_mars_war_logs.shtml
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: document
referer: https://d2.consoletarget.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://d2.consoletarget.com/

Response headers

date: Mon, 12 Jul 2021 18:43:42 GMT
content-type: text/html; charset=UTF-8
set-cookie: PHPSESSID=mnatsn2hu00sm46jtjrjsrl1n6; path=/
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: max-age=0, private, no-store, no-cache, must-revalidate
pragma: no-cache
vary: Accept-Encoding
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=wg7Vd2BHt5CLqWbmtsIgL5qqyDsLWgN2Q8Vp6sDAytOZ78vW46Zt3R%2BmyKZvt42Pq5317Cxwwl511kh%2BqFM%2FNSz9tq%2FBxngnWHaAQtIyHWSGiXm2fw8c2FrURjcsWw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 66dc6b2c1b4f0bfd-AMS
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400

POST activeview
pagead2.googlesyndication.com/pcs/ Frame 16FE 0
0

GET activeview
pagead2.googlesyndication.com/pcs/ Frame 6199 0
0

GET activeview
pagead2.googlesyndication.com/pcs/ Frame 5B06 0
0

GET
H3-29 200 colorbox.css
gamecopyworld.eu/games/cb/ 4 KB
2 KB 56ms
29ms Stylesheet
text/css 104.21.16.163
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://gamecopyworld.eu/games/cb/colorbox.css
Requested by: Host: gamecopyworld.eu
URL: https://gamecopyworld.eu/games/pc_mars_war_logs.shtml
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 104.21.16.163 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4b9bccdbe5e54a43b311d387bcd57a43b5063c962af7ba60bef421aa61a6e491

Request headers

:path: /games/cb/colorbox.css
pragma: no-cache
cookie: PHPSESSID=mnatsn2hu00sm46jtjrjsrl1n6
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: gamecopyworld.eu
referer: https://gamecopyworld.eu/games/pc_mars_war_logs.shtml
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://gamecopyworld.eu/games/pc_mars_war_logs.shtml
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 12 Jul 2021 18:43:42 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 299724
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Wed, 24 Dec 2014 21:50:46 GMT
server: cloudflare
etag: W/"f3f-50afd48af3980-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=fq8f9ozTiAZSm%2FFF7U8uwEPrK3S1m7H1n4Ryikgc6Bu3KNp%2B%2FU0I4NFSH%2FC2A1QXB8BacbHRQB6NDpaQsd6GsXJEby77ACFJZxVk6UPulzh6tPfSU8QB1550pQvPww%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=604800
cf-ray: 66dc6b2cbe9500da-AMS
expires: Fri, 16 Jul 2021 07:28:18 GMT

GET
H3-29 200 jquery.min.js Show response
gamecopyworld.eu/games/js/ 94 KB
32 KB 59ms
32ms Script
application/javascript 104.21.16.163
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://gamecopyworld.eu/games/js/jquery.min.js
Requested by: Host: gamecopyworld.eu
URL: https://gamecopyworld.eu/games/pc_mars_war_logs.shtml
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 104.21.16.163 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2ecd295d295bec062cedebe177e54b9d6b19fc0a841dc5c178c654c9ccff09c0

Request headers

:path: /games/js/jquery.min.js
pragma: no-cache
cookie: PHPSESSID=mnatsn2hu00sm46jtjrjsrl1n6
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: gamecopyworld.eu
referer: https://gamecopyworld.eu/games/pc_mars_war_logs.shtml
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://gamecopyworld.eu/games/pc_mars_war_logs.shtml
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 12 Jul 2021 18:43:42 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 299724
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Fri, 16 Jan 2015 20:08:19 GMT
server: cloudflare
etag: W/"176bb-50cca88a512c0-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=H7rJFsLfaSUdFDgr8nbsAMGESJzzl6V2Cdg%2FWwpMgMD0At4qkWv2whuOr1XAfCYDGqzd2hMdIVFGiva6pTyc2XhN8TrIjGulKBVtOU5bI5mfQzO3gMEJQtFCERlkKw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=604800
cf-ray: 66dc6b2cbe9100da-AMS
expires: Fri, 16 Jul 2021 07:28:18 GMT

GET
H3-29 200 jquery.colorbox-min.js Show response
gamecopyworld.eu/games/cb/ 11 KB
5 KB 57ms
31ms Script
application/javascript 104.21.16.163
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://gamecopyworld.eu/games/cb/jquery.colorbox-min.js
Requested by: Host: gamecopyworld.eu
URL: https://gamecopyworld.eu/games/pc_mars_war_logs.shtml
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 104.21.16.163 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: efa2ec1d872cdd22f2ca6aedea7b686c7eda3867f5d28c1321891a775edb7ad8

Request headers

:path: /games/cb/jquery.colorbox-min.js
pragma: no-cache
cookie: PHPSESSID=mnatsn2hu00sm46jtjrjsrl1n6
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: gamecopyworld.eu
referer: https://gamecopyworld.eu/games/pc_mars_war_logs.shtml
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://gamecopyworld.eu/games/pc_mars_war_logs.shtml
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 12 Jul 2021 18:43:42 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 299724
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Wed, 24 Dec 2014 21:50:47 GMT
server: cloudflare
etag: W/"2de3-50afd48be7bc0-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=wlaoLEZLvxWeEWfMrrZ7lEQsNjOvt2hIAibFsfo%2BjsFBv6nu5KagEQXoh7Ygl28KygxpjY3J6OuBUzUfWQBOHNK56gGYYJEkTpDC1yyu1TQj%2FhgZBwuZm2UYDxCsvA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=604800
cf-ray: 66dc6b2cbe8d00da-AMS
expires: Fri, 16 Jul 2021 07:28:18 GMT

GET
H2 200 cookieconsent.min.css
cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.0.3/ 4 KB
1 KB 16ms
14ms Stylesheet
text/css 2606:4700::6810:125e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.0.3/cookieconsent.min.css

Requested by

Host: gamecopyworld.eu
URL: https://gamecopyworld.eu/games/pc_mars_war_logs.shtml

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:125e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

456ab1a71507ed91abae14c9d08faffb373a7bc711a66e44341b7b8b7bb72ab4

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Referer: https://gamecopyworld.eu/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 12 Jul 2021 18:43:42 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 874665
cross-origin-resource-policy: cross-origin
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 948
timing-allow-origin: *
last-modified: Mon, 04 May 2020 16:09:17 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03e2d-f62"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=r97SR2Gav%2BmfCjZFqvfcDAopu8uArnlYECEFwTtI7qmlbKKJlRDFFsntxcwoWYbpBXxuKYzoL588kwfNo3v8naJ7jtxZumcgpk3QHOONTXALOJz5x%2BfMbQ302zIjigFzG2RvUanZ0M0tfyTd0g%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=30672000
accept-ranges: bytes
cf-ray: 66dc6b2c7f82176e-FRA
expires: Sat, 02 Jul 2022 18:43:42 GMT

GET
H2 200 cookieconsent.min.js Show response
cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.0.3/ 19 KB
6 KB 23ms
21ms Script
application/javascript 2606:4700::6810:125e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.0.3/cookieconsent.min.js

Requested by

Host: gamecopyworld.eu
URL: https://gamecopyworld.eu/games/pc_mars_war_logs.shtml

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:125e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

af4c6683814aa527caf53bde3d021e6aafe00833b45f2dead043c87ed7864674

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Referer: https://gamecopyworld.eu/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 12 Jul 2021 18:43:42 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 2149641
cross-origin-resource-policy: cross-origin
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 5676
cf-request-id: 0abd80662c00004a91fc1f4000000001
timing-allow-origin: *
last-modified: Mon, 04 May 2020 16:09:17 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03e2d-4d5a"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=dD%2BxZl%2BOe%2FKet656tdYIqEenVeBhY5fk%2Bp%2BuhR5LygI8C8YsbA8yp3ap3pP9WNbLNYaQ27XgQnSQ%2FUJ6%2FctK%2FhO3tM0KFPqEgbqpRxcJ2JwWejqUrRJcRgsUv3ACFNDPdsnZ0EDpUySTzmPlow%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=30672000
accept-ranges: bytes
cf-ray: 66dc6b2c7f84176e-FRA
expires: Sat, 02 Jul 2022 18:43:42 GMT

GET
H3-29 200 gcw.css
gamecopyworld.eu/games/ 7 KB
1 KB 84ms
58ms Stylesheet
text/css 104.21.16.163
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://gamecopyworld.eu/games/gcw.css?r=63038
Requested by: Host: gamecopyworld.eu
URL: https://gamecopyworld.eu/games/pc_mars_war_logs.shtml
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 104.21.16.163 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 660fde42e9d1de3cb20426daad1a75af8462fb17a9fe295ca61020350c68e5b9

