dzballon.com Open in urlscan Pro
194.163.146.70 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://dzballon.com/
Effective URL:
https://dzballon.com/
Submission: On January 20 via manual (January 20th 2022, 2:45:31 am UTC) from IN — Scanned from DE

Summary HTTP 194 Redirects Links 13 Behaviour Indicators

Summary

This website contacted 26 IPs in 3 countries across 16 domains to perform 194 HTTP transactions. The main IP is 194.163.146.70, located in Düsseldorf, Germany and belongs to CONTABO, DE. The main domain is dzballon.com.
TLS certificate: Issued by Sectigo RSA Domain Validation Secure ... on December 19th 2021. Valid for: a year.

This is the only time dzballon.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 51	194.163.146.70 194.163.146.70	51167 (CONTABO) (CONTABO)
10	192.0.77.37 192.0.77.37	2635 (AUTOMATTIC) (AUTOMATTIC)
2	2a00:1450:400... 2a00:1450:4001:811::200a	15169 (GOOGLE) (GOOGLE)
14	2a00:1450:400... 2a00:1450:4001:810::2002	15169 (GOOGLE) (GOOGLE)
5	2a03:2880:f21... 2a03:2880:f21c:80c4:face:b00c:0:43fe	32934 (FACEBOOK) (FACEBOOK)
2	192.0.76.3 192.0.76.3	2635 (AUTOMATTIC) (AUTOMATTIC)
6	2a00:1450:400... 2a00:1450:4001:808::2003	15169 (GOOGLE) (GOOGLE)
22	2a00:1450:400... 2a00:1450:4001:828::2002	15169 (GOOGLE) (GOOGLE)
1	142.250.186.130 142.250.186.130	15169 (GOOGLE) (GOOGLE)
4	2a00:1450:400... 2a00:1450:4001:831::2002	15169 (GOOGLE) (GOOGLE)
1 40	2a00:1450:400... 2a00:1450:4001:80f::2001	15169 (GOOGLE) (GOOGLE)
5	2a00:1450:400... 2a00:1450:4001:801::2002	15169 (GOOGLE) (GOOGLE)
1	2a02:2638:1::2 2a02:2638:1::2	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
1	2a02:2638:1::11 2a02:2638:1::11	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
3 5	2a00:1450:400... 2a00:1450:4001:827::2004	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:827::2003	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:82b::200e	15169 (GOOGLE) (GOOGLE)
4	2a00:1450:400... 2a00:1450:4001:829::200e	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:810::200e	15169 (GOOGLE) (GOOGLE)
9	2a02:2638::3 2a02:2638::3	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
1	178.250.2.148 178.250.2.148	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
7	2a00:1450:400... 2a00:1450:4001:829::2001	15169 (GOOGLE) (GOOGLE)
1	2606:4700::68... 2606:4700::6810:135e	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	178.250.0.139 178.250.0.139	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
2	178.250.2.150 178.250.2.150	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
194	26

51 194.163.146.70 (Düsseldorf, Germany) 1 redirects

ASN51167 (CONTABO, DE)
PTR: vmi608334.contaboserver.net

dzballon.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
sharp-elbakyan.194-163-146-70.plesk.page	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 192.0.77.37 (San Francisco, United States)

ASN2635 (AUTOMATTIC, US)
PTR: wordpress.com

c0.wp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:811::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

14 2a00:1450:4001:810::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a03:2880:f21c:80c4:face:b00c:0:43fe (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

scontent.cdninstagram.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 192.0.76.3 (San Francisco, United States)

ASN2635 (AUTOMATTIC, US)

stats.wp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
pixel.wp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a00:1450:4001:808::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

22 2a00:1450:4001:828::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.186.130 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s07-in-f2.1e100.net

partner.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:831::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

40 2a00:1450:4001:80f::2001 (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:801::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:2638:1::2 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

rtb.nl.eu.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:2638:1::11 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

ads.eu.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:827::2004 (Frankfurt am Main, Germany) 3 redirects

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:827::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:82b::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

encrypted-tbn2.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:829::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

encrypted-tbn3.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
encrypted-tbn1.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:810::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

encrypted-tbn0.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 2a02:2638::3 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

static.criteo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 178.250.2.148 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

cat.nl.eu.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2a00:1450:4001:829::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

cdn.ampproject.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:135e (United States)

ASN13335 (CLOUDFLARENET, US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 178.250.0.139 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)
PTR: pix.par.vip.prod.criteo.com

pix.eu.criteo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 178.250.2.150 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

csm.eu.criteo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
54	googlesyndication.com 1 redirects pagead2.googlesyndication.com — Cisco Umbrella Rank: 100 tpc.googlesyndication.com — Cisco Umbrella Rank: 124	662 KB
49	dzballon.com 1 redirects dzballon.com	878 KB
20	doubleclick.net googleads.g.doubleclick.net — Cisco Umbrella Rank: 46	167 KB
14	gstatic.com fonts.gstatic.com www.gstatic.com encrypted-tbn2.gstatic.com encrypted-tbn3.gstatic.com encrypted-tbn1.gstatic.com encrypted-tbn0.gstatic.com	214 KB
12	criteo.net static.criteo.net — Cisco Umbrella Rank: 645 pix.eu.criteo.net — Cisco Umbrella Rank: 7730 csm.eu.criteo.net — Cisco Umbrella Rank: 7881	173 KB
12	wp.com c0.wp.com — Cisco Umbrella Rank: 7323 stats.wp.com — Cisco Umbrella Rank: 2822 pixel.wp.com — Cisco Umbrella Rank: 2494	109 KB
8	google.com 3 redirects adservice.google.com — Cisco Umbrella Rank: 80 www.google.com — Cisco Umbrella Rank: 13	1 KB
7	ampproject.org cdn.ampproject.org — Cisco Umbrella Rank: 324	126 KB
5	googletagservices.com www.googletagservices.com — Cisco Umbrella Rank: 165	187 KB
5	cdninstagram.com scontent.cdninstagram.com — Cisco Umbrella Rank: 1283	105 B
3	criteo.com rtb.nl.eu.criteo.com — Cisco Umbrella Rank: 13370 ads.eu.criteo.com — Cisco Umbrella Rank: 7925 cat.nl.eu.criteo.com — Cisco Umbrella Rank: 10541	52 KB
3	google.de adservice.google.de — Cisco Umbrella Rank: 8028	1 KB
2	plesk.page sharp-elbakyan.194-163-146-70.plesk.page
2	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 47	2 KB
1	cloudflare.com cdnjs.cloudflare.com — Cisco Umbrella Rank: 227	5 KB
1	googleadservices.com partner.googleadservices.com — Cisco Umbrella Rank: 777	644 B
194	16

	Domain	Requested by
49	dzballon.com	1 redirects dzballon.com c0.wp.com
40	tpc.googlesyndication.com	1 redirects googleads.g.doubleclick.net cdn.ampproject.org pagead2.googlesyndication.com tpc.googlesyndication.com
20	googleads.g.doubleclick.net	pagead2.googlesyndication.com googleads.g.doubleclick.net dzballon.com
14	pagead2.googlesyndication.com	dzballon.com pagead2.googlesyndication.com googleads.g.doubleclick.net tpc.googlesyndication.com www.googletagservices.com
10	c0.wp.com	dzballon.com
9	static.criteo.net	ads.eu.criteo.com
7	cdn.ampproject.org	googleads.g.doubleclick.net pagead2.googlesyndication.com
6	fonts.gstatic.com	fonts.googleapis.com
5	www.google.com	3 redirects googleads.g.doubleclick.net tpc.googlesyndication.com
5	www.googletagservices.com	googleads.g.doubleclick.net
5	scontent.cdninstagram.com	dzballon.com
3	adservice.google.com	pagead2.googlesyndication.com
3	adservice.google.de	pagead2.googlesyndication.com
2	csm.eu.criteo.net	ads.eu.criteo.com
2	encrypted-tbn1.gstatic.com	googleads.g.doubleclick.net
2	encrypted-tbn3.gstatic.com	googleads.g.doubleclick.net
2	encrypted-tbn2.gstatic.com	googleads.g.doubleclick.net
2	sharp-elbakyan.194-163-146-70.plesk.page	dzballon.com
2	fonts.googleapis.com	dzballon.com googleads.g.doubleclick.net
1	pix.eu.criteo.net	ads.eu.criteo.com
1	cdnjs.cloudflare.com	ads.eu.criteo.com
1	cat.nl.eu.criteo.com	ads.eu.criteo.com
1	encrypted-tbn0.gstatic.com	googleads.g.doubleclick.net
1	www.gstatic.com	googleads.g.doubleclick.net
1	ads.eu.criteo.com	googleads.g.doubleclick.net
1	rtb.nl.eu.criteo.com	dzballon.com
1	partner.googleadservices.com	pagead2.googlesyndication.com
1	pixel.wp.com	dzballon.com
1	stats.wp.com	dzballon.com
194	29

This site contains links to these domains. Also see Links.

Domain
web.facebook.com
www.instagram.com
twitter.com
www.facebook.com
instagram.com
www.flashscore.fr

Subject Issuer	Validity	Valid
dzballon.com Sectigo RSA Domain Validation Secure Server CA	`2021-12-19` - `2022-12-19`	a year	crt.sh
*.wp.com Sectigo RSA Domain Validation Secure Server CA	`2020-04-02` - `2022-07-05`	2 years	crt.sh
upload.video.google.com GTS CA 1C3	`2021-12-08` - `2022-03-02`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2021-12-08` - `2022-03-02`	3 months	crt.sh
*.instagram.com DigiCert SHA2 High Assurance Server CA	`2021-10-29` - `2022-01-27`	3 months	crt.sh
vmi608334.contaboserver.net R3	`2021-12-19` - `2022-03-19`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2021-12-08` - `2022-03-02`	3 months	crt.sh
*.googleadservices.com GTS CA 1C3	`2021-12-08` - `2022-03-02`	3 months	crt.sh
*.google.de GTS CA 1C3	`2021-12-27` - `2022-03-21`	3 months	crt.sh
*.google.com GTS CA 1C3	`2021-12-27` - `2022-03-21`	3 months	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2021-12-27` - `2022-03-21`	3 months	crt.sh
*.nl.eu.criteo.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-01-09` - `2022-04-06`	3 months	crt.sh
*.eu.criteo.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-01-09` - `2022-04-10`	3 months	crt.sh
www.google.com GTS CA 1C3	`2021-12-27` - `2022-03-21`	3 months	crt.sh
*.criteo.net DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2021-12-01` - `2022-02-24`	3 months	crt.sh
misc-sni.google.com GTS CA 1C3	`2021-12-08` - `2022-03-02`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2021-09-21` - `2022-09-20`	a year	crt.sh
*.eu.criteo.net DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2021-12-01` - `2022-02-25`	3 months	crt.sh

This page contains 20 frames:

Primary Page: https://dzballon.com/
Frame ID: 6868C01E8E4D6209AE7283CEA8076CFF
Requests: 94 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20220118/r20190131/zrt_lookup.html
Frame ID: A53EADAFDDD8C320026C6D22751F1D9E
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5970654787553740&output=html&h=90&slotname=8118741407&adk=1519400323&adf=1776886919&pi=t.ma~as.8118741407&w=728&lmt=1642646724&psa=0&format=728x90&url=https%3A%2F%2Fdzballon.com%2F&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1642646723915&bpp=3&bdt=388&idt=83&shv=r20220118&mjsv=m202201120101&ptt=9&saldr=aa&abxe=1&correlator=7647028130584&frm=20&pv=2&ga_vid=597624117.1642646724&ga_sid=1642646724&ga_hid=751718865&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=436&ady=104&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31063751%2C44753740%2C31064037%2C44756554%2C31060047&oid=2&pvsid=2704959983682235&pem=323&tmod=706358307&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=1&uci=a!1&fsb=1&xpc=BrBPbCf2r1&p=https%3A//dzballon.com&dtd=101
Frame ID: 02A63B4C1E794439D6FEDCC48A147E36
Requests: 10 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2307105849827608&output=html&h=280&slotname=5161712592&adk=3162029606&adf=3365127603&pi=t.ma~as.5161712592&w=1068&fwrn=4&fwrnh=100&lmt=1642646724&rafmt=1&psa=0&format=1068x280&url=https%3A%2F%2Fdzballon.com%2F&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1642646723918&bpp=3&bdt=391&idt=124&shv=r20220118&mjsv=m202201120101&ptt=9&saldr=aa&abxe=1&prev_fmts=728x90&correlator=7647028130584&frm=20&pv=2&ga_vid=597624117.1642646724&ga_sid=1642646724&ga_hid=751718865&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=266&ady=2143&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31063751%2C44753740%2C31064037%2C44756554%2C31060047&oid=2&pvsid=2704959983682235&pem=323&tmod=706358307&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&btvi=1&fsb=1&xpc=Bz1hp13t6p&p=https%3A//dzballon.com&dtd=127
Frame ID: 6B74B5274FC177A6A40D7C0410DCA820
Requests: 9 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5970654787553740&output=html&h=600&slotname=8477887959&adk=3683415658&adf=125786128&pi=t.ma~as.8477887959&w=300&lmt=1642646724&psa=0&format=300x600&url=https%3A%2F%2Fdzballon.com%2F&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1642646723921&bpp=1&bdt=394&idt=170&shv=r20220118&mjsv=m202201120101&ptt=9&saldr=aa&abxe=1&prev_fmts=728x90%2C1068x280&correlator=7647028130584&frm=20&pv=1&ga_vid=597624117.1642646724&ga_sid=1642646724&ga_hid=751718865&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1022&ady=3090&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31063751%2C44753740%2C31064037%2C44756554%2C31060047&oid=2&pvsid=2704959983682235&pem=323&tmod=706358307&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=3&uci=a!3&btvi=2&fsb=1&xpc=031buw3c6l&p=https%3A//dzballon.com&dtd=172
Frame ID: 111834333DD7CE098155B9EB92D42581
Requests: 9 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5970654787553740&output=html&h=280&slotname=7798681712&adk=2523956849&adf=1724743363&pi=t.ma~as.7798681712&w=1068&fwrn=4&fwrnh=100&lmt=1642646724&rafmt=1&psa=0&format=1068x280&url=https%3A%2F%2Fdzballon.com%2F&flash=0&fwr=0&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1642646723921&bpp=1&bdt=394&idt=174&shv=r20220118&mjsv=m202201120101&ptt=9&saldr=aa&abxe=1&prev_fmts=728x90%2C1068x280%2C300x600&correlator=7647028130584&frm=20&pv=1&ga_vid=597624117.1642646724&ga_sid=1642646724&ga_hid=751718865&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=266&ady=4264&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31063751%2C44753740%2C31064037%2C44756554%2C31060047&oid=2&pvsid=2704959983682235&pem=323&tmod=706358307&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=4&uci=a!4&btvi=3&fsb=1&xpc=2caIgfyyAL&p=https%3A//dzballon.com&dtd=177
Frame ID: D945855495F11744353C6ED4E00D9BC5
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5970654787553740&output=html&h=90&slotname=3721446914&adk=3355564592&adf=3553566787&pi=t.ma~as.3721446914&w=728&lmt=1642646724&psa=0&format=728x90&url=https%3A%2F%2Fdzballon.com%2F&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1642646723922&bpp=1&bdt=395&idt=191&shv=r20220118&mjsv=m202201120101&ptt=9&saldr=aa&abxe=1&prev_fmts=728x90%2C1068x280%2C300x600%2C1068x280&correlator=7647028130584&frm=20&pv=1&ga_vid=597624117.1642646724&ga_sid=1642646724&ga_hid=751718865&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=436&ady=4568&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31063751%2C44753740%2C31064037%2C44756554%2C31060047&oid=2&pvsid=2704959983682235&pem=323&tmod=706358307&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=5&uci=a!5&btvi=4&fsb=1&xpc=PJapYXupAb&p=https%3A//dzballon.com&dtd=194
Frame ID: CB4AA29CEBE1191E4D4EE51420A85ED1
Requests: 20 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5970654787553740&output=html&adk=1812271804&adf=3025194257&lmt=1642646724&plat=3%3A32%2C4%3A32%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&format=0x0&url=https%3A%2F%2Fdzballon.com%2F&ea=0&flash=0&pra=7&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1642646723933&bpp=1&bdt=406&idt=193&shv=r20220118&mjsv=m202201120101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D5524947a1d7308d9-228ea1a223cd0046%3AT%3D1642646724%3ART%3D1642646724%3AS%3DALNI_MY2xDSGH5eQ2IMe6Ct0s7GWuz4aDg&prev_fmts=728x90%2C1068x280%2C300x600%2C1068x280%2C728x90&nras=1&correlator=7647028130584&frm=20&pv=1&ga_vid=597624117.1642646724&ga_sid=1642646724&ga_hid=751718865&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31063751%2C44753740%2C31064037%2C44756554%2C31060047&oid=2&pvsid=2704959983682235&pem=323&tmod=706358307&nvt=1&eae=2&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&cms=2&fu=32768&bc=31&ifi=7&uci=a!7&fsb=1&dtd=201
Frame ID: 9F8DAD02361B7E53186C877736574067
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20220118/r20110914/zrt_lookup.html?fsb=1
Frame ID: DFFF6EF501CFF0B5D2642482AA463AE0
Requests: 9 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Frame ID: 8890EC31713D0F05FCADBA7CB9D68239
Requests: 2 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Frame ID: 4CE65B031C4CB860FC75D43280D5569E
Requests: 2 HTTP requests in this frame

Frame: https://ads.eu.criteo.com/delivery/r/afr.php?z=YejMxAACa6cIu8RNAAWn2lKPeaAgJesMQw0odA&u=%7CNs6y0W4mKzN19t4fLVYMw0LMYrpQG8hsp%2FaVMceod30%3D%7C&c1=jWCgqsKSUoULMKFw69ROSSRlgYQIyhLzheJYiNKlyFrZYaP9DMbKXYUGVFbHeBgmX8ght8mGAcjSJXeSn5Nyv06-cJZ4bSX6AhiDSXdbmrUJwAnQxaj7onmMzOdoZn1J-2WSEEb0EQdKPB8iMeH_o_gKeUykXBlx8FYzFAxzRSlH1TfYCNizXZbZ6LnFDaH_s6aYODP6BTI5PUtFoncUY4y-VcprEFQJylngcRCzZKWDCoFBcvVkHSEzGgrtd4pugAybW6ZfhIrJHvDyWZeOeDtpiozlwXsQq1cT73z30omWIGGhsaOpwDL8tgpzzbFzzC42Pl7kkeC-Wi9lVerwgmPmnClUgEB3KIALhCzYbJ513B4xU4pjv2fb_4dcviHlgjJDSOnfW_4C1Ng1QRBPtyTX5-jJ57MbuaI5CBzyz6tjtKGpGB8PlY_ctmitroAjFH0A1FPiPS4eLRe9yfdNsWC9_OMn_pK8MzUYgCEN48g&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCE2daxMzoYafXCc2I7_UP2s-WwATJntKxXM3x4t2IAcCNtwEQASAAYJXikIKgB4IBF2NhLXB1Yi01OTcwNjU0Nzg3NTUzNzQwoAHVttLqA8gBCakCA6Sx-3EJsz6oAwGqBLYBT9Ap8E-B8ihE-BivnwR-xJDhxPhuFBT-wIF_EK6Dlli-g6SLGBZqF083D2mrCwNTgk0NXygHZA8dhb_-3UU_qli_HFJdxEQjxwKllMzJWvFm0vpI4Z-mSgXhZ4FHIPmKiBEr8Ptx3nU5cbi0Tg6ot3YKZECxt_jIYV_cs6WMXekH_WgdvR1mOMg53oXTiWKKsbg95bwrSd4KTqxzdl0pdn9toKAUdO6av0nHKqIs2g2KT4zfWxCABu-dgaTXla2bG6AGIagHpr4bqAeW2BuoB6qbsQKoB9-fsQLYBwDSCAcIiOGAEBAB-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_3WMO9OQAyhi7DwoOakbFxjsgyWpg%26client%3Dca-pub-5970654787553740%26adurl%3D
Frame ID: BCA8D212653D2DEF8D0DD1D82595123A
Requests: 15 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/R1B9DkRZwcDIRZ3R9sqVqoa_rY5Qa04vEjSiPeGSXMQ.js
Frame ID: C564CB3EE02C189EBD4576C61E791CE7
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Frame ID: 7739CB2244EAEBBA100DE96EB96D0B88
Requests: 2 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/R1B9DkRZwcDIRZ3R9sqVqoa_rY5Qa04vEjSiPeGSXMQ.js
Frame ID: 35EAD6A196F5629DF272D7D74E1F13A3
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/R1B9DkRZwcDIRZ3R9sqVqoa_rY5Qa04vEjSiPeGSXMQ.js
Frame ID: 316E007FF0C39F36EBBA1201AA851597
Requests: 1 HTTP requests in this frame

Frame: https://cdn.ampproject.org/rtv/012111152338000/amp4ads-v0.mjs
Frame ID: 44EF12C9062F846D7F9A6D52F8D0C61A
Requests: 23 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/R1B9DkRZwcDIRZ3R9sqVqoa_rY5Qa04vEjSiPeGSXMQ.js
Frame ID: 50E18B5E6DCEF423BAAF5B3D951A3847
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: A551175BE514D8189B42FA4AAC223863
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 926E5EB74872E08C48662DA4CC1D88F6
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

DZBallon - L'actualité du football algérien en général

Page URL History Show full URLs

http://dzballon.com/ HTTP 301
https://dzballon.com/ Page URL

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

<link rel=["']stylesheet["'] [^>]+/wp-(?:content|includes)/
/wp-(?:content|includes)/

Yoast SEO (SEO) Expand

Overall confidence: 100%
Detected patterns

<!-- This site is optimized with the Yoast (?:WordPress )?SEO plugin v([\d.]+) -

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

Underscore.js (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

underscore.*\.js(?:\?ver=([\d.]+))?

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

jQuery Migrate (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]migrate(?:-([\d.]+))?(?:\.min)?\.js(?:\?ver=([\d.]+))?

Page Statistics

194
Requests

98 %
HTTPS

72 %
IPv6

16
Domains

29
Subdomains

26
IPs

3
Countries

2578 kB
Transfer

6454 kB
Size

3
Cookies

13 Outgoing links

These are links going to different origins than the main page.

URL: https://web.facebook.com/foudefootball

Search URL Search Domain Scan URL

URL: https://www.instagram.com/dzballon/?hl=fr

Search URL Search Domain Scan URL

URL: https://twitter.com/foudefootball?lang=fr

Search URL Search Domain Scan URL

URL: https://www.facebook.com/376654045747890
Title: Like

Search URL Search Domain Scan URL

URL: https://instagram.com/dzballon
Title: Follow

Search URL Search Domain Scan URL

URL: https://twitter.com/foudefootball
Title: Follow

Search URL Search Domain Scan URL

URL: https://www.flashscore.fr/football/algerie
Title: ALGERIE FOOT LIVE

Search URL Search Domain Scan URL

URL: https://www.instagram.com/enews
Title: @enews

Search URL Search Domain Scan URL

URL: https://www.instagram.com/p/CTF8T9jhMFN

Search URL Search Domain Scan URL

URL: https://www.instagram.com/p/CTF2BpphV-a

Search URL Search Domain Scan URL

URL: https://www.instagram.com/p/CTFw30enr3o

Search URL Search Domain Scan URL

URL: https://www.instagram.com/p/CTFruEvn1po

Search URL Search Domain Scan URL

URL: https://www.instagram.com/p/CTFmr0OAKfg

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://dzballon.com/ HTTP 301
https://dzballon.com/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 107

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Request Chain 111

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Request Chain 120

https://tpc.googlesyndication.com/pageadimg/imgad?id=CICAgKDbxsi7jQEQ6AIY6AIyCFR5nIyM6Xl- HTTP 301
https://tpc.googlesyndication.com/simgad/1855790038366648222

Request Chain 156

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

194 HTTP transactions
13 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request / Show response
dzballon.com/
Redirect Chain

http://dzballon.com/
https://dzballon.com/

400 KB
52 KB

982ms
945ms

Document
text/html

194.163.146.70
CONTABO

General

Check archive.org

Show headers Download Go to

Full URL: https://dzballon.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 194.163.146.70 Düsseldorf, Germany, ASN51167 (CONTABO, DE),
Reverse DNS: vmi608334.contaboserver.net
Software: nginx / PHP/7.4.27 PleskLin
Resource Hash: f4600d43246c0168a5eef898ab387f72c54dfe0cc3aed59ea7f27160ef0300bf

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9

Response headers

server: nginx
date: Thu, 20 Jan 2022 02:45:23 GMT
content-type: text/html; charset=UTF-8
x-powered-by: PHP/7.4.27 PleskLin
link: <https://dzballon.com/wp-json/>; rel="https://api.w.org/", <https://dzballon.com/wp-json/wp/v2/pages/85759>; rel="alternate"; type="application/json", <https://dzballon.com/>; rel=shortlink
vary: Accept-Encoding
content-encoding: gzip

Redirect headers

Server: nginx
Date: Thu, 20 Jan 2022 02:45:22 GMT
Content-Type: text/html
Content-Length: 162
Connection: keep-alive
Location: https://dzballon.com/

GET
H2 200 style.min.css
c0.wp.com/c/5.8.3/wp-includes/css/dist/block-library/ 79 KB
10 KB 33ms
6ms Stylesheet
text/css 192.0.77.37
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://c0.wp.com/c/5.8.3/wp-includes/css/dist/block-library/style.min.css

Requested by

Host: dzballon.com
URL: https://dzballon.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.37 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

9110fc122dda3067c424d9b8ff7747e2030b0bd9298f69a3683d399ad3373a6a

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://dzballon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

x-nc: HIT hhn 2
date: Thu, 20 Jan 2022 02:45:23 GMT
content-encoding: br
last-modified: Wed, 01 Sep 2021 04:05:58 GMT
server: nginx
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31536000
strict-transport-security: max-age=15552000
timing-allow-origin: *
expires: Fri, 20 Jan 2023 02:45:23 GMT

GET
H2 200 mediaelementplayer-legacy.min.css
c0.wp.com/c/5.8.3/wp-includes/js/mediaelement/ 11 KB
2 KB 37ms
10ms Stylesheet
text/css 192.0.77.37
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://c0.wp.com/c/5.8.3/wp-includes/js/mediaelement/mediaelementplayer-legacy.min.css

Requested by

Host: dzballon.com
URL: https://dzballon.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.37 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

b7908a015a567ec2363011df2475368dbff34360e9da3fdff50604d6395fb646

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://dzballon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

x-nc: HIT hhn 2
date: Thu, 20 Jan 2022 02:45:23 GMT
content-encoding: br
last-modified: Tue, 29 Sep 2020 15:53:06 GMT
server: nginx
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31536000
strict-transport-security: max-age=15552000
timing-allow-origin: *
expires: Fri, 20 Jan 2023 02:45:23 GMT

GET
H2 200 wp-mediaelement.min.css
c0.wp.com/c/5.8.3/wp-includes/js/mediaelement/ 4 KB
1 KB 37ms
11ms Stylesheet
text/css 192.0.77.37
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://c0.wp.com/c/5.8.3/wp-includes/js/mediaelement/wp-mediaelement.min.css

Requested by

Host: dzballon.com
URL: https://dzballon.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.37 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

2e10d353ff038c2cad3492fc17801af3e6ef2669c9e9713bdb78b1dcb104c4fe

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://dzballon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

x-nc: HIT hhn 2
date: Thu, 20 Jan 2022 02:45:23 GMT
content-encoding: br
last-modified: Fri, 07 Jun 2019 20:45:02 GMT
server: nginx
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31536000
strict-transport-security: max-age=15552000
timing-allow-origin: *
expires: Fri, 20 Jan 2023 02:45:23 GMT

