zobi.pw Open in urlscan Pro
2606:4700:3030::6815:2c8b Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://zobi.cc/
Effective URL:
https://zobi.pw/
Submission: On November 07 via manual (November 7th 2023, 4:53:01 am UTC) from IL — Scanned from DE

Summary HTTP 201 Redirects Behaviour Indicators

Summary

This website contacted 38 IPs in 8 countries across 37 domains to perform 201 HTTP transactions. The main IP is 2606:4700:3030::6815:2c8b, located in United States and belongs to CLOUDFLARENET, US. The main domain is zobi.pw.
TLS certificate: Issued by E1 on October 2nd 2023. Valid for: 3 months.

This is the only time zobi.pw was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 1	2606:4700:303... 2606:4700:3032::6815:53ee	13335 (CLOUDFLAR...) (CLOUDFLARENET)
11	2606:4700:303... 2606:4700:3030::6815:2c8b	13335 (CLOUDFLAR...) (CLOUDFLARENET)
7	2a00:1450:400... 2a00:1450:4001:828::200a	15169 (GOOGLE) (GOOGLE)
6	2a00:1450:400... 2a00:1450:4001:806::2008	15169 (GOOGLE) (GOOGLE)
42	2a00:1450:400... 2a00:1450:4001:82f::2002	15169 (GOOGLE) (GOOGLE)
6	2a00:1450:400... 2a00:1450:4001:82f::2003	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:801::200e	15169 (GOOGLE) (GOOGLE)
1 16	2a00:1450:400... 2a00:1450:4001:80f::2002	15169 (GOOGLE) (GOOGLE)
1	2001:4860:480... 2001:4860:4802:34::36	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:829::2002	15169 (GOOGLE) (GOOGLE)
27	2a00:1450:400... 2a00:1450:4001:82b::2001	15169 (GOOGLE) (GOOGLE)
4	2a00:1450:400... 2a00:1450:4001:813::2003	15169 (GOOGLE) (GOOGLE)
2	142.250.184.194 142.250.184.194	15169 (GOOGLE) (GOOGLE)
10 24	142.250.186.66 142.250.186.66	15169 (GOOGLE) (GOOGLE)
3 7	172.64.151.101 172.64.151.101	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3 5	185.89.210.212 185.89.210.212	29990 (ASN-APPNEX) (ASN-APPNEX)
1 4	2a00:1450:400... 2a00:1450:4001:80f::2004	15169 (GOOGLE) (GOOGLE)
2	142.250.186.70 142.250.186.70	15169 (GOOGLE) (GOOGLE)
12	138.201.63.116 138.201.63.116	24940 (HETZNER-AS) (HETZNER-AS)
1 5	138.201.63.164 138.201.63.164	24940 (HETZNER-AS) (HETZNER-AS)
2	35.244.159.8 35.244.159.8	15169 (GOOGLE) (GOOGLE)
2	2.16.97.41 2.16.97.41	16625 (AKAMAI-AS) (AKAMAI-AS)
2 3	145.239.193.130 145.239.193.130	16276 (OVH) (OVH)
2	88.198.250.30 88.198.250.30	24940 (HETZNER-AS) (HETZNER-AS)
1	3.124.138.165 3.124.138.165	16509 (AMAZON-02) (AMAZON-02)
1 1	94.23.99.218 94.23.99.218	16276 (OVH) (OVH)
3	144.76.238.55 144.76.238.55	24940 (HETZNER-AS) (HETZNER-AS)
3	138.201.220.30 138.201.220.30	24940 (HETZNER-AS) (HETZNER-AS)
2	2a0b:4d07:101::1 2a0b:4d07:101::1	44239 (PROINITY ...) (PROINITY PROINITY)
2 4	2a01:4f8:d0a:... 2a01:4f8:d0a:2321::2	24940 (HETZNER-AS) (HETZNER-AS)
2	49.12.22.42 49.12.22.42	24940 (HETZNER-AS) (HETZNER-AS)
2	18.169.160.74 18.169.160.74	16509 (AMAZON-02) (AMAZON-02)
2	23.56.205.163 23.56.205.163	16625 (AKAMAI-AS) (AKAMAI-AS)
2 4	46.228.164.11 46.228.164.11	56396 (AMOBEE) (AMOBEE)
2 2	52.57.124.150 52.57.124.150	16509 (AMAZON-02) (AMAZON-02)
1 1	151.101.66.49 151.101.66.49	54113 (FASTLY) (FASTLY)
2 2	35.204.74.118 35.204.74.118	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1	178.250.1.9 178.250.1.9	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
4 4	37.157.6.237 37.157.6.237	198622 (ADFORM) (ADFORM)
1 1	51.89.9.251 51.89.9.251	16276 (OVH) (OVH)
1 1	35.190.0.66 35.190.0.66	15169 (GOOGLE) (GOOGLE)
1	3.65.104.224 3.65.104.224	16509 (AMAZON-02) (AMAZON-02)
1 1	2a05:d018:d29... 2a05:d018:d29:3602:8ce9:e8fa:55bc:be2e	16509 (AMAZON-02) (AMAZON-02)
1 1	35.186.193.173 35.186.193.173	15169 (GOOGLE) (GOOGLE)
2	18.66.147.98 18.66.147.98	16509 (AMAZON-02) (AMAZON-02)
2	99.86.4.94 99.86.4.94	16509 (AMAZON-02) (AMAZON-02)
4	18.135.134.29 18.135.134.29	16509 (AMAZON-02) (AMAZON-02)
201	38