Request headers

:path: /games/gcw.css?r=63038
pragma: no-cache
cookie: PHPSESSID=mnatsn2hu00sm46jtjrjsrl1n6
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: gamecopyworld.eu
referer: https://gamecopyworld.eu/games/pc_mars_war_logs.shtml
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://gamecopyworld.eu/games/pc_mars_war_logs.shtml
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 12 Jul 2021 18:43:42 GMT
content-encoding: br
cf-cache-status: MISS
last-modified: Tue, 14 Jul 2020 08:57:26 GMT
server: cloudflare
etag: W/"1b6e-5aa62ff189adf-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=i00B9bjbvZgQsq0l9k6PJ4699FX5lbVYoDy5ASEPQpiNDYUXvZpMuixZwQvvihTLxSs0Vaimptf3uYJMy7yG4mhyLZndcsUO%2BVWPXdE%2F2c%2F1t0WaQKE9xj3xGKcYmw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=604800
nel: {"report_to":"cf-nel","max_age":604800}
cf-ray: 66dc6b2cbe8f00da-AMS
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
expires: Mon, 19 Jul 2021 18:43:42 GMT

GET
H3-29 200 h1.gif
gamecopyworld.eu/games/ 42 B
636 B 48ms
48ms Image
image/gif 104.21.16.163
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://gamecopyworld.eu/games/h1.gif
Requested by: Host: gamecopyworld.eu
URL: https://gamecopyworld.eu/games/pc_mars_war_logs.shtml
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 104.21.16.163 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

:path: /games/h1.gif
pragma: no-cache
cookie: PHPSESSID=mnatsn2hu00sm46jtjrjsrl1n6
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: gamecopyworld.eu
referer: https://gamecopyworld.eu/games/pc_mars_war_logs.shtml
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://gamecopyworld.eu/games/pc_mars_war_logs.shtml
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 12 Jul 2021 18:43:42 GMT
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 299724
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 42
last-modified: Wed, 07 Oct 1998 21:02:18 GMT
server: cloudflare
etag: "2a-339a24b1fea80"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=TmTDsyuZGPfFScnp6Z84s2ptLoEZptelwpT2%2FWQh9Tr%2F93G9DnI1Pc3Q%2F2hjzvNOBvsg0cVylKSvQlIvwJ0saAR4XCUHK2FpAzkA4FRUPEG72rggsGOmJFlji0QG6w%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
cache-control: public, max-age=604800
accept-ranges: bytes
cf-ray: 66dc6b2d2f4100da-AMS
expires: Fri, 16 Jul 2021 07:28:18 GMT

GET
H3-29 200 is_lb_usa.gif
gamecopyworld.eu/ddd/ii/tc/ 251 KB
252 KB 28ms
27ms Image
image/gif 104.21.16.163
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://gamecopyworld.eu/ddd/ii/tc/is_lb_usa.gif
Requested by: Host: gamecopyworld.eu
URL: https://gamecopyworld.eu/games/pc_mars_war_logs.shtml
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 104.21.16.163 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b749b4255bdc7009b9e9ea83cc1f053de2757812081dfec963532e23a4d90d61

Request headers

:path: /ddd/ii/tc/is_lb_usa.gif
pragma: no-cache
cookie: PHPSESSID=mnatsn2hu00sm46jtjrjsrl1n6
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: gamecopyworld.eu
referer: https://gamecopyworld.eu/games/pc_mars_war_logs.shtml
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://gamecopyworld.eu/games/pc_mars_war_logs.shtml
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 12 Jul 2021 18:43:42 GMT
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 545784
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 257031
last-modified: Sun, 09 Jun 2019 21:05:24 GMT
server: cloudflare
etag: "3ec07-58aea6c1cc529"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=4HadHtXy7ZVlk1jCTpaR3cLia0WwQBrzB17MB0DzD7W7k%2BMx5L4yKrKeErkwuJ4mR0VWvkJteGCq2D%2BjQvPvWpUqi4iob6Jh2iRvDar3ZAsouaoexu3I%2B0JYPyIFKQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
cache-control: max-age=2592000
accept-ranges: bytes
cf-ray: 66dc6b2d2f4500da-AMS
expires: Thu, 05 Aug 2021 11:07:18 GMT

GET
H3-29 200 email.gif
gamecopyworld.eu/games/images/ 16 KB
16 KB 101ms
96ms Image
image/gif 104.21.16.163
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://gamecopyworld.eu/games/images/email.gif
Requested by: Host: gamecopyworld.eu
URL: https://gamecopyworld.eu/games/pc_mars_war_logs.shtml
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 104.21.16.163 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 342eb91d51c7a9e6f87b1b8b9090b371fcd6940d6e976dc69060f01d95361681

Request headers

:path: /games/images/email.gif
pragma: no-cache
cookie: PHPSESSID=mnatsn2hu00sm46jtjrjsrl1n6
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: gamecopyworld.eu
referer: https://gamecopyworld.eu/games/pc_mars_war_logs.shtml
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://gamecopyworld.eu/games/pc_mars_war_logs.shtml
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 12 Jul 2021 18:43:42 GMT
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 299724
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 15989
last-modified: Sun, 19 Jul 1998 08:15:50 GMT
server: cloudflare
etag: "3e75-3334e42b8b980"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=kaQWNs0bxXJ%2FToknYbz9tYBBSzKp9f62ClSdCTNOWCXftO81ElN6L%2BX4C0%2ByyT9rXC6YUtM%2BX14Q5Uykqt787Huc8bWl9biLvCgpbdj3C%2FpsRoCCJFSHOi51i1sl1A%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
cache-control: public, max-age=604800
accept-ranges: bytes
cf-ray: 66dc6b2d3f6100da-AMS
expires: Fri, 16 Jul 2021 07:28:18 GMT

GET
H3-29 200 gcw_logo.gif
gamecopyworld.eu/games/images/ 8 KB
8 KB 101ms
96ms Image
image/gif 104.21.16.163
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://gamecopyworld.eu/games/images/gcw_logo.gif
Requested by: Host: gamecopyworld.eu
URL: https://gamecopyworld.eu/games/pc_mars_war_logs.shtml
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 104.21.16.163 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1a99c050ba983fd07957578bdea213d67453f6d724a40914a2f29ea03aac49c0

Request headers

:path: /games/images/gcw_logo.gif
pragma: no-cache
cookie: PHPSESSID=mnatsn2hu00sm46jtjrjsrl1n6
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: gamecopyworld.eu
referer: https://gamecopyworld.eu/games/pc_mars_war_logs.shtml
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://gamecopyworld.eu/games/pc_mars_war_logs.shtml
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 12 Jul 2021 18:43:42 GMT
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 597667
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 7794
last-modified: Wed, 17 Dec 2014 16:27:43 GMT
server: cloudflare
etag: "1e72-50a6bf47a7dc0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=4Jp41DgCzA5Mhp84R29iDc5jSGN3%2BHU2aJX4La7nk0TAHGwmGQoq79yvvD2BwKRVEoVDhD3TU%2BIjizSueTHtOu3hSVrs%2F76RGv0UwAfY0kHISSbLTp0iRU0kkjP%2Bew%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
cache-control: public, max-age=604800
accept-ranges: bytes
cf-ray: 66dc6b2d3f6700da-AMS
expires: Mon, 12 Jul 2021 20:42:35 GMT

GET
H3-29 200 h1.gif
gamecopyworld.eu/games/images/ 42 B
643 B 101ms
96ms Image
image/gif 104.21.16.163
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://gamecopyworld.eu/games/images/h1.gif
Requested by: Host: gamecopyworld.eu
URL: https://gamecopyworld.eu/games/pc_mars_war_logs.shtml
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 104.21.16.163 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

:path: /games/images/h1.gif
pragma: no-cache
cookie: PHPSESSID=mnatsn2hu00sm46jtjrjsrl1n6
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: gamecopyworld.eu
referer: https://gamecopyworld.eu/games/pc_mars_war_logs.shtml
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://gamecopyworld.eu/games/pc_mars_war_logs.shtml
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 12 Jul 2021 18:43:42 GMT
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 299724
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 42
last-modified: Wed, 07 Oct 1998 21:02:18 GMT
server: cloudflare
etag: "2a-339a24b1fea80"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=rYqGe9Hj8jj05xawMCVhlL7LXX4%2FLyCQDuc0GhXkBmgBXjokB7kbg4RlkqgcHn2l%2Faohwc7S4%2BZ3XnqWv1Ct%2FXvEzTEhOl%2B6Aatu24lhLfFcQwjYRIuf6I7n%2B%2FBHaw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
cache-control: public, max-age=604800
accept-ranges: bytes
cf-ray: 66dc6b2d3f6800da-AMS
expires: Fri, 16 Jul 2021 07:28:18 GMT