GET
H2 200 smartbanner.min.css
dzballon.com/wp-content/plugins/mobiloud-smart-app-banner/public/libs/smart-banner-js/ 3 KB
1 KB 32ms
30ms Stylesheet
text/css 194.163.146.70
CONTABO

General

Check archive.org

Show headers Download Go to

Full URL: https://dzballon.com/wp-content/plugins/mobiloud-smart-app-banner/public/libs/smart-banner-js/smartbanner.min.css?ver=null
Requested by: Host: dzballon.com
URL: https://dzballon.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 194.163.146.70 Düsseldorf, Germany, ASN51167 (CONTABO, DE),
Reverse DNS: vmi608334.contaboserver.net
Software: nginx / PleskLin
Resource Hash: 111d5349381a9e8f6e2fb551a06de98feb7b7957ba1eff38443f9e696519683b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://dzballon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 20 Jan 2022 02:45:23 GMT
content-encoding: br
etag: W/"60bb5467-c5c"
last-modified: Sat, 05 Jun 2021 10:39:35 GMT
server: nginx
x-powered-by: PleskLin
content-type: text/css

GET
H2 200 frontend.css
dzballon.com/wp-content/plugins/mobiloud-smart-app-banner/public/css/ 3 KB
801 B 86ms
84ms Stylesheet
text/css 194.163.146.70
CONTABO

General

Check archive.org

Show headers Download Go to

Full URL: https://dzballon.com/wp-content/plugins/mobiloud-smart-app-banner/public/css/frontend.css?ver=null
Requested by: Host: dzballon.com
URL: https://dzballon.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 194.163.146.70 Düsseldorf, Germany, ASN51167 (CONTABO, DE),
Reverse DNS: vmi608334.contaboserver.net
Software: nginx / PleskLin
Resource Hash: 6360dd4b070d652ea545030aaba1d8336ac1023c38645b0a5337b10cede8bced

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://dzballon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 20 Jan 2022 02:45:23 GMT
content-encoding: br
etag: W/"60bb5467-c26"
last-modified: Sat, 05 Jun 2021 10:39:35 GMT
server: nginx
x-powered-by: PleskLin
content-type: text/css

GET
H2 200 dashicons.min.css
c0.wp.com/c/5.8.3/wp-includes/css/ 58 KB
34 KB 37ms
11ms Stylesheet
text/css 192.0.77.37
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://c0.wp.com/c/5.8.3/wp-includes/css/dashicons.min.css

Requested by

Host: dzballon.com
URL: https://dzballon.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.37 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

c21e5a2b32c47bc5f9d9efc97bc0e29fd081946d1d3ebffc5621cfafb1d3960e

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://dzballon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

x-nc: HIT hhn 2
date: Thu, 20 Jan 2022 02:45:23 GMT
content-encoding: br
last-modified: Wed, 03 Mar 2021 21:16:22 GMT
server: nginx
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31536000
strict-transport-security: max-age=15552000
timing-allow-origin: *
expires: Fri, 20 Jan 2023 02:45:23 GMT

GET
H2 200 frontend.css
dzballon.com/wp-content/plugins/post-views-counter/css/ 289 B
407 B 29ms
27ms Stylesheet
text/css 194.163.146.70
CONTABO

General

Check archive.org

Show headers Download Go to

Full URL: https://dzballon.com/wp-content/plugins/post-views-counter/css/frontend.css?ver=1.3.6
Requested by: Host: dzballon.com
URL: https://dzballon.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 194.163.146.70 Düsseldorf, Germany, ASN51167 (CONTABO, DE),
Reverse DNS: vmi608334.contaboserver.net
Software: nginx / PleskLin
Resource Hash: f46d96d805c7e9e467422dfe516c43edb4632c0273cea26722fee7ba885f869e

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://dzballon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 20 Jan 2022 02:45:23 GMT
content-encoding: gzip
etag: "121-5cd0a51e655ae-gzip"
last-modified: Tue, 28 Sep 2021 08:51:30 GMT
server: nginx
x-powered-by: PleskLin
vary: Accept-Encoding
content-type: text/css
x-accel-version: 0.01
accept-ranges: bytes
content-length: 201

GET
H2 200 style.css
dzballon.com/wp-content/plugins/td-composer/td-multi-purpose/ 68 KB
8 KB 134ms
132ms Stylesheet
text/css 194.163.146.70
CONTABO

General

Check archive.org

Show headers Download Go to

Full URL: https://dzballon.com/wp-content/plugins/td-composer/td-multi-purpose/style.css?ver=c784b8db3e66cd68082f3ff7aa2d70e6
Requested by: Host: dzballon.com
URL: https://dzballon.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 194.163.146.70 Düsseldorf, Germany, ASN51167 (CONTABO, DE),
Reverse DNS: vmi608334.contaboserver.net
Software: nginx / PleskLin
Resource Hash: ed96e32ac80d73e209ed28add0756ace607005a88576332fcf19b6a3caf573b2

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://dzballon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 20 Jan 2022 02:45:23 GMT
content-encoding: br
etag: W/"6040b6f7-10f52"
last-modified: Thu, 04 Mar 2021 10:31:19 GMT
server: nginx
x-powered-by: PleskLin
content-type: text/css

GET
H2 200 css
fonts.googleapis.com/ 17 KB
2 KB 41ms
16ms Stylesheet
text/css 2a00:1450:4001:811::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto+Condensed%3A400%7COpen+Sans%3A400%2C600%2C700%7CRoboto%3A400%2C500%2C700&display=swap&ver=10.3.9.1

Requested by

Host: dzballon.com
URL: https://dzballon.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

0164790714c658bcbe873c5f3d396cebc8130468b1dd579ff0af1ebe00462e69

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://dzballon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Thu, 20 Jan 2022 02:16:53 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Thu, 20 Jan 2022 02:45:23 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 20 Jan 2022 02:45:23 GMT

GET
H2 200 style.css
dzballon.com/wp-content/themes/Newspaper/ 152 KB
24 KB 94ms
92ms Stylesheet
text/css 194.163.146.70
CONTABO

General

Check archive.org

Show headers Download Go to

Full URL: https://dzballon.com/wp-content/themes/Newspaper/style.css?ver=10.3.9.1
Requested by: Host: dzballon.com
URL: https://dzballon.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 194.163.146.70 Düsseldorf, Germany, ASN51167 (CONTABO, DE),
Reverse DNS: vmi608334.contaboserver.net
Software: nginx / PleskLin
Resource Hash: f0300e6243307279dea081242f5c1e9039479351015378bb0b53ce1498c47c50

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://dzballon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 20 Jan 2022 02:45:23 GMT
content-encoding: br
etag: W/"6040b66a-261c5"
last-modified: Thu, 04 Mar 2021 10:28:58 GMT
server: nginx
x-powered-by: PleskLin
content-type: text/css

GET
H2 200 td_legacy_main.css
dzballon.com/wp-content/plugins/td-composer/legacy/Newspaper/assets/css/ 244 KB
31 KB 130ms
128ms Stylesheet
text/css 194.163.146.70
CONTABO

General

Check archive.org

Show headers Download Go to

Full URL: https://dzballon.com/wp-content/plugins/td-composer/legacy/Newspaper/assets/css/td_legacy_main.css?ver=c784b8db3e66cd68082f3ff7aa2d70e6
Requested by: Host: dzballon.com
URL: https://dzballon.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 194.163.146.70 Düsseldorf, Germany, ASN51167 (CONTABO, DE),
Reverse DNS: vmi608334.contaboserver.net
Software: nginx / PleskLin
Resource Hash: 5e88cefac5e42c621823471d18bd3f7bee0f5504f6aeb14a035a4ebce04b622f

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://dzballon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 20 Jan 2022 02:45:23 GMT
content-encoding: br
etag: W/"6040b70d-3cfe4"
last-modified: Thu, 04 Mar 2021 10:31:41 GMT
server: nginx
x-powered-by: PleskLin
content-type: text/css

GET
H2 200 td_standard_pack_main.css
dzballon.com/wp-content/plugins/td-standard-pack/Newspaper/assets/css/ 621 KB
44 KB 114ms
112ms Stylesheet
text/css 194.163.146.70
CONTABO

General

Check archive.org

Show headers Download Go to

Full URL: https://dzballon.com/wp-content/plugins/td-standard-pack/Newspaper/assets/css/td_standard_pack_main.css?ver=6b62588d33477b8e3dc5b8b3c9c8d86c
Requested by: Host: dzballon.com
URL: https://dzballon.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 194.163.146.70 Düsseldorf, Germany, ASN51167 (CONTABO, DE),
Reverse DNS: vmi608334.contaboserver.net
Software: nginx / PleskLin
Resource Hash: 13463b6a26f4ee2ce508df098003cdc101ebb17be48bb9b787665b4ada56cf58

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://dzballon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 20 Jan 2022 02:45:23 GMT
content-encoding: br
etag: W/"6040b735-9b323"
last-modified: Thu, 04 Mar 2021 10:32:21 GMT
server: nginx
x-powered-by: PleskLin
content-type: text/css

GET
H2 200 demo_style.css
dzballon.com/wp-content/plugins/td-composer/legacy/Newspaper/includes/demos/what/ 5 KB
1023 B 132ms
131ms Stylesheet
text/css 194.163.146.70
CONTABO

General

Check archive.org

Show headers Download Go to

Full URL: https://dzballon.com/wp-content/plugins/td-composer/legacy/Newspaper/includes/demos/what/demo_style.css?ver=10.3.9.1
Requested by: Host: dzballon.com
URL: https://dzballon.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 194.163.146.70 Düsseldorf, Germany, ASN51167 (CONTABO, DE),
Reverse DNS: vmi608334.contaboserver.net
Software: nginx / PleskLin
Resource Hash: d2011a5b77474b1489c6ba0934d804d0144ea8ac036abf3f88252edb3d878e7a

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://dzballon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 20 Jan 2022 02:45:23 GMT
content-encoding: br
etag: W/"6040b709-12e1"
last-modified: Thu, 04 Mar 2021 10:31:37 GMT
server: nginx
x-powered-by: PleskLin
content-type: text/css

GET
H2 200 tdb_less_front.css
dzballon.com/wp-content/plugins/td-cloud-library/assets/css/ 106 KB
12 KB 84ms
83ms Stylesheet
text/css 194.163.146.70
CONTABO

General

Check archive.org

Show headers Download Go to

Full URL: https://dzballon.com/wp-content/plugins/td-cloud-library/assets/css/tdb_less_front.css?ver=a50385a2d79d6600973a7e697f735a0b
Requested by: Host: dzballon.com
URL: https://dzballon.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 194.163.146.70 Düsseldorf, Germany, ASN51167 (CONTABO, DE),
Reverse DNS: vmi608334.contaboserver.net
Software: nginx / PleskLin
Resource Hash: 175148d4fdd889379200c6272e78ef47be5011cfac3148306096d45f22edea60

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://dzballon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 20 Jan 2022 02:45:23 GMT
content-encoding: br
etag: W/"6040b728-1a97b"
last-modified: Thu, 04 Mar 2021 10:32:08 GMT
server: nginx
x-powered-by: PleskLin
content-type: text/css

GET
H2 200 jetpack.css
c0.wp.com/p/jetpack/10.2/css/ 85 KB
16 KB 36ms
11ms Stylesheet
text/css 192.0.77.37
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://c0.wp.com/p/jetpack/10.2/css/jetpack.css

Requested by

Host: dzballon.com
URL: https://dzballon.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.37 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

41b60d2262cffca90f6cd644983a2d813336dc959558bdd6ae54b35ef06dd9fb

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://dzballon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

x-nc: HIT hhn 2
date: Thu, 20 Jan 2022 02:45:23 GMT
content-encoding: br
last-modified: Tue, 28 Sep 2021 19:34:54 GMT
server: nginx
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31536000
strict-transport-security: max-age=15552000
timing-allow-origin: *
expires: Fri, 20 Jan 2023 02:45:23 GMT

GET
H2 200 jquery.min.js Show response
c0.wp.com/c/5.8.3/wp-includes/js/jquery/ 87 KB
30 KB 36ms
11ms Script
application/javascript 192.0.77.37
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://c0.wp.com/c/5.8.3/wp-includes/js/jquery/jquery.min.js

Requested by

Host: dzballon.com
URL: https://dzballon.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.37 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

bd4de6a3fc0fb68d6f76ba7b93514b96a92e585c295b5351c31ad92a4b0777ea

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://dzballon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

x-nc: HIT hhn 2
date: Thu, 20 Jan 2022 02:45:23 GMT
content-encoding: br
last-modified: Wed, 10 Mar 2021 15:07:24 GMT
server: nginx
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
strict-transport-security: max-age=15552000
timing-allow-origin: *
expires: Fri, 20 Jan 2023 02:45:23 GMT

GET
H2 200 jquery-migrate.min.js Show response
c0.wp.com/c/5.8.3/wp-includes/js/jquery/ 11 KB
4 KB 36ms
11ms Script
application/javascript 192.0.77.37
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://c0.wp.com/c/5.8.3/wp-includes/js/jquery/jquery-migrate.min.js

Requested by

Host: dzballon.com
URL: https://dzballon.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.37 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

029e0a2e809fd6b5dbe76abe8b7a74936be306c9a8c27c814c4d44aa54623300

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://dzballon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

x-nc: HIT hhn 2
date: Thu, 20 Jan 2022 02:45:23 GMT
content-encoding: br
last-modified: Wed, 18 Nov 2020 09:06:06 GMT
server: nginx
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
strict-transport-security: max-age=15552000
timing-allow-origin: *
expires: Fri, 20 Jan 2023 02:45:23 GMT

GET
H2 200 wp-emoji-release.min.js Show response
dzballon.com/wp-includes/js/ 18 KB
5 KB 113ms
111ms Script
application/javascript 194.163.146.70
CONTABO

General

Check archive.org

Show headers Download Go to

Full URL: https://dzballon.com/wp-includes/js/wp-emoji-release.min.js?ver=5.8.3
Requested by: Host: dzballon.com
URL: https://dzballon.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 194.163.146.70 Düsseldorf, Germany, ASN51167 (CONTABO, DE),
Reverse DNS: vmi608334.contaboserver.net
Software: nginx / PleskLin
Resource Hash: def5de6254be138b8b35d680d1fdd8b07827d03b8626daebfeeb4157ec330ea7

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://dzballon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 20 Jan 2022 02:45:23 GMT
content-encoding: br
etag: W/"6152d718-4705"
last-modified: Tue, 28 Sep 2021 08:49:28 GMT
server: nginx
x-powered-by: PleskLin
content-type: application/javascript

GET
H2 200 DZBAL-200x110.png
dzballon.com/wp-content/uploads/2021/06/ 12 KB
12 KB 145ms
143ms Image
image/png 194.163.146.70
CONTABO

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dzballon.com/wp-content/uploads/2021/06/DZBAL-200x110.png
Requested by: Host: dzballon.com
URL: https://dzballon.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 194.163.146.70 Düsseldorf, Germany, ASN51167 (CONTABO, DE),
Reverse DNS: vmi608334.contaboserver.net
Software: nginx / PleskLin
Resource Hash: a4c3a418910a54a73af5b502b0ec505ffb28dab93d96903665818d7685f43be0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://dzballon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 20 Jan 2022 02:45:23 GMT
last-modified: Tue, 22 Jun 2021 19:50:17 GMT
server: nginx
x-powered-by: PleskLin
etag: "60d23ef9-3016"
content-type: image/png
accept-ranges: bytes
content-length: 12310

GET
H2 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ 146 KB
51 KB 127ms
62ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Requested by

Host: dzballon.com
URL: https://dzballon.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b04abc6e44194999f5582e1d9d0c1d9d2cf1f35a9d75e21d1c140792be0673

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://dzballon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 20 Jan 2022 02:45:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 51986
x-xss-protection: 0
server: cafe
etag: 7158150796866974801
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Thu, 20 Jan 2022 02:45:23 GMT

GET
H2 403 240650082_108516841555149_2097008472042213560_n.jpg
scontent.cdninstagram.com/v/t51.2885-15/sh0.08/e35/c180.0.1080.1080a/s640x640/ 21 B
21 B 70ms
12ms Image
text/plain 2a03:2880:f21c:80c4:face:b00c:0:43fe
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://scontent.cdninstagram.com/v/t51.2885-15/sh0.08/e35/c180.0.1080.1080a/s640x640/240650082_108516841555149_2097008472042213560_n.jpg?_nc_ht=scontent.cdninstagram.com&_nc_ohc=3rcewncnAqUAX_QVdia&edm=ABfd0MgBAAAA&ccb=7-4&oh=01ce8f4a37620af93ff7fb67b1e581a1&oe=612F6414&_nc_sid=7bff83
Requested by: Host: dzballon.com
URL: https://dzballon.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a03:2880:f21c:80c4:face:b00c:0:43fe Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software: proxygen-bolt /
Resource Hash: 16366d2552aa8349747c1168a3ef03665652b08d80385b6664c4cbf6a5b2f932

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://dzballon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 20 Jan 2022 02:45:23 GMT
x-fb-trip-id: 1425083115
server: proxygen-bolt
content-type: text/plain
alt-svc: h3=":443"; ma=3600,h3-29=":443"; ma=3600
content-length: 21
proxy-status: http_request_error; e_fb_vipaddr="AcLDFA82wNPotQIYlFHi_xjCUO7EJbE44bf0Nqi67wN6wkkZqH2FlqyvBhtp_K6WYue1Z45UyB3gphUYsRYEfB3Rb9Alr6fhPmxekdpa"; e_clientaddr="AcKwt5351BaQs16Q_wvHUEE-flv0NUt8rORBgfIRmbXpUYoV90FaxX30E9cz3ZGE8IjnhFheDrU2bb6KUpQokPgo0SUyBQL0BQ_84zTFaVz0IaIu"; e_fb_builduser="AcK5ceFAWnQ_RGQ8JQTCaHT7-dX04ioFGjDPlqoAtAmzMRRAlaf5tQeOVPQrLOgU-yA"; e_proxy="AcLN5kxGN3wnTQLj5CamDzHrESc5GZ6X3hjgcWKZVjGC11ObNZLvfrqGa1a_OKDXQVsK3_DTbTkqZZg"; e_fb_binaryversion="AcL24TUGDYhzmgNjdtzJRIfX7ZAo4GI522TB1RyXiuXpPOhzOXHzwtMU2GetzsfmUKXIqDsre1NInDGS6DjYRuYLL10qG29q3sA"

GET
H2 403 240726761_531037914824344_3789221188358688463_n.jpg
scontent.cdninstagram.com/v/t51.2885-15/sh0.08/e35/c0.180.1440.1440a/s640x640/ 21 B
21 B 72ms
14ms Image
text/plain 2a03:2880:f21c:80c4:face:b00c:0:43fe
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://scontent.cdninstagram.com/v/t51.2885-15/sh0.08/e35/c0.180.1440.1440a/s640x640/240726761_531037914824344_3789221188358688463_n.jpg?_nc_ht=scontent.cdninstagram.com&_nc_ohc=PKHJqN2dUE0AX87BoM4&edm=ABfd0MgBAAAA&ccb=7-4&oh=d9a96068fe11b252c7a157bfe4e01345&oe=6130B304&_nc_sid=7bff83
Requested by: Host: dzballon.com
URL: https://dzballon.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a03:2880:f21c:80c4:face:b00c:0:43fe Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software: proxygen-bolt /
Resource Hash: 16366d2552aa8349747c1168a3ef03665652b08d80385b6664c4cbf6a5b2f932

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://dzballon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 20 Jan 2022 02:45:23 GMT
x-fb-trip-id: 1425083115
server: proxygen-bolt
content-type: text/plain
alt-svc: h3=":443"; ma=3600,h3-29=":443"; ma=3600
content-length: 21
proxy-status: http_request_error; e_fb_vipaddr="AcIFXoia7lPjFoBdm-kVHWWPriHE3LG14UwdiZWROXWdWVkLdNWVeBf8IGONLBc-N6s8qPhmjXmOPlSkwZbeiQH2_zx_cQnFXOnCNoov"; e_clientaddr="AcJVVb1hyXALyeh4qc7j2S5y6LSg9VfTPK8N52XT-VsNE_5nL6xWT8nTUJ_dtl4MgwoTek2DpaGkJ6lgsFKOLicVaj2N7rhkDE5zhrDOve8Gff7a"; e_fb_builduser="AcL-XRhvudXBMe5WvVjnEGVX9FH_w02vttuQOAB7jgeasP1sMl2liOnT0Rpap0erwbU"; e_proxy="AcLOxzb-Jcp-wm6nOLoFFmBOt9_uzyvh7egHktI45LFikdBToVKgg1mkGwZ4hhpAHGtfin7aenAf15g"; e_fb_binaryversion="AcJcRuDcPbmScp65o8_QNlSzzFkE_0iO8ZoPcIHCKrgt9S6XaR9fVyIcbfRc1Ko9Z2GW_BYQGO5k40F9DYyePzqjk0aFZHBfVWA"

GET
H2 403 240539785_834389933888398_2680321340957815073_n.jpg
scontent.cdninstagram.com/v/t51.2885-15/sh0.08/e35/s640x640/ 21 B
21 B 72ms
15ms Image
text/plain 2a03:2880:f21c:80c4:face:b00c:0:43fe
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://scontent.cdninstagram.com/v/t51.2885-15/sh0.08/e35/s640x640/240539785_834389933888398_2680321340957815073_n.jpg?_nc_ht=scontent.cdninstagram.com&_nc_ohc=ioVUo7mQD0oAX_IpHVs&edm=ABfd0MgBAAAA&ccb=7-4&oh=ddb6cd8ac5a63221a9e204c046360746&oe=61312972&_nc_sid=7bff83
Requested by: Host: dzballon.com
URL: https://dzballon.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a03:2880:f21c:80c4:face:b00c:0:43fe Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software: proxygen-bolt /
Resource Hash: 16366d2552aa8349747c1168a3ef03665652b08d80385b6664c4cbf6a5b2f932

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://dzballon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 20 Jan 2022 02:45:23 GMT
x-fb-trip-id: 1425083115
server: proxygen-bolt
content-type: text/plain
alt-svc: h3=":443"; ma=3600,h3-29=":443"; ma=3600
content-length: 21
proxy-status: http_request_error; e_fb_vipaddr="AcJCponqiutUp1FuD_pgHSPWgxn593mMoP2kYy4mPF6mKP4c30NyJD_N--lpKtIcGRGjsdL4ShIEY9X5fusuc4vAGJJWd3flW9bDvoNt"; e_clientaddr="AcIF0EHWhoFYCynNlrnrhaiIeJXpTpuAcJo6ZywyEgap7ZL5P7N4QEvhGdYCb6EkQe6udSZkEyTcVNVFwOB-eQbFaxHroNYZfIIyaKJvpoR1i-QV"; e_fb_builduser="AcJ3UH0wFZ0EXsJTLvkTD52uWEUtBnTlZ0D4YrQo990gkqnjOL2SMKe635DdCi2Ulao"; e_proxy="AcJX2A_NdwrihMt82R_RrX1c5ms2R_fCzoedItzZPPNewmX2-SjX23YO3whL2XIwBWymFn0yiYbjBns"; e_fb_binaryversion="AcKTMrD5G5bJnHemyP2oq59kZ9dTLdvHvlzR2f6VSknBNHLKfTh8_dw3zLaQJvtxe_0BVAfJZAOwTkQHau9WTAt9GBOEUf2rbmI"

GET
H2 403 240643307_4360681767323295_3564434620847978576_n.jpg
scontent.cdninstagram.com/v/t51.2885-15/sh0.08/e35/c0.90.720.720a/s640x640/ 21 B
21 B 72ms
15ms Image
text/plain 2a03:2880:f21c:80c4:face:b00c:0:43fe
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://scontent.cdninstagram.com/v/t51.2885-15/sh0.08/e35/c0.90.720.720a/s640x640/240643307_4360681767323295_3564434620847978576_n.jpg?_nc_ht=scontent.cdninstagram.com&_nc_ohc=i8Y1b9QOfSQAX-uZRfE&edm=ABfd0MgBAAAA&ccb=7-4&oh=863686eb649cb5fd107fa67862c72377&oe=61304847&_nc_sid=7bff83
Requested by: Host: dzballon.com
URL: https://dzballon.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a03:2880:f21c:80c4:face:b00c:0:43fe Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software: proxygen-bolt /
Resource Hash: 16366d2552aa8349747c1168a3ef03665652b08d80385b6664c4cbf6a5b2f932

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://dzballon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 20 Jan 2022 02:45:23 GMT
x-fb-trip-id: 1425083115
server: proxygen-bolt
content-type: text/plain
alt-svc: h3=":443"; ma=3600,h3-29=":443"; ma=3600
content-length: 21
proxy-status: http_request_error; e_fb_vipaddr="AcIf-T73nqulEz8blrZf4E0_tqRXkVkdoAa0IB882dL_d47poId6gRImskrWrw0-ShmAFWkAhjDl8DBXY0m1sp_0nSO7bsyjZ3dfW8Wu"; e_clientaddr="AcKJTjCt8eNFBynOO7b7tiw8qXNGB9fuV5IP4NrQeW4Y1YlxXUZSWT9FiqT_WXWBYGif-h5qJ2esH03YwRHQmex8uBOHLUzrn7G2BstBk2He0DkY"; e_fb_builduser="AcIv0skJYZ4xKI7S0gxsbhXV0qum6DzA7x6VtatE46JXpi3K8Mv-VBbHuNft_vqmZAg"; e_proxy="AcIGesZ0I5JRjR5nDalQtLvA5DXwN_aUDj_DQAehJ3xJO2X26CGI3I7kB1_zaTnQg5x39BpqpWmzlcY"; e_fb_binaryversion="AcJInTwZWBDzbtfzLayiVz0s6oz9t5OBZKhtVcRIxHh_3KuhEIhy89i4L6hzpf6FHIHT-HEUBMZ-8gOuM-vGFSDVAE3aUp7fy8k"

GET
H2 403 240762422_4977006572315316_8609845599371609825_n.jpg
scontent.cdninstagram.com/v/t51.2885-15/sh0.08/e35/c0.180.1440.1440a/s640x640/ 21 B
21 B 72ms
15ms Image
text/plain 2a03:2880:f21c:80c4:face:b00c:0:43fe
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://scontent.cdninstagram.com/v/t51.2885-15/sh0.08/e35/c0.180.1440.1440a/s640x640/240762422_4977006572315316_8609845599371609825_n.jpg?_nc_ht=scontent.cdninstagram.com&_nc_ohc=SYll56SIkF4AX__EeZM&edm=ABfd0MgBAAAA&ccb=7-4&oh=a8381e825ec352eed16bbdfb6680a127&oe=612F76EB&_nc_sid=7bff83
Requested by: Host: dzballon.com
URL: https://dzballon.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a03:2880:f21c:80c4:face:b00c:0:43fe Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software: proxygen-bolt /
Resource Hash: 16366d2552aa8349747c1168a3ef03665652b08d80385b6664c4cbf6a5b2f932