1 2606:4700:3032::6815:53ee (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

zobi.cc	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 2606:4700:3030::6815:2c8b (United States)

ASN13335 (CLOUDFLARENET, US)

zobi.pw	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2a00:1450:4001:828::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a00:1450:4001:806::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

42 2a00:1450:4001:82f::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a00:1450:4001:82f::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:801::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

16 2a00:1450:4001:80f::2002 (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4860:4802:34::36 (United States)

ASN15169 (GOOGLE, US)

region1.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:829::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

partner.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

27 2a00:1450:4001:82b::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:813::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.184.194 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s11-in-f2.1e100.net

www.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

24 142.250.186.66 (United States) 10 redirects

ASN15169 (GOOGLE, US)
PTR: fra24s05-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 172.64.151.101 (United States) 3 redirects

ASN13335 (CLOUDFLARENET, US)

dsum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 185.89.210.212 (Frankfurt am Main, Germany) 3 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 942.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:80f::2004 (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.186.70 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s05-in-f6.1e100.net

ad.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 138.201.63.116 (Germany)

ASN24940 (HETZNER-AS, DE)
PTR: static.116.63.201.138.clients.your-server.de

hal9000.redintelligence.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 138.201.63.164 (Germany) 1 redirects

ASN24940 (HETZNER-AS, DE)
PTR: static.164.63.201.138.clients.your-server.de

hal90006.redintelligence.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.244.159.8 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 8.159.244.35.bc.googleusercontent.com

us-u.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2.16.97.41 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a2-16-97-41.deploy.static.akamaitechnologies.com

sync.teads.tv	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 145.239.193.130 (France) 2 redirects

ASN16276 (OVH, FR)

pv.medialead.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 88.198.250.30 (Germany)

ASN24940 (HETZNER-AS, DE)
PTR: static.88-198-250-30.clients.your-server.de

pb.media01.eu	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 3.124.138.165 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-124-138-165.eu-central-1.compute.amazonaws.com

t23.intelliad.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 94.23.99.218 (France) 1 redirects

ASN16276 (OVH, FR)
PTR: ip218.ip-94-23-99.eu

medialead.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 144.76.238.55 (Nuremberg, Germany)

ASN24940 (HETZNER-AS, DE)
PTR: static.55.238.76.144.clients.your-server.de

hal900021.redintelligence.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 138.201.220.30 (Germany)

ASN24940 (HETZNER-AS, DE)
PTR: static.30.220.201.138.clients.your-server.de

hal900016.redintelligence.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a0b:4d07:101::1 (Switzerland)

ASN44239 (PROINITY PROINITY, CH)

adv.office-partner.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a01:4f8:d0a:2321::2 (Germany) 2 redirects

ASN24940 (HETZNER-AS, DE)

cdn.retailads.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 49.12.22.42 (Germany)

ASN24940 (HETZNER-AS, DE)
PTR: lb-3.futalis.de

futalis.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 18.169.160.74 (London, United Kingdom)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-169-160-74.eu-west-2.compute.amazonaws.com

track.webgains.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 23.56.205.163 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a23-56-205-163.deploy.static.akamaitechnologies.com

www.awin1.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 46.228.164.11 (United Kingdom) 2 redirects