GET
H3-29 200 linkworld.gif
gamecopyworld.eu/games/images/ 2 KB
3 KB 101ms
96ms Image
image/gif 104.21.16.163
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://gamecopyworld.eu/games/images/linkworld.gif
Requested by: Host: gamecopyworld.eu
URL: https://gamecopyworld.eu/games/pc_mars_war_logs.shtml
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 104.21.16.163 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 95af585291f2fb21865cb55c59d9c8fcf9c7a5bef0f525033a15a22f846454a2

Request headers

:path: /games/images/linkworld.gif
pragma: no-cache
cookie: PHPSESSID=mnatsn2hu00sm46jtjrjsrl1n6
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: gamecopyworld.eu
referer: https://gamecopyworld.eu/games/pc_mars_war_logs.shtml
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://gamecopyworld.eu/games/pc_mars_war_logs.shtml
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 12 Jul 2021 18:43:42 GMT
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 299724
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 2178
last-modified: Sun, 26 Dec 1999 13:43:02 GMT
server: cloudflare
etag: "882-35c9407912580"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=KOcdisVElrV5nN5a3DIsZ%2FdhyNuhlz29dFomTSeLR7%2B%2FY2eaaZ5poaA8kdLP%2FDgy0QCtQw%2FSYRtUg0HwuHfkP%2F4GeIuTxeqUNmRNrV%2BInZKm2wxAEVZV%2B6bZGT7lpg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
cache-control: public, max-age=604800
accept-ranges: bytes
cf-ray: 66dc6b2d3f6900da-AMS
expires: Fri, 16 Jul 2021 07:28:18 GMT

GET
H3-29 200 pc_mars_war_logs.jpg
gamecopyworld.eu/games/images/ 22 KB
23 KB 100ms
96ms Image
image/jpeg 104.21.16.163
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://gamecopyworld.eu/games/images/pc_mars_war_logs.jpg
Requested by: Host: gamecopyworld.eu
URL: https://gamecopyworld.eu/games/pc_mars_war_logs.shtml
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 104.21.16.163 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6cd4f9a5632b15e92a7340e3ad8f329ffbec5a0d098374fdd6ffed682b9b0c98

Request headers

:path: /games/images/pc_mars_war_logs.jpg
pragma: no-cache
cookie: PHPSESSID=mnatsn2hu00sm46jtjrjsrl1n6
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: gamecopyworld.eu
referer: https://gamecopyworld.eu/games/pc_mars_war_logs.shtml
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://gamecopyworld.eu/games/pc_mars_war_logs.shtml
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 12 Jul 2021 18:43:42 GMT
cf-cache-status: MISS
nel: {"report_to":"cf-nel","max_age":604800}
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 22770
last-modified: Fri, 26 Apr 2013 17:18:40 GMT
server: cloudflare
etag: "58f2-4db46b9e79c00"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=TlLqvr1nGoHCPVy1k3wN5F4fLB%2FY5Bitn3MhexZc1JcxaMxWy8UF0mUk3FXcJ402J0Hk%2FJFbA5BjQG%2BkciaRyx6avdOa0k%2BGcQVDq25YrwsyF66ahEvw8%2BxfGEO5xw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: public, max-age=604800
accept-ranges: bytes
cf-ray: 66dc6b2d3f6a00da-AMS
expires: Wed, 11 Aug 2021 18:43:42 GMT

GET
H3-29 200 flag_uk.gif
gamecopyworld.eu/games/images/ 76 B
674 B 117ms
113ms Image
image/gif 104.21.16.163
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://gamecopyworld.eu/games/images/flag_uk.gif
Requested by: Host: gamecopyworld.eu
URL: https://gamecopyworld.eu/games/pc_mars_war_logs.shtml
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 104.21.16.163 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0b4502a5a623952c46395d726a3b6e303ffd954cc38388abc49dedd3d18b1295

Request headers

:path: /games/images/flag_uk.gif
pragma: no-cache
cookie: PHPSESSID=mnatsn2hu00sm46jtjrjsrl1n6
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: gamecopyworld.eu
referer: https://gamecopyworld.eu/games/pc_mars_war_logs.shtml
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://gamecopyworld.eu/games/pc_mars_war_logs.shtml
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 12 Jul 2021 18:43:42 GMT
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 569814
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 76
last-modified: Fri, 05 Jan 2001 21:17:48 GMT
server: cloudflare
etag: "4c-37a2636457700"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=1mVYlC%2F6kZPzAqSd%2FmVmaERP2rVmXpIyEmnDEcQ4ZcYRLJ7s6jZuInplXoJL%2FTb66Q0pzowynvcrSGuBiMlLkP7FKSKqfBzZ%2BOa5QghEHZ4aEsMFOOHpLR2B7d2zig%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
cache-control: public, max-age=604800
accept-ranges: bytes
cf-ray: 66dc6b2d3f6b00da-AMS
expires: Tue, 13 Jul 2021 04:26:48 GMT

GET
H3-29 200 dsk.gif
gamecopyworld.eu/games/images/ 133 B
735 B 117ms
113ms Image
image/gif 104.21.16.163
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://gamecopyworld.eu/games/images/dsk.gif
Requested by: Host: gamecopyworld.eu
URL: https://gamecopyworld.eu/games/pc_mars_war_logs.shtml
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 104.21.16.163 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: cb247ae5fff70e8b751cf1fa1326f1a5164692094fbae47eca64f6a5a584f098

Request headers

:path: /games/images/dsk.gif
pragma: no-cache
cookie: PHPSESSID=mnatsn2hu00sm46jtjrjsrl1n6
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: gamecopyworld.eu
referer: https://gamecopyworld.eu/games/pc_mars_war_logs.shtml
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://gamecopyworld.eu/games/pc_mars_war_logs.shtml
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 12 Jul 2021 18:43:42 GMT
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 569814
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 133
last-modified: Fri, 05 Jan 2001 21:20:02 GMT
server: cloudflare
etag: "85-37a263e422480"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=1RzMvoLpxrUVmEfMRDo8tT%2BVq%2FV7%2BZtDEobfLqpVS63m4nr4legabhfXZdv%2FV8g4NqeIKlbDVJwdHECXcxMDFqHV%2FydUvaNxJfvENPJXdWp2Va0gs1IVM%2BRMJVDktA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
cache-control: public, max-age=604800
accept-ranges: bytes
cf-ray: 66dc6b2d3f6c00da-AMS
expires: Tue, 13 Jul 2021 04:26:48 GMT

GET
H3-29 404 p1.js
gamecopyworld.eu/games/js/ 0
0 117ms
113ms Script
text/html 104.21.16.163
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://gamecopyworld.eu/games/js/p1.js
Requested by: Host: gamecopyworld.eu
URL: https://gamecopyworld.eu/games/pc_mars_war_logs.shtml
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 104.21.16.163 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

:path: /games/js/p1.js
pragma: no-cache
cookie: PHPSESSID=mnatsn2hu00sm46jtjrjsrl1n6
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: gamecopyworld.eu
referer: https://gamecopyworld.eu/games/pc_mars_war_logs.shtml
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://gamecopyworld.eu/games/pc_mars_war_logs.shtml
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 12 Jul 2021 18:43:42 GMT
content-encoding: br
cf-cache-status: BYPASS
nel: {"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=LAunTQYj1CFnoZ1n38SOTLQYLCJn5j9KtD8WA5bkkBJ7ngGhN5fvc0cL8BPA%2FGzAzXEW16PuURuD3dP5XanfFt2xcVrVtgo2Yy17cTHzdcYzf%2BLRztfNdQ%2FX5xdrXA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/html; charset=UTF-8
cache-control: no-store, no-cache, must-revalidate, max-age=0 post-check=0, pre-check=0
cf-ray: 66dc6b2d3f6d00da-AMS
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400

GET
H3-29

200

@_ff_bt.php Show response
s1.filetarget.net/ Frame A5C4
Redirect Chain

https://s1.filetarget.net/!_bt.php?sz=bn&sn=gcweu&bg=gcw_hdr&do=1&ns=0&nf=
https://s1.filetarget.net/@_ff_bt.php

407 B
760 B

101ms
71ms

Document
text/html

2606:4700:3035::6815:1c6e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://s1.filetarget.net/@_ff_bt.php
Requested by: Host: gamecopyworld.eu
URL: https://gamecopyworld.eu/games/pc_mars_war_logs.shtml
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3035::6815:1c6e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f75ab0d8730f17d40176296d9f6cad9adaf61a293e446a65a3f1b07e813f471b

Request headers

:method: GET
:authority: s1.filetarget.net
:scheme: https
:path: /@_ff_bt.php
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://gamecopyworld.eu/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://gamecopyworld.eu/