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://dzballon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 20 Jan 2022 02:45:23 GMT
x-fb-trip-id: 1425083115
server: proxygen-bolt
content-type: text/plain
alt-svc: h3=":443"; ma=3600,h3-29=":443"; ma=3600
content-length: 21
proxy-status: http_request_error; e_fb_vipaddr="AcJog-h_Wt3fUYV_e6-znRA5USXF7U4XUXiv3ZlUZ8h8nlNzUc8mHYyvUC2PrkqnK5gBEQ50BE8PU3fsB5q7btY3rJVEnGP2y-uJSjdx"; e_clientaddr="AcLy6fGU-yKSSi1Swzpt-5b-ZVTQ84pYjnWtnJu_EzMjhtGWzNcQaeJ3dhPVBR-zFCpFiVfLW8HjBeHz9DDir88xDtiouqZlhX4ZK981azClyrLH"; e_fb_builduser="AcK3WBUmw8ObPq-yixtvgaHbRXKTPoQj2-8GU21rQpkLSSnfeqTVrmfJonsLtAFggUQ"; e_proxy="AcK024M5s_eUiB2eQ04ji4OfNqhCoPToq5RD7AGOMPp7cu774WlcHtblLCMAj775jXsk0Jh_7KScqVk"; e_fb_binaryversion="AcLaILO97WZqIgvuH9BvxaMYrZhhHpdzvyr3CUnJ9f-IswrHJOLtuOEgS8EPqknzopVduvDwIEBFGks6ekD7uiX-jMDno5dqO2k"

GET
H2 404 DZBAL-200x110.png
sharp-elbakyan.194-163-146-70.plesk.page/wp-content/uploads/2016/11/ 0
0 124ms
55ms Image
text/html 194.163.146.70
CONTABO

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sharp-elbakyan.194-163-146-70.plesk.page/wp-content/uploads/2016/11/DZBAL-200x110.png
Requested by: Host: dzballon.com
URL: https://dzballon.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 194.163.146.70 Düsseldorf, Germany, ASN51167 (CONTABO, DE),
Reverse DNS: vmi608334.contaboserver.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://dzballon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

GET
H2 200 smartbanner.js Show response
dzballon.com/wp-content/plugins/mobiloud-smart-app-banner/public/libs/smart-banner-js/ 16 KB
4 KB 59ms
59ms Script
application/javascript 194.163.146.70
CONTABO

General

Check archive.org

Show headers Download Go to

Full URL: https://dzballon.com/wp-content/plugins/mobiloud-smart-app-banner/public/libs/smart-banner-js/smartbanner.js
Requested by: Host: dzballon.com
URL: https://dzballon.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 194.163.146.70 Düsseldorf, Germany, ASN51167 (CONTABO, DE),
Reverse DNS: vmi608334.contaboserver.net
Software: nginx / PleskLin
Resource Hash: 49fa858e491838e0af94ffe3844bcb3cb02b6ea39cc314241e982935777d78d5

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://dzballon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 20 Jan 2022 02:45:23 GMT
content-encoding: br
etag: W/"60bb5467-410b"
last-modified: Sat, 05 Jun 2021 10:39:35 GMT
server: nginx
x-powered-by: PleskLin
content-type: application/javascript

GET
H2 200 frontend.js Show response
dzballon.com/wp-content/plugins/mobiloud-smart-app-banner/public/js/ 5 KB
1 KB 57ms
57ms Script
application/javascript 194.163.146.70
CONTABO

General

Check archive.org

Show headers Download Go to

Full URL: https://dzballon.com/wp-content/plugins/mobiloud-smart-app-banner/public/js/frontend.js
Requested by: Host: dzballon.com
URL: https://dzballon.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 194.163.146.70 Düsseldorf, Germany, ASN51167 (CONTABO, DE),
Reverse DNS: vmi608334.contaboserver.net
Software: nginx / PleskLin
Resource Hash: 56b81c23b91dcbe22a67a9ade320d3b94b025a119f72cdd98882dca248fdca82

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://dzballon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 20 Jan 2022 02:45:23 GMT
content-encoding: br
etag: W/"60bb5467-15d3"
last-modified: Sat, 05 Jun 2021 10:39:35 GMT
server: nginx
x-powered-by: PleskLin
content-type: application/javascript

GET
H2 200 underscore.min.js Show response
c0.wp.com/c/5.8.3/wp-includes/js/ 19 KB
7 KB 46ms
43ms Script
application/javascript 192.0.77.37
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://c0.wp.com/c/5.8.3/wp-includes/js/underscore.min.js

Requested by

Host: dzballon.com
URL: https://dzballon.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.37 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

5dacc86b8a64742e60d70192353e5643da219a3f84c0b26cf6116b06b67fff32

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://dzballon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

x-nc: HIT hhn 2
date: Thu, 20 Jan 2022 02:45:23 GMT
content-encoding: br
last-modified: Thu, 27 May 2021 19:33:19 GMT
server: nginx
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
strict-transport-security: max-age=15552000
timing-allow-origin: *
expires: Fri, 20 Jan 2023 02:45:23 GMT

GET
H2 200 js_posts_autoload.min.js Show response
dzballon.com/wp-content/plugins/td-cloud-library/assets/js/ 5 KB
2 KB 123ms
120ms Script
application/javascript 194.163.146.70
CONTABO

General

Check archive.org

Show headers Download Go to

Full URL: https://dzballon.com/wp-content/plugins/td-cloud-library/assets/js/js_posts_autoload.min.js?ver=a50385a2d79d6600973a7e697f735a0b
Requested by: Host: dzballon.com
URL: https://dzballon.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 194.163.146.70 Düsseldorf, Germany, ASN51167 (CONTABO, DE),
Reverse DNS: vmi608334.contaboserver.net
Software: nginx / PleskLin
Resource Hash: 18ec45978f0a68004bbcff5a150f9eb62cfac449a51f15c5a61336a2ad1d4675

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://dzballon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 20 Jan 2022 02:45:23 GMT
content-encoding: br
etag: W/"6040b728-13fa"
last-modified: Thu, 04 Mar 2021 10:32:08 GMT
server: nginx
x-powered-by: PleskLin
content-type: application/javascript

GET
H2 200 tagdiv_theme.min.js Show response
dzballon.com/wp-content/plugins/td-composer/legacy/Newspaper/js/ 253 KB
54 KB 114ms
111ms Script
application/javascript 194.163.146.70
CONTABO

General

Check archive.org

Show headers Download Go to

Full URL: https://dzballon.com/wp-content/plugins/td-composer/legacy/Newspaper/js/tagdiv_theme.min.js?ver=10.3.9.1
Requested by: Host: dzballon.com
URL: https://dzballon.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 194.163.146.70 Düsseldorf, Germany, ASN51167 (CONTABO, DE),
Reverse DNS: vmi608334.contaboserver.net
Software: nginx / PleskLin
Resource Hash: d7246ea8f0ede1f2eadd6aa077545b7e0423f39e19d33c7c9a99d400afbe1bbb

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://dzballon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 20 Jan 2022 02:45:23 GMT
content-encoding: br
etag: W/"6040b6f9-3f512"
last-modified: Thu, 04 Mar 2021 10:31:21 GMT
server: nginx
x-powered-by: PleskLin
content-type: application/javascript

GET
H2 200 comment-reply.min.js Show response
c0.wp.com/c/5.8.3/wp-includes/js/ 3 KB
1 KB 46ms
44ms Script
application/javascript 192.0.77.37
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://c0.wp.com/c/5.8.3/wp-includes/js/comment-reply.min.js

Requested by

Host: dzballon.com
URL: https://dzballon.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.37 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

143ce443c390db3b8598f951de20bd04623859a581a15b8cde43ebfa1f8ec103

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://dzballon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

x-nc: HIT hhn 2
date: Thu, 20 Jan 2022 02:45:23 GMT
content-encoding: br
last-modified: Thu, 18 Mar 2021 17:48:23 GMT
server: nginx
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
strict-transport-security: max-age=15552000
timing-allow-origin: *
expires: Fri, 20 Jan 2023 02:45:23 GMT

GET
H2 200 js_files_for_front.min.js Show response
dzballon.com/wp-content/plugins/td-cloud-library/assets/js/ 33 KB
7 KB 122ms
119ms Script
application/javascript 194.163.146.70
CONTABO

General

Check archive.org

Show headers Download Go to

Full URL: https://dzballon.com/wp-content/plugins/td-cloud-library/assets/js/js_files_for_front.min.js?ver=a50385a2d79d6600973a7e697f735a0b
Requested by: Host: dzballon.com
URL: https://dzballon.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 194.163.146.70 Düsseldorf, Germany, ASN51167 (CONTABO, DE),
Reverse DNS: vmi608334.contaboserver.net
Software: nginx / PleskLin
Resource Hash: 4efd43ff6d6dc2c922d3ba71a80f7f499eb56f65df5fe2c60305b35e66062eae

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://dzballon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 20 Jan 2022 02:45:23 GMT
content-encoding: br
etag: W/"6040b728-8387"
last-modified: Thu, 04 Mar 2021 10:32:08 GMT
server: nginx
x-powered-by: PleskLin
content-type: application/javascript

GET
H2 200 wp-embed.min.js Show response
c0.wp.com/c/5.8.3/wp-includes/js/ 1 KB
719 B 46ms
44ms Script
application/javascript 192.0.77.37
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://c0.wp.com/c/5.8.3/wp-includes/js/wp-embed.min.js

Requested by

Host: dzballon.com
URL: https://dzballon.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.37 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

5be614bce53f767993a5f5f14a6badd6aae6bf3af7cbdbf4d31520de49e27991

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://dzballon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

x-nc: HIT hhn 2
date: Thu, 20 Jan 2022 02:45:23 GMT
content-encoding: br
last-modified: Wed, 06 Jan 2021 15:29:24 GMT
server: nginx
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
strict-transport-security: max-age=15552000
timing-allow-origin: *
expires: Fri, 20 Jan 2023 02:45:23 GMT

GET
H2 200 e-202203.js Show response
stats.wp.com/ 9 KB
3 KB 69ms
12ms Script
application/javascript 192.0.76.3
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://stats.wp.com/e-202203.js
Requested by: Host: dzballon.com
URL: https://dzballon.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.76.3 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software: nginx /
Resource Hash: 82d0aae1e7b8cfc0574d6548d1f35096f5e4310321aa964ff3fdb46c4d12e302

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://dzballon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

x-nc: HIT hhn
date: Thu, 20 Jan 2022 02:45:23 GMT
content-encoding: br
server: nginx
etag: W/"6197c5cf-3508"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
expires: Sun, 08 Jan 2023 23:52:53 GMT

GET
H2 404 dzball.jpg
sharp-elbakyan.194-163-146-70.plesk.page/wp-content/uploads/2016/11/ 0
0 115ms
54ms Image
text/html 194.163.146.70
CONTABO

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sharp-elbakyan.194-163-146-70.plesk.page/wp-content/uploads/2016/11/dzball.jpg
Requested by: Host: dzballon.com
URL: https://dzballon.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 194.163.146.70 Düsseldorf, Germany, ASN51167 (CONTABO, DE),
Reverse DNS: vmi608334.contaboserver.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://dzballon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

GET
H2 200 newspaper.woff
dzballon.com/wp-content/themes/Newspaper/images/icons/ 123 KB
123 KB 65ms
64ms Font
font/woff 194.163.146.70
CONTABO

General

Check archive.org

Show headers Download Go to

Full URL: https://dzballon.com/wp-content/themes/Newspaper/images/icons/newspaper.woff?19
Requested by: Host: dzballon.com
URL: https://dzballon.com/wp-content/themes/Newspaper/style.css?ver=10.3.9.1
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 194.163.146.70 Düsseldorf, Germany, ASN51167 (CONTABO, DE),
Reverse DNS: vmi608334.contaboserver.net
Software: nginx / PleskLin
Resource Hash: 557c7d8dd32557129cec3d5d4f221eef6e8706e0855f826f5f6db4278e08420b

Request headers

Referer: https://dzballon.com/wp-content/themes/Newspaper/style.css?ver=10.3.9.1
Origin: https://dzballon.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 20 Jan 2022 02:45:23 GMT
last-modified: Thu, 04 Mar 2021 10:28:58 GMT
server: nginx
x-powered-by: PleskLin
etag: "6040b66a-1eab4"
content-type: font/woff
accept-ranges: bytes
content-length: 125620

GET
H2 200 ieVl2ZhZI2eCN5jzbjEETS9weq8-19K7DQ.woff2
fonts.gstatic.com/s/robotocondensed/v19/ 15 KB
15 KB 137ms
81ms Font
font/woff2 2a00:1450:4001:808::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/robotocondensed/v19/ieVl2ZhZI2eCN5jzbjEETS9weq8-19K7DQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto+Condensed%3A400%7COpen+Sans%3A400%2C600%2C700%7CRoboto%3A400%2C500%2C700&display=swap&ver=10.3.9.1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

53b907326f7c21a04f6d39cc32ff471aafec57d887feabfabb53394f378c659f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://dzballon.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 18 Jan 2022 14:17:54 GMT
x-content-type-options: nosniff
age: 131249
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15720
x-xss-protection: 0
last-modified: Tue, 15 Sep 2020 18:08:56 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Wed, 18 Jan 2023 14:17:54 GMT

GET
H2 200 KFOlCnqEu92Fr1MmEU9fBBc4.woff2
fonts.gstatic.com/s/roboto/v29/ 16 KB
16 KB 81ms
25ms Font
font/woff2 2a00:1450:4001:808::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v29/KFOlCnqEu92Fr1MmEU9fBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto+Condensed%3A400%7COpen+Sans%3A400%2C600%2C700%7CRoboto%3A400%2C500%2C700&display=swap&ver=10.3.9.1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

bb46ed079c3dd3c39af5051b4ada48f29f49151dad4fa218117bad2fdb5e616f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://dzballon.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 18 Jan 2022 14:02:00 GMT
x-content-type-options: nosniff
age: 132203
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15920
x-xss-protection: 0
last-modified: Wed, 22 Sep 2021 16:13:21 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Wed, 18 Jan 2023 14:02:00 GMT

GET
H2 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v29/ 15 KB
15 KB 84ms
29ms Font
font/woff2 2a00:1450:4001:808::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v29/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto+Condensed%3A400%7COpen+Sans%3A400%2C600%2C700%7CRoboto%3A400%2C500%2C700&display=swap&ver=10.3.9.1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cc46322d5c4d41da447f26f7fa714827f2ec9a112968c12ef5736c7494985eca

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://dzballon.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Fri, 14 Jan 2022 13:39:48 GMT
x-content-type-options: nosniff
age: 479135
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15688
x-xss-protection: 0
last-modified: Wed, 22 Sep 2021 16:13:19 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Sat, 14 Jan 2023 13:39:48 GMT

GET
H2 200 memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
fonts.gstatic.com/s/opensans/v27/ 44 KB
44 KB 103ms
54ms Font
font/woff2 2a00:1450:4001:808::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v27/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto+Condensed%3A400%7COpen+Sans%3A400%2C600%2C700%7CRoboto%3A400%2C500%2C700&display=swap&ver=10.3.9.1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

88915cdc03fc5b9a20aec966fe93ee38aa3fd76bfef296e41d305271b3541c96

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://dzballon.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Fri, 14 Jan 2022 13:52:02 GMT
x-content-type-options: nosniff
age: 478401
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 44656
x-xss-protection: 0
last-modified: Thu, 28 Oct 2021 00:30:43 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Sat, 14 Jan 2023 13:52:02 GMT

GET
DATA 200
OK truncated
/ 111 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 7ae5b52b01b37efb4547c3493f75abf51dc034326bb6f1ff6fc97348065716ba

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ 138 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 5fd9b4b10be5a293cbc0f2f89cb21d2072517953a34fb6ac2e7df8d13a966ffe

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ 124 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 5df0f0543a4ad5a0db36d12288ba6583088f2ed6ff60b631c7afd0550d143161

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ 117 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: d2c9f518ec6a8748dd27703e15b4c4c1f44590cee03193fe9c542678c80c6b27

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ 114 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 069e2abed69e2efcd6930c0615ae8c32c1cb9f76e6e9ffae45495bc6759a3f95

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ 101 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: c9a612722eed86936463bc8772a9d4509e0c24f22485221beaa583a60079fef2

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ 123 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 172d5b83579e06dce26714973595e570204438c66e025f8a65082df29221626b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 elements.png
dzballon.com/wp-content/plugins/td-composer/legacy/Newspaper/assets/images/sprite/ 4 KB
4 KB 65ms
65ms Image
image/png 194.163.146.70
CONTABO

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dzballon.com/wp-content/plugins/td-composer/legacy/Newspaper/assets/images/sprite/elements.png
Requested by: Host: dzballon.com
URL: https://dzballon.com/wp-content/plugins/td-composer/legacy/Newspaper/assets/css/td_legacy_main.css?ver=c784b8db3e66cd68082f3ff7aa2d70e6
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 194.163.146.70 Düsseldorf, Germany, ASN51167 (CONTABO, DE),
Reverse DNS: vmi608334.contaboserver.net
Software: nginx / PleskLin
Resource Hash: 277c84697b5039a7583a843ba2e6b784354925898a15056c8d975b696d2e7c2c

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://dzballon.com/wp-content/plugins/td-composer/legacy/Newspaper/assets/css/td_legacy_main.css?ver=c784b8db3e66cd68082f3ff7aa2d70e6
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 20 Jan 2022 02:45:23 GMT
last-modified: Thu, 04 Mar 2021 10:31:41 GMT
server: nginx
x-powered-by: PleskLin
etag: "6040b70d-1035"
content-type: image/png
accept-ranges: bytes
content-length: 4149

GET
H2 200 KFOlCnqEu92Fr1MmWUlfBBc4.woff2
fonts.gstatic.com/s/roboto/v29/ 15 KB
16 KB 65ms
65ms Font
font/woff2 2a00:1450:4001:808::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v29/KFOlCnqEu92Fr1MmWUlfBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto+Condensed%3A400%7COpen+Sans%3A400%2C600%2C700%7CRoboto%3A400%2C500%2C700&display=swap&ver=10.3.9.1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0eaeadb58e6995ba85eccb6198aaef77eeb1d4b66699e4e1f3fc10eb6adfcdb9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://dzballon.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 19 Jan 2022 17:56:19 GMT
x-content-type-options: nosniff
age: 31744
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15828
x-xss-protection: 0
last-modified: Wed, 22 Sep 2021 16:13:28 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Thu, 19 Jan 2023 17:56:19 GMT

GET
H2 200 g.gif
pixel.wp.com/ 50 B
93 B 22ms
21ms Image
image/gif 192.0.76.3
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.wp.com/g.gif?v=ext&j=1%3A10.2&blog=106193865&post=85759&tz=1&srv=dzballon.com&host=dzballon.com&ref=&fcp=1253&rand=0.5474006141236876
Requested by: Host: dzballon.com
URL: https://dzballon.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.76.3 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software: nginx /
Resource Hash: f3a8992acb9ab911e0fa4ae12f4b85ef8e61008619f13ee51c7a121ff87f63b1

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://dzballon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

access-control-allow-origin: *
date: Thu, 20 Jan 2022 02:45:23 GMT
cache-control: no-cache
server: nginx
content-length: 50
content-type: image/gif

GET
H2 200 show_ads_impl_with_ama_fy2019.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202201120101/ 284 KB
102 KB 36ms
35ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202201120101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-5970654787553740&plah=dzballon.com

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

5b06f817bc8877172dc8b712c3fca3f1cec9b3fa9508074811c274f9995e59ef

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://dzballon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 20 Jan 2022 02:45:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 104511
x-xss-protection: 0
server: cafe
etag: 14885114657223251790
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Thu, 20 Jan 2022 02:45:23 GMT

GET
H2 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20220118/r20190131/ Frame A53E 11 KB
5 KB 56ms
16ms Document
text/html 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20220118/r20190131/zrt_lookup.html

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

425b48211e0ebe795b6ead9ec2f1bcd9e04e9930a7dd30e08cdb2fef0bcb834c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://dzballon.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 4885
x-xss-protection: 0
date: Wed, 19 Jan 2022 15:43:32 GMT
expires: Wed, 02 Feb 2022 15:43:32 GMT
cache-control: public, max-age=1209600
age: 39711
etag: 13671712056976469594
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 cookie.js Show response
partner.googleadservices.com/gampad/ 216 B
644 B 96ms
43ms Script
text/javascript 142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://partner.googleadservices.com/gampad/cookie.js?domain=dzballon.com&callback=_gfp_s_&client=ca-pub-5970654787553740

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202201120101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-5970654787553740&plah=dzballon.com

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

cafe /

Resource Hash

5b84e7dce8962bd2a95a44cf20a131625a8faeef1a01b02f6695de746560977d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://dzballon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 20 Jan 2022 02:45:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: text/javascript; charset=UTF-8
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 200
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
792 B 99ms
45ms Script
application/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=dzballon.com

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://dzballon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 20 Jan 2022 02:45:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
549 B 101ms
41ms Script
application/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=dzballon.com

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://dzballon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 20 Jan 2022 02:45:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 02A6 72 KB
28 KB 395ms
355ms Document
text/html 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5970654787553740&output=html&h=90&slotname=8118741407&adk=1519400323&adf=1776886919&pi=t.ma~as.8118741407&w=728&lmt=1642646724&psa=0&format=728x90&url=https%3A%2F%2Fdzballon.com%2F&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1642646723915&bpp=3&bdt=388&idt=83&shv=r20220118&mjsv=m202201120101&ptt=9&saldr=aa&abxe=1&correlator=7647028130584&frm=20&pv=2&ga_vid=597624117.1642646724&ga_sid=1642646724&ga_hid=751718865&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=436&ady=104&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31063751%2C44753740%2C31064037%2C44756554%2C31060047&oid=2&pvsid=2704959983682235&pem=323&tmod=706358307&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=1&uci=a!1&fsb=1&xpc=BrBPbCf2r1&p=https%3A//dzballon.com&dtd=101

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

799942068b35eab254d5fc88af6d46bde09341213e1147106649ff6da70af410

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://dzballon.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Thu, 20 Jan 2022 02:45:24 GMT
server: cafe
content-length: 28287
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Thu, 20 Jan 2022 02:45:24 GMT
cache-control: private

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 6B74 84 KB
30 KB 477ms
466ms Document
text/html 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2307105849827608&output=html&h=280&slotname=5161712592&adk=3162029606&adf=3365127603&pi=t.ma~as.5161712592&w=1068&fwrn=4&fwrnh=100&lmt=1642646724&rafmt=1&psa=0&format=1068x280&url=https%3A%2F%2Fdzballon.com%2F&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1642646723918&bpp=3&bdt=391&idt=124&shv=r20220118&mjsv=m202201120101&ptt=9&saldr=aa&abxe=1&prev_fmts=728x90&correlator=7647028130584&frm=20&pv=2&ga_vid=597624117.1642646724&ga_sid=1642646724&ga_hid=751718865&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=266&ady=2143&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31063751%2C44753740%2C31064037%2C44756554%2C31060047&oid=2&pvsid=2704959983682235&pem=323&tmod=706358307&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&btvi=1&fsb=1&xpc=Bz1hp13t6p&p=https%3A//dzballon.com&dtd=127

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

464dc2f879f117d9cf75aaf32a66039b5bb54874ca5aa4f6eb473e6abb230ea2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://dzballon.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Thu, 20 Jan 2022 02:45:24 GMT
server: cafe
content-length: 30577
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Thu, 20 Jan 2022 02:45:24 GMT
cache-control: private

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 1118 73 KB
28 KB 290ms
289ms Document
text/html 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5970654787553740&output=html&h=600&slotname=8477887959&adk=3683415658&adf=125786128&pi=t.ma~as.8477887959&w=300&lmt=1642646724&psa=0&format=300x600&url=https%3A%2F%2Fdzballon.com%2F&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1642646723921&bpp=1&bdt=394&idt=170&shv=r20220118&mjsv=m202201120101&ptt=9&saldr=aa&abxe=1&prev_fmts=728x90%2C1068x280&correlator=7647028130584&frm=20&pv=1&ga_vid=597624117.1642646724&ga_sid=1642646724&ga_hid=751718865&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1022&ady=3090&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31063751%2C44753740%2C31064037%2C44756554%2C31060047&oid=2&pvsid=2704959983682235&pem=323&tmod=706358307&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=3&uci=a!3&btvi=2&fsb=1&xpc=031buw3c6l&p=https%3A//dzballon.com&dtd=172

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

88a8e26ec4914ec8e695a984f7c9190540dfdc2ef9eaf3453f4f3736b8381751

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://dzballon.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Thu, 20 Jan 2022 02:45:24 GMT
server: cafe
content-length: 28362
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Thu, 20 Jan 2022 02:45:24 GMT
cache-control: private

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame D945 191 KB
26 KB 591ms
590ms Document
text/html 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5970654787553740&output=html&h=280&slotname=7798681712&adk=2523956849&adf=1724743363&pi=t.ma~as.7798681712&w=1068&fwrn=4&fwrnh=100&lmt=1642646724&rafmt=1&psa=0&format=1068x280&url=https%3A%2F%2Fdzballon.com%2F&flash=0&fwr=0&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1642646723921&bpp=1&bdt=394&idt=174&shv=r20220118&mjsv=m202201120101&ptt=9&saldr=aa&abxe=1&prev_fmts=728x90%2C1068x280%2C300x600&correlator=7647028130584&frm=20&pv=1&ga_vid=597624117.1642646724&ga_sid=1642646724&ga_hid=751718865&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=266&ady=4264&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31063751%2C44753740%2C31064037%2C44756554%2C31060047&oid=2&pvsid=2704959983682235&pem=323&tmod=706358307&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=4&uci=a!4&btvi=3&fsb=1&xpc=2caIgfyyAL&p=https%3A//dzballon.com&dtd=177

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c0c3bb75a09639805645c8766bded6fb0a86da76022439fd192322c7dd642678

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://dzballon.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
access-control-expose-headers: x-google-amp-ad-validated-version
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Thu, 20 Jan 2022 02:45:24 GMT
server: cafe
content-length: 26302
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Thu, 20 Jan 2022 02:45:24 GMT
cache-control: private

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame CB4A 112 KB
32 KB 445ms
445ms Document
text/html 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5970654787553740&output=html&h=90&slotname=3721446914&adk=3355564592&adf=3553566787&pi=t.ma~as.3721446914&w=728&lmt=1642646724&psa=0&format=728x90&url=https%3A%2F%2Fdzballon.com%2F&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1642646723922&bpp=1&bdt=395&idt=191&shv=r20220118&mjsv=m202201120101&ptt=9&saldr=aa&abxe=1&prev_fmts=728x90%2C1068x280%2C300x600%2C1068x280&correlator=7647028130584&frm=20&pv=1&ga_vid=597624117.1642646724&ga_sid=1642646724&ga_hid=751718865&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=436&ady=4568&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31063751%2C44753740%2C31064037%2C44756554%2C31060047&oid=2&pvsid=2704959983682235&pem=323&tmod=706358307&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=5&uci=a!5&btvi=4&fsb=1&xpc=PJapYXupAb&p=https%3A//dzballon.com&dtd=194

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

2781a6ed908f486b1ffec6015184126d4727e17eb6bfdc9348771137945b0d9e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://dzballon.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Thu, 20 Jan 2022 02:45:24 GMT
server: cafe
content-length: 33073
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Thu, 20 Jan 2022 02:45:24 GMT
cache-control: private

GET
H3 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
122 B 60ms
31ms Script
application/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=dzballon.com

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://dzballon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 20 Jan 2022 02:45:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
122 B 58ms
31ms Script
application/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=dzballon.com

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://dzballon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 20 Jan 2022 02:45:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 9F8D 36 KB
13 KB 228ms
227ms Document
text/html 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5970654787553740&output=html&adk=1812271804&adf=3025194257&lmt=1642646724&plat=3%3A32%2C4%3A32%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&format=0x0&url=https%3A%2F%2Fdzballon.com%2F&ea=0&flash=0&pra=7&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1642646723933&bpp=1&bdt=406&idt=193&shv=r20220118&mjsv=m202201120101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D5524947a1d7308d9-228ea1a223cd0046%3AT%3D1642646724%3ART%3D1642646724%3AS%3DALNI_MY2xDSGH5eQ2IMe6Ct0s7GWuz4aDg&prev_fmts=728x90%2C1068x280%2C300x600%2C1068x280%2C728x90&nras=1&correlator=7647028130584&frm=20&pv=1&ga_vid=597624117.1642646724&ga_sid=1642646724&ga_hid=751718865&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31063751%2C44753740%2C31064037%2C44756554%2C31060047&oid=2&pvsid=2704959983682235&pem=323&tmod=706358307&nvt=1&eae=2&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&cms=2&fu=32768&bc=31&ifi=7&uci=a!7&fsb=1&dtd=201