ASN56396 (AMOBEE, GB)

ad.turn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
r.turn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.57.124.150 (Frankfurt am Main, Germany) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-52-57-124-150.eu-central-1.compute.amazonaws.com

pm.w55c.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.66.49 (United States) 1 redirects

ASN54113 (FASTLY, US)

sync-tm.everesttech.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.204.74.118 (Groningen, Netherlands) 2 redirects

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 118.74.204.35.bc.googleusercontent.com

um.simpli.fi	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 178.250.1.9 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

dis.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 37.157.6.237 (Denmark) 4 redirects

ASN198622 (ADFORM, DK)

c1.adform.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 51.89.9.251 (London, United Kingdom) 1 redirects

ASN16276 (OVH, FR)
PTR: ip251.ip-51-89-9.eu

onetag-sys.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.190.0.66 (Kansas City, United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: 66.0.190.35.bc.googleusercontent.com

ads.travelaudience.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 3.65.104.224 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-65-104-224.eu-central-1.compute.amazonaws.com

x.bidswitch.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a05:d018:d29:3602:8ce9:e8fa:55bc:be2e (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)

pr-bh.ybp.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.186.193.173 (Kansas City, United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: 173.193.186.35.bc.googleusercontent.com

ius.ctnsnet.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 18.66.147.98 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-66-147-98.fra60.r.cloudfront.net

analytics.webgains.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 99.86.4.94 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-99-86-4-94.fra6.r.cloudfront.net

cdn.track.production.webgains.team	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 18.135.134.29 (London, United Kingdom)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-135-134-29.eu-west-2.compute.amazonaws.com

api.webgains.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
64	googlesyndication.com pagead2.googlesyndication.com — Cisco Umbrella Rank: 97 tpc.googlesyndication.com — Cisco Umbrella Rank: 149	659 KB
42	doubleclick.net 11 redirects googleads.g.doubleclick.net — Cisco Umbrella Rank: 33 cm.g.doubleclick.net — Cisco Umbrella Rank: 245 ad.doubleclick.net — Cisco Umbrella Rank: 154	185 KB
23	redintelligence.net 1 redirects hal9000.redintelligence.net — Cisco Umbrella Rank: 38186 hal90006.redintelligence.net — Cisco Umbrella Rank: 291193 hal900021.redintelligence.net — Cisco Umbrella Rank: 239187 hal900016.redintelligence.net — Cisco Umbrella Rank: 178788	118 KB
11	zobi.pw zobi.pw	756 KB
10	gstatic.com fonts.gstatic.com www.gstatic.com	173 KB
7	casalemedia.com 3 redirects dsum-sec.casalemedia.com — Cisco Umbrella Rank: 625	4 KB
7	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 31	5 KB
6	webgains.io analytics.webgains.io — Cisco Umbrella Rank: 30616 api.webgains.io — Cisco Umbrella Rank: 91573	37 KB
6	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 35	451 KB
5	adnxs.com 3 redirects ib.adnxs.com — Cisco Umbrella Rank: 246	4 KB
5	googletagservices.com www.googletagservices.com — Cisco Umbrella Rank: 212	299 KB
4	adform.net 4 redirects c1.adform.net — Cisco Umbrella Rank: 599	3 KB
4	turn.com 2 redirects ad.turn.com — Cisco Umbrella Rank: 851 r.turn.com — Cisco Umbrella Rank: 4121	2 KB
4	retailads.net 2 redirects cdn.retailads.net — Cisco Umbrella Rank: 150278	11 KB
4	medialead.de 3 redirects pv.medialead.de — Cisco Umbrella Rank: 44040 medialead.de — Cisco Umbrella Rank: 43761	2 KB
4	google.com 1 redirects www.google.com — Cisco Umbrella Rank: 2	816 B
3	googleadservices.com partner.googleadservices.com — Cisco Umbrella Rank: 1181 www.googleadservices.com — Cisco Umbrella Rank: 145	599 B
3	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 27 region1.google-analytics.com — Cisco Umbrella Rank: 2462	21 KB
2	webgains.team cdn.track.production.webgains.team — Cisco Umbrella Rank: 107304	6 KB
2	simpli.fi 2 redirects um.simpli.fi — Cisco Umbrella Rank: 795	1 KB
2	w55c.net 2 redirects pm.w55c.net — Cisco Umbrella Rank: 912	2 KB
2	awin1.com www.awin1.com — Cisco Umbrella Rank: 18131	1 KB
2	webgains.com track.webgains.com — Cisco Umbrella Rank: 62639	4 KB
2	futalis.de futalis.de — Cisco Umbrella Rank: 313699	801 B
2	office-partner.de adv.office-partner.de — Cisco Umbrella Rank: 217997	2 KB
2	media01.eu pb.media01.eu — Cisco Umbrella Rank: 74479	787 B
2	teads.tv sync.teads.tv — Cisco Umbrella Rank: 1403	326 B
2	openx.net us-u.openx.net — Cisco Umbrella Rank: 522	400 B
1	ctnsnet.com 1 redirects ius.ctnsnet.com — Cisco Umbrella Rank: 6637	666 B
1	yahoo.com 1 redirects pr-bh.ybp.yahoo.com — Cisco Umbrella Rank: 492	757 B
1	bidswitch.net x.bidswitch.net — Cisco Umbrella Rank: 351	146 B
1	travelaudience.com 1 redirects ads.travelaudience.com — Cisco Umbrella Rank: 5683	599 B
1	onetag-sys.com 1 redirects onetag-sys.com — Cisco Umbrella Rank: 746	388 B
1	criteo.com dis.criteo.com — Cisco Umbrella Rank: 597	363 B
1	everesttech.net 1 redirects sync-tm.everesttech.net — Cisco Umbrella Rank: 709	545 B
1	intelliad.de t23.intelliad.de — Cisco Umbrella Rank: 143572	555 B
1	zobi.cc 1 redirects zobi.cc	644 B
201	37