Response headers

date: Mon, 12 Jul 2021 18:43:42 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
cache-control: max-age=0
expires: Mon, 12 Jul 2021 18:43:42 GMT
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=FSjw0cHnlqglJ0QhylODCUDpsev2srnFf%2FpFNUHGAAoOND5ejDfNrmZFopMjGjiWdXMS7iD0TTHl2nstH5YRfe8kOMg3v2i%2F6uQnyADesxnQUJ08H2b98BBiDNHtf5UF3NZjKYUssA8wo58%3D"}],"group":"cf-nel","max_age":604800}
nel: {"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 66dc6b2dcd5405cc-FRA
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400

Redirect headers

date: Mon, 12 Jul 2021 18:43:42 GMT
content-type: text/html; charset=UTF-8
location: @_ff_bt.php
cache-control: max-age=0
expires: Mon, 12 Jul 2021 18:43:42 GMT
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=1RC4t4HRnll42zy3s96mdvj5FLZHDmCbpOTotI6v7RZKax3uTOj1OVG6mdytpvC61ThwILLM%2FypBDcOWICkzXIM24f6p93NetkF%2FcbYEVmLGGPmD7BszxsBt3TIj%2FAYRmioRXuUtmqnyCp8%3D"}],"group":"cf-nel","max_age":604800}
nel: {"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 66dc6b2d59640609-FRA
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400

GET
H3-29

200

!_games.php Show response
s1.filetarget.net/ Frame D2F1
Redirect Chain

https://s1.filetarget.net/!_top.php?sz=bn&sn=gcweu&bg=gcw&ns=0&nf=
https://s1.filetarget.net/!_bn.php?sz=bn&sn=gcweu&bg=gcw&cn=DE&df=&ns=0&id=&nf=0&kw=
https://s1.filetarget.net/!_games.php?sz=bn&sn=gcweu&bg=gcw&cn=DE&df=&ns=1&id=&nf=0

600 B
835 B

44ms
44ms

Document
text/html

2606:4700:3035::6815:1c6e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://s1.filetarget.net/!_games.php?sz=bn&sn=gcweu&bg=gcw&cn=DE&df=&ns=1&id=&nf=0
Requested by: Host: gamecopyworld.eu
URL: https://gamecopyworld.eu/games/pc_mars_war_logs.shtml
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3035::6815:1c6e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2ab54031b8419141f6cde3db81af14ed182a316144d2ec038e0ba62e3d8af44f

Request headers

:method: GET
:authority: s1.filetarget.net
:scheme: https
:path: /!_games.php?sz=bn&sn=gcweu&bg=gcw&cn=DE&df=&ns=1&id=&nf=0
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://gamecopyworld.eu/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://gamecopyworld.eu/

Response headers

date: Mon, 12 Jul 2021 18:43:42 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
cache-control: max-age=0
expires: Mon, 12 Jul 2021 18:43:42 GMT
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=n63WCmmXnHOIVbXcPMzQBJkVSOslgv8Cmh1IJ1ebpKAyxRK3r76v19I5Bi7Bbt5V7oGQ6scPW0gMkxztktmZNBqoCuqHYM1i46YuwTU1jVcITJiACRzkbwfy41CeBgfTWEPwM9%2BFkisf8Io%3D"}],"group":"cf-nel","max_age":604800}
nel: {"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 66dc6b2e1e6305cc-FRA
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400

Redirect headers

date: Mon, 12 Jul 2021 18:43:42 GMT
content-type: text/html; charset=UTF-8
location: !_games.php?sz=bn&sn=gcweu&bg=gcw&cn=DE&df=&ns=1&id=&nf=0
cache-control: max-age=0
expires: Mon, 12 Jul 2021 18:43:42 GMT
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=QE6VYTGbka%2BfKdZbSAMad6DDQM77p6tfPnMHehRZLZWQyabWmopMuGJqu31mluWfyP84tfwHHlj1P2cYM7H446nxe%2BcVkCQzan7wuRqAbMpjPnZOlHH%2Fn18hAF78sFQIvLSKM%2FRf%2B0AJ2ik%3D"}],"group":"cf-nel","max_age":604800}
nel: {"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 66dc6b2dcd5a05cc-FRA
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400

GET
H3-29

200

@_gsde.php Show response
s1.filetarget.net/ Frame 6E12
Redirect Chain

https://s1.filetarget.net/!_sk.php?sz=sk&sn=gcweu&bg=gcw&ns=0&nf=
https://s1.filetarget.net/!_geo.php?sz=sk&sn=gcweu&bg=gcw&cn=DE&df=&ns=1&id=&nf=0&sk=
https://s1.filetarget.net/@_gsde.php?sz=sk&sn=gcweu&bg=gcw&cn=DE&df=&ns=1&id=&nf=0

614 B
819 B

40ms
40ms

Document
text/html

2606:4700:3035::6815:1c6e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://s1.filetarget.net/@_gsde.php?sz=sk&sn=gcweu&bg=gcw&cn=DE&df=&ns=1&id=&nf=0
Requested by: Host: gamecopyworld.eu
URL: https://gamecopyworld.eu/games/pc_mars_war_logs.shtml
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3035::6815:1c6e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 9020e0212fd06b9c1b852392c525aba0068c91dfbd9527ab638613311d121078

Request headers

:method: GET
:authority: s1.filetarget.net
:scheme: https
:path: /@_gsde.php?sz=sk&sn=gcweu&bg=gcw&cn=DE&df=&ns=1&id=&nf=0
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://gamecopyworld.eu/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://gamecopyworld.eu/

Response headers

date: Mon, 12 Jul 2021 18:43:42 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
cache-control: max-age=0
expires: Mon, 12 Jul 2021 18:43:42 GMT
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=x%2FjzEqO%2FBBvmCP3mLSaPgA3ATxRYCVW27qAOrcCTmB1Wp1%2FS0F4u6uD2kghAY2wGuhWjtOTJzPIr7aHIHfDLDOM9PqtbEV%2BVI3mKjpZEDL2nucCbG05YGsodYwi2OgCsbOBymEZzO16lQ88%3D"}],"group":"cf-nel","max_age":604800}
nel: {"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 66dc6b2e1e5f05cc-FRA
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400

Redirect headers

date: Mon, 12 Jul 2021 18:43:42 GMT
content-type: text/html; charset=UTF-8
location: @_gsde.php?sz=sk&sn=gcweu&bg=gcw&cn=DE&df=&ns=1&id=&nf=0
cache-control: max-age=0
expires: Mon, 12 Jul 2021 18:43:42 GMT
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=kzysS6BDA0SRs9QAWTP%2BtPqa9hdPuvrijD3dLDbYBkXCUVmX%2BOPtvCa8ncgbVDwI84KilJw4gd1esSczlMjqzQ1CtjIri9gEI6h1yusvvYGc5MrHmQBzNb08JQKii%2FiqPGbqsr9hXE%2F1TUg%3D"}],"group":"cf-nel","max_age":604800}
nel: {"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 66dc6b2dbd4f05cc-FRA
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400

GET
H3-29

200

@_gsde.php Show response
s1.filetarget.net/ Frame 9EDA
Redirect Chain

https://s1.filetarget.net/!_bs.php?sz=bs&bl=1&sn=gcweu&bg=gcw&ns=0&nf=
https://s1.filetarget.net/!_geo.php?sz=bs&sn=gcweu&bg=gcw&cn=DE&df=&ns=1&id=&nf=0&sk=
https://s1.filetarget.net/@_mwb.php?sz=bs&sn=gcweu&bg=gcw&cn=DE&df=&ns=1&id=&nf=0
https://s1.filetarget.net/!_bs.php?sz=bs&sn=gcweu&bg=gcw&ng=&ns=1&cn=DE&kw=&bt=&nu=&sk=&dn=&id=
https://s1.filetarget.net/!_geo.php?sz=bs&sn=gcweu&bg=gcw&cn=DE&df=&ns=1&id=&nf=0&sk=
https://s1.filetarget.net/@_gsde.php?sz=bs&sn=gcweu&bg=gcw&cn=DE&df=&ns=1&id=&nf=0

614 B
817 B

76ms
75ms

Document
text/html

2606:4700:3035::6815:1c6e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://s1.filetarget.net/@_gsde.php?sz=bs&sn=gcweu&bg=gcw&cn=DE&df=&ns=1&id=&nf=0
Requested by: Host: gamecopyworld.eu
URL: https://gamecopyworld.eu/games/pc_mars_war_logs.shtml
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3035::6815:1c6e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f3057c16fc98e3d6c44cf672b805dc343e44df05fa34595d4d80fb1ba40be66a