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

58c94bdd4ce52fc89cc90baf1d36bb5cb64ea15538168c2b52411a5ab55a0b44

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://dzballon.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Thu, 20 Jan 2022 02:45:24 GMT
server: cafe
content-length: 12913
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Thu, 20 Jan 2022 02:45:24 GMT
cache-control: private

GET
H3 200 reactive_library_fy2019.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202201120101/ 149 KB
53 KB 25ms
25ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202201120101/reactive_library_fy2019.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

607abab2dcc713bafb514fcccf1275601f532bece2ee6e9fed786d3bf26cecc6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://dzballon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 20 Jan 2022 02:45:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 54133
x-xss-protection: 0
server: cafe
etag: 11549584360338080181
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=1209600
timing-allow-origin: *
expires: Thu, 20 Jan 2022 02:45:24 GMT

GET
H2 200 13852585349804594156
tpc.googlesyndication.com/daca_images/simgad/ Frame 1118 55 KB
55 KB 97ms
74ms Image
image/png 2a00:1450:4001:80f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/daca_images/simgad/13852585349804594156

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5970654787553740&output=html&h=600&slotname=8477887959&adk=3683415658&adf=125786128&pi=t.ma~as.8477887959&w=300&lmt=1642646724&psa=0&format=300x600&url=https%3A%2F%2Fdzballon.com%2F&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1642646723921&bpp=1&bdt=394&idt=170&shv=r20220118&mjsv=m202201120101&ptt=9&saldr=aa&abxe=1&prev_fmts=728x90%2C1068x280&correlator=7647028130584&frm=20&pv=1&ga_vid=597624117.1642646724&ga_sid=1642646724&ga_hid=751718865&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1022&ady=3090&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31063751%2C44753740%2C31064037%2C44756554%2C31060047&oid=2&pvsid=2704959983682235&pem=323&tmod=706358307&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=3&uci=a!3&btvi=2&fsb=1&xpc=031buw3c6l&p=https%3A//dzballon.com&dtd=172

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

72393184710bb73bc37a82ef62103ba674eb9accbf1528ea43eeed06b79729b4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 20 Jan 2022 02:45:24 GMT
x-content-type-options: nosniff
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 56504
x-xss-protection: 0
last-modified: Wed, 17 Feb 2021 08:20:36 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Fri, 20 Jan 2023 02:45:24 GMT

GET
H2 200 abg_lite_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220118/r20110914/ Frame 1118 19 KB
8 KB 29ms
6ms Script
text/javascript 2a00:1450:4001:80f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220118/r20110914/abg_lite_fy2019.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

2039446f8956518da2c2d70116d18c92fac3b04110942de074748aa4041067fb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 20 Jan 2022 02:24:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1228
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7881
x-xss-protection: 0
server: cafe
etag: 7605774008668088057
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 03 Feb 2022 02:24:56 GMT

GET
H2 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220118/r20110914/client/ Frame 1118 2 KB
1 KB 31ms
14ms Script
text/javascript 2a00:1450:4001:80f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220118/r20110914/client/window_focus_fy2019.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

144822a1b5316a4e9a06ffbf5802b8c1cbbc0a3f230d81b98f362f7fe4c128c8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 20 Jan 2022 02:37:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 461
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1205
x-xss-protection: 0
server: cafe
etag: 18074202747124231361
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 03 Feb 2022 02:37:43 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 1118 122 KB
38 KB 40ms
15ms Script
text/javascript 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

425f48a06ab0e9a4a4d792a6677189720f377ec09a073ecdae6232a89cc221f2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 20 Jan 2022 02:45:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 38060
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1642595990432946"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Thu, 20 Jan 2022 02:45:24 GMT

GET
H2 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220118/r20110914/client/ Frame 1118 15 KB
6 KB 26ms
8ms Script
text/javascript 2a00:1450:4001:80f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220118/r20110914/client/qs_click_protection_fy2019.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

043cafc63f50b2ba976044bc7dfba6ccb1a1878d527f883cb81984c5585cd9da

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 20 Jan 2022 02:00:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 2680
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6473
x-xss-protection: 0
server: cafe
etag: 5124071950003790117
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 03 Feb 2022 02:00:44 GMT

GET
H2 200 one_click_handler_one_afma_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220118/r20110914/client/ Frame 1118 27 KB
11 KB 29ms
12ms Script
text/javascript 2a00:1450:4001:80f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220118/r20110914/client/one_click_handler_one_afma_fy2019.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ea6883243d3b8bc4d5890f404e6aacd73e92f75ff9e5d1031ba35d355877dfa5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 19 Jan 2022 15:11:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 41629
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11395
x-xss-protection: 0
server: cafe
etag: 13428216562775282503
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 02 Feb 2022 15:11:35 GMT

GET
H2 200 18422417576087759809
tpc.googlesyndication.com/daca_images/simgad/ Frame 02A6 25 KB
25 KB 35ms
14ms Image
image/png 2a00:1450:4001:80f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/daca_images/simgad/18422417576087759809

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5970654787553740&output=html&h=90&slotname=8118741407&adk=1519400323&adf=1776886919&pi=t.ma~as.8118741407&w=728&lmt=1642646724&psa=0&format=728x90&url=https%3A%2F%2Fdzballon.com%2F&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1642646723915&bpp=3&bdt=388&idt=83&shv=r20220118&mjsv=m202201120101&ptt=9&saldr=aa&abxe=1&correlator=7647028130584&frm=20&pv=2&ga_vid=597624117.1642646724&ga_sid=1642646724&ga_hid=751718865&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=436&ady=104&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31063751%2C44753740%2C31064037%2C44756554%2C31060047&oid=2&pvsid=2704959983682235&pem=323&tmod=706358307&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=1&uci=a!1&fsb=1&xpc=BrBPbCf2r1&p=https%3A//dzballon.com&dtd=101

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

22bb0800e901e200d23b739ff8e2d955aab11864f999e8ebe1405cda4dc9fb8b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 13 Jan 2022 07:49:03 GMT
x-content-type-options: nosniff
age: 586581
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 25214
x-xss-protection: 0
last-modified: Wed, 12 Jan 2022 08:57:45 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Fri, 13 Jan 2023 07:49:03 GMT

GET
H2 200 abg_lite_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220118/r20110914/ Frame 02A6 19 KB
8 KB 28ms
7ms Script
text/javascript 2a00:1450:4001:80f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220118/r20110914/abg_lite_fy2019.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

2039446f8956518da2c2d70116d18c92fac3b04110942de074748aa4041067fb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 20 Jan 2022 02:24:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1228
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7881
x-xss-protection: 0
server: cafe
etag: 7605774008668088057
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 03 Feb 2022 02:24:56 GMT

GET
H2 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220118/r20110914/client/ Frame 02A6 2 KB
1 KB 32ms
19ms Script
text/javascript 2a00:1450:4001:80f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220118/r20110914/client/window_focus_fy2019.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

144822a1b5316a4e9a06ffbf5802b8c1cbbc0a3f230d81b98f362f7fe4c128c8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 20 Jan 2022 02:37:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 461
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1205
x-xss-protection: 0
server: cafe
etag: 18074202747124231361
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 03 Feb 2022 02:37:43 GMT

GET
H2 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220118/r20110914/client/ Frame 02A6 15 KB
6 KB 25ms
11ms Script
text/javascript 2a00:1450:4001:80f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220118/r20110914/client/qs_click_protection_fy2019.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

043cafc63f50b2ba976044bc7dfba6ccb1a1878d527f883cb81984c5585cd9da

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 20 Jan 2022 02:00:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 2680
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6473
x-xss-protection: 0
server: cafe
etag: 5124071950003790117
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 03 Feb 2022 02:00:44 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 02A6 122 KB
37 KB 55ms
35ms Script
text/javascript 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

425f48a06ab0e9a4a4d792a6677189720f377ec09a073ecdae6232a89cc221f2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 20 Jan 2022 02:45:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 38060
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1642595990432946"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Thu, 20 Jan 2022 02:45:24 GMT

GET
H2 200 one_click_handler_one_afma_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220118/r20110914/client/ Frame 02A6 27 KB
11 KB 31ms
17ms Script
text/javascript 2a00:1450:4001:80f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220118/r20110914/client/one_click_handler_one_afma_fy2019.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ea6883243d3b8bc4d5890f404e6aacd73e92f75ff9e5d1031ba35d355877dfa5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 19 Jan 2022 15:11:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 41629
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11395
x-xss-protection: 0
server: cafe
etag: 13428216562775282503
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 02 Feb 2022 15:11:35 GMT

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame 1118 0
0 29ms
29ms Fetch
text/html 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=CZINFxMzoYdHgBpqj7_UP0f-YUOucr4dln4aszoQN3NkeEAEg4on8K2CV4pCCoAegAcj-q6cCyAECqQLNfMGnYTqBPqgDAcgDyQSqBMABT9BsRuC-U6OYXo3FuN34f0PHTU65AjJNpDH7DvdSlV-shxaLAeqhUjz277cg9edy4zk9OTF8sUeouKAhVQHSAKyMEh7aRnMulX81sRPqzwgy7FINdOMNdhD3SFS-iFJavxmMz2Ax7a2d1xqXkxepiyXOka0ii52puNxPxKCRVkX4aikGyl9gDHnUiX7OZOrXMWY6JD4sRztoBHpu-EJwyhLPuWSWL25zGjuzsQau0e-HLxJSlg3VzzYnBgdyHBPtwATm-I7XowOSBQQIBBgBkgUECAUYBKAGAoAHoZvW2wGoB47OG6gHk9gbqAfulrECqAf-nrECqAfVyRuoB6a-G9gHAfIHBBCExwLSCAkIgOGAEBABGB-ACgHICwHYEw3QFQGAFwGyFxwKGggAEhRwdWItNTk3MDY1NDc4NzU1Mzc0MBgA&sigh=cHjTXm88sHA&uach_m=[UACH]

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5970654787553740&output=html&h=600&slotname=8477887959&adk=3683415658&adf=125786128&pi=t.ma~as.8477887959&w=300&lmt=1642646724&psa=0&format=300x600&url=https%3A%2F%2Fdzballon.com%2F&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1642646723921&bpp=1&bdt=394&idt=170&shv=r20220118&mjsv=m202201120101&ptt=9&saldr=aa&abxe=1&prev_fmts=728x90%2C1068x280&correlator=7647028130584&frm=20&pv=1&ga_vid=597624117.1642646724&ga_sid=1642646724&ga_hid=751718865&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1022&ady=3090&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31063751%2C44753740%2C31064037%2C44756554%2C31060047&oid=2&pvsid=2704959983682235&pem=323&tmod=706358307&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=3&uci=a!3&btvi=2&fsb=1&xpc=031buw3c6l&p=https%3A//dzballon.com&dtd=172
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
date: Thu, 20 Jan 2022 02:45:24 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Thu, 20 Jan 2022 02:45:24 GMT

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame 02A6 0
0 27ms
27ms Fetch
text/html 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=CGznCxMzoYfHbBPGC9u8Pgpq1mAHCudzgZ7CW3LTPD-uHzY7cHBABIOKJ_CtgleKQgqAHoAHMtuD0A8gBAqkCA6Sx-3EJsz6oAwHIA8kEqgS6AU_QkpMcQf62ReLW7HLUcO-QfM26Czb0KMS3H8b6tsAguVqo18hVlM-THKJPcAvMd4L34aHxRoM7mmETcLz5EDo_w5r82o_4PZCZLlOs_CTAwd4MONEP29MWG2cHQXSJ1MsFIrdQ1J7gnUdQ8egw0azWj6fMqpDKsaALmTZzy0kvJcxJVtnYD_bznJjYJZBreprq1ZZE_TTiRy0PygyriBcnDImvKAP0H5UYs2GwyyF5dd91EsHEZ_enWcAE6I-ejO4DkgUECAQYAZIFBAgFGASSBQQIBRgYkgUFCAUYqAGgBgKAB5zJnwuoB47OG6gHk9gbqAfulrECqAf-nrECqAfVyRuoB6a-G9gHAfIHBBCxiQXSCAkIgOGAEBABGB-ACgHICwHYEw3QFQGYFgGAFwGyFxwKGggAEhRwdWItNTk3MDY1NDc4NzU1Mzc0MBgA&sigh=LerYeBl7B3A&uach_m=[UACH]

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5970654787553740&output=html&h=90&slotname=8118741407&adk=1519400323&adf=1776886919&pi=t.ma~as.8118741407&w=728&lmt=1642646724&psa=0&format=728x90&url=https%3A%2F%2Fdzballon.com%2F&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1642646723915&bpp=3&bdt=388&idt=83&shv=r20220118&mjsv=m202201120101&ptt=9&saldr=aa&abxe=1&correlator=7647028130584&frm=20&pv=2&ga_vid=597624117.1642646724&ga_sid=1642646724&ga_hid=751718865&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=436&ady=104&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31063751%2C44753740%2C31064037%2C44756554%2C31060047&oid=2&pvsid=2704959983682235&pem=323&tmod=706358307&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=1&uci=a!1&fsb=1&xpc=BrBPbCf2r1&p=https%3A//dzballon.com&dtd=101
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
date: Thu, 20 Jan 2022 02:45:24 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Thu, 20 Jan 2022 02:45:24 GMT

GET
H3 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
122 B 17ms
16ms Script
application/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=dzballon.com

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://dzballon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 20 Jan 2022 02:45:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
122 B 16ms
16ms Script
application/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=dzballon.com

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://dzballon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 20 Jan 2022 02:45:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20220118/r20110914/ Frame DFFF 11 KB
5 KB 6ms
6ms Document
text/html 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20220118/r20110914/zrt_lookup.html?fsb=1

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

425b48211e0ebe795b6ead9ec2f1bcd9e04e9930a7dd30e08cdb2fef0bcb834c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://dzballon.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 4885
x-xss-protection: 0
date: Wed, 19 Jan 2022 16:09:22 GMT
expires: Wed, 02 Feb 2022 16:09:22 GMT
cache-control: public, max-age=1209600
age: 38162
etag: 13671712056976469594
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 8890 143 B
163 B 8ms
7ms Document
text/html 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5970654787553740&output=html&h=600&slotname=8477887959&adk=3683415658&adf=125786128&pi=t.ma~as.8477887959&w=300&lmt=1642646724&psa=0&format=300x600&url=https%3A%2F%2Fdzballon.com%2F&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1642646723921&bpp=1&bdt=394&idt=170&shv=r20220118&mjsv=m202201120101&ptt=9&saldr=aa&abxe=1&prev_fmts=728x90%2C1068x280&correlator=7647028130584&frm=20&pv=1&ga_vid=597624117.1642646724&ga_sid=1642646724&ga_hid=751718865&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1022&ady=3090&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31063751%2C44753740%2C31064037%2C44756554%2C31060047&oid=2&pvsid=2704959983682235&pem=323&tmod=706358307&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=3&uci=a!3&btvi=2&fsb=1&xpc=031buw3c6l&p=https%3A//dzballon.com&dtd=172

Response headers

x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 145
x-xss-protection: 0
date: Thu, 20 Jan 2022 02:04:56 GMT
cache-control: public, max-age=3600
content-type: text/html; charset=UTF-8
age: 2428
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 4CE6 143 B
163 B 7ms
7ms Document
text/html 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5970654787553740&output=html&h=90&slotname=8118741407&adk=1519400323&adf=1776886919&pi=t.ma~as.8118741407&w=728&lmt=1642646724&psa=0&format=728x90&url=https%3A%2F%2Fdzballon.com%2F&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1642646723915&bpp=3&bdt=388&idt=83&shv=r20220118&mjsv=m202201120101&ptt=9&saldr=aa&abxe=1&correlator=7647028130584&frm=20&pv=2&ga_vid=597624117.1642646724&ga_sid=1642646724&ga_hid=751718865&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=436&ady=104&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31063751%2C44753740%2C31064037%2C44756554%2C31060047&oid=2&pvsid=2704959983682235&pem=323&tmod=706358307&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=1&uci=a!1&fsb=1&xpc=BrBPbCf2r1&p=https%3A//dzballon.com&dtd=101

Response headers

x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 145
x-xss-protection: 0
date: Thu, 20 Jan 2022 02:04:56 GMT
cache-control: public, max-age=3600
content-type: text/html; charset=UTF-8
age: 2428
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
DATA 200
OK truncated
/ Frame 02A6 213 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: dfa56fdcb85b9a16762bed1c5ca21241ad358a2cd9112d4dbe49f009c0e10397

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame 1118 211 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b883c4dcf83d3ebdcb2e1be6bb54fa0e1cd0d4a39b2743156726b1491b699475

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame DFFF 0
0 25ms
25ms Fetch
text/html 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=CnfaTxMzoYafXCc2I7_UP2s-WwATJntKxXM3x4t2IAcCNtwEQASAAYJXikIKgB4IBF2NhLXB1Yi01OTcwNjU0Nzg3NTUzNzQwoAHVttLqA8gBCakCA6Sx-3EJsz6oAwGqBLMBT9Ap8E-B8ihE-BivnwR-xJDhxPhuFBT-wIF_EK6Dlli-g6SLGBZqF083D2mrCwNTgk0NXygHZA8dhb_-3UU_qli_HFJdxEQjxwKllMzJWvFm0vpI4Z-mSgXhZ4FHIPmKiBEr8Ptx3nU5cbi0Tg6ot3YKZECxt_jIYV_cs6WMXekH_WgdvR1mOMg53oXTy2CrIz-yea-U1cqpnpHVjlQ9fMlnjriWwCanGbt4NI40X6cOXDOABu-dgaTXla2bG6AGIagHpr4bqAeW2BuoB6qbsQKoB9-fsQLYBwDSCAcIiOGAEBABgAoB-gsCCAGADAHQFQGAFwGyFxoKGBIUcHViLTU5NzA2NTQ3ODc1NTM3NDAYAA&sigh=8aBYDumt3Bw&uach_m=[UACH]&cid=CAQSPgCNIrLMK4RwksBUS4b1z-3Zr6_pyX5mT-JM2lq5jPewwKaf-u7fmhOrumkI6Um5WiIU-Hl-DaLiFYOd8hbYGAE

Requested by

Host: dzballon.com
URL: https://dzballon.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/html/r20220118/r20110914/zrt_lookup.html?fsb=1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
date: Thu, 20 Jan 2022 02:45:24 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
H2 200 notify
rtb.nl.eu.criteo.com/google/auction/ Frame DFFF 0
0 75ms
25ms Fetch 2a02:2638:1::2
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://rtb.nl.eu.criteo.com/google/auction/notify?profile=14&payload=U_i0Ecz6RO0HfJ2DYgICAAAAMxagNgYa-c8LJHPumOVnUBDDzOhhlm4Ds_za6aCGSccAEg&wp=YejMxAACa6cIu8RNAAWn2lKPeaAgJesMQw0odA

Requested by

Host: dzballon.com
URL: https://dzballon.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::2 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 20 Jan 2022 02:45:24 GMT
server: Kestrel
server-processing-duration-in-ticks: 248887
content-length: 0
strict-transport-security: max-age=31536000; preload;

GET
H2 200 afr.php Show response
ads.eu.criteo.com/delivery/r/ Frame BCA8 161 KB
52 KB 147ms
97ms Document
text/html 2a02:2638:1::11
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://ads.eu.criteo.com/delivery/r/afr.php?z=YejMxAACa6cIu8RNAAWn2lKPeaAgJesMQw0odA&u=%7CNs6y0W4mKzN19t4fLVYMw0LMYrpQG8hsp%2FaVMceod30%3D%7C&c1=jWCgqsKSUoULMKFw69ROSSRlgYQIyhLzheJYiNKlyFrZYaP9DMbKXYUGVFbHeBgmX8ght8mGAcjSJXeSn5Nyv06-cJZ4bSX6AhiDSXdbmrUJwAnQxaj7onmMzOdoZn1J-2WSEEb0EQdKPB8iMeH_o_gKeUykXBlx8FYzFAxzRSlH1TfYCNizXZbZ6LnFDaH_s6aYODP6BTI5PUtFoncUY4y-VcprEFQJylngcRCzZKWDCoFBcvVkHSEzGgrtd4pugAybW6ZfhIrJHvDyWZeOeDtpiozlwXsQq1cT73z30omWIGGhsaOpwDL8tgpzzbFzzC42Pl7kkeC-Wi9lVerwgmPmnClUgEB3KIALhCzYbJ513B4xU4pjv2fb_4dcviHlgjJDSOnfW_4C1Ng1QRBPtyTX5-jJ57MbuaI5CBzyz6tjtKGpGB8PlY_ctmitroAjFH0A1FPiPS4eLRe9yfdNsWC9_OMn_pK8MzUYgCEN48g&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCE2daxMzoYafXCc2I7_UP2s-WwATJntKxXM3x4t2IAcCNtwEQASAAYJXikIKgB4IBF2NhLXB1Yi01OTcwNjU0Nzg3NTUzNzQwoAHVttLqA8gBCakCA6Sx-3EJsz6oAwGqBLYBT9Ap8E-B8ihE-BivnwR-xJDhxPhuFBT-wIF_EK6Dlli-g6SLGBZqF083D2mrCwNTgk0NXygHZA8dhb_-3UU_qli_HFJdxEQjxwKllMzJWvFm0vpI4Z-mSgXhZ4FHIPmKiBEr8Ptx3nU5cbi0Tg6ot3YKZECxt_jIYV_cs6WMXekH_WgdvR1mOMg53oXTiWKKsbg95bwrSd4KTqxzdl0pdn9toKAUdO6av0nHKqIs2g2KT4zfWxCABu-dgaTXla2bG6AGIagHpr4bqAeW2BuoB6qbsQKoB9-fsQLYBwDSCAcIiOGAEBAB-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_3WMO9OQAyhi7DwoOakbFxjsgyWpg%26client%3Dca-pub-5970654787553740%26adurl%3D

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220118/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::11 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

a6ce4d54ed425c7f93bbd532dcaa9ded367f84cba4f67cac2cd9b3dc60cbfadc

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/

Response headers

date: Thu, 20 Jan 2022 02:45:24 GMT
content-type: text/html
server: Kestrel
cache-control: private, max-age=0, no-cache
pragma: no-cache
expires: Mon, 26 Jul 1997 05:00:00 GMT
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
access-control-max-age: 1000
cross-origin-resource-policy: cross-origin
p3p: CP='CUR ADM OUR NOR STA NID'
report-to: {"endpoints":[{"url":"https://csm.eu.criteo.net/heavyad?cppv=3&cpp=4Ymuoj3IyQf-NqF9EAnL3NmsexiErwmeTwEjOPIlKFflgmHTrlZrVlvK47xqd4mhKxehGn6H0Cxkyt815uBQVglCbPYo2uGbKyoqz2oVpqKGoUhwzjhBJuXNqdPBaTMhcc_4NO0505dc3fz9eBfRIFipt7EMfV9aALIU4iosPt4W8W4POqecmiAR8SnIG0TbnsLHEErX46h5P0Fp2tQAD_XwWWUfpdNeqcXfpNOKWPaD2gcQhUjxceQU0dFaqCcqYFvInA"}], "max_age": 86400}
link: <pix.eu.criteo.net>; rel=preconnect; crossorigin, <static.criteo.net>; rel=preconnect; crossorigin
server-processing-duration-in-ticks: 75011977
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
vary: Accept-Encoding

GET
H3 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220118/r20110914/client/ Frame DFFF 2 KB
1 KB 33ms
11ms Script
text/javascript 2a00:1450:4001:80f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220118/r20110914/client/window_focus_fy2019.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220118/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

144822a1b5316a4e9a06ffbf5802b8c1cbbc0a3f230d81b98f362f7fe4c128c8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 20 Jan 2022 02:40:37 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 287
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1205
x-xss-protection: 0
server: cafe
etag: 18074202747124231361
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 03 Feb 2022 02:40:37 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame DFFF 122 KB
37 KB 44ms
23ms Script
text/javascript 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220118/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

425f48a06ab0e9a4a4d792a6677189720f377ec09a073ecdae6232a89cc221f2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 20 Jan 2022 02:45:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 38060
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1642595990432946"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Thu, 20 Jan 2022 02:45:24 GMT

GET
H3 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220118/r20110914/client/ Frame DFFF 15 KB
6 KB 30ms
8ms Script
text/javascript 2a00:1450:4001:80f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220118/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220118/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

043cafc63f50b2ba976044bc7dfba6ccb1a1878d527f883cb81984c5585cd9da

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 20 Jan 2022 02:07:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 2291
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6473
x-xss-protection: 0
server: cafe
etag: 5124071950003790117
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 03 Feb 2022 02:07:13 GMT

GET
H2 204 l
www.google.com/ads/measurement/ Frame DFFF 0
0 59ms
23ms Image
text/html 2a00:1450:4001:827::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaTS1lbOWs8QxUMa40CiL3kVyyls1_CUd3yD40CUCBpo1N0rgIHVFwBrcck7YpJ6t8U0TpviS2dL1cgtqIJVSFSb4n2DQA
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220118/r20110914/zrt_lookup.html?fsb=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:827::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

GET
H3 200 7138945543130506041
tpc.googlesyndication.com/daca_images/simgad/ Frame 6B74 119 KB
119 KB 12ms
11ms Image
image/png 2a00:1450:4001:80f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/daca_images/simgad/7138945543130506041

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2307105849827608&output=html&h=280&slotname=5161712592&adk=3162029606&adf=3365127603&pi=t.ma~as.5161712592&w=1068&fwrn=4&fwrnh=100&lmt=1642646724&rafmt=1&psa=0&format=1068x280&url=https%3A%2F%2Fdzballon.com%2F&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1642646723918&bpp=3&bdt=391&idt=124&shv=r20220118&mjsv=m202201120101&ptt=9&saldr=aa&abxe=1&prev_fmts=728x90&correlator=7647028130584&frm=20&pv=2&ga_vid=597624117.1642646724&ga_sid=1642646724&ga_hid=751718865&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=266&ady=2143&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31063751%2C44753740%2C31064037%2C44756554%2C31060047&oid=2&pvsid=2704959983682235&pem=323&tmod=706358307&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&btvi=1&fsb=1&xpc=Bz1hp13t6p&p=https%3A//dzballon.com&dtd=127

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7d49aabe895f1d820a16c4efc73acee66e8d6c7fd909262ef24583a631644f7c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 13 Jan 2022 08:48:58 GMT
x-content-type-options: nosniff
age: 582986
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 122153
x-xss-protection: 0
last-modified: Thu, 13 Jan 2022 08:40:26 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Fri, 13 Jan 2023 08:48:58 GMT

GET
H3 200 abg_lite_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220118/r20110914/ Frame 6B74 19 KB
8 KB 9ms
9ms Script
text/javascript 2a00:1450:4001:80f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220118/r20110914/abg_lite_fy2019.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

2039446f8956518da2c2d70116d18c92fac3b04110942de074748aa4041067fb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 20 Jan 2022 02:24:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1228
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7881
x-xss-protection: 0
server: cafe
etag: 7605774008668088057
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 03 Feb 2022 02:24:56 GMT