	Domain	Requested by
37	pagead2.googlesyndication.com	zobi.pw pagead2.googlesyndication.com googleads.g.doubleclick.net tpc.googlesyndication.com www.googletagservices.com
27	tpc.googlesyndication.com	googleads.g.doubleclick.net zobi.pw tpc.googlesyndication.com pagead2.googlesyndication.com
24	cm.g.doubleclick.net	10 redirects googleads.g.doubleclick.net
16	googleads.g.doubleclick.net	1 redirects pagead2.googlesyndication.com zobi.pw googleads.g.doubleclick.net
12	hal9000.redintelligence.net	googleads.g.doubleclick.net hal90006.redintelligence.net hal900021.redintelligence.net hal900016.redintelligence.net
11	zobi.pw	zobi.pw
7	dsum-sec.casalemedia.com	3 redirects googleads.g.doubleclick.net
7	fonts.googleapis.com	zobi.pw googleads.g.doubleclick.net hal90006.redintelligence.net hal900021.redintelligence.net hal900016.redintelligence.net
6	fonts.gstatic.com	fonts.googleapis.com
6	www.googletagmanager.com	zobi.pw www.googletagmanager.com adv.office-partner.de
5	hal90006.redintelligence.net	1 redirects googleads.g.doubleclick.net hal90006.redintelligence.net
5	ib.adnxs.com	3 redirects googleads.g.doubleclick.net
5	www.googletagservices.com	googleads.g.doubleclick.net zobi.pw
4	api.webgains.io	analytics.webgains.io
4	c1.adform.net	4 redirects
4	cdn.retailads.net	2 redirects futalis.de
4	www.google.com	1 redirects googleads.g.doubleclick.net tpc.googlesyndication.com
4	www.gstatic.com	googleads.g.doubleclick.net
3	hal900016.redintelligence.net	hal9000.redintelligence.net hal900016.redintelligence.net
3	hal900021.redintelligence.net	hal9000.redintelligence.net hal900021.redintelligence.net
3	pv.medialead.de	2 redirects googleads.g.doubleclick.net
2	cdn.track.production.webgains.team	googleads.g.doubleclick.net
2	analytics.webgains.io	track.webgains.com
2	um.simpli.fi	2 redirects
2	pm.w55c.net	2 redirects
2	r.turn.com
2	ad.turn.com	2 redirects
2	www.awin1.com	googleads.g.doubleclick.net
2	track.webgains.com	zobi.pw
2	futalis.de	hal900021.redintelligence.net hal900016.redintelligence.net
2	adv.office-partner.de	hal900021.redintelligence.net hal900016.redintelligence.net
2	pb.media01.eu	hal90006.redintelligence.net
2	sync.teads.tv	googleads.g.doubleclick.net
2	us-u.openx.net	googleads.g.doubleclick.net
2	ad.doubleclick.net	googleads.g.doubleclick.net
2	www.googleadservices.com	zobi.pw
2	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com
1	ius.ctnsnet.com	1 redirects
1	pr-bh.ybp.yahoo.com	1 redirects
1	x.bidswitch.net	googleads.g.doubleclick.net
1	ads.travelaudience.com	1 redirects
1	onetag-sys.com	1 redirects
1	dis.criteo.com	googleads.g.doubleclick.net
1	sync-tm.everesttech.net	1 redirects
1	medialead.de	1 redirects
1	t23.intelliad.de	googleads.g.doubleclick.net
1	partner.googleadservices.com	pagead2.googlesyndication.com
1	region1.google-analytics.com	www.googletagmanager.com
1	zobi.cc	1 redirects
201	49