Request headers

:method: GET
:authority: s1.filetarget.net
:scheme: https
:path: /@_gsde.php?sz=bs&sn=gcweu&bg=gcw&cn=DE&df=&ns=1&id=&nf=0
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://gamecopyworld.eu/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://gamecopyworld.eu/

Response headers

date: Mon, 12 Jul 2021 18:43:42 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
cache-control: max-age=0
expires: Mon, 12 Jul 2021 18:43:42 GMT
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=c0kMXm8m6Bx0ryRtbD3L1j6oMIsGTgcUTdpE0QqAGX5OEL9aFhtfA8h92Kmd%2BL9x3UluuFAWRP25wutGQVzUT48%2BtEgoNQPgLCZi%2By6qFEWQUw7oaBL4FRmJsTyqk6BZShKytdHLjZy5z3M%3D"}],"group":"cf-nel","max_age":604800}
nel: {"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 66dc6b2ec84205cc-FRA
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400

Redirect headers

date: Mon, 12 Jul 2021 18:43:42 GMT
content-type: text/html; charset=UTF-8
location: @_gsde.php?sz=bs&sn=gcweu&bg=gcw&cn=DE&df=&ns=1&id=&nf=0
cache-control: max-age=0
expires: Mon, 12 Jul 2021 18:43:42 GMT
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=uoLL23p77FGfwwGdxlpSP017Aiqbklbtx7jbA42VZLW7Tede6%2BKGPyVkqj3pHy%2FaKzr2%2BP0%2BtBk8Lr2JLzRTCEvGG601O0lyI4rQEP2dldK0MGFnFuMGM2%2BNEr9y0eQeJ4pY3L0QGorqWH0%3D"}],"group":"cf-nel","max_age":604800}
nel: {"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 66dc6b2e9fc405cc-FRA
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400

GET
H3-29

200

@_tc.php Show response
s1.filetarget.net/ Frame 392A
Redirect Chain

https://s1.filetarget.net/!_btm.php?sz=bn&sn=gcweu&bg=gcw&ns=0&nf=
https://s1.filetarget.net/@_tc.php?sz=bn&sn=gcweu&bg=gcw&cn=DE&df=&ns=0&id=&nf=0&np=1

529 B
809 B

80ms
52ms

Document
text/html

2606:4700:3035::6815:1c6e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://s1.filetarget.net/@_tc.php?sz=bn&sn=gcweu&bg=gcw&cn=DE&df=&ns=0&id=&nf=0&np=1
Requested by: Host: gamecopyworld.eu
URL: https://gamecopyworld.eu/games/pc_mars_war_logs.shtml
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3035::6815:1c6e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 53b4b6183ff408bbbe5c93b23f548f9de9faac415bf3ed078ca1fbbd1f8d1d87

Request headers

:method: GET
:authority: s1.filetarget.net
:scheme: https
:path: /@_tc.php?sz=bn&sn=gcweu&bg=gcw&cn=DE&df=&ns=0&id=&nf=0&np=1
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://gamecopyworld.eu/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://gamecopyworld.eu/

Response headers

date: Mon, 12 Jul 2021 18:43:42 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
cache-control: max-age=0
expires: Mon, 12 Jul 2021 18:43:42 GMT
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=seWyVxBXgmZ6WodULio3t4q5HxLi9aMXw3SBGNq7jeOkK5LcS%2BNue66TvYUgJlwHxKAe0xie9N99sBikcqH5TFvyZghS9EkXL6VtAHMguxfI60Q%2BqvO0UiRoPe9IE1GxR%2FXDbM36rGRMOc4%3D"}],"group":"cf-nel","max_age":604800}
nel: {"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 66dc6b2dcd5605cc-FRA
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400

Redirect headers

date: Mon, 12 Jul 2021 18:43:42 GMT
content-type: text/html; charset=UTF-8
location: @_tc.php?sz=bn&sn=gcweu&bg=gcw&cn=DE&df=&ns=0&id=&nf=0&np=1
cache-control: max-age=0
expires: Mon, 12 Jul 2021 18:43:42 GMT
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=qOBzzv93AWb7ZhSLRLvOgUEHDT9Cp6jrHXkITah1TETs8X4Hh2VA6pwISLcWfw2Q9O1foKJ%2Fjjtwe7VegNVk1qdlABIpmHSViZKPvvOuCNkCsDv9BKpBmq7fgr5HNwUBc%2B1DbKACBp2N5ss%3D"}],"group":"cf-nel","max_age":604800}
nel: {"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 66dc6b2d59720609-FRA
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400

GET
H/1.1 200
OK p2.js Show response
b.domnlk.com/ 37 KB
38 KB 164ms
96ms Script
application/javascript 130.185.144.4
IOMART-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://b.domnlk.com/p2.js
Requested by: Host: gamecopyworld.eu
URL: https://gamecopyworld.eu/games/pc_mars_war_logs.shtml
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 130.185.144.4 , United Kingdom, ASN20860 (IOMART-AS, GB),
Reverse DNS
Software: nginx/1.8.0 /
Resource Hash: 1cf71fa97f15051da62cf4c9d6a61ca5c0a49ff7d0f15454aad0a7f48b7300b9

Request headers

Referer: https://gamecopyworld.eu/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 12 Jul 2021 18:43:42 GMT
Last-Modified: Tue, 04 Feb 2020 15:36:16 GMT
Server: nginx/1.8.0
ETag: "5e398f70-94e7"
Content-Type: application/javascript
Cache-control: private
Accept-Ranges: bytes
Content-Length: 38119

GET
H3-29 200 is_bn_harley_1.jpg
s1.filetarget.net/ii/tc/ Frame 392A 42 KB
43 KB 26ms
26ms Image
image/jpeg 2606:4700:3035::6815:1c6e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s1.filetarget.net/ii/tc/is_bn_harley_1.jpg
Requested by: Host: s1.filetarget.net
URL: https://s1.filetarget.net/@_tc.php?sz=bn&sn=gcweu&bg=gcw&cn=DE&df=&ns=0&id=&nf=0&np=1
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3035::6815:1c6e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1c55d16bf5a37ade168f2d46f68d7d86d84e90be62c446dc57e859c82ddc092a

Request headers

Referer: https://s1.filetarget.net/@_tc.php?sz=bn&sn=gcweu&bg=gcw&cn=DE&df=&ns=0&id=&nf=0&np=1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 12 Jul 2021 18:43:42 GMT
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 2130369
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 43097
last-modified: Thu, 03 Oct 2019 16:34:15 GMT
server: cloudflare
etag: "a859-5940428032a51"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=C9G8KqvH33dOOVie3iu2UbScY78xMLwBszJ1My9lPEtwQBddlTHqvTjLeB%2BsBu1NBi6HdwBUW%2FLAm2Clmy%2FdSB8ffxyI8sAiCdJUN02zhnX1vMGOYb3tg2HzUqqd7pVE5MzlKohfjswv1c8%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: max-age=2592000
accept-ranges: bytes
cf-ray: 66dc6b2e1e7505cc-FRA
expires: Sun, 18 Jul 2021 02:57:33 GMT

GET
H3-29 200 bt_2.gif
s1.filetarget.net/ii/ff/ Frame A5C4 6 KB
7 KB 20ms
19ms Image
image/gif 2606:4700:3035::6815:1c6e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s1.filetarget.net/ii/ff/bt_2.gif
Requested by: Host: s1.filetarget.net
URL: https://s1.filetarget.net/@_ff_bt.php
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3035::6815:1c6e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ef196415daeadaf92505f7b4445b1593bc1071eb0bede51fee9891eb3126d280

Request headers

Referer: https://s1.filetarget.net/@_ff_bt.php
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 12 Jul 2021 18:43:42 GMT
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 2122174
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 6285
last-modified: Sun, 08 Nov 2015 09:03:56 GMT
server: cloudflare
etag: "188d-52403c1a6f700"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=O4TPScSrlf2mAEzqY1e5JkBhjh0MW%2BCLyDMR4bgytR8YCf%2BKN%2F24fLQPnt7e6X5CE5sFtO13yOL01de5R5D%2FzpjQCp3QPnn24fjwFH5ETZDgCYOwHg8pmT9bQgntmw1PG0n0ibT7fAJftH8%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
cache-control: max-age=2592000
accept-ranges: bytes
cf-ray: 66dc6b2e5ef405cc-FRA
expires: Sun, 18 Jul 2021 05:14:08 GMT

GET
H2

200

img120x600-1525857981437.gif
a1.awin1.com/ads/awin/13542/ Frame 6E12
Redirect Chain

https://www.awin1.com/cshow.php?s=2180716&v=13542&q=339306&r=389935
https://ui2.awin.com/ads/awin/13542/img120x600-1525857981437.gif
https://a1.awin1.com/ads/awin/13542/img120x600-1525857981437.gif