GET
H3 200 css
fonts.googleapis.com/ Frame CB4A 2 KB
532 B 41ms
25ms Stylesheet
text/css 2a00:1450:4001:811::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Google%20Sans%20Display%3A400

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5970654787553740&output=html&h=90&slotname=3721446914&adk=3355564592&adf=3553566787&pi=t.ma~as.3721446914&w=728&lmt=1642646724&psa=0&format=728x90&url=https%3A%2F%2Fdzballon.com%2F&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1642646723922&bpp=1&bdt=395&idt=191&shv=r20220118&mjsv=m202201120101&ptt=9&saldr=aa&abxe=1&prev_fmts=728x90%2C1068x280%2C300x600%2C1068x280&correlator=7647028130584&frm=20&pv=1&ga_vid=597624117.1642646724&ga_sid=1642646724&ga_hid=751718865&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=436&ady=4568&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31063751%2C44753740%2C31064037%2C44756554%2C31060047&oid=2&pvsid=2704959983682235&pem=323&tmod=706358307&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=5&uci=a!5&btvi=4&fsb=1&xpc=PJapYXupAb&p=https%3A//dzballon.com&dtd=194

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

e89a316ebf1c63ea09e2b7b5889fb55e1ffb326c7b2b172027da0948f5709f6a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Thu, 20 Jan 2022 02:27:07 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Thu, 20 Jan 2022 02:45:24 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 20 Jan 2022 02:45:24 GMT

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame 6B74 0
0 33ms
33ms Fetch
text/html 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=C31R9xMzoYZ7kBIzm7gOxx67AApa678xnuOWQutEP3NkeEAEgpJ3DVmCV4pCCoAegAYbvq5UCyAECqAMByAPJBKoExgFP0AXrGH0-xfqKO-Bz5y_L2uOPrwa_ttCD0I3j-b54m6xOmzY1LH_EmXErcHXOofSoBcsRacWfR06Xwozb41Kk54XrnzFbQ7B6dsUIpXUcBcVsYNqaxff97dXFzmTBi9FkGH7Mkxiuo17TsT8Z08HAoqKaNHLYh3_HqcPTuG03vnXuhpTxexRW1P8G8zP9nXhp0bRTv3N1zaHxFw2nehf57_sXtVPgXQmDht2NAJBFKuUiu4FwVw4i8-YGlMMH-jcWDwuPWATABJ-G2dzaA5IFBAgEGAGSBQQIBRgEkgUECAUYGJIFBQgFGKgBoAYCgAfikNTqAagHjs4bqAeT2BuoB-6WsQKoB_6esQKoB9XJG6gHpr4b2AcB8gcEEMudBdIICQiA4YAQEAEYH4AKAcgLAdgTDNAVAZgWAYAXAbIXHAoaCAASFHB1Yi0yMzA3MTA1ODQ5ODI3NjA4GAA&sigh=OC0p32cz1CM&uach_m=[UACH]

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2307105849827608&output=html&h=280&slotname=5161712592&adk=3162029606&adf=3365127603&pi=t.ma~as.5161712592&w=1068&fwrn=4&fwrnh=100&lmt=1642646724&rafmt=1&psa=0&format=1068x280&url=https%3A%2F%2Fdzballon.com%2F&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1642646723918&bpp=3&bdt=391&idt=124&shv=r20220118&mjsv=m202201120101&ptt=9&saldr=aa&abxe=1&prev_fmts=728x90&correlator=7647028130584&frm=20&pv=2&ga_vid=597624117.1642646724&ga_sid=1642646724&ga_hid=751718865&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=266&ady=2143&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31063751%2C44753740%2C31064037%2C44756554%2C31060047&oid=2&pvsid=2704959983682235&pem=323&tmod=706358307&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&btvi=1&fsb=1&xpc=Bz1hp13t6p&p=https%3A//dzballon.com&dtd=127
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
date: Thu, 20 Jan 2022 02:45:24 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
H3 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220118/r20110914/client/ Frame 6B74 2 KB
1 KB 12ms
12ms Script
text/javascript 2a00:1450:4001:80f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220118/r20110914/client/window_focus_fy2019.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

144822a1b5316a4e9a06ffbf5802b8c1cbbc0a3f230d81b98f362f7fe4c128c8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 20 Jan 2022 02:40:37 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 287
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1205
x-xss-protection: 0
server: cafe
etag: 18074202747124231361
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 03 Feb 2022 02:40:37 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 6B74 122 KB
37 KB 34ms
33ms Script
text/javascript 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

425f48a06ab0e9a4a4d792a6677189720f377ec09a073ecdae6232a89cc221f2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 20 Jan 2022 02:45:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 38060
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1642595990432946"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Thu, 20 Jan 2022 02:45:24 GMT

GET
H3 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220118/r20110914/client/ Frame 6B74 15 KB
6 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:80f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220118/r20110914/client/qs_click_protection_fy2019.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

043cafc63f50b2ba976044bc7dfba6ccb1a1878d527f883cb81984c5585cd9da

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 20 Jan 2022 02:07:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 2291
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6473
x-xss-protection: 0
server: cafe
etag: 5124071950003790117
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 03 Feb 2022 02:07:13 GMT

GET
H3 200 one_click_handler_one_afma_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220118/r20110914/client/ Frame 6B74 27 KB
11 KB 11ms
10ms Script
text/javascript 2a00:1450:4001:80f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220118/r20110914/client/one_click_handler_one_afma_fy2019.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ea6883243d3b8bc4d5890f404e6aacd73e92f75ff9e5d1031ba35d355877dfa5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 19 Jan 2022 15:11:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 41629
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11395
x-xss-protection: 0
server: cafe
etag: 13428216562775282503
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 02 Feb 2022 15:11:35 GMT

GET
H3 200 load_preloaded_resource_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220118/r20110914/client/ Frame CB4A 1 KB
875 B 21ms
20ms Script
text/javascript 2a00:1450:4001:80f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220118/r20110914/client/load_preloaded_resource_fy2019.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

fd11fa353cc6a8560f4c35e67c6fb8a3a4061ed3de4309cdf83fca65f8319bb4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 20 Jan 2022 02:21:53 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1411
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 848
x-xss-protection: 0
server: cafe
etag: 2277666839114365613
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 03 Feb 2022 02:21:53 GMT

GET
H3 200 abg_lite_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220118/r20110914/ Frame CB4A 19 KB
8 KB 19ms
16ms Script
text/javascript 2a00:1450:4001:80f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220118/r20110914/abg_lite_fy2019.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

2039446f8956518da2c2d70116d18c92fac3b04110942de074748aa4041067fb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 20 Jan 2022 02:24:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1228
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7881
x-xss-protection: 0
server: cafe
etag: 7605774008668088057
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 03 Feb 2022 02:24:56 GMT

GET
H3 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220118/r20110914/client/ Frame CB4A 2 KB
1 KB 23ms
20ms Script
text/javascript 2a00:1450:4001:80f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220118/r20110914/client/window_focus_fy2019.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

144822a1b5316a4e9a06ffbf5802b8c1cbbc0a3f230d81b98f362f7fe4c128c8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 20 Jan 2022 02:40:37 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 287
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1205
x-xss-protection: 0
server: cafe
etag: 18074202747124231361
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 03 Feb 2022 02:40:37 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame CB4A 122 KB
37 KB 32ms
29ms Script
text/javascript 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

425f48a06ab0e9a4a4d792a6677189720f377ec09a073ecdae6232a89cc221f2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 20 Jan 2022 02:45:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 38060
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1642595990432946"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Thu, 20 Jan 2022 02:45:24 GMT

GET
H3 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220118/r20110914/client/ Frame CB4A 15 KB
6 KB 19ms
15ms Script
text/javascript 2a00:1450:4001:80f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220118/r20110914/client/qs_click_protection_fy2019.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

043cafc63f50b2ba976044bc7dfba6ccb1a1878d527f883cb81984c5585cd9da

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 20 Jan 2022 02:07:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 2291
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6473
x-xss-protection: 0
server: cafe
etag: 5124071950003790117
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 03 Feb 2022 02:07:13 GMT

GET
H2 200 fccbdb50d0e11463e1edb3d8fcf7c364.js Show response
www.gstatic.com/mysidia/ Frame CB4A 27 KB
12 KB 48ms
8ms Script
text/javascript 2a00:1450:4001:827::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/fccbdb50d0e11463e1edb3d8fcf7c364.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f1b3a51250ea5d2b293615f08241269ed8277b95654cddafbc0f5df8d61e6cc1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 13 Jan 2022 19:13:52 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 545492
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11411
x-xss-protection: 0
last-modified: Thu, 13 Jan 2022 18:31:08 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Wed, 13 Apr 2022 19:13:52 GMT

GET
H3

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 8890
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

0
17 B

54ms
53ms

Document
text/html

2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Thu, 20 Jan 2022 02:45:24 GMT
server: cafe
content-length: 0
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Thu, 20 Jan 2022 02:45:24 GMT
cache-control: private

Redirect headers

location: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
cache-control: private
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Thu, 20 Jan 2022 02:45:24 GMT
server: cafe
content-length: 0
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 R1B9DkRZwcDIRZ3R9sqVqoa_rY5Qa04vEjSiPeGSXMQ.js Show response
pagead2.googlesyndication.com/bg/ Frame C564 35 KB
13 KB 9ms
9ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/R1B9DkRZwcDIRZ3R9sqVqoa_rY5Qa04vEjSiPeGSXMQ.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

47507d0e4459c1c0c8459dd1f6ca95aa86bfad8e506b4e2f1234a23de1925cc4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 13 Jan 2022 20:26:05 GMT
content-encoding: br
x-content-type-options: nosniff
age: 541159
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13406
x-xss-protection: 0
last-modified: Wed, 12 Jan 2022 16:08:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 13 Jan 2023 20:26:05 GMT

GET
H3 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 7739 143 B
163 B 9ms
8ms Document
text/html 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2307105849827608&output=html&h=280&slotname=5161712592&adk=3162029606&adf=3365127603&pi=t.ma~as.5161712592&w=1068&fwrn=4&fwrnh=100&lmt=1642646724&rafmt=1&psa=0&format=1068x280&url=https%3A%2F%2Fdzballon.com%2F&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1642646723918&bpp=3&bdt=391&idt=124&shv=r20220118&mjsv=m202201120101&ptt=9&saldr=aa&abxe=1&prev_fmts=728x90&correlator=7647028130584&frm=20&pv=2&ga_vid=597624117.1642646724&ga_sid=1642646724&ga_hid=751718865&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=266&ady=2143&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31063751%2C44753740%2C31064037%2C44756554%2C31060047&oid=2&pvsid=2704959983682235&pem=323&tmod=706358307&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&btvi=1&fsb=1&xpc=Bz1hp13t6p&p=https%3A//dzballon.com&dtd=127

Response headers

x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 145
x-xss-protection: 0
date: Thu, 20 Jan 2022 02:04:56 GMT
cache-control: public, max-age=3600
content-type: text/html; charset=UTF-8
age: 2428
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame CB4A 0
0 24ms
23ms Fetch
text/html 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=CvJpJxMzoYcinCLr87_UP6YuKyA_fpLaPYpXGn8fWC-2W_LLrGhABIOKJ_CtgleKQgqAHoAHjwKvHA8gBCakCR3LctIIHsz6oAwHIA8sEqgTCAU_Q85sFpIYrmf_e0AeO5SLxhlDOabFrtdwq_3eumyOaHwZrov5xw_W4QgcMPer1ZZiaKiNw_06PTV6VoRkLdCzM6dadwzv5geEctnfL9YeIFM6qOfYaeTzwWNxq3I1Nc1ZxSlGRm5nOkwve-xC0MVFNquJM2B0eQmeWzJxH1fA6-6NzGAOdH6GtEMH-0vlsEnpR9-1y3R2_z9uyC2K7tlSPAfJ46mZhSkMeYmzRhvonIwwD4kxbfKx12O3jX2gHfNliwAS1ivLd_wKSBQQIBBgBkgUECAUYBJIFBAgFGBiSBQUIBRioAaAGLoAH0f-MJqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6a-G9gHAPIHAxDgdNIICQiA4YAQEAEYH4AKAcgLAdgTC4gUA9AVAYAXAbIXHAoaCAASFHB1Yi01OTcwNjU0Nzg3NTUzNzQwGAA&sigh=5eLdkE9-qec&uach_m=[UACH]&template_id=494

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5970654787553740&output=html&h=90&slotname=3721446914&adk=3355564592&adf=3553566787&pi=t.ma~as.3721446914&w=728&lmt=1642646724&psa=0&format=728x90&url=https%3A%2F%2Fdzballon.com%2F&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1642646723922&bpp=1&bdt=395&idt=191&shv=r20220118&mjsv=m202201120101&ptt=9&saldr=aa&abxe=1&prev_fmts=728x90%2C1068x280%2C300x600%2C1068x280&correlator=7647028130584&frm=20&pv=1&ga_vid=597624117.1642646724&ga_sid=1642646724&ga_hid=751718865&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=436&ady=4568&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31063751%2C44753740%2C31064037%2C44756554%2C31060047&oid=2&pvsid=2704959983682235&pem=323&tmod=706358307&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=5&uci=a!5&btvi=4&fsb=1&xpc=PJapYXupAb&p=https%3A//dzballon.com&dtd=194
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
date: Thu, 20 Jan 2022 02:45:24 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
H3

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 4CE6
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

0
17 B

48ms
48ms

Document
text/html

2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Thu, 20 Jan 2022 02:45:24 GMT
server: cafe
content-length: 0
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Thu, 20 Jan 2022 02:45:24 GMT
cache-control: private

Redirect headers

location: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
cache-control: private
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Thu, 20 Jan 2022 02:45:24 GMT
server: cafe
content-length: 0
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 R1B9DkRZwcDIRZ3R9sqVqoa_rY5Qa04vEjSiPeGSXMQ.js Show response
pagead2.googlesyndication.com/bg/ Frame 35EA 35 KB
13 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/R1B9DkRZwcDIRZ3R9sqVqoa_rY5Qa04vEjSiPeGSXMQ.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

47507d0e4459c1c0c8459dd1f6ca95aa86bfad8e506b4e2f1234a23de1925cc4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 13 Jan 2022 20:26:05 GMT
content-encoding: br
x-content-type-options: nosniff
age: 541159
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13406
x-xss-protection: 0
last-modified: Wed, 12 Jan 2022 16:08:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 13 Jan 2023 20:26:05 GMT

GET
H2 200 shopping
encrypted-tbn2.gstatic.com/ Frame CB4A 10 KB
10 KB 67ms
13ms Image
image/jpeg 2a00:1450:4001:82b::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://encrypted-tbn2.gstatic.com/shopping?q=tbn:ANd9GcTXtlc84ZPzFhidTAkRvDr8c9Fu_gk6z4TKtm9iwJ4oIlMymZfT&usqp=CAI

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8d69291819d847fed994ee4f0ca9578a6780dec5b3f9826b28b5a4f5c03acd65

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 19 Jan 2022 08:28:25 GMT
x-content-type-options: nosniff
age: 65819
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/images-tbn
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9874
x-xss-protection: 0
last-modified: Sun, 09 Feb 2020 11:22:41 GMT
server: sffe
report-to: {"group":"images-tbn","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/images-tbn"}]}
content-type: image/jpeg
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="images-tbn"
expires: Thu, 19 Jan 2023 08:28:25 GMT

GET
H2 200 shopping
encrypted-tbn3.gstatic.com/ Frame CB4A 16 KB
16 KB 89ms
19ms Image
image/jpeg 2a00:1450:4001:829::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://encrypted-tbn3.gstatic.com/shopping?q=tbn:ANd9GcTPgubDJC0gCju9r_dLPQ3cYBfLeorBWxbE9lGAqp81w4v0xu38&usqp=CAI

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ea2ba6933f54716706b7f5b0540f411ca4e8a2d82116a36e5452073948ba826a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 17 Jan 2022 21:17:13 GMT
x-content-type-options: nosniff
age: 192491
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/images-tbn
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 16175
x-xss-protection: 0
last-modified: Fri, 20 Aug 2021 05:53:20 GMT
server: sffe
report-to: {"group":"images-tbn","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/images-tbn"}]}
content-type: image/jpeg
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="images-tbn"
expires: Tue, 17 Jan 2023 21:17:13 GMT

GET
H2 200 shopping
encrypted-tbn1.gstatic.com/ Frame CB4A 7 KB
8 KB 63ms
19ms Image
image/jpeg 2a00:1450:4001:829::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://encrypted-tbn1.gstatic.com/shopping?q=tbn:ANd9GcQhXo9J4TyHnJRWlOme6zqJx_GotjOMlnhH6UAY8V-shE72huZB&usqp=CAI

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d6b51a9e46b676bdf8221c0e31531c4e04b10e3f0b4785a1d714e0de52b10677

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 19 Jan 2022 04:24:27 GMT
x-content-type-options: nosniff
age: 80457
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/images-tbn
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7199
x-xss-protection: 0
last-modified: Wed, 25 Aug 2021 18:06:46 GMT
server: sffe
report-to: {"group":"images-tbn","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/images-tbn"}]}
content-type: image/jpeg
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="images-tbn"
expires: Thu, 19 Jan 2023 04:24:27 GMT

GET
H2 200 shopping
encrypted-tbn1.gstatic.com/ Frame CB4A 8 KB
8 KB 65ms
21ms Image
image/jpeg 2a00:1450:4001:829::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://encrypted-tbn1.gstatic.com/shopping?q=tbn:ANd9GcRfUXXcIMv0mSWwfT9Mu_npqfiCGEftaxrjFpaJs7R77UEkBGw&usqp=CAI

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b110f3daa79a387e22980bebb12bb90ac5d523f307fc338a914ac7c94b49ccb7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 18 Jan 2022 18:44:22 GMT
x-content-type-options: nosniff
age: 115262
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/images-tbn
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8036
x-xss-protection: 0
last-modified: Mon, 17 May 2021 13:07:23 GMT
server: sffe
report-to: {"group":"images-tbn","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/images-tbn"}]}
content-type: image/jpeg
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="images-tbn"
expires: Wed, 18 Jan 2023 18:44:22 GMT

GET
H2 200 shopping
encrypted-tbn0.gstatic.com/ Frame CB4A 9 KB
9 KB 65ms
17ms Image
image/jpeg 2a00:1450:4001:810::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://encrypted-tbn0.gstatic.com/shopping?q=tbn:ANd9GcQmQW68y_jawwVimyCKJ7pmTQxfd-g7-fmic1jjDgIaYfAptqT9&usqp=CAI

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b43ffd8fd57e794b57240dd0b58d2079d3076df48297fb4dcbb30a9a201442b2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Sun, 16 Jan 2022 04:14:27 GMT
x-content-type-options: nosniff
age: 340257
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/images-tbn
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9005
x-xss-protection: 0
last-modified: Fri, 02 Apr 2021 14:06:35 GMT
server: sffe
report-to: {"group":"images-tbn","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/images-tbn"}]}
content-type: image/jpeg
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="images-tbn"
expires: Mon, 16 Jan 2023 04:14:27 GMT

GET
H2 200 shopping
encrypted-tbn2.gstatic.com/ Frame CB4A 12 KB
12 KB 67ms
14ms Image
image/jpeg 2a00:1450:4001:82b::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://encrypted-tbn2.gstatic.com/shopping?q=tbn:ANd9GcQLE8scg4jYs-QrLz6Vf6JbAFJvsovLejWkIXNy98iW6wThrfM&usqp=CAI

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8cc19a88f3591eb7d510ae2e25e8adc76924a1aad527528191b0eeb6e8d6314a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 18 Jan 2022 15:31:18 GMT
x-content-type-options: nosniff
age: 126846
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/images-tbn
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12201
x-xss-protection: 0
last-modified: Fri, 01 Oct 2021 18:11:21 GMT
server: sffe
report-to: {"group":"images-tbn","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/images-tbn"}]}
content-type: image/jpeg
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="images-tbn"
expires: Wed, 18 Jan 2023 15:31:18 GMT

GET
H2 200 shopping
encrypted-tbn3.gstatic.com/ Frame CB4A 12 KB
12 KB 91ms
22ms Image
image/jpeg 2a00:1450:4001:829::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://encrypted-tbn3.gstatic.com/shopping?q=tbn:ANd9GcQNqJgDOt5HIsWhsfGPDQI5KYRUXvyi1JLRho_9FuEGY2BwwZU&usqp=CAI

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7def77894d5b0e0932a3339d746041fd2f4389d6e83bea19295c949358de8719

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 18 Jan 2022 14:08:24 GMT
x-content-type-options: nosniff
age: 131820
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/images-tbn
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12109
x-xss-protection: 0
last-modified: Wed, 15 Sep 2021 12:15:41 GMT
server: sffe
report-to: {"group":"images-tbn","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/images-tbn"}]}
content-type: image/jpeg
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="images-tbn"
expires: Wed, 18 Jan 2023 14:08:24 GMT

GET
H3

200

1855790038366648222
tpc.googlesyndication.com/simgad/ Frame CB4A
Redirect Chain

https://tpc.googlesyndication.com/pageadimg/imgad?id=CICAgKDbxsi7jQEQ6AIY6AIyCFR5nIyM6Xl-
https://tpc.googlesyndication.com/simgad/1855790038366648222

2 KB
2 KB

14ms
14ms

Image
image/png

2a00:1450:4001:80f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/1855790038366648222

Requested by

Protocol

Server

2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

11d02526cbaad695117721d111752936444366ac35fec7d36bf8d5fb2aab3094

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 19 Jan 2022 05:32:13 GMT
x-content-type-options: nosniff
age: 76391
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1882
x-xss-protection: 0
last-modified: Wed, 17 Apr 2019 14:59:10 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Thu, 19 Jan 2023 05:32:13 GMT

Redirect headers

date: Wed, 19 Jan 2022 05:46:31 GMT
x-content-type-options: nosniff
server: cafe
age: 75533
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: text/html; charset=UTF-8
location: https://tpc.googlesyndication.com/simgad/1855790038366648222
cache-control: public, max-age=2592000
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 18 Feb 2022 05:46:31 GMT

GET
DATA 200
OK truncated
/ Frame 6B74 213 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 85a3e553ac1d29157dd9e677f5d37cc57646a4b4cd860cf250f82386b99ee0ff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Content-Type: image/png

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame CB4A 0
20 B 23ms
23ms Ping
image/gif 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=jca&jc=26&version=r20220118&sample=0.01

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/pagead/js/r20220118/r20110914/client/load_preloaded_resource_fy2019.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Thu, 20 Jan 2022 02:45:24 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
DATA 200
OK truncated
/ Frame CB4A 216 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: bc9d6f849b12e2380f02774ac95a7c72921acddc2de06de83637d734f005555b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame DFFF 212 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 7e1af00dfd3de49219100b384bc2a6c72f459407f40a896a3c032c312166644a

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 ea8FacM9Wef3EJPWRrHjgE4B6CnlZxHVDv79oQ.woff2
fonts.gstatic.com/s/googlesansdisplay/v15/ Frame CB4A 20 KB
20 KB 34ms
10ms Font
font/woff2 2a00:1450:4001:808::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/googlesansdisplay/v15/ea8FacM9Wef3EJPWRrHjgE4B6CnlZxHVDv79oQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google%20Sans%20Display%3A400

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

475700259e64d480d1a70023e14741bb298a025e338bb608552e2472d4505a65

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://googleads.g.doubleclick.net
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 19 Jan 2022 09:49:59 GMT
x-content-type-options: nosniff
age: 60925
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20900
x-xss-protection: 0
last-modified: Mon, 19 Apr 2021 22:53:16 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Thu, 19 Jan 2023 09:49:59 GMT

GET
H2 200 privacy_small.svg
static.criteo.net/flash/icon/ Frame BCA8 2 KB
1 KB 51ms
14ms Image
image/svg+xml 2a02:2638::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/privacy_small.svg

Requested by

Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=YejMxAACa6cIu8RNAAWn2lKPeaAgJesMQw0odA&u=%7CNs6y0W4mKzN19t4fLVYMw0LMYrpQG8hsp%2FaVMceod30%3D%7C&c1=jWCgqsKSUoULMKFw69ROSSRlgYQIyhLzheJYiNKlyFrZYaP9DMbKXYUGVFbHeBgmX8ght8mGAcjSJXeSn5Nyv06-cJZ4bSX6AhiDSXdbmrUJwAnQxaj7onmMzOdoZn1J-2WSEEb0EQdKPB8iMeH_o_gKeUykXBlx8FYzFAxzRSlH1TfYCNizXZbZ6LnFDaH_s6aYODP6BTI5PUtFoncUY4y-VcprEFQJylngcRCzZKWDCoFBcvVkHSEzGgrtd4pugAybW6ZfhIrJHvDyWZeOeDtpiozlwXsQq1cT73z30omWIGGhsaOpwDL8tgpzzbFzzC42Pl7kkeC-Wi9lVerwgmPmnClUgEB3KIALhCzYbJ513B4xU4pjv2fb_4dcviHlgjJDSOnfW_4C1Ng1QRBPtyTX5-jJ57MbuaI5CBzyz6tjtKGpGB8PlY_ctmitroAjFH0A1FPiPS4eLRe9yfdNsWC9_OMn_pK8MzUYgCEN48g&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCE2daxMzoYafXCc2I7_UP2s-WwATJntKxXM3x4t2IAcCNtwEQASAAYJXikIKgB4IBF2NhLXB1Yi01OTcwNjU0Nzg3NTUzNzQwoAHVttLqA8gBCakCA6Sx-3EJsz6oAwGqBLYBT9Ap8E-B8ihE-BivnwR-xJDhxPhuFBT-wIF_EK6Dlli-g6SLGBZqF083D2mrCwNTgk0NXygHZA8dhb_-3UU_qli_HFJdxEQjxwKllMzJWvFm0vpI4Z-mSgXhZ4FHIPmKiBEr8Ptx3nU5cbi0Tg6ot3YKZECxt_jIYV_cs6WMXekH_WgdvR1mOMg53oXTiWKKsbg95bwrSd4KTqxzdl0pdn9toKAUdO6av0nHKqIs2g2KT4zfWxCABu-dgaTXla2bG6AGIagHpr4bqAeW2BuoB6qbsQKoB9-fsQLYBwDSCAcIiOGAEBAB-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_3WMO9OQAyhi7DwoOakbFxjsgyWpg%26client%3Dca-pub-5970654787553740%26adurl%3D

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

a71fdb2af0679f36edbf63eb7944dc2403c85572d9de916cfcb12bf6277c5c37

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 20 Jan 2022 02:45:24 GMT
content-encoding: gzip
last-modified: Tue, 11 Feb 2020 14:30:28 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e42ba84-6aa"
strict-transport-security: max-age=31536000; preload;
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Sun, 15 Jan 2023 02:45:24 GMT

GET
H2 200 adchoices_de.svg
static.criteo.net/flash/icon/ Frame BCA8 2 KB
1 KB 51ms
15ms Image
image/svg+xml 2a02:2638::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/adchoices_de.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

f5ac04f16be2eb0fbb4477e9e100a88674bda296ce7acf2419ec2898858b37f1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 20 Jan 2022 02:45:24 GMT
content-encoding: gzip
last-modified: Tue, 11 Feb 2020 14:27:58 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e42b9ee-763"
strict-transport-security: max-age=31536000; preload;
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Sun, 15 Jan 2023 02:45:24 GMT

GET
H2 200 close_button.svg
static.criteo.net/flash/icon/ Frame BCA8 308 B
636 B 50ms
22ms Image
image/svg+xml 2a02:2638::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/close_button.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