This site contains no links.

Subject Issuer	Validity	Valid
zobi.pw E1	`2023-10-02` - `2023-12-31`	3 months	crt.sh
upload.video.google.com GTS CA 1C3	`2023-10-16` - `2024-01-08`	3 months	crt.sh
*.google-analytics.com GTS CA 1C3	`2023-10-16` - `2024-01-08`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2023-10-16` - `2024-01-08`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2023-10-16` - `2024-01-08`	3 months	crt.sh
*.googleadservices.com GTS CA 1C3	`2023-10-16` - `2024-01-08`	3 months	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2023-10-16` - `2024-01-08`	3 months	crt.sh
www.googleadservices.com GTS CA 1C3	`2023-10-16` - `2024-01-08`	3 months	crt.sh
*.doubleclick.net GTS CA 1C3	`2023-10-16` - `2024-01-08`	3 months	crt.sh
redintelligence.net R3	`2023-10-10` - `2024-01-08`	3 months	crt.sh
www.google.com GTS CA 1C3	`2023-10-16` - `2024-01-08`	3 months	crt.sh
*.google.com GTS CA 1C3	`2023-10-16` - `2024-01-08`	3 months	crt.sh
*.openx.net RapidSSL TLS RSA CA G1	`2023-08-18` - `2024-08-18`	a year	crt.sh
teads.tv R3	`2023-11-03` - `2024-02-01`	3 months	crt.sh
*.media01.eu RapidSSL TLS RSA CA G1	`2023-05-16` - `2024-05-15`	a year	crt.sh
*.intelliad.de Thawte TLS RSA CA G1	`2023-07-31` - `2024-08-30`	a year	crt.sh
adv.office-partner.de R3	`2023-10-28` - `2024-01-26`	3 months	crt.sh
*.futalis.de R3	`2023-10-13` - `2024-01-11`	3 months	crt.sh
*.webgains.com Amazon RSA 2048 M01	`2023-05-15` - `2024-06-13`	a year	crt.sh
www.awin1.com DigiCert TLS RSA SHA256 2020 CA1	`2023-03-10` - `2024-03-09`	a year	crt.sh
*.criteo.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-09-26` - `2023-12-23`	3 months	crt.sh
cdn.retailads.net Encryption Everywhere DV TLS CA - G2	`2023-05-18` - `2024-05-17`	a year	crt.sh
*.bidswitch.net Sectigo RSA Domain Validation Secure Server CA	`2023-03-23` - `2024-03-23`	a year	crt.sh
*.webgains.io Amazon RSA 2048 M01	`2023-07-24` - `2024-08-22`	a year	crt.sh
cdn.track.production.webgains.team Amazon RSA 2048 M03	`2023-08-30` - `2024-09-27`	a year	crt.sh

This page contains 34 frames:

Primary Page: https://zobi.pw/
Frame ID: 9FDC584ED7803D0395476A685F5FF6D7
Requests: 29 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20231102/r20190131/zrt_lookup.html
Frame ID: 334E72D71D8930C077E0CAF16E1A2F2E
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9005940812336387&output=html&adk=2569712853&adf=3073754922&lmt=1699244572&plat=9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C41%3A32%2C42%3A32&plas=164x945_l%7C164x945_r&format=0x0&url=https%3A%2F%2Fzobi.pw%2F&ea=0&pra=5&wgl=1&easpi=0&asro=0&asiscm=1&aslmt=0.4&asamt=-1&asedf=0&asefa=1&aseiel=1~2&ascmds=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1699332776165&bpp=5&bdt=208&idt=109&shv=r20231102&mjsv=m202311020101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=478525774591&frm=20&pv=2&ga_vid=176559181.1699332776&ga_sid=1699332776&ga_hid=70829529&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C31079296%2C31079402%2C44807047%2C44807454%2C44807464%2C31078301&oid=2&pvsid=3306344477282987&tmod=933844701&uas=0&nvt=1&fsapi=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=1&uci=a!1&fsb=1&dtd=131
Frame ID: 12180DCE64DC68BCDE8036A2AA650657
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9005940812336387&output=html&h=280&slotname=2170889888&adk=3016986170&adf=1218384131&pi=t.ma~as.2170889888&w=1200&fwrn=4&fwrnh=100&lmt=1699244572&rafmt=1&format=1200x280&url=https%3A%2F%2Fzobi.pw%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1699332776170&bpp=1&bdt=213&idt=128&shv=r20231102&mjsv=m202311020101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=478525774591&frm=20&pv=1&ga_vid=176559181.1699332776&ga_sid=1699332776&ga_hid=70829529&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=170&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C31079296%2C31079402%2C44807047%2C44807454%2C44807464%2C31078301&oid=2&pvsid=3306344477282987&tmod=933844701&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=o%7C%7CoEe%7C&abl=CS&pfx=0&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&fsb=1&xpc=x4fdk3wZZp&p=https%3A//zobi.pw&dtd=132
Frame ID: B9C7954DA094BF4A5A0B0DF31A261161
Requests: 15 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9005940812336387&output=html&h=90&adk=3276878225&adf=3959326066&pi=t.aa~a.1462100283~rp.4&w=1200&fwrn=4&fwrnh=100&lmt=1699244572&rafmt=1&to=qs&pwprc=8733112097&format=1200x90&url=https%3A%2F%2Fzobi.pw%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1699332777235&bpp=1&bdt=1278&idt=-M&shv=r20231102&mjsv=m202311020101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D1420813f022afac5%3AT%3D1699332776%3ART%3D1699332776%3AS%3DALNI_MYSCxAC-onTTakmK6gLqxYWxD8nsw&gpic=UID%3D00000cb74907bc80%3AT%3D1699332776%3ART%3D1699332776%3AS%3DALNI_Mb00tq47dWSQdH0uUg5QeUo3eYbkw&prev_fmts=0x0%2C1200x280&nras=2&correlator=478525774591&frm=20&pv=1&ga_vid=176559181.1699332776&ga_sid=1699332776&ga_hid=70829529&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=1605&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C31079296%2C31079402%2C44807047%2C44807454%2C44807464%2C31078301&oid=2&psts=AOrYGskejcUVOFrBvqPKf7nqU8J421tGcb5auGFrJHJiW-3KcUrSYE3R5L1XbsMcfUkx17K1ZcPe5MdHVNqrIx3a-fWLASyT&pvsid=3306344477282987&tmod=933844701&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=3&uci=a!3&btvi=1&fsb=1&xpc=EEHRQVsWBU&p=https%3A//zobi.pw&dtd=6
Frame ID: AFE20095C9F74941CECAFE385C8346DC
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9005940812336387&output=html&h=90&adk=3436455706&adf=1853938316&pi=t.aa~a.425326084~rp.1&w=1200&fwrn=4&fwrnh=100&lmt=1699244572&rafmt=1&to=qs&pwprc=8733112097&format=1200x90&url=https%3A%2F%2Fzobi.pw%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1699332777235&bpp=1&bdt=1278&idt=1&shv=r20231102&mjsv=m202311020101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D1420813f022afac5%3AT%3D1699332776%3ART%3D1699332776%3AS%3DALNI_MYSCxAC-onTTakmK6gLqxYWxD8nsw&gpic=UID%3D00000cb74907bc80%3AT%3D1699332776%3ART%3D1699332776%3AS%3DALNI_Mb00tq47dWSQdH0uUg5QeUo3eYbkw&prev_fmts=0x0%2C1200x280%2C1200x90&nras=3&correlator=478525774591&frm=20&pv=1&ga_vid=176559181.1699332776&ga_sid=1699332776&ga_hid=70829529&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=1721&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C31079296%2C31079402%2C44807047%2C44807454%2C44807464%2C31078301&oid=2&psts=AOrYGskejcUVOFrBvqPKf7nqU8J421tGcb5auGFrJHJiW-3KcUrSYE3R5L1XbsMcfUkx17K1ZcPe5MdHVNqrIx3a-fWLASyT&pvsid=3306344477282987&tmod=933844701&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=4&uci=a!4&btvi=2&fsb=1&xpc=vJC33qhC8p&p=https%3A//zobi.pw&dtd=9
Frame ID: DCE25C9CEDD558B50F54D57C92F16254
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/lJko_tUUCSg1zleom4HNSQb4WTO0YIIk7wxKK6Unhpg.js
Frame ID: 1141030D88D171FB397D92F6215E61D8
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20231102/r20110914/zrt_lookup.html?fsb=1
Frame ID: 7403B386DDCA04FB60134E54B64B99B4
Requests: 6 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20231102/r20110914/zrt_lookup.html?fsb=1
Frame ID: 1C4ACF13512AD8F86D727CC841204D20
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxj-rbvGATAB&v=APEucNX6Y0yJ1xC0yXFjxlgXeFYlyj8f2sh8yw5rde2rGitwT1Bu4nJ6DH2fkIpf2kdmPT2ZhATYJY7oRlH08XUBMtHTapnt5eLTKoXP_CfcstgihdsBBkbscGdqWjz7YQvUi_gXBcnU8_Gl0llbzQutwd2ToMhj8E1iL7U6OmhcS6NikrqZQF0
Frame ID: DCEEB78FFBB7FB6841F055C2B3973E64
Requests: 5 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/js/dv3.js
Frame ID: 9CF68AAA77BA640B8E56F3ED969ED7B9
Requests: 18 HTTP requests in this frame