34 KB
34 KB

81ms
25ms

Image
image/gif

151.101.114.110
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://a1.awin1.com/ads/awin/13542/img120x600-1525857981437.gif
Requested by: Host: s1.filetarget.net
URL: https://s1.filetarget.net/@_gsde.php?sz=sk&sn=gcweu&bg=gcw&cn=DE&df=&ns=1&id=&nf=0
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.114.110 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: Apache /
Resource Hash: 77a68275606e3e6d9a61b7b57e474a51a224bfdb82b97a2ba4b82b6f5fc1382b

Request headers

Referer: https://s1.filetarget.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 12 Jul 2021 18:43:42 GMT
via: 1.1 varnish, 1.1 varnish
server: Apache
age: 35442
x-cache: MISS, HIT
content-type: image/gif
expires: Mon, 12 Jul 2021 20:53:01 GMT
cache-control: max-age=43200
x-cache-hits: 0, 1
accept-ranges: bytes
x-timer: S1626115423.694450,VS0,VE1
content-length: 34800
x-served-by: cache-fra19134-FRA, cache-hhn4047-HHN

Redirect headers

location: https://a1.awin1.com/ads/awin/13542/img120x600-1525857981437.gif
date: Mon, 12 Jul 2021 18:43:42 GMT
content-length: 0

GET
H3-29 200 ricochet_x.jpg
s1.filetarget.net/sw/ Frame D2F1 18 KB
18 KB 20ms
19ms Image
image/jpeg 2606:4700:3035::6815:1c6e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s1.filetarget.net/sw/ricochet_x.jpg
Requested by: Host: s1.filetarget.net
URL: https://s1.filetarget.net/!_games.php?sz=bn&sn=gcweu&bg=gcw&cn=DE&df=&ns=1&id=&nf=0
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3035::6815:1c6e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f5edef88acab344f265d41da21e13104d9db49745bc8b16adc1335b39564a0a8

Request headers

Referer: https://s1.filetarget.net/!_games.php?sz=bn&sn=gcweu&bg=gcw&cn=DE&df=&ns=1&id=&nf=0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 12 Jul 2021 18:43:42 GMT
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 1738033
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 18198
last-modified: Tue, 20 Nov 2007 15:16:29 GMT
server: cloudflare
etag: "4716-43f5dbfc96d40"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=hSOMi3jHSm6vGoVxFNfdPcr0tjnLd8XbSVCh%2FzCqY2czP6CG0%2FAYX7FZdGdX%2BtI6zwQ0fbPxyXYNa8hslMa71ptf5s88AnbH%2FgpyqVYTJf8hutRoyOynbToLl7COpAudca2ejdNqkqNyOuE%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: max-age=2592000
accept-ranges: bytes
cf-ray: 66dc6b2e6f2405cc-FRA
expires: Thu, 22 Jul 2021 15:56:29 GMT

GET
H3-29 206 e1012_4.mp4
gamecopyworld.eu/games/i/tc/pm/ 92 KB
0 35ms
34ms Media
video/mp4 104.21.16.163
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://gamecopyworld.eu/games/i/tc/pm/e1012_4.mp4
Requested by: Host: gamecopyworld.eu
URL: https://gamecopyworld.eu/games/pc_mars_war_logs.shtml
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 104.21.16.163 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

sec-fetch-mode: cors
accept-encoding: identity;q=1, *;q=0
accept-language: en-US
sec-fetch-dest: video
cookie: PHPSESSID=mnatsn2hu00sm46jtjrjsrl1n6
:path: /games/i/tc/pm/e1012_4.mp4
pragma: no-cache
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: */*
cache-control: no-cache
:authority: gamecopyworld.eu
referer: https://gamecopyworld.eu/games/pc_mars_war_logs.shtml
:scheme: https
sec-fetch-site: same-origin
range: bytes=0-
:method: GET
Referer: https://gamecopyworld.eu/games/pc_mars_war_logs.shtml
Accept-Encoding: identity;q=1, *;q=0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Range: bytes=0-

Response headers

date: Mon, 12 Jul 2021 18:43:42 GMT
cf-cache-status: DYNAMIC
nel: {"report_to":"cf-nel","max_age":604800}
Content-Range: bytes 0-1328138/1328139
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
Content-Length: 1328139
last-modified: Sun, 31 Mar 2019 07:06:11 GMT
server: cloudflare
etag: "14440b-5855e89fb1d7c"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=f0fxdsHvztCpdA6NrWYRoOr0XOe9QtNn1N4V3P7x8Nhqve0%2BBzt40p7UgJFVAC1trRBc74VsjNmhF2wKdCOE%2F%2F3AqmLynYKhkGLMGXCUfrTObdXevw%2BG3KUY%2FixfZA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: video/mp4
cache-control: max-age=0
accept-ranges: bytes
cf-ray: 66dc6b2f2aae00da-AMS
expires: Mon, 12 Jul 2021 18:43:42 GMT

GET
H2

200

img160x600-1525857932440.gif
a1.awin1.com/ads/awin/13542/ Frame 9EDA
Redirect Chain

https://www.awin1.com/cshow.php?s=2180713&v=13542&q=339306&r=389935
https://ui2.awin.com/ads/awin/13542/img160x600-1525857932440.gif
https://a1.awin1.com/ads/awin/13542/img160x600-1525857932440.gif

37 KB
37 KB

29ms
25ms

Image
image/gif

151.101.114.110
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://a1.awin1.com/ads/awin/13542/img160x600-1525857932440.gif
Requested by: Host: s1.filetarget.net
URL: https://s1.filetarget.net/@_gsde.php?sz=bs&sn=gcweu&bg=gcw&cn=DE&df=&ns=1&id=&nf=0
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.114.110 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: Apache /
Resource Hash: c956da5cbd514e0613c77425b2b93749443140150983d4731013dffb10493aa9

Request headers

Referer: https://s1.filetarget.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 12 Jul 2021 18:43:42 GMT
via: 1.1 varnish, 1.1 varnish
server: Apache
age: 37318
x-cache: MISS, HIT
content-type: image/gif
expires: Mon, 12 Jul 2021 20:21:44 GMT
cache-control: max-age=43200
x-cache-hits: 0, 1
accept-ranges: bytes
x-timer: S1626115423.694418,VS0,VE1
content-length: 37529
x-served-by: cache-fra19181-FRA, cache-hhn4047-HHN

Redirect headers

location: https://a1.awin1.com/ads/awin/13542/img160x600-1525857932440.gif
date: Mon, 12 Jul 2021 18:43:42 GMT
content-length: 0

GET
H3-29 206 e1012_4.mp4
gamecopyworld.eu/games/i/tc/pm/ 17 KB
18 KB 35ms
35ms Media
video/mp4 104.21.16.163
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://gamecopyworld.eu/games/i/tc/pm/e1012_4.mp4
Requested by: Host: gamecopyworld.eu
URL: https://gamecopyworld.eu/games/pc_mars_war_logs.shtml
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 104.21.16.163 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b847a6fed53323c768487f6be3e74c6f095462081e8d31a2fab7c0a9d4740cd9

Request headers

sec-fetch-mode: cors
accept-encoding: identity;q=1, *;q=0
accept-language: en-US
sec-fetch-dest: video
cookie: PHPSESSID=mnatsn2hu00sm46jtjrjsrl1n6
:path: /games/i/tc/pm/e1012_4.mp4
pragma: no-cache
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: */*
cache-control: no-cache
:authority: gamecopyworld.eu
referer: https://gamecopyworld.eu/games/pc_mars_war_logs.shtml
:scheme: https
sec-fetch-site: same-origin
range: bytes=1310720-
:method: GET
Referer: https://gamecopyworld.eu/games/pc_mars_war_logs.shtml
Accept-Encoding: identity;q=1, *;q=0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Range: bytes=1310720-

Response headers

date: Mon, 12 Jul 2021 18:43:42 GMT
cf-cache-status: DYNAMIC
nel: {"report_to":"cf-nel","max_age":604800}
Content-Range: bytes 1310720-1328138/1328139
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
Content-Length: 17419
last-modified: Sun, 31 Mar 2019 07:06:11 GMT
server: cloudflare
etag: "14440b-5855e89fb1d7c"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=vI8PLa7b9fx%2B%2FtUFwE81x8WYsjtSiczzvIQB0Spu0GErMu2HuyzCZ0qnB7guY96EM2jJgvCI5PjtrklfTuQRyefBKr%2FZffQKKZR7Dhw8ZT6djxRLCHZQsIkJHzFeMw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: video/mp4
cache-control: max-age=0
accept-ranges: bytes
cf-ray: 66dc6b2f6b1400da-AMS
expires: Mon, 12 Jul 2021 18:43:42 GMT