8ec89605fe3d580e9539c7b858e8f69ba4e26fe06377ebe04585397de23a7395

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 20 Jan 2022 02:45:24 GMT
last-modified: Fri, 14 Feb 2020 13:51:32 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: "5e46a5e4-134"
strict-transport-security: max-age=31536000; preload;
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
content-length: 308
expires: Sun, 15 Jan 2023 02:45:24 GMT

GET
H2 200 back_button.svg
static.criteo.net/flash/icon/ Frame BCA8 507 B
835 B 43ms
15ms Image
image/svg+xml 2a02:2638::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/back_button.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

8f9a7962cf58f27b89c0627d094ee1b631ec118675f9eae1dc06031353360422

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 20 Jan 2022 02:45:24 GMT
last-modified: Thu, 01 Apr 2021 14:03:13 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: "6065d2a1-1fb"
strict-transport-security: max-age=31536000; preload;
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
content-length: 507
expires: Sun, 15 Jan 2023 02:45:24 GMT

GET
H2 200 lg.php
cat.nl.eu.criteo.com/m/delivery/ Frame BCA8 43 B
347 B 69ms
23ms Image
image/gif 178.250.2.148
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cat.nl.eu.criteo.com/m/delivery/lg.php?cppv=3&cpp=OS6FwPgx192t4nLvBd7ACBF1GhivdghH6v9PDrj2Os_Uh5fV1EFclJlFGsveLzxIQnI3Ic4KpZfAB_FpsiaB2Ig_d2RK28AMFDe2lN7tsQiTxNVlXo6teg3FAAOLtQbLrw--P9pWq023I8gxL7Lg5lgB8lDHlMivu4CeaMl4n6CHOIBqHLyPTmmR34uttUMGG1vtplgSSF6JRspYxDOGsZs9TcO4Ub-oKpJXUc4JROFy9xTw4M9EHDFvrG-AurFhwE3yUV4fa8CeAzWD6SU0Kht0mXwG6UlObXOZdfuKhyEGngTqZAaIJKPP4Q-4xsXTBaWuhAxMaaswCQtxo88FVQTutf1m9pyQBAGTxxLgtsrHtW0wURSLY9Q-KL41tVeKseepLvQX6Zy83acZN-JBs22ql3OAdYbDRwSUoZP95uUb_c39EoHU8Fz8qKaXfkzcK_JpXg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.2.148 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 20 Jan 2022 02:45:24 GMT
server: Kestrel
strict-transport-security: max-age=31536000; preload;
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
cache-control: no-cache
cross-origin-resource-policy: cross-origin
server-processing-duration-in-ticks: 2867702
content-type: image/gif
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H3 200 R1B9DkRZwcDIRZ3R9sqVqoa_rY5Qa04vEjSiPeGSXMQ.js Show response
pagead2.googlesyndication.com/bg/ Frame 316E 35 KB
13 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/R1B9DkRZwcDIRZ3R9sqVqoa_rY5Qa04vEjSiPeGSXMQ.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

47507d0e4459c1c0c8459dd1f6ca95aa86bfad8e506b4e2f1234a23de1925cc4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 13 Jan 2022 20:26:05 GMT
content-encoding: br
x-content-type-options: nosniff
age: 541159
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13406
x-xss-protection: 0
last-modified: Wed, 12 Jan 2022 16:08:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 13 Jan 2023 20:26:05 GMT

GET
H2 200 amp4ads-v0.mjs Show response
cdn.ampproject.org/rtv/012111152338000/ Frame 44EF 190 KB
55 KB 34ms
9ms Script
text/javascript 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012111152338000/amp4ads-v0.mjs

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5970654787553740&output=html&h=280&slotname=7798681712&adk=2523956849&adf=1724743363&pi=t.ma~as.7798681712&w=1068&fwrn=4&fwrnh=100&lmt=1642646724&rafmt=1&psa=0&format=1068x280&url=https%3A%2F%2Fdzballon.com%2F&flash=0&fwr=0&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1642646723921&bpp=1&bdt=394&idt=174&shv=r20220118&mjsv=m202201120101&ptt=9&saldr=aa&abxe=1&prev_fmts=728x90%2C1068x280%2C300x600&correlator=7647028130584&frm=20&pv=1&ga_vid=597624117.1642646724&ga_sid=1642646724&ga_hid=751718865&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=266&ady=4264&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31063751%2C44753740%2C31064037%2C44756554%2C31060047&oid=2&pvsid=2704959983682235&pem=323&tmod=706358307&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=4&uci=a!4&btvi=3&fsb=1&xpc=2caIgfyyAL&p=https%3A//dzballon.com&dtd=177

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

14b52d5e44212b22f6de0be5caeeb5bba561a29fd91bf6076bf1ad6d45ecae6f

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 117268
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 55581
x-xss-protection: 0
server: sffe
date: Tue, 18 Jan 2022 18:10:56 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "8559bae154d80579"
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Wed, 18 Jan 2023 18:10:56 GMT

GET
H2 200 amp-ad-exit-0.1.mjs Show response
cdn.ampproject.org/rtv/012111152338000/v0/ Frame 44EF 13 KB
5 KB 44ms
19ms Script
text/javascript 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012111152338000/v0/amp-ad-exit-0.1.mjs

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4e46e56dce46d21c527e164d6749fb5ff0101f400aede06a8711196da9e5c619

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 117268
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4994
x-xss-protection: 0
server: sffe
date: Tue, 18 Jan 2022 18:10:56 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "b314c3eb801664ba"
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Wed, 18 Jan 2023 18:10:56 GMT

GET
H2 200 amp-analytics-0.1.mjs Show response
cdn.ampproject.org/rtv/012111152338000/v0/ Frame 44EF 89 KB
28 KB 46ms
21ms Script
text/javascript 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012111152338000/v0/amp-analytics-0.1.mjs

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

279249ed963fcd87e6321b024c0194248dd1b44af5353e134071cdfff953967b

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 117268
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 28443
x-xss-protection: 0
server: sffe
date: Tue, 18 Jan 2022 18:10:56 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "976e6f5df80f4e35"
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Wed, 18 Jan 2023 18:10:56 GMT

GET
H2 200 amp-animation-0.1.mjs Show response
cdn.ampproject.org/rtv/012111152338000/v0/ Frame 44EF 71 KB
16 KB 49ms
24ms Script
text/javascript 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012111152338000/v0/amp-animation-0.1.mjs

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

969b5f20e50624afd483ec6e5e8767fafffbaf0b2fb046f034ace12c1e45a094

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 534990
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 16734
x-xss-protection: 0
server: sffe
date: Thu, 13 Jan 2022 22:08:54 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "35a471314f0fc88f"
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Fri, 13 Jan 2023 22:08:54 GMT

GET
H2 200 amp-fit-text-0.1.mjs Show response
cdn.ampproject.org/rtv/012111152338000/v0/ Frame 44EF 5 KB
2 KB 47ms
22ms Script
text/javascript 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012111152338000/v0/amp-fit-text-0.1.mjs

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

63697d88ab7b6e34e76e5990b867c706cb4346c27ec1c5a034c4d91dfb136778

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 117268
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1727
x-xss-protection: 0
server: sffe
date: Tue, 18 Jan 2022 18:10:56 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "423ab13fb6ff63c9"
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Wed, 18 Jan 2023 18:10:56 GMT

GET
H2 200 amp-form-0.1.mjs Show response
cdn.ampproject.org/rtv/012111152338000/v0/ Frame 44EF 40 KB
13 KB 48ms
23ms Script
text/javascript 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012111152338000/v0/amp-form-0.1.mjs

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ffd015b1bb0125d07c39cbfcdee6a8e2b604b55ea1936cf550fe1f9fbdbf2ae4

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 117268
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12843
x-xss-protection: 0
server: sffe
date: Tue, 18 Jan 2022 18:10:56 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "08cf721d9e54e414"
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Wed, 18 Jan 2023 18:10:56 GMT

GET
DATA 200
OK truncated
/ Frame 44EF 209 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 8c69b3e3327bb29400d64d5afce7a274ec511dde249ae88230020274ecb7e857

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 bg.jpg
tpc.googlesyndication.com/sadbundle/13328340487252287003/img/ Frame 44EF 23 KB
23 KB 7ms
7ms Image
image/jpeg 2a00:1450:4001:80f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/13328340487252287003/img/bg.jpg

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

83f724d2d4755adfdefb58c29a4d1ef7ff3c66714778829fb482389a78ed1f33

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 17 Jan 2022 08:41:21 GMT
x-content-type-options: nosniff
age: 237843
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 23466
x-xss-protection: 0
last-modified: Wed, 22 Dec 2021 14:41:00 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Tue, 17 Jan 2023 08:41:21 GMT

GET
H3 200 text1_1.png
tpc.googlesyndication.com/sadbundle/13328340487252287003/img/ Frame 44EF 2 KB
2 KB 10ms
9ms Image
image/png 2a00:1450:4001:80f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/13328340487252287003/img/text1_1.png

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

73389089ab7c93cf8a7555dd9f377c1888fb9e1464fb9c38e801cd54a5bc2289

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 17 Jan 2022 08:41:21 GMT
x-content-type-options: nosniff
age: 237843
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2246
x-xss-protection: 0
last-modified: Wed, 22 Dec 2021 14:41:00 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Tue, 17 Jan 2023 08:41:21 GMT

GET
H3 200 text1_2.png
tpc.googlesyndication.com/sadbundle/13328340487252287003/img/ Frame 44EF 2 KB
2 KB 9ms
9ms Image
image/png 2a00:1450:4001:80f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/13328340487252287003/img/text1_2.png

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a93a51d2e4d91b1ca6d3f91b6209b0ae72b53ca2667a9243a1bca15b8a1745ce

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 17 Jan 2022 08:41:21 GMT
x-content-type-options: nosniff
age: 237843
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2011
x-xss-protection: 0
last-modified: Wed, 22 Dec 2021 14:41:00 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Tue, 17 Jan 2023 08:41:21 GMT

GET
H3 200 text1_3.png
tpc.googlesyndication.com/sadbundle/13328340487252287003/img/ Frame 44EF 2 KB
2 KB 10ms
10ms Image
image/png 2a00:1450:4001:80f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/13328340487252287003/img/text1_3.png

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

bcf566e50edf02e67ff07e4747065985effde59269448f4c3b4539aee2b89b24

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 17 Jan 2022 08:41:21 GMT
x-content-type-options: nosniff
age: 237843
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2301
x-xss-protection: 0
last-modified: Wed, 22 Dec 2021 14:41:00 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Tue, 17 Jan 2023 08:41:21 GMT

GET
H3 200 text1_4.png
tpc.googlesyndication.com/sadbundle/13328340487252287003/img/ Frame 44EF 2 KB
2 KB 10ms
9ms Image
image/png 2a00:1450:4001:80f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/13328340487252287003/img/text1_4.png

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2b46a5109d58b3e12035f88db55124c33a4bf3da15786e22b74fdc221c2717aa

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 17 Jan 2022 08:41:21 GMT
x-content-type-options: nosniff
age: 237843
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1640
x-xss-protection: 0
last-modified: Wed, 22 Dec 2021 14:41:00 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Tue, 17 Jan 2023 08:41:21 GMT

GET
H3 200 text1_5.png
tpc.googlesyndication.com/sadbundle/13328340487252287003/img/ Frame 44EF 2 KB
2 KB 11ms
9ms Image
image/png 2a00:1450:4001:80f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/13328340487252287003/img/text1_5.png

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

fa76d3e1edf3eb9ff9ac56a80ae47eb8ba987996f365e973b92bb4f9641df774

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 17 Jan 2022 08:41:21 GMT
x-content-type-options: nosniff
age: 237843
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2401
x-xss-protection: 0
last-modified: Wed, 22 Dec 2021 14:41:00 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Tue, 17 Jan 2023 08:41:21 GMT

GET
H3 200 text2_1.png
tpc.googlesyndication.com/sadbundle/13328340487252287003/img/ Frame 44EF 5 KB
5 KB 11ms
9ms Image
image/png 2a00:1450:4001:80f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/13328340487252287003/img/text2_1.png

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

92974e171b9a9118be88051b467af8a173d77656a7636c19c7d93d1c8810f32c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 13 Jan 2022 04:09:19 GMT
x-content-type-options: nosniff
age: 599765
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5205
x-xss-protection: 0
last-modified: Wed, 22 Dec 2021 14:41:00 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Fri, 13 Jan 2023 04:09:19 GMT

GET
H3 200 stoerer.png
tpc.googlesyndication.com/sadbundle/13328340487252287003/img/ Frame 44EF 7 KB
7 KB 11ms
10ms Image
image/png 2a00:1450:4001:80f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/13328340487252287003/img/stoerer.png

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

91b4d6c7fc98cfd6933eb0a5e7672c9f3e288833f8bf3a2cb53df9b4ae4e5721

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 17 Jan 2022 08:41:21 GMT
x-content-type-options: nosniff
age: 237843
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7105
x-xss-protection: 0
last-modified: Wed, 22 Dec 2021 14:41:00 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Tue, 17 Jan 2023 08:41:21 GMT

GET
H3 200 logo.png
tpc.googlesyndication.com/sadbundle/13328340487252287003/img/ Frame 44EF 9 KB
9 KB 11ms
10ms Image
image/png 2a00:1450:4001:80f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/13328340487252287003/img/logo.png

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3b1ee790755f9c51e92fc58c5cd665097b4f3384114a6a9e58e674cf490551bc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 17 Jan 2022 08:41:21 GMT
x-content-type-options: nosniff
age: 237843
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9198
x-xss-protection: 0
last-modified: Wed, 22 Dec 2021 14:41:00 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Tue, 17 Jan 2023 08:41:21 GMT

GET
H3 200 cta.png
tpc.googlesyndication.com/sadbundle/13328340487252287003/img/ Frame 44EF 2 KB
2 KB 12ms
11ms Image
image/png 2a00:1450:4001:80f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/13328340487252287003/img/cta.png

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6eeeb9737a6d4907b3dd5580f7ed56ed22d8e7343708e27913d3cc175bbc2a5a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 17 Jan 2022 08:41:21 GMT
x-content-type-options: nosniff
age: 237843
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2056
x-xss-protection: 0
last-modified: Wed, 22 Dec 2021 14:41:00 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Tue, 17 Jan 2023 08:41:21 GMT

GET
H3 200 cta_text.png
tpc.googlesyndication.com/sadbundle/13328340487252287003/img/ Frame 44EF 2 KB
2 KB 13ms
12ms Image
image/png 2a00:1450:4001:80f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/13328340487252287003/img/cta_text.png

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

56d585959e7003ad763698b8edea1f0279ae5311d0c7bf707f6b4214fedb2d2d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 17 Jan 2022 08:41:21 GMT
x-content-type-options: nosniff
age: 237843
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1864
x-xss-protection: 0
last-modified: Wed, 22 Dec 2021 14:41:00 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Tue, 17 Jan 2023 08:41:21 GMT

GET
H3 200 fr.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 44EF 3 KB
3 KB 12ms
12ms Image
image/png 2a00:1450:4001:80f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/fr.png

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

bb10b8a273579cd997035d04ad3d87002aefa416b6ebe91b6c25e4eb0aa6ffcf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 19 Jan 2022 23:03:50 GMT
x-content-type-options: nosniff
server: cafe
age: 13294
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
etag: 12021612326893382710
vary: Accept-Encoding
content-type: image/png
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2724
x-xss-protection: 0
expires: Thu, 20 Jan 2022 23:03:50 GMT

GET
H3 200 icon.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 44EF 295 B
324 B 10ms
10ms Image
image/png 2a00:1450:4001:80f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/icon.png

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 19 Jan 2022 05:43:34 GMT
x-content-type-options: nosniff
server: cafe
age: 75710
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
etag: 426692510519060060
vary: Accept-Encoding
content-type: image/png
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 295
x-xss-protection: 0
expires: Thu, 20 Jan 2022 05:43:34 GMT

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame 44EF 0
17 B 25ms
24ms Image
text/html 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=CzvfuxMzoYeeUB8iG7_UP452J8AWm6qXUZ7Prqf2fD5aCzYWIFhABIOKJ_CtgleKQgqAHoAHF6pm5AsgBCakCR3LctIIHsz6oAwHIAwiqBMYBT9DB3xw62J90PU5t1QwFVcsGG6fgBCr2V9ty_-xjGQ13df7R2hAY-9jvO--nCv0P4lOfYdjY0eRbAyAjdSJLz7-cR19XMxoWoZgcPUTms7m8MUG01gPprDx3vCCOu0RtP-X1dEp0rrA3DDgJ6HvYJO4u78z5Qz8-GKxkjXyMma0N4QQwnjCuuZpcY3mPnM_Z8hOXP254657Acv0mxJneGsKYfK9JMtB81WMQn4y8S6AV5u5rU537I86eZo3ZJg8WgeMrl9TdwASO99Tu5AOSBQQIBBgBkgUECAUYBKAGLoAHo5XmxgGoB47OG6gHk9gbqAfulrECqAf-nrECqAfVyRuoB6a-G9gHAPIHBBC6xwbSCAkIgOGAEBABGB-ACgHICwHYEw2IFAHQFQGYFgGAFwGyFxwKGggAEhRwdWItNTk3MDY1NDc4NzU1Mzc0MBgA&sigh=Z9jTGURi6Mk&uach_m=[UACH]&template_id=419&uap=UACH(platform)&uapv=UACH(platformVersion)&uaa=UACH(architecture)&uam=UACH(model)&uafv=UACH(uaFullVersion)&uab=UACH(bitness)

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5970654787553740&output=html&h=280&slotname=7798681712&adk=2523956849&adf=1724743363&pi=t.ma~as.7798681712&w=1068&fwrn=4&fwrnh=100&lmt=1642646724&rafmt=1&psa=0&format=1068x280&url=https%3A%2F%2Fdzballon.com%2F&flash=0&fwr=0&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1642646723921&bpp=1&bdt=394&idt=174&shv=r20220118&mjsv=m202201120101&ptt=9&saldr=aa&abxe=1&prev_fmts=728x90%2C1068x280%2C300x600&correlator=7647028130584&frm=20&pv=1&ga_vid=597624117.1642646724&ga_sid=1642646724&ga_hid=751718865&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=266&ady=4264&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31063751%2C44753740%2C31064037%2C44756554%2C31060047&oid=2&pvsid=2704959983682235&pem=323&tmod=706358307&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=4&uci=a!4&btvi=3&fsb=1&xpc=2caIgfyyAL&p=https%3A//dzballon.com&dtd=177
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
date: Thu, 20 Jan 2022 02:45:24 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
H2 200 3753f6ac31b748bf945ad731cbf52c0b_skyscannerrelative-book.woff
static.criteo.net/design/dt/ Frame BCA8 68 KB
68 KB 48ms
16ms Font
application/octet-stream 2a02:2638::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/design/dt/3753f6ac31b748bf945ad731cbf52c0b_skyscannerrelative-book.woff

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

b40ed885c6eabc68309c7e3377008ec3aaba2add66e43fcf6fc2851cdc6a2f98

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://ads.eu.criteo.com/
Origin: https://ads.eu.criteo.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 20 Jan 2022 02:45:25 GMT
content-encoding: gzip
last-modified: Thu, 29 Jul 2021 10:27:15 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"61028283-10ec0"
strict-transport-security: max-age=31536000; preload;
content-type: text/plain; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Sun, 15 Jan 2023 02:45:25 GMT

GET
H2 200 e228b6a4e90947dcaf6c5ad0025ee925_skyscannerrelative-bold.woff
static.criteo.net/design/dt/ Frame BCA8 68 KB
68 KB 64ms
32ms Font
application/octet-stream 2a02:2638::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/design/dt/e228b6a4e90947dcaf6c5ad0025ee925_skyscannerrelative-bold.woff

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

9cb93fc023cca355260310e41056be397ecad26f94a578c5b147762b40fc6d3b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://ads.eu.criteo.com/
Origin: https://ads.eu.criteo.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 20 Jan 2022 02:45:25 GMT
content-encoding: gzip
last-modified: Thu, 29 Jul 2021 10:27:15 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"61028283-10f14"
strict-transport-security: max-age=31536000; preload;
content-type: text/plain; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Sun, 15 Jan 2023 02:45:25 GMT

GET
H2 200 webfontloader.js Show response
cdnjs.cloudflare.com/ajax/libs/webfont/1.6.28/ Frame BCA8 12 KB
5 KB 66ms
24ms Script
application/javascript 2606:4700::6810:135e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/webfont/1.6.28/webfontloader.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:135e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e0ee294b5487df566aad23b603fd902535634cfa957be8e7620396515afb1047

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 20 Jan 2022 02:45:25 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 631226
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 4420
timing-allow-origin: *
last-modified: Mon, 04 May 2020 16:17:52 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb04030-30d9"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hp1zY1fp7IWa%2FEIO1GiLbrGKxtJKR2EfT9%2BEs8zCrrv43dlFV6qAXFE%2Ba32vchwmcCWoNs6OxzpQ%2Fz5wlDtS%2BwemFV0EVOv2qcVx3PgIFrZtUaGsEVrNDAFBZJesZEKTcX%2FbFvWeQJbciczgrKL0P%2FDD"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=30672000
accept-ranges: bytes
cf-ray: 6d04f76f99cc3745-MXP
expires: Tue, 10 Jan 2023 02:45:25 GMT

GET
H3

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 7739
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

0
16 B

31ms
30ms

Document
text/html

2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Thu, 20 Jan 2022 02:45:25 GMT
server: cafe
content-length: 0
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Thu, 20 Jan 2022 02:45:25 GMT
cache-control: private

Redirect headers

location: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
cache-control: private
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Thu, 20 Jan 2022 02:45:25 GMT
server: cafe
content-length: 0
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 R1B9DkRZwcDIRZ3R9sqVqoa_rY5Qa04vEjSiPeGSXMQ.js Show response
pagead2.googlesyndication.com/bg/ Frame 50E1 35 KB
13 KB 9ms
6ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/R1B9DkRZwcDIRZ3R9sqVqoa_rY5Qa04vEjSiPeGSXMQ.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

47507d0e4459c1c0c8459dd1f6ca95aa86bfad8e506b4e2f1234a23de1925cc4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 13 Jan 2022 20:26:05 GMT
content-encoding: br
x-content-type-options: nosniff
age: 541160
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13406
x-xss-protection: 0
last-modified: Wed, 12 Jan 2022 16:08:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 13 Jan 2023 20:26:05 GMT

GET
H2 200 animejs.js Show response
static.criteo.net/animejs/ Frame BCA8 12 KB
6 KB 19ms
16ms Script
text/javascript 2a02:2638::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/animejs/animejs.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

a2e14a498cfcc1b6920f069a9d657ad3c6fbbe217dd26dbfe54815db5107fed6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 20 Jan 2022 02:45:25 GMT
content-encoding: gzip
last-modified: Tue, 26 Mar 2019 17:44:11 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5c9a64eb-3181"
strict-transport-security: max-age=31536000; preload;
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Sun, 15 Jan 2023 02:45:25 GMT

GET
H2 200 img
pix.eu.criteo.net/img/ Frame BCA8 24 KB
24 KB 84ms
38ms Image
image/webp 178.250.0.139
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pix.eu.criteo.net/img/img?h=1200&m=0&partner=7450&q=80&r=0&u=http%3A%2F%2Fstatic.nl.eu.criteo.net%2Fdesign%2Fdt%2F7450%2F211022%2F45f963b9b4db4061b7e96b7b9b33fb3d_img_horizontal_1.png&v=3&w=1200&s=XPRAud79PKlPO2n-2Elk2RGL

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.0.139 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

pix.par.vip.prod.criteo.com

Software

Finatra /

Resource Hash

e861d3c3bf074c8b832c72921647e53513a1493a855cbfe43820933cbeb35dca

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 18 Jan 2022 15:08:05 GMT
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
age: 128238
vary: Origin
x-cache: hit cached
content-type: image/webp
cache-control: public, max-age=29474111
cdn-loop: Criteo
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; preload;
accept-ranges: bytes
timing-allow-origin: *
content-length: 24138
expires: Sun, 25 Dec 2022 18:23:17 GMT

POST
H2 200 all
csm.eu.criteo.net/ Frame BCA8 0
127 B 43ms
13ms Ping
text/plain 178.250.2.150
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://csm.eu.criteo.net/all?cppv=3&cpp=4Ymuoj3IyQf-NqF9EAnL3NmsexiErwmeTwEjOPIlKFflgmHTrlZrVlvK47xqd4mhKxehGn6H0Cxkyt815uBQVglCbPYo2uGbKyoqz2oVpqKGoUhwzjhBJuXNqdPBaTMhcc_4NO0505dc3fz9eBfRIFipt7EMfV9aALIU4iosPt4W8W4POqecmiAR8SnIG0TbnsLHEErX46h5P0Fp2tQAD_XwWWUfpdNeqcXfpNOKWPaD2gcQhUjxceQU0dFaqCcqYFvInA&sds=2&rev=80076.1&sendBeacon=true

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.2.150 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Finatra /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://ads.eu.criteo.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: *
date: Thu, 20 Jan 2022 02:45:24 GMT
cross-origin-resource-policy: cross-origin
server: Finatra
content-length: 0
strict-transport-security: max-age=31536000; preload;

GET
H2 200 criteo_logo_2021.svg
static.criteo.net/flash/icon/ Frame BCA8 2 KB
1 KB 15ms
14ms Image
image/svg+xml 2a02:2638::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/criteo_logo_2021.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

a0e62ca4a82bef79bbe9dc2aba6c0782a7d8eca046bb1baa30ee91ec37931553

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 20 Jan 2022 02:45:25 GMT
content-encoding: gzip
last-modified: Thu, 27 May 2021 13:21:59 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"60af9cf7-891"
strict-transport-security: max-age=31536000; preload;
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Sun, 15 Jan 2023 02:45:25 GMT

GET
H2 200 privacy.svg
static.criteo.net/flash/icon/ Frame BCA8 2 KB
1 KB 16ms
16ms Image
image/svg+xml 2a02:2638::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/privacy.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

095c997695f6a290fdba58b778eb0a0fdcdd9c108669e41265527a262223f1e6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 20 Jan 2022 02:45:25 GMT
content-encoding: gzip
last-modified: Wed, 19 Feb 2020 10:57:21 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e4d1491-646"
strict-transport-security: max-age=31536000; preload;
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Sun, 15 Jan 2023 02:45:25 GMT

GET
H3 200 amp4ads-host-v0.js Show response
cdn.ampproject.org/rtv/012111152338000/ 20 KB
7 KB 31ms
11ms Script
text/javascript 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012111152338000/amp4ads-host-v0.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

de412af0b356920e75086c2488e8df2a6c8e5e1f661a0c11052dd54aad4dc09a

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://dzballon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 534991
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7334
x-xss-protection: 0
server: sffe
date: Thu, 13 Jan 2022 22:08:54 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "8710f745e3fa87a1"
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Fri, 13 Jan 2023 22:08:54 GMT

GET
H3 200 fr.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 44EF 3 KB
3 KB 11ms
11ms Image
image/png 2a00:1450:4001:80f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/fr.png

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/012111152338000/amp4ads-v0.mjs

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

bb10b8a273579cd997035d04ad3d87002aefa416b6ebe91b6c25e4eb0aa6ffcf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 19 Jan 2022 23:03:50 GMT
x-content-type-options: nosniff
server: cafe
age: 13295
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
etag: 12021612326893382710
vary: Accept-Encoding
content-type: image/png
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2724
x-xss-protection: 0
expires: Thu, 20 Jan 2022 23:03:50 GMT

GET
H3 200 icon.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 44EF 295 B
325 B 12ms
12ms Image
image/png 2a00:1450:4001:80f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/icon.png

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/012111152338000/amp4ads-v0.mjs

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 19 Jan 2022 05:43:34 GMT
x-content-type-options: nosniff
server: cafe
age: 75711
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
etag: 426692510519060060
vary: Accept-Encoding
content-type: image/png
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 295
x-xss-protection: 0
expires: Thu, 20 Jan 2022 05:43:34 GMT

GET
H2 200 20220119_123837-218x150.png
dzballon.com/wp-content/uploads/2022/01/ 47 KB
47 KB 35ms
34ms Image
image/png 194.163.146.70
CONTABO

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dzballon.com/wp-content/uploads/2022/01/20220119_123837-218x150.png
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 194.163.146.70 Düsseldorf, Germany, ASN51167 (CONTABO, DE),
Reverse DNS: vmi608334.contaboserver.net
Software: nginx / PleskLin
Resource Hash: ac71d64417653783485631be222c7118ea961ef241c0b31239ea73fe59e91a3e

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://dzballon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 20 Jan 2022 02:45:25 GMT
last-modified: Wed, 19 Jan 2022 11:54:00 GMT
server: nginx
x-powered-by: PleskLin
etag: "61e7fbd8-bb0a"
content-type: image/png
accept-ranges: bytes
content-length: 47882

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 12 KB
9 KB 32ms
18ms XHR
application/json 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20220118&st=env

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

39cbbbc19f3a663dc5b473f73d596ec5becab008ee53321b2e6bab459afd74ce

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://dzballon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 20 Jan 2022 02:45:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9001
x-xss-protection: 0

GET
H2 200 20220114_165935-218x150.jpg
dzballon.com/wp-content/uploads/2022/01/ 16 KB
16 KB 30ms
30ms Image
image/jpeg 194.163.146.70
CONTABO

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dzballon.com/wp-content/uploads/2022/01/20220114_165935-218x150.jpg
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 194.163.146.70 Düsseldorf, Germany, ASN51167 (CONTABO, DE),
Reverse DNS: vmi608334.contaboserver.net
Software: nginx / PleskLin
Resource Hash: c9f687830bc0d491eeddf27da22a8fd036ca2057a039d9698ad41da32f404e32

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://dzballon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 20 Jan 2022 02:45:25 GMT
last-modified: Tue, 18 Jan 2022 19:53:32 GMT
server: nginx
x-powered-by: PleskLin
etag: "61e71abc-3f6f"
content-type: image/jpeg
accept-ranges: bytes
content-length: 16239

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
6 KB 21ms
20ms Script
text/javascript 2a00:1450:4001:80f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://dzballon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 20 Jan 2022 02:45:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Thu, 20 Jan 2022 02:45:25 GMT

GET
H2 200 PicsArt_01-18-10.14.48-218x150.jpg
dzballon.com/wp-content/uploads/2022/01/ 7 KB
7 KB 31ms
31ms Image
image/jpeg 194.163.146.70
CONTABO

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dzballon.com/wp-content/uploads/2022/01/PicsArt_01-18-10.14.48-218x150.jpg
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 194.163.146.70 Düsseldorf, Germany, ASN51167 (CONTABO, DE),
Reverse DNS: vmi608334.contaboserver.net
Software: nginx / PleskLin
Resource Hash: 29849d62fe869a984e9b3ccbce20a502040367ef330cec1d01c258dbd399ea6e

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://dzballon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 20 Jan 2022 02:45:25 GMT
last-modified: Tue, 18 Jan 2022 09:18:32 GMT
server: nginx
x-powered-by: PleskLin
etag: "61e685e8-1cea"
content-type: image/jpeg
accept-ranges: bytes
content-length: 7402

GET
H2 200 20220117_170429-218x150.jpg
dzballon.com/wp-content/uploads/2022/01/ 8 KB
8 KB 25ms
25ms Image
image/jpeg 194.163.146.70
CONTABO

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dzballon.com/wp-content/uploads/2022/01/20220117_170429-218x150.jpg
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 194.163.146.70 Düsseldorf, Germany, ASN51167 (CONTABO, DE),
Reverse DNS: vmi608334.contaboserver.net
Software: nginx / PleskLin
Resource Hash: 4be82e3028526931b66462c083e3c994cecd1fbadd6ba3995658c819e578fcbb

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://dzballon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 20 Jan 2022 02:45:25 GMT
last-modified: Mon, 17 Jan 2022 16:08:33 GMT
server: nginx
x-powered-by: PleskLin
etag: "61e59481-1fe9"
content-type: image/jpeg
accept-ranges: bytes
content-length: 8169

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame A551 13 KB
5 KB 7ms
6ms Document
text/html 2a00:1450:4001:80f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://dzballon.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-length: 5046
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 19 Jan 2022 17:50:03 GMT
expires: Thu, 19 Jan 2023 17:50:03 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
content-type: text/html
age: 32122
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 926E 783 B
537 B 18ms
18ms Document
text/html 2a00:1450:4001:827::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

529f0af4330b3341a3b59daac7cc32cfd956a33b471dcd39ee368cc6662ef8ff

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-Bz7X2USfhGkel5YvT+7KOQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://dzballon.com/

Response headers

cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
expires: Thu, 20 Jan 2022 02:45:25 GMT
date: Thu, 20 Jan 2022 02:45:25 GMT
cache-control: private, max-age=300
content-type: text/html; charset=utf-8
content-security-policy: script-src 'report-sample' 'nonce-Bz7X2USfhGkel5YvT+7KOQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 515
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 20220116_182609-218x150.jpg
dzballon.com/wp-content/uploads/2022/01/ 10 KB
10 KB 28ms
27ms Image
image/jpeg 194.163.146.70
CONTABO

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dzballon.com/wp-content/uploads/2022/01/20220116_182609-218x150.jpg
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 194.163.146.70 Düsseldorf, Germany, ASN51167 (CONTABO, DE),
Reverse DNS: vmi608334.contaboserver.net
Software: nginx / PleskLin
Resource Hash: 256b664b53dbfbe7ad71a1d737942e5678a5a5512d45fbf4a09d527019679079

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://dzballon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 20 Jan 2022 02:45:25 GMT
last-modified: Sun, 16 Jan 2022 17:28:45 GMT
server: nginx
x-powered-by: PleskLin
etag: "61e455cd-273a"
content-type: image/jpeg
accept-ranges: bytes
content-length: 10042

GET
H3 200 R1B9DkRZwcDIRZ3R9sqVqoa_rY5Qa04vEjSiPeGSXMQ.js Show response
pagead2.googlesyndication.com/bg/ Frame A551 35 KB
13 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/R1B9DkRZwcDIRZ3R9sqVqoa_rY5Qa04vEjSiPeGSXMQ.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

47507d0e4459c1c0c8459dd1f6ca95aa86bfad8e506b4e2f1234a23de1925cc4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 13 Jan 2022 20:26:05 GMT
content-encoding: br
x-content-type-options: nosniff
age: 541160
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13406
x-xss-protection: 0
last-modified: Wed, 12 Jan 2022 16:08:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 13 Jan 2023 20:26:05 GMT

GET
H2 200 PicsArt_01-20-12.11.41-218x150.jpg
dzballon.com/wp-content/uploads/2022/01/ 10 KB
10 KB 33ms
33ms Image
image/jpeg 194.163.146.70
CONTABO

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dzballon.com/wp-content/uploads/2022/01/PicsArt_01-20-12.11.41-218x150.jpg
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 194.163.146.70 Düsseldorf, Germany, ASN51167 (CONTABO, DE),
Reverse DNS: vmi608334.contaboserver.net
Software: nginx / PleskLin
Resource Hash: ab68042f68e7ea3548baf47c517df331f286613070b790e8094c6c8368becb9b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://dzballon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 20 Jan 2022 02:45:25 GMT
last-modified: Wed, 19 Jan 2022 23:14:58 GMT
server: nginx
x-powered-by: PleskLin
etag: "61e89b72-2707"
content-type: image/jpeg
accept-ranges: bytes
content-length: 9991

GET
H2 200 Tunisie-Mali-CAN22-218x150.jpg
dzballon.com/wp-content/uploads/2022/01/ 12 KB
12 KB 45ms
45ms Image
image/jpeg 194.163.146.70
CONTABO

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dzballon.com/wp-content/uploads/2022/01/Tunisie-Mali-CAN22-218x150.jpg
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 194.163.146.70 Düsseldorf, Germany, ASN51167 (CONTABO, DE),
Reverse DNS: vmi608334.contaboserver.net
Software: nginx / PleskLin
Resource Hash: 6232c57b872c7fc9b609069c3bbee52d66b4947a7b2e452801b284d3720baed9

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://dzballon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 20 Jan 2022 02:45:25 GMT
last-modified: Sun, 16 Jan 2022 09:28:42 GMT
server: nginx
x-powered-by: PleskLin
etag: "61e3e54a-30ca"
content-type: image/jpeg
accept-ranges: bytes
content-length: 12490

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 926E 0
0 44ms
44ms Image
text/html 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gda_r20220118&jk=2704959983682235&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

GET
H2 200 20211207_201906-1-218x150.jpg
dzballon.com/wp-content/uploads/2021/12/ 10 KB
10 KB 50ms
50ms Image
image/jpeg 194.163.146.70
CONTABO

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dzballon.com/wp-content/uploads/2021/12/20211207_201906-1-218x150.jpg
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 194.163.146.70 Düsseldorf, Germany, ASN51167 (CONTABO, DE),
Reverse DNS: vmi608334.contaboserver.net
Software: nginx / PleskLin
Resource Hash: d27266000786b98147c32cd2aadf66fe494e3912ef0f098e35dc0016f4ff9805

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://dzballon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 20 Jan 2022 02:45:25 GMT
last-modified: Mon, 20 Dec 2021 18:00:27 GMT
server: nginx
x-powered-by: PleskLin
etag: "61c0c4bb-28dd"
content-type: image/jpeg
accept-ranges: bytes
content-length: 10461

GET
H2 200 c773326369e51b8f98bc850d43b9dad4_M-218x150.jpg
dzballon.com/wp-content/uploads/2022/01/ 11 KB
11 KB 64ms
64ms Image
image/jpeg 194.163.146.70
CONTABO

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dzballon.com/wp-content/uploads/2022/01/c773326369e51b8f98bc850d43b9dad4_M-218x150.jpg
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 194.163.146.70 Düsseldorf, Germany, ASN51167 (CONTABO, DE),
Reverse DNS: vmi608334.contaboserver.net
Software: nginx / PleskLin
Resource Hash: 973d11da16f1bb561b6affeb576791d97048919493a007411f9b57d58824cc2f

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://dzballon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 20 Jan 2022 02:45:25 GMT
last-modified: Thu, 13 Jan 2022 10:13:26 GMT
server: nginx
x-powered-by: PleskLin
etag: "61dffb46-2ad9"
content-type: image/jpeg
accept-ranges: bytes
content-length: 10969

GET
H2 200 received_341476081041954-218x150.jpeg
dzballon.com/wp-content/uploads/2021/12/ 9 KB
9 KB 61ms
60ms Image
image/jpeg 194.163.146.70
CONTABO

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dzballon.com/wp-content/uploads/2021/12/received_341476081041954-218x150.jpeg
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 194.163.146.70 Düsseldorf, Germany, ASN51167 (CONTABO, DE),
Reverse DNS: vmi608334.contaboserver.net
Software: nginx / PleskLin
Resource Hash: e2d6bc5a16f50f2894c84d98c666d6cf8f2b05e3b007f19bd3ff984b73598030

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://dzballon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 20 Jan 2022 02:45:25 GMT
last-modified: Wed, 29 Dec 2021 11:45:05 GMT
server: nginx
x-powered-by: PleskLin
etag: "61cc4a41-2541"
content-type: image/jpeg
accept-ranges: bytes
content-length: 9537

GET generate_204
tpc.googlesyndication.com/ Frame A551 0
0

GET
H2 200 IMG-20211219-WA0003-218x150.jpg
dzballon.com/wp-content/uploads/2021/12/ 11 KB
11 KB 60ms
60ms Image
image/jpeg 194.163.146.70
CONTABO

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dzballon.com/wp-content/uploads/2021/12/IMG-20211219-WA0003-218x150.jpg
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 194.163.146.70 Düsseldorf, Germany, ASN51167 (CONTABO, DE),
Reverse DNS: vmi608334.contaboserver.net
Software: nginx / PleskLin
Resource Hash: 89262843691554efbdb00e5e6756e6a2fa8d1423fd04f2016ca596c995a3b6c5

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://dzballon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 20 Jan 2022 02:45:25 GMT
last-modified: Mon, 20 Dec 2021 18:55:16 GMT
server: nginx
x-powered-by: PleskLin
etag: "61c0d194-2a66"
content-type: image/jpeg
accept-ranges: bytes
content-length: 10854

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
20 B 50ms
50ms Image
image/gif 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=225&t=2&li=gda_r20220118&jk=2704959983682235&bg=!-Pul-7_NAAZ_DxPPfw87ACkAdvg8WqNd9ZjDt-Qhaw9HpaEceS9HCO3B3FPUSQnOx-3_Ga-FscamlwIAAABoUgAAAAJoAQeZAqgDFQHoHRWNGvR7otMn8oj84QZm4rgbNPaU3wC5jpSIcFLe57kwpC1_YjScBozAOQvAYM8nVtGFHHoEum9FKJ94yKlcXSgvvrGJ8-6W6njixE14TcAHmYjX9AbRMudcuG-8S434ddoRhCJO3Nk1iMovuE7-0EO3KBKrav4srKE-NonCOkoY2MqtpAOhMhC-yB065n96dVShr8GJtwu9ul6w-teA3Ol-o8rw1KZ8IiO2luCfbd_ZEpZJgDEsDHeYIDCUmg98snnQt2NdML3UZ8GsGd1wlI4-8TDArgvmWGaWY3wFDU7QMDmSd7XrD9_ZCl7GIDKMklQohOKjCGIz25aAVrilV5n2zbFVFftai6b4NDda1N2IJtAMf8QHBoN3PMxuCEs1CJUQQhud38yIDvDfdrgd4zfOTNEwDtEHMRoOQsJz_oVAvhJaLj7x5l6tkMIJdDjk5HUZuXuguPOULLa-oKTFNblh7TrVPHsp_PyFS3twzquDQJdAZx_hEqk7IZfqdxe8-u24rR8DTc_gYKwweiDHqCMfTt7K5y1_vcEm63fQP_bwwI_RPcKmPDQMuA_XPywZTnvWWL-3TB0gycy2kdWy25MSFoHKrxSkDBPMlciTpfxalo4UBR2pnZSLKIdFwxCKaxA4ZUZT1bo3nlGnJpyhcVxNXybJd6h_3GAL-inL_Cy-CmOIbh-nUjbQSHPcu29IKDAGLYKZDgZmW2C-LrG81_k3XOu9MIYy3yArg51C5RQ-gHXoHTb0xeY65_lqELkc1v84yui80ESl9gwssJgk5oMseaRmM9elRESeYMY8AFwR9PEmIZLHaezTGE0F_JLOBYn28swfwMZ8cOu5yf-CvUiMznBz1d5Grg2js3d1_hePGdQlmOTQryEsTo4S6twzICLhTQ

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://dzballon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 20 Jan 2022 02:45:25 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 PicsArt_11-06-10.25.29-218x150.jpg
dzballon.com/wp-content/uploads/2021/11/ 11 KB
11 KB 54ms
53ms Image
image/jpeg 194.163.146.70
CONTABO

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dzballon.com/wp-content/uploads/2021/11/PicsArt_11-06-10.25.29-218x150.jpg
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 194.163.146.70 Düsseldorf, Germany, ASN51167 (CONTABO, DE),
Reverse DNS: vmi608334.contaboserver.net
Software: nginx / PleskLin
Resource Hash: 869196bfee1fa3405cf3010380316d4d8d4d3497099811d55341284c0a892c81

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://dzballon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 20 Jan 2022 02:45:25 GMT
last-modified: Sat, 06 Nov 2021 21:26:50 GMT
server: nginx
x-powered-by: PleskLin
etag: "6186f31a-2a6a"
content-type: image/jpeg
accept-ranges: bytes
content-length: 10858

GET
H2 200 PicsArt_10-25-06.58.25-218x150.jpg
dzballon.com/wp-content/uploads/2021/10/ 9 KB
9 KB 55ms
55ms Image
image/jpeg 194.163.146.70
CONTABO

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dzballon.com/wp-content/uploads/2021/10/PicsArt_10-25-06.58.25-218x150.jpg
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 194.163.146.70 Düsseldorf, Germany, ASN51167 (CONTABO, DE),
Reverse DNS: vmi608334.contaboserver.net
Software: nginx / PleskLin
Resource Hash: 76ebf46d3956e4f98061ff9f466f4034ee0aca98131475c5142ddb2d1b4ee31e

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://dzballon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 20 Jan 2022 02:45:25 GMT
last-modified: Mon, 25 Oct 2021 17:02:35 GMT
server: nginx
x-powered-by: PleskLin
etag: "6176e32b-22cb"
content-type: image/jpeg
accept-ranges: bytes
content-length: 8907

GET
H2 200 PicsArt_01-19-02.47.33-218x150.jpg
dzballon.com/wp-content/uploads/2022/01/ 11 KB
11 KB 41ms
41ms Image
image/jpeg 194.163.146.70
CONTABO

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dzballon.com/wp-content/uploads/2022/01/PicsArt_01-19-02.47.33-218x150.jpg
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 194.163.146.70 Düsseldorf, Germany, ASN51167 (CONTABO, DE),
Reverse DNS: vmi608334.contaboserver.net
Software: nginx / PleskLin
Resource Hash: 2f478a941de27403f8cbf578f19ff2f1d728d804dbfca3e4cde6ba82491b1d03

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://dzballon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 20 Jan 2022 02:45:25 GMT
last-modified: Wed, 19 Jan 2022 13:52:23 GMT
server: nginx
x-powered-by: PleskLin
etag: "61e81797-2a5e"
content-type: image/jpeg
accept-ranges: bytes
content-length: 10846

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 02A6 42 B
64 B 34ms
34ms Fetch
image/gif 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjss6-qKEwFzsdGoomLll3pZiFk89lWkKcPWJVIDudiONjVBNl94rkPhZ_2Mcuc24OMBkwaXbC8fj-FpYZh2L7_w8QKxVJ159VY5VbCbFuBdaURo7ymgQOw&sai=AMfl-YT8bgrggFPAx1kD3M_uezpvv9a3LbMhxMpw4kpIEhZVSIRwzDCYCSa9w_FJsSS6MxejyHJH-A_sirpU&sig=Cg0ArKJSzMhn4NCI9TiMEAE&id=lidar2&mcvt=1001&p=0,0,90,728&mtos=1001,1001,1001,1001,1001&tos=1001,0,0,0,0&v=20220119&bin=7&avms=nio&bs=0,0&mc=1&if=1&app=0&itpl=4&adk=1519400323&rs=2&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0%3D&vs=4&r=v&rst=1642646724018&rpt=557&met=mue&wmsd=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 20 Jan 2022 02:45:25 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 PicsArt_01-13-05.37.59-218x150.jpg
dzballon.com/wp-content/uploads/2022/01/ 10 KB
10 KB 26ms
26ms Image
image/jpeg 194.163.146.70
CONTABO

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dzballon.com/wp-content/uploads/2022/01/PicsArt_01-13-05.37.59-218x150.jpg
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 194.163.146.70 Düsseldorf, Germany, ASN51167 (CONTABO, DE),
Reverse DNS: vmi608334.contaboserver.net
Software: nginx / PleskLin
Resource Hash: 3edcdaf5f6dcb961a25eaaa2883071958457a1fca80e398214458c8e9a74e71b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://dzballon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 20 Jan 2022 02:45:25 GMT
last-modified: Thu, 13 Jan 2022 16:40:09 GMT
server: nginx
x-powered-by: PleskLin
etag: "61e055e9-2823"
content-type: image/jpeg
accept-ranges: bytes
content-length: 10275

GET
H2 200 PicsArt_01-03-01.33.50-218x150.jpg
dzballon.com/wp-content/uploads/2022/01/ 10 KB
10 KB 35ms
34ms Image
image/jpeg 194.163.146.70
CONTABO

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dzballon.com/wp-content/uploads/2022/01/PicsArt_01-03-01.33.50-218x150.jpg
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 194.163.146.70 Düsseldorf, Germany, ASN51167 (CONTABO, DE),
Reverse DNS: vmi608334.contaboserver.net
Software: nginx / PleskLin
Resource Hash: 27a7a32a3c081b112b83ff21dc0739ed4d0574664e21969eccdcd0ff7ab08d0d

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://dzballon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 20 Jan 2022 02:45:25 GMT
last-modified: Mon, 03 Jan 2022 12:46:43 GMT
server: nginx
x-powered-by: PleskLin
etag: "61d2f033-27c2"
content-type: image/jpeg
accept-ranges: bytes
content-length: 10178

GET
H2 200 Belkaid-218x150.jpg
dzballon.com/wp-content/uploads/2021/12/ 18 KB
18 KB 26ms
26ms Image
image/jpeg 194.163.146.70
CONTABO

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dzballon.com/wp-content/uploads/2021/12/Belkaid-218x150.jpg
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 194.163.146.70 Düsseldorf, Germany, ASN51167 (CONTABO, DE),
Reverse DNS: vmi608334.contaboserver.net
Software: nginx / PleskLin
Resource Hash: 2cba906d72fc37f9fd9fce2983f8faed2dd73ec43e0333374bfe3a64c5bad25b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://dzballon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 20 Jan 2022 02:45:25 GMT
last-modified: Tue, 28 Dec 2021 07:19:37 GMT
server: nginx
x-powered-by: PleskLin
etag: "61caba89-484b"
content-type: image/jpeg
accept-ranges: bytes
content-length: 18507

GET
H2 200 PicsArt_12-25-10.58.09-218x150.jpg
dzballon.com/wp-content/uploads/2021/12/ 7 KB
7 KB 24ms
22ms Image
image/jpeg 194.163.146.70
CONTABO

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dzballon.com/wp-content/uploads/2021/12/PicsArt_12-25-10.58.09-218x150.jpg
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 194.163.146.70 Düsseldorf, Germany, ASN51167 (CONTABO, DE),
Reverse DNS: vmi608334.contaboserver.net
Software: nginx / PleskLin
Resource Hash: 420001c50bde20b4d121e6a04ba09f67760757223035179b8a795441b138658a

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://dzballon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 20 Jan 2022 02:45:25 GMT
last-modified: Sat, 25 Dec 2021 10:00:55 GMT
server: nginx
x-powered-by: PleskLin
etag: "61c6ebd7-1d23"
content-type: image/jpeg
accept-ranges: bytes
content-length: 7459

GET
H2 200 inbound6113740443316119599-218x150.jpg
dzballon.com/wp-content/uploads/2021/09/ 10 KB
11 KB 25ms
25ms Image
image/jpeg 194.163.146.70
CONTABO

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dzballon.com/wp-content/uploads/2021/09/inbound6113740443316119599-218x150.jpg
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 194.163.146.70 Düsseldorf, Germany, ASN51167 (CONTABO, DE),
Reverse DNS: vmi608334.contaboserver.net
Software: nginx / PleskLin
Resource Hash: e8b1a361ff4f05773f011f013ff551dcd744f18386132dfedebbf169fe0bef49

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://dzballon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 20 Jan 2022 02:45:25 GMT
last-modified: Tue, 07 Sep 2021 11:24:39 GMT
server: nginx
x-powered-by: PleskLin
etag: "61374bf7-297d"
content-type: image/jpeg
accept-ranges: bytes
content-length: 10621

GET
H2 200 cd0a735c925491d315d0034942abe5be_M-218x150.jpg
dzballon.com/wp-content/uploads/2021/07/ 9 KB
9 KB 25ms
25ms Image
image/jpeg 194.163.146.70
CONTABO

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dzballon.com/wp-content/uploads/2021/07/cd0a735c925491d315d0034942abe5be_M-218x150.jpg
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 194.163.146.70 Düsseldorf, Germany, ASN51167 (CONTABO, DE),
Reverse DNS: vmi608334.contaboserver.net
Software: nginx / PleskLin
Resource Hash: 10955b8997ada1b8d6e0c02c6f0a2085c630beba9131bd57fb7ca0fee88e44ce

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://dzballon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 20 Jan 2022 02:45:25 GMT
last-modified: Mon, 19 Jul 2021 19:30:49 GMT
server: nginx
x-powered-by: PleskLin
etag: "60f5d2e9-22cf"
content-type: image/jpeg
accept-ranges: bytes
content-length: 8911

GET
H2 200 fifa-infantino-218x150.jpg
dzballon.com/wp-content/uploads/2021/05/ 10 KB
10 KB 53ms
52ms Image
image/jpeg 194.163.146.70
CONTABO

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dzballon.com/wp-content/uploads/2021/05/fifa-infantino-218x150.jpg
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 194.163.146.70 Düsseldorf, Germany, ASN51167 (CONTABO, DE),
Reverse DNS: vmi608334.contaboserver.net
Software: nginx / PleskLin
Resource Hash: fa6ea350cdbbfdc9b3cdfb47db6c399bf9dda200c5078207d815c51c9c6ac06c

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://dzballon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 20 Jan 2022 02:45:25 GMT
last-modified: Fri, 21 May 2021 07:56:52 GMT
server: nginx
x-powered-by: PleskLin
etag: "60a767c4-27c8"
content-type: image/jpeg
accept-ranges: bytes
content-length: 10184

GET
H2 200 zinedine-zidane-chelsea.jpg
dzballon.com/wp-content/uploads/2021/02/ 60 KB
60 KB 28ms
28ms Image
image/jpeg 194.163.146.70
CONTABO

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dzballon.com/wp-content/uploads/2021/02/zinedine-zidane-chelsea.jpg
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 194.163.146.70 Düsseldorf, Germany, ASN51167 (CONTABO, DE),
Reverse DNS: vmi608334.contaboserver.net
Software: nginx / PleskLin
Resource Hash: b5741f59263bc6c2413bd5fc0d3f18bc7e38e9aa0334dcabcef9272907ca7e93

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://dzballon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 20 Jan 2022 02:45:25 GMT
last-modified: Sat, 06 Feb 2021 09:30:17 GMT
server: nginx
x-powered-by: PleskLin
etag: "601e61a9-eeab"
content-type: image/jpeg
accept-ranges: bytes
content-length: 61099

GET
H2 200 large-ogc-nice-le-degout-de-gouiri-c982e.jpg
dzballon.com/wp-content/uploads/2021/01/ 33 KB
34 KB 30ms
29ms Image
image/jpeg 194.163.146.70
CONTABO

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dzballon.com/wp-content/uploads/2021/01/large-ogc-nice-le-degout-de-gouiri-c982e.jpg
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 194.163.146.70 Düsseldorf, Germany, ASN51167 (CONTABO, DE),
Reverse DNS: vmi608334.contaboserver.net
Software: nginx / PleskLin
Resource Hash: c16fdc3958de5eb401df85339e3d417e16e047d3c60fd54f6182c269a1781dbc

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://dzballon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 20 Jan 2022 02:45:25 GMT
last-modified: Sun, 17 Jan 2021 17:33:18 GMT
server: nginx
x-powered-by: PleskLin
etag: "600474de-85b2"
content-type: image/jpeg
accept-ranges: bytes
content-length: 34226

GET
H2 200 PicsArt_01-20-12.11.41-534x428.jpg
dzballon.com/wp-content/uploads/2022/01/ 45 KB
45 KB 26ms
25ms Image
image/jpeg 194.163.146.70
CONTABO

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dzballon.com/wp-content/uploads/2022/01/PicsArt_01-20-12.11.41-534x428.jpg
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 194.163.146.70 Düsseldorf, Germany, ASN51167 (CONTABO, DE),
Reverse DNS: vmi608334.contaboserver.net
Software: nginx / PleskLin
Resource Hash: 565c1db5a1b0118981d4fe2416bba1c25948c94c742bdaf792b5365bce2d5f81