GET
H3-29 206 e1012_4.mp4
gamecopyworld.eu/games/i/tc/pm/ 1 MB
1 MB 30ms
30ms Media
video/mp4 104.21.16.163
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://gamecopyworld.eu/games/i/tc/pm/e1012_4.mp4
Requested by: Host: gamecopyworld.eu
URL: https://gamecopyworld.eu/games/pc_mars_war_logs.shtml
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 104.21.16.163 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5e5be22cf2b06fccc298404f8aad9a98ec57031d3ef9118fd8a6664b70abd473

Request headers

sec-fetch-mode: cors
accept-encoding: identity;q=1, *;q=0
accept-language: en-US
sec-fetch-dest: video
cookie: PHPSESSID=mnatsn2hu00sm46jtjrjsrl1n6
:path: /games/i/tc/pm/e1012_4.mp4
pragma: no-cache
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: */*
cache-control: no-cache
:authority: gamecopyworld.eu
referer: https://gamecopyworld.eu/games/pc_mars_war_logs.shtml
:scheme: https
sec-fetch-site: same-origin
range: bytes=65536-
:method: GET
Referer: https://gamecopyworld.eu/games/pc_mars_war_logs.shtml
Accept-Encoding: identity;q=1, *;q=0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Range: bytes=65536-

Response headers

date: Mon, 12 Jul 2021 18:43:42 GMT
cf-cache-status: DYNAMIC
nel: {"report_to":"cf-nel","max_age":604800}
Content-Range: bytes 65536-1328138/1328139
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
Content-Length: 1262603
last-modified: Sun, 31 Mar 2019 07:06:11 GMT
server: cloudflare
etag: "14440b-5855e89fb1d7c"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=Dk6jyiMqy6sQ0uPnCxkLlXnmipQ74%2FCWND1td%2BwL3y2yViADWdX7JYR6ghMuJXm8wsQRjg1hqlL4HMIPCrIWUzqo13n9IeTi%2FOEvVmY9eSmiO13%2BAVHH3sZdnP2duQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: video/mp4
cache-control: max-age=0
accept-ranges: bytes
cf-ray: 66dc6b2fab7c00da-AMS
expires: Mon, 12 Jul 2021 18:43:42 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjstscOMN2edHzkZ5Mdq9OIahvOBPdDRtlVZPToFLjgephniKlutzwkpMcAlXIY3pLSjPmH4Xx4nSXp8lAqcfDmD7Ki-rSZhe4dJnVKkBkWiN5gc_D1RzKNCMVxFuLw&sai=AMfl-YSCrum9USCoBCcNqLb-nS88i_4ilEJqf9xHdajeHoC-OXExnvJTVCfQ8xnnTCpfrtI_JvMNsxeC4UXD&sig=Cg0ArKJSzEdGb5vOEu3gEAE&id=ampeos&o=438,9&d=728,90&ss=1600,1200&bs=1600,1200&mcvt=5086&mtos=0,0,5086,5086,5086&tos=0,0,5086,0,0&tfs=110&tls=5196&g=100&h=100&pt=1170&tt=5196&rpt=1170&rst=1626115415821&r=de&isd=inside&msd=inside&avms=ampa

Domain: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsvEKUXMVPbubaXYc3qU4UsJSca90GWmwgQNDGDpxkBX6-uVkQtIFxLDQYR14paVgs6HThi_rXS6fSb4Y8WbJ5qmQl_Tv5Ku50FNIaYt0ZXKUan9wnqa6o1nn3SV6w&sai=AMfl-YQtvu3rDX4XhpmLfjyNY3m2xBol1xTXSEwFvDJ7gPnWFX-OWwxvUCBVeG9hopevaLCMR41u11OLs59k&sig=Cg0ArKJSzOgCRc_O0H5jEAE&id=lidartos&mcvt=5681&p=104,868,354,1168&mtos=5681,5681,5681,5681,5681&tos=5681,0,0,0,0&v=20210709&bin=7&avms=nio&bs=0,0&mc=1&if=1&app=0&itpl=2&adk=4210093258&rs=2&met=mue&la=0&cr=0&osd=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ%3D%3D&vs=4&eosc=0&eosm=0&rst=1626115415831&dlt=553&rpt=56&isd=0&msd=0&r=u

Domain: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjssPu7AS22Ak4fJK-VE-ElLNhKiOCO02W58DUjUvh6A2N1ap732v-pAa9lLqG-YFWGs1xVBsDZ1CO2tOzfqye8fToaqr-ts6Brx9xJB957NirppRutoPJnDZ8Bfb0g&sai=AMfl-YRMcbvFmqd9skZIZ78TUns-Ei6anKy6MgjGRSb2mkH8ZCh9uz9OJwaQLb0t8Xytf0MMB_EczJ8UoFzW&sig=Cg0ArKJSzA8aYYbbMQuaEAE&id=lidartos&mcvt=5901&p=411,566,469,1034&mtos=5901,5901,5901,5901,5901&tos=5901,0,0,0,0&v=20210709&bin=7&avms=nio&bs=0,0&mc=1&if=1&app=0&itpl=2&adk=4048629624&rs=2&met=mue&la=0&cr=0&osd=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ%3D%3D&vs=4&eosc=0&eosm=0&rst=1626115415838&dlt=325&rpt=54&isd=0&msd=0&r=u

Verdicts & Comments Add Verdict or Comment

22 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			gamecopyworld.eu/	1969-12-31 23:59:59	Name: PHPSESSID Value: mnatsn2hu00sm46jtjrjsrl1n6

2 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
console-api	log	URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/16215012808405873833/js/script.js(Line 56) Message: 11750
console-api	info	URL: https://cdn.ampproject.org/rtv/012106212012000/amp4ads-v0.mjs(Line 6) Message: Powered by AMP ⚡ HTML – Version 2106212012000 https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9116440445344191&output=html&h=90&slotname=6663260524&adk=2451648850&adf=207028156&pi=t.ma~as.6663260524&w=728&lmt=1626115415&psa=0&format=728x90&url=https%3A%2F%2Fd2.consoletarget.com%2F%3Fy%3Dcdd07634%26x%3DktVrDlr%252BQZgiyDAa2CWtTJWZR7mJ%252Fya98O5DH%252BZrC1kk7R5dxzj%252F8hZb1J%252BUQ9K7ZKFIj%252BsfcAkMaUlwAKBB9TrU4pu%252F8UWsqpM9wqUeaXE%252F%252BJX0heuxH%252BKGSlJkpRbQleHDx6whNEqkKAmVk7J56Hl4To%252FWf26wlX1R1bkQHb4%253D&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1626115415729&bpp=4&bdt=193&idt=74&shv=r20210708&ptt=9&saldr=aa&abxe=1&correlator=1826876655041&frm=20&pv=2&ga_vid=2078670877.1626115416&ga_sid=1626115416&ga_hid=1301679109&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=438&ady=9&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44743413%2C182982100&oid=3&pvsid=2283707075996071&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CEe%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=1&uci=a!1&fsb=1&xpc=Lm0pePfyqX&p=https%3A//d2.consoletarget.com&dtd=91