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://dzballon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 20 Jan 2022 02:45:25 GMT
last-modified: Wed, 19 Jan 2022 23:14:59 GMT
server: nginx
x-powered-by: PleskLin
etag: "61e89b73-b3e1"
content-type: image/jpeg
accept-ranges: bytes
content-length: 46049

GET
H2 200 Tunisie-Mali-CAN22-533x261.jpg
dzballon.com/wp-content/uploads/2022/01/ 40 KB
40 KB 26ms
26ms Image
image/jpeg 194.163.146.70
CONTABO

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dzballon.com/wp-content/uploads/2022/01/Tunisie-Mali-CAN22-533x261.jpg
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 194.163.146.70 Düsseldorf, Germany, ASN51167 (CONTABO, DE),
Reverse DNS: vmi608334.contaboserver.net
Software: nginx / PleskLin
Resource Hash: 336a9875c82ccd6c548f31ec93375c474ff9870657856ecfa804813e4248cd04

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://dzballon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 20 Jan 2022 02:45:25 GMT
last-modified: Sun, 16 Jan 2022 09:28:43 GMT
server: nginx
x-powered-by: PleskLin
etag: "61e3e54b-9ebc"
content-type: image/jpeg
accept-ranges: bytes
content-length: 40636

GET
H2 200 20211207_201906-1-533x261.jpg
dzballon.com/wp-content/uploads/2021/12/ 31 KB
31 KB 49ms
49ms Image
image/jpeg 194.163.146.70
CONTABO

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dzballon.com/wp-content/uploads/2021/12/20211207_201906-1-533x261.jpg
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 194.163.146.70 Düsseldorf, Germany, ASN51167 (CONTABO, DE),
Reverse DNS: vmi608334.contaboserver.net
Software: nginx / PleskLin
Resource Hash: b7b9bb6ebc4a164fb412afbe62746ac7c886414292f16ed18c85303520ba30c1

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://dzballon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 20 Jan 2022 02:45:25 GMT
last-modified: Mon, 20 Dec 2021 18:00:29 GMT
server: nginx
x-powered-by: PleskLin
etag: "61c0c4bd-7c92"
content-type: image/jpeg
accept-ranges: bytes
content-length: 31890

GET
H2 200 c773326369e51b8f98bc850d43b9dad4_M-218x150.jpg
dzballon.com/wp-content/uploads/2022/01/ 11 KB
11 KB 27ms
27ms Image
image/jpeg 194.163.146.70
CONTABO

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dzballon.com/wp-content/uploads/2022/01/c773326369e51b8f98bc850d43b9dad4_M-218x150.jpg
Requested by: Host: c0.wp.com
URL: https://c0.wp.com/c/5.8.3/wp-includes/js/jquery/jquery.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 194.163.146.70 Düsseldorf, Germany, ASN51167 (CONTABO, DE),
Reverse DNS: vmi608334.contaboserver.net
Software: nginx / PleskLin
Resource Hash: 973d11da16f1bb561b6affeb576791d97048919493a007411f9b57d58824cc2f

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://dzballon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 20 Jan 2022 02:45:25 GMT
last-modified: Thu, 13 Jan 2022 10:13:26 GMT
server: nginx
x-powered-by: PleskLin
etag: "61dffb46-2ad9"
content-type: image/jpeg
accept-ranges: bytes
content-length: 10969

GET
H2 200 PicsArt_01-19-08.32.52-218x150.jpg
dzballon.com/wp-content/uploads/2022/01/ 7 KB
7 KB 23ms
23ms Image
image/jpeg 194.163.146.70
CONTABO

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dzballon.com/wp-content/uploads/2022/01/PicsArt_01-19-08.32.52-218x150.jpg
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 194.163.146.70 Düsseldorf, Germany, ASN51167 (CONTABO, DE),
Reverse DNS: vmi608334.contaboserver.net
Software: nginx / PleskLin
Resource Hash: e528fb64e8074e76df9a5c697281140f0d28dc35c8b704506d74ae1b59859c5e

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://dzballon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 20 Jan 2022 02:45:25 GMT
last-modified: Wed, 19 Jan 2022 19:43:47 GMT
server: nginx
x-powered-by: PleskLin
etag: "61e869f3-1aa8"
content-type: image/jpeg
accept-ranges: bytes
content-length: 6824

GET
H2 200 PicsArt_01-07-04.49.58-218x150.jpg
dzballon.com/wp-content/uploads/2022/01/ 6 KB
6 KB 24ms
23ms Image
image/jpeg 194.163.146.70
CONTABO

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dzballon.com/wp-content/uploads/2022/01/PicsArt_01-07-04.49.58-218x150.jpg
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 194.163.146.70 Düsseldorf, Germany, ASN51167 (CONTABO, DE),
Reverse DNS: vmi608334.contaboserver.net
Software: nginx / PleskLin
Resource Hash: b972bf2c97888a8286afc6f9e953a08e4aadc54d83f94d9421b75d3c86364334

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://dzballon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 20 Jan 2022 02:45:25 GMT
last-modified: Fri, 07 Jan 2022 15:52:28 GMT
server: nginx
x-powered-by: PleskLin
etag: "61d861bc-17e5"
content-type: image/jpeg
accept-ranges: bytes
content-length: 6117

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame DFFF 42 B
64 B 16ms
16ms Fetch
image/gif 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsv0UehEXvdHnM13rzLTYelF7VU4xrYXHVDXSmtrwsr3urZxNbo1qrz9xEmHT49nRm2v5waDVVcd07576lB4hmvjXg&sig=Cg0ArKJSzGFzkwTIBnK7EAE&id=lidar2&mcvt=1000&p=0,0,124,1005&mtos=170,809,1000,1161,1228&tos=170,639,191,161,67&v=20220119&bin=7&avms=nio&bs=0,0&mc=1&if=1&app=0&itpl=20&adk=1812271801&rs=2&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0%3D&vs=4&r=v&rst=1642646724460&rpt=249&met=ie&wmsd=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 20 Jan 2022 02:45:25 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 all
csm.eu.criteo.net/ Frame BCA8 0
127 B 13ms
13ms Ping
text/plain 178.250.2.150
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.2.150 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Finatra /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://ads.eu.criteo.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: *
date: Thu, 20 Jan 2022 02:45:25 GMT
cross-origin-resource-policy: cross-origin
server: Finatra
content-length: 0
strict-transport-security: max-age=31536000; preload;

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/generate_204?aNmtuQ

Verdicts & Comments Add Verdict or Comment

218 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

3 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.dzballon.com/	1970-01-20 09:39:02	Name: __gads Value: ID=5524947a1d7308d9-228ea1a223cd0046:T=1642646724:RT=1642646724:S=ALNI_MY2xDSGH5eQ2IMe6Ct0s7GWuz4aDg
.doubleclick.net/	1970-01-20 09:39:02	Name: IDE Value: AHWqTUlP8U-_mrT-TPDKpIllY2DiMw606vXJJtimZBZy7Iy9fgoVrqAFx8Wxx-ZrY_c
.doubleclick.net/	1970-01-20 00:17:30	Name: DSID Value: NO_DATA

8 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://scontent.cdninstagram.com/v/t51.2885-15/sh0.08/e35/c180.0.1080.1080a/s640x640/240650082_108516841555149_2097008472042213560_n.jpg?_nc_ht=scontent.cdninstagram.com&_nc_ohc=3rcewncnAqUAX_QVdia&edm=ABfd0MgBAAAA&ccb=7-4&oh=01ce8f4a37620af93ff7fb67b1e581a1&oe=612F6414&_nc_sid=7bff83 Message: Failed to load resource: the server responded with a status of 403 ()
network	error	URL: https://scontent.cdninstagram.com/v/t51.2885-15/sh0.08/e35/c0.180.1440.1440a/s640x640/240726761_531037914824344_3789221188358688463_n.jpg?_nc_ht=scontent.cdninstagram.com&_nc_ohc=PKHJqN2dUE0AX87BoM4&edm=ABfd0MgBAAAA&ccb=7-4&oh=d9a96068fe11b252c7a157bfe4e01345&oe=6130B304&_nc_sid=7bff83 Message: Failed to load resource: the server responded with a status of 403 ()
network	error	URL: https://scontent.cdninstagram.com/v/t51.2885-15/sh0.08/e35/s640x640/240539785_834389933888398_2680321340957815073_n.jpg?_nc_ht=scontent.cdninstagram.com&_nc_ohc=ioVUo7mQD0oAX_IpHVs&edm=ABfd0MgBAAAA&ccb=7-4&oh=ddb6cd8ac5a63221a9e204c046360746&oe=61312972&_nc_sid=7bff83 Message: Failed to load resource: the server responded with a status of 403 ()
network	error	URL: https://scontent.cdninstagram.com/v/t51.2885-15/sh0.08/e35/c0.90.720.720a/s640x640/240643307_4360681767323295_3564434620847978576_n.jpg?_nc_ht=scontent.cdninstagram.com&_nc_ohc=i8Y1b9QOfSQAX-uZRfE&edm=ABfd0MgBAAAA&ccb=7-4&oh=863686eb649cb5fd107fa67862c72377&oe=61304847&_nc_sid=7bff83 Message: Failed to load resource: the server responded with a status of 403 ()
network	error	URL: https://scontent.cdninstagram.com/v/t51.2885-15/sh0.08/e35/c0.180.1440.1440a/s640x640/240762422_4977006572315316_8609845599371609825_n.jpg?_nc_ht=scontent.cdninstagram.com&_nc_ohc=SYll56SIkF4AX__EeZM&edm=ABfd0MgBAAAA&ccb=7-4&oh=a8381e825ec352eed16bbdfb6680a127&oe=612F76EB&_nc_sid=7bff83 Message: Failed to load resource: the server responded with a status of 403 ()
network	error	URL: https://sharp-elbakyan.194-163-146-70.plesk.page/wp-content/uploads/2016/11/dzball.jpg Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://sharp-elbakyan.194-163-146-70.plesk.page/wp-content/uploads/2016/11/DZBAL-200x110.png Message: Failed to load resource: the server responded with a status of 404 ()
other	warning	URL: https://cdn.ampproject.org/rtv/012111152338000/v0/amp-ad-exit-0.1.mjs(Line 2) Message: Unrecognized feature: 'attribution-reporting'.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ads.eu.criteo.com
adservice.google.com
adservice.google.de
c0.wp.com
cat.nl.eu.criteo.com
cdn.ampproject.org
cdnjs.cloudflare.com
csm.eu.criteo.net
dzballon.com
encrypted-tbn0.gstatic.com
encrypted-tbn1.gstatic.com
encrypted-tbn2.gstatic.com
encrypted-tbn3.gstatic.com
fonts.googleapis.com
fonts.gstatic.com
googleads.g.doubleclick.net
pagead2.googlesyndication.com
partner.googleadservices.com
pix.eu.criteo.net
pixel.wp.com
rtb.nl.eu.criteo.com
scontent.cdninstagram.com
sharp-elbakyan.194-163-146-70.plesk.page
static.criteo.net
stats.wp.com
tpc.googlesyndication.com
www.google.com
www.googletagservices.com
www.gstatic.com
tpc.googlesyndication.com
142.250.186.130
178.250.0.139
178.250.2.148
178.250.2.150
192.0.76.3
192.0.77.37
194.163.146.70
2606:4700::6810:135e
2a00:1450:4001:801::2002
2a00:1450:4001:808::2003
2a00:1450:4001:80f::2001
2a00:1450:4001:810::2002
2a00:1450:4001:810::200e
2a00:1450:4001:811::200a
2a00:1450:4001:827::2003
2a00:1450:4001:827::2004
2a00:1450:4001:828::2002
2a00:1450:4001:829::2001
2a00:1450:4001:829::200e
2a00:1450:4001:82b::200e
2a00:1450:4001:831::2002
2a02:2638:1::11
2a02:2638:1::2
2a02:2638::3
2a03:2880:f21c:80c4:face:b00c:0:43fe
0164790714c658bcbe873c5f3d396cebc8130468b1dd579ff0af1ebe00462e69
029e0a2e809fd6b5dbe76abe8b7a74936be306c9a8c27c814c4d44aa54623300
043cafc63f50b2ba976044bc7dfba6ccb1a1878d527f883cb81984c5585cd9da
069e2abed69e2efcd6930c0615ae8c32c1cb9f76e6e9ffae45495bc6759a3f95
095c997695f6a290fdba58b778eb0a0fdcdd9c108669e41265527a262223f1e6
0eaeadb58e6995ba85eccb6198aaef77eeb1d4b66699e4e1f3fc10eb6adfcdb9
10955b8997ada1b8d6e0c02c6f0a2085c630beba9131bd57fb7ca0fee88e44ce
111d5349381a9e8f6e2fb551a06de98feb7b7957ba1eff38443f9e696519683b
11d02526cbaad695117721d111752936444366ac35fec7d36bf8d5fb2aab3094
13463b6a26f4ee2ce508df098003cdc101ebb17be48bb9b787665b4ada56cf58
143ce443c390db3b8598f951de20bd04623859a581a15b8cde43ebfa1f8ec103
144822a1b5316a4e9a06ffbf5802b8c1cbbc0a3f230d81b98f362f7fe4c128c8
14b52d5e44212b22f6de0be5caeeb5bba561a29fd91bf6076bf1ad6d45ecae6f
16366d2552aa8349747c1168a3ef03665652b08d80385b6664c4cbf6a5b2f932
172d5b83579e06dce26714973595e570204438c66e025f8a65082df29221626b
175148d4fdd889379200c6272e78ef47be5011cfac3148306096d45f22edea60
18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421
18ec45978f0a68004bbcff5a150f9eb62cfac449a51f15c5a61336a2ad1d4675
2039446f8956518da2c2d70116d18c92fac3b04110942de074748aa4041067fb
22bb0800e901e200d23b739ff8e2d955aab11864f999e8ebe1405cda4dc9fb8b
256b664b53dbfbe7ad71a1d737942e5678a5a5512d45fbf4a09d527019679079
277c84697b5039a7583a843ba2e6b784354925898a15056c8d975b696d2e7c2c
2781a6ed908f486b1ffec6015184126d4727e17eb6bfdc9348771137945b0d9e
279249ed963fcd87e6321b024c0194248dd1b44af5353e134071cdfff953967b
27a7a32a3c081b112b83ff21dc0739ed4d0574664e21969eccdcd0ff7ab08d0d
29849d62fe869a984e9b3ccbce20a502040367ef330cec1d01c258dbd399ea6e
2b46a5109d58b3e12035f88db55124c33a4bf3da15786e22b74fdc221c2717aa
2cba906d72fc37f9fd9fce2983f8faed2dd73ec43e0333374bfe3a64c5bad25b
2e10d353ff038c2cad3492fc17801af3e6ef2669c9e9713bdb78b1dcb104c4fe
2f478a941de27403f8cbf578f19ff2f1d728d804dbfca3e4cde6ba82491b1d03
336a9875c82ccd6c548f31ec93375c474ff9870657856ecfa804813e4248cd04
39cbbbc19f3a663dc5b473f73d596ec5becab008ee53321b2e6bab459afd74ce
3b1ee790755f9c51e92fc58c5cd665097b4f3384114a6a9e58e674cf490551bc
3edcdaf5f6dcb961a25eaaa2883071958457a1fca80e398214458c8e9a74e71b
41b60d2262cffca90f6cd644983a2d813336dc959558bdd6ae54b35ef06dd9fb
420001c50bde20b4d121e6a04ba09f67760757223035179b8a795441b138658a
425b48211e0ebe795b6ead9ec2f1bcd9e04e9930a7dd30e08cdb2fef0bcb834c
425f48a06ab0e9a4a4d792a6677189720f377ec09a073ecdae6232a89cc221f2
464dc2f879f117d9cf75aaf32a66039b5bb54874ca5aa4f6eb473e6abb230ea2
47507d0e4459c1c0c8459dd1f6ca95aa86bfad8e506b4e2f1234a23de1925cc4
475700259e64d480d1a70023e14741bb298a025e338bb608552e2472d4505a65
49fa858e491838e0af94ffe3844bcb3cb02b6ea39cc314241e982935777d78d5
4be82e3028526931b66462c083e3c994cecd1fbadd6ba3995658c819e578fcbb
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
4e46e56dce46d21c527e164d6749fb5ff0101f400aede06a8711196da9e5c619
4efd43ff6d6dc2c922d3ba71a80f7f499eb56f65df5fe2c60305b35e66062eae
529f0af4330b3341a3b59daac7cc32cfd956a33b471dcd39ee368cc6662ef8ff
53b907326f7c21a04f6d39cc32ff471aafec57d887feabfabb53394f378c659f
557c7d8dd32557129cec3d5d4f221eef6e8706e0855f826f5f6db4278e08420b
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
565c1db5a1b0118981d4fe2416bba1c25948c94c742bdaf792b5365bce2d5f81
56b81c23b91dcbe22a67a9ade320d3b94b025a119f72cdd98882dca248fdca82
56d585959e7003ad763698b8edea1f0279ae5311d0c7bf707f6b4214fedb2d2d
58c94bdd4ce52fc89cc90baf1d36bb5cb64ea15538168c2b52411a5ab55a0b44
5b06f817bc8877172dc8b712c3fca3f1cec9b3fa9508074811c274f9995e59ef
5b84e7dce8962bd2a95a44cf20a131625a8faeef1a01b02f6695de746560977d
5be614bce53f767993a5f5f14a6badd6aae6bf3af7cbdbf4d31520de49e27991
5dacc86b8a64742e60d70192353e5643da219a3f84c0b26cf6116b06b67fff32
5df0f0543a4ad5a0db36d12288ba6583088f2ed6ff60b631c7afd0550d143161
5e88cefac5e42c621823471d18bd3f7bee0f5504f6aeb14a035a4ebce04b622f
5fd9b4b10be5a293cbc0f2f89cb21d2072517953a34fb6ac2e7df8d13a966ffe
607abab2dcc713bafb514fcccf1275601f532bece2ee6e9fed786d3bf26cecc6
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
6232c57b872c7fc9b609069c3bbee52d66b4947a7b2e452801b284d3720baed9
6360dd4b070d652ea545030aaba1d8336ac1023c38645b0a5337b10cede8bced
63697d88ab7b6e34e76e5990b867c706cb4346c27ec1c5a034c4d91dfb136778
6eeeb9737a6d4907b3dd5580f7ed56ed22d8e7343708e27913d3cc175bbc2a5a
72393184710bb73bc37a82ef62103ba674eb9accbf1528ea43eeed06b79729b4
73389089ab7c93cf8a7555dd9f377c1888fb9e1464fb9c38e801cd54a5bc2289
76ebf46d3956e4f98061ff9f466f4034ee0aca98131475c5142ddb2d1b4ee31e
799942068b35eab254d5fc88af6d46bde09341213e1147106649ff6da70af410
7ae5b52b01b37efb4547c3493f75abf51dc034326bb6f1ff6fc97348065716ba
7d49aabe895f1d820a16c4efc73acee66e8d6c7fd909262ef24583a631644f7c
7def77894d5b0e0932a3339d746041fd2f4389d6e83bea19295c949358de8719
7e1af00dfd3de49219100b384bc2a6c72f459407f40a896a3c032c312166644a
7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b
82d0aae1e7b8cfc0574d6548d1f35096f5e4310321aa964ff3fdb46c4d12e302
83f724d2d4755adfdefb58c29a4d1ef7ff3c66714778829fb482389a78ed1f33
85a3e553ac1d29157dd9e677f5d37cc57646a4b4cd860cf250f82386b99ee0ff
869196bfee1fa3405cf3010380316d4d8d4d3497099811d55341284c0a892c81
88915cdc03fc5b9a20aec966fe93ee38aa3fd76bfef296e41d305271b3541c96
88a8e26ec4914ec8e695a984f7c9190540dfdc2ef9eaf3453f4f3736b8381751
89262843691554efbdb00e5e6756e6a2fa8d1423fd04f2016ca596c995a3b6c5
8c69b3e3327bb29400d64d5afce7a274ec511dde249ae88230020274ecb7e857
8cc19a88f3591eb7d510ae2e25e8adc76924a1aad527528191b0eeb6e8d6314a
8d69291819d847fed994ee4f0ca9578a6780dec5b3f9826b28b5a4f5c03acd65
8ec89605fe3d580e9539c7b858e8f69ba4e26fe06377ebe04585397de23a7395
8f9a7962cf58f27b89c0627d094ee1b631ec118675f9eae1dc06031353360422
9110fc122dda3067c424d9b8ff7747e2030b0bd9298f69a3683d399ad3373a6a
91b4d6c7fc98cfd6933eb0a5e7672c9f3e288833f8bf3a2cb53df9b4ae4e5721
92974e171b9a9118be88051b467af8a173d77656a7636c19c7d93d1c8810f32c
969b5f20e50624afd483ec6e5e8767fafffbaf0b2fb046f034ace12c1e45a094
973d11da16f1bb561b6affeb576791d97048919493a007411f9b57d58824cc2f
9cb93fc023cca355260310e41056be397ecad26f94a578c5b147762b40fc6d3b
a0e62ca4a82bef79bbe9dc2aba6c0782a7d8eca046bb1baa30ee91ec37931553
a2e14a498cfcc1b6920f069a9d657ad3c6fbbe217dd26dbfe54815db5107fed6
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a4c3a418910a54a73af5b502b0ec505ffb28dab93d96903665818d7685f43be0
a6ce4d54ed425c7f93bbd532dcaa9ded367f84cba4f67cac2cd9b3dc60cbfadc
a71fdb2af0679f36edbf63eb7944dc2403c85572d9de916cfcb12bf6277c5c37
a93a51d2e4d91b1ca6d3f91b6209b0ae72b53ca2667a9243a1bca15b8a1745ce
ab68042f68e7ea3548baf47c517df331f286613070b790e8094c6c8368becb9b
ac71d64417653783485631be222c7118ea961ef241c0b31239ea73fe59e91a3e
b110f3daa79a387e22980bebb12bb90ac5d523f307fc338a914ac7c94b49ccb7
b40ed885c6eabc68309c7e3377008ec3aaba2add66e43fcf6fc2851cdc6a2f98
b43ffd8fd57e794b57240dd0b58d2079d3076df48297fb4dcbb30a9a201442b2
b5741f59263bc6c2413bd5fc0d3f18bc7e38e9aa0334dcabcef9272907ca7e93
b7908a015a567ec2363011df2475368dbff34360e9da3fdff50604d6395fb646
b7b9bb6ebc4a164fb412afbe62746ac7c886414292f16ed18c85303520ba30c1
b883c4dcf83d3ebdcb2e1be6bb54fa0e1cd0d4a39b2743156726b1491b699475
b972bf2c97888a8286afc6f9e953a08e4aadc54d83f94d9421b75d3c86364334
bb10b8a273579cd997035d04ad3d87002aefa416b6ebe91b6c25e4eb0aa6ffcf
bb46ed079c3dd3c39af5051b4ada48f29f49151dad4fa218117bad2fdb5e616f
bc9d6f849b12e2380f02774ac95a7c72921acddc2de06de83637d734f005555b
bcf566e50edf02e67ff07e4747065985effde59269448f4c3b4539aee2b89b24
bd4de6a3fc0fb68d6f76ba7b93514b96a92e585c295b5351c31ad92a4b0777ea
c0c3bb75a09639805645c8766bded6fb0a86da76022439fd192322c7dd642678
c16fdc3958de5eb401df85339e3d417e16e047d3c60fd54f6182c269a1781dbc
c21e5a2b32c47bc5f9d9efc97bc0e29fd081946d1d3ebffc5621cfafb1d3960e
c9a612722eed86936463bc8772a9d4509e0c24f22485221beaa583a60079fef2
c9f687830bc0d491eeddf27da22a8fd036ca2057a039d9698ad41da32f404e32
cc46322d5c4d41da447f26f7fa714827f2ec9a112968c12ef5736c7494985eca
d2011a5b77474b1489c6ba0934d804d0144ea8ac036abf3f88252edb3d878e7a
d27266000786b98147c32cd2aadf66fe494e3912ef0f098e35dc0016f4ff9805
d2c9f518ec6a8748dd27703e15b4c4c1f44590cee03193fe9c542678c80c6b27
d6b51a9e46b676bdf8221c0e31531c4e04b10e3f0b4785a1d714e0de52b10677
d7246ea8f0ede1f2eadd6aa077545b7e0423f39e19d33c7c9a99d400afbe1bbb
de412af0b356920e75086c2488e8df2a6c8e5e1f661a0c11052dd54aad4dc09a
def5de6254be138b8b35d680d1fdd8b07827d03b8626daebfeeb4157ec330ea7
dfa56fdcb85b9a16762bed1c5ca21241ad358a2cd9112d4dbe49f009c0e10397
e0ee294b5487df566aad23b603fd902535634cfa957be8e7620396515afb1047
e2d6bc5a16f50f2894c84d98c666d6cf8f2b05e3b007f19bd3ff984b73598030
e3b04abc6e44194999f5582e1d9d0c1d9d2cf1f35a9d75e21d1c140792be0673
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e528fb64e8074e76df9a5c697281140f0d28dc35c8b704506d74ae1b59859c5e
e861d3c3bf074c8b832c72921647e53513a1493a855cbfe43820933cbeb35dca
e89a316ebf1c63ea09e2b7b5889fb55e1ffb326c7b2b172027da0948f5709f6a
e8b1a361ff4f05773f011f013ff551dcd744f18386132dfedebbf169fe0bef49
ea2ba6933f54716706b7f5b0540f411ca4e8a2d82116a36e5452073948ba826a
ea6883243d3b8bc4d5890f404e6aacd73e92f75ff9e5d1031ba35d355877dfa5
ed96e32ac80d73e209ed28add0756ace607005a88576332fcf19b6a3caf573b2
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f0300e6243307279dea081242f5c1e9039479351015378bb0b53ce1498c47c50
f1b3a51250ea5d2b293615f08241269ed8277b95654cddafbc0f5df8d61e6cc1
f3a8992acb9ab911e0fa4ae12f4b85ef8e61008619f13ee51c7a121ff87f63b1
f4600d43246c0168a5eef898ab387f72c54dfe0cc3aed59ea7f27160ef0300bf
f46d96d805c7e9e467422dfe516c43edb4632c0273cea26722fee7ba885f869e
f5ac04f16be2eb0fbb4477e9e100a88674bda296ce7acf2419ec2898858b37f1
fa6ea350cdbbfdc9b3cdfb47db6c399bf9dda200c5078207d815c51c9c6ac06c
fa76d3e1edf3eb9ff9ac56a80ae47eb8ba987996f365e973b92bb4f9641df774
fd11fa353cc6a8560f4c35e67c6fb8a3a4061ed3de4309cdf83fca65f8319bb4
ffd015b1bb0125d07c39cbfcdee6a8e2b604b55ea1936cf550fe1f9fbdbf2ae4

dzballon.com Open in urlscan Pro 194.163.146.70 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

194 Requests

98 %HTTPS

72 %IPv6

16 Domains

29 Subdomains

26 IPs

3 Countries

2578 kBTransfer

6454 kBSize

3 Cookies

13 Outgoing links

Page URL History

Redirected requests

194 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 13 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

dzballon.com Open in urlscan Pro
194.163.146.70 Public Scan

Screenshot
Live screenshot

Full Image

194
Requests

98 %
HTTPS

72 %
IPv6

16
Domains

29
Subdomains

26
IPs

3
Countries

2578 kB
Transfer

6454 kB
Size

3
Cookies

194 HTTP transactions
13 data transactions