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

a1.awin1.com
adserver.adreactor.com
adservice.google.com
adservice.google.de
b.domnlk.com
cdn.ampproject.org
cdnjs.cloudflare.com
d2.consoletarget.com
gamecopyworld.eu
googleads.g.doubleclick.net
pagead2.googlesyndication.com
partner.googleadservices.com
s1.filetarget.net
tpc.googlesyndication.com
ui2.awin.com
www.awin1.com
www.google.com
www.googletagservices.com
pagead2.googlesyndication.com
104.111.239.217
104.21.16.163
130.185.144.4
151.101.114.110
172.67.148.24
2.16.186.144
216.58.212.130
2606:4700:3035::6815:1c6e
2606:4700::6810:125e
2a00:1450:4001:800::2002
2a00:1450:4001:808::2004
2a00:1450:4001:809::2002
2a00:1450:4001:810::2002
2a00:1450:4001:827::2001
2a00:1450:4001:827::2002
2a00:1450:4001:828::2002
2a00:1450:4001:82f::2001
46.166.179.121
060c126a38460626d946329d21b142e8549a27661bd40dbb5b61dd015b5bc44c
0b4502a5a623952c46395d726a3b6e303ffd954cc38388abc49dedd3d18b1295
0c5035615489403ef871fb74d138225ecac5a146fe920fdcbafd4e5ed349e738
0dfc6963fb114588887432268114a1bb0a5e4692eaeafc9e755c7d4ad92546e2
1573e57e51c6171b240caf25f94367fbd901e9c5bfddfdd2a8dc54528d9f131b
18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421
1a99c050ba983fd07957578bdea213d67453f6d724a40914a2f29ea03aac49c0
1c55d16bf5a37ade168f2d46f68d7d86d84e90be62c446dc57e859c82ddc092a
1cf71fa97f15051da62cf4c9d6a61ca5c0a49ff7d0f15454aad0a7f48b7300b9
1ef5da18f8b87352f7274273f3a801336d73b18dd24bff1a4633fabe73bcb363
20b3bad1427e2212dd847357841f993f025b5061c4af1d382dcc727e102cc1e4
2ab54031b8419141f6cde3db81af14ed182a316144d2ec038e0ba62e3d8af44f
2ecd295d295bec062cedebe177e54b9d6b19fc0a841dc5c178c654c9ccff09c0
342eb91d51c7a9e6f87b1b8b9090b371fcd6940d6e976dc69060f01d95361681
36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1
3dc3ce3148a6f2749b2768225a9571dc190416b32f4c63f726c9986760efdaec
41a23e11eb8676f49330e9b6076c7020b1203a6439975333019d27be5f1d775c
42c0019ac2f32d24160ef9f53853c7caeb65ea3b21bcbcd8e3b90a5a230dfba4
432b2106c06e364521fa2e262e0dfe4f0279e76e00da0b9521ce26a2c2b35710
456ab1a71507ed91abae14c9d08faffb373a7bc711a66e44341b7b8b7bb72ab4
4848c8d9ba59d4efc25bea3bf4c0cbeb573b236ae624dad3d6e444c459d0c13f
48f9695743d1ea7156fe612eb25beb3be6ca81d94a30891b848d0177137dfaa6
4b9bccdbe5e54a43b311d387bcd57a43b5063c962af7ba60bef421aa61a6e491
4fa0156d693856f79289525c8e4db988a188d55ce0283351c96d811c7ce3e2c3
53508370870f07a8e0622c65b014e420acf79651a6a58343427f1032c76d91dd
53b4b6183ff408bbbe5c93b23f548f9de9faac415bf3ed078ca1fbbd1f8d1d87
54a66c4693bfd79901040269ae7d7304508cbd02859797a1780f2bbe72176e23
565723bb2491c70903a0415d4b4284e5cb6ae4b14a93d9f8ec3c5bf56c928c41
568596ff729d6d745852cde3508e7ee7254812bbbfcb8cccedc81164dae9d99c
5e5be22cf2b06fccc298404f8aad9a98ec57031d3ef9118fd8a6664b70abd473
660fde42e9d1de3cb20426daad1a75af8462fb17a9fe295ca61020350c68e5b9
6820117e5678654591060a9aa9e74271e87e7bba543c8c7238de7e243ae8036f
6cd4f9a5632b15e92a7340e3ad8f329ffbec5a0d098374fdd6ffed682b9b0c98
72251fc8fc87b6900f8c81e8b8024af89a8c020f83a660620edea545cb320b55
77a68275606e3e6d9a61b7b57e474a51a224bfdb82b97a2ba4b82b6f5fc1382b
7a35e58ed27adb2b3898f7fac4959e9400e56991a06771cd3fa1e2471c8f7d31
7ab1d6095049c65a7a628a1da2119bcd61018f3016b1804638eee1a2840b53ac
7d7731cd19278dd8d68435b1df5709fd2e12e8f13e43d86409ccc26f3354ea52
7e5e8d7a52cffab98c6c3957e1c30af475c697d4d50ba91aeab0b11eea32a166
7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b
81e9cd9c4c8b4bd3d53880fb36277e1cc6ff1fd39f54a83be6af7f4b4a79db77
8439658df1f8aa1b1a6e3c12d744c275392cb35a7e8c29430c518a13370f2620
8aa37122ff64c66dac4a68e9cee5722341700415d8f0905d311845fbc4832b37
9020e0212fd06b9c1b852392c525aba0068c91dfbd9527ab638613311d121078
90c5ec26f06ae4c04369e48776d3b81a6db293f669ccf466e7aa2fe0077ded3a
95af585291f2fb21865cb55c59d9c8fcf9c7a5bef0f525033a15a22f846454a2
9aacffae789edc1230cd8aa312a2c9c976905c6629df6d04225469cfc424e0d0
9b294d86f6464bb747dd3eb1db71f2acff3cb5be807a30b3b4d75f05832e5b09
9be5a61b7fa7ff8f71bc1c0fa08917a483d8f750dac2c337ea8fa077f4c3d004
a086a993c1c5a71e90ad33b752fe975866822a8d2db7bad23b4684d10e94651a
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a5ead9037af4a0e749e217f63b25a25493a7705e17d98f04b336ab1370a353db
a76203da9589f28f505d80ad0598ce2093fce9c24e3c615517d8e9eaa5cc150b
ac42f28820c1a06584cf80f69fc888b8d19d7b87197bef5ea6ea355b712df62c
af4c6683814aa527caf53bde3d021e6aafe00833b45f2dead043c87ed7864674
b3e384e3a727917185428a38afcce19eac731bcf1599e2c6ea693bda664c3f28
b4c0de90e2221a47e6dafa7801953b2f9a131da8eda30311020e10182d244e87
b749b4255bdc7009b9e9ea83cc1f053de2757812081dfec963532e23a4d90d61
b847a6fed53323c768487f6be3e74c6f095462081e8d31a2fab7c0a9d4740cd9
c15d09678d7f43208eb6618ad9a6a5308207166dddedd9f3592f4af5c0ac79ce
c956da5cbd514e0613c77425b2b93749443140150983d4731013dffb10493aa9
ca1a8b33b9235387ccc62f6feef01676f8788c02fa1b235efdf0a36b600b9b1e
cb247ae5fff70e8b751cf1fa1326f1a5164692094fbae47eca64f6a5a584f098
cbd0f8eff9d195eb363c39b70077cb7c4f7345d09d1cf41fa5db573916a92163
ccca0dba2f0d3225f8c05ff7e36c3897965d5a37f1d41318d99075c92f368383
d1c009c83f73450bedc9ef5decc272e84e1acf87fd721112bd6b6fa270e44caa
d3471bb0a9d265d444a4d6dcb3be99a684cc8348f97f4ad425de8c9922e41183
d3d28833e9d74c8a2b9c6291c9031508253f6573e9071fcab4e9616e9e989aeb
d3eb8dee7dcc695df464819e6276c1b2a99dc0884ddb53ed4c75d3b3aca25f7b
d661244532ddce6a92fb96fde511e23ea4de69ff2e41a5bffb884caa71166e01
dafd9e905da149b0bddd8a4af6c1e616753e898b521e5236228f977f595bf4d0
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e420b0cb6a004f43c168c8c7f29bfe3ed45e7068dc698dfd83765a85a378f182
e54b897cb477a0ce61dc7c6900e1c57a4f127c24716662b84313be238e0f7abb
e5fd0f16250556b63841b0945f6f37104eac8a403e95cfa57915f64aa7201ba4
e750ca47a0074b28387009e1fe06ce0c685e4b429923066b12694a7e90d25e6f
e872cbf02c8b399de0bc02a3120c525d1397d73e6fe9b396ddb9fb8ca645421f
eb881ad28cd027cf3d912ca2a5f9ba9333484d1e747d2ff8e76506c8fd62ae99
ecdc50d52c709dcee691a38026d3fd60a962e65db82c697ebdc2d0e23bff66fb
ed045b94f4874ac13890f9c4370e2b14b30c2a12a79d22e52d20872440b60ede
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
ef196415daeadaf92505f7b4445b1593bc1071eb0bede51fee9891eb3126d280
efa2ec1d872cdd22f2ca6aedea7b686c7eda3867f5d28c1321891a775edb7ad8
f3057c16fc98e3d6c44cf672b805dc343e44df05fa34595d4d80fb1ba40be66a
f5edef88acab344f265d41da21e13104d9db49745bc8b16adc1335b39564a0a8
f75ab0d8730f17d40176296d9f6cad9adaf61a293e446a65a3f1b07e813f471b
ff43600c228c39295ac3c0768717186ef6d68e1358a325b310a757bf53d265b3

gamecopyworld.eu Open in urlscan Pro 104.21.16.163 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

121 Requests

98 %HTTPS

56 %IPv6

15 Domains

18 Subdomains

17 IPs

4 Countries

2784 kBTransfer

4802 kBSize

1 Cookies

13 Outgoing links

Page URL History

Redirected requests

121 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 3 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

gamecopyworld.eu Open in urlscan Pro
104.21.16.163 Public Scan

Screenshot
Live screenshot

Full Image

121
Requests

98 %
HTTPS

56 %
IPv6

15
Domains

18
Subdomains

17
IPs

4
Countries

2784 kB
Transfer

4802 kB
Size

1
Cookies

121 HTTP transactions
3 data transactions