Frame: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500%7CHeebo%3A400
Frame ID: 06BF66113983B2A2ECD312E31D72295B
Requests: 7 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Frame ID: DA246C9A7ADF8D3A89BCAA1A4E1E2661
Requests: 2 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/62bHydCX.html
Frame ID: D78835F360397749455B31C94099C470
Requests: 3 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxj-rbvGATAB&v=APEucNUD8nlP-HEesUcdgg95Awja_qrcm0eKj0kkBJYzt1L12WbOllzCcC50jq5m1ZnnVM9MIDXyaUmIlSRLNtzkQPG4Ghe6iXH1w7IebmOvMDxjBFxfe_b-WyLGYEWf_ZjPjXX15ZIJL4mO3bH9avoBD072J4ZPeYj903MTT6bemQwPQhXbgRY
Frame ID: F26B5FE74C9FC66AC08BCF4C44A64AA4
Requests: 5 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/js/dv3.js
Frame ID: F3F790EA368202522ACA8D4D4FA3DD88
Requests: 20 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxj-rbvGATAB&v=APEucNW23PlhmoSwSNePjIhwKN16gE15uV-ehjwI6fqLRvCm8uL4_LBwHJiGEc6DZ4GM8uth2J87Dctwka-m1pO-nPJOE8jwNjgZiXyVNVLueE_V4os8c6x-x3FeBKg02O5Tj5hohiroExl41rfkvbeQPl_hj8eob62D9-efI8400Bddkumn3RU
Frame ID: B6AF1D7E2E5A3095E06B98478B8E00A2
Requests: 5 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/js/dv3.js
Frame ID: 5565A7CCE93E6B0FC5295F835E750B84
Requests: 21 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/lJko_tUUCSg1zleom4HNSQb4WTO0YIIk7wxKK6Unhpg.js
Frame ID: 16AF33DC34650328363F1066CC41F85F
Requests: 1 HTTP requests in this frame

Frame: https://pb.media01.eu/view.aspx?trackid=529D4F146E3238B0FD87AE72E1190AD4&dt_subid1=52180&dt_subid2=62868300009232104444550012501006&actionid=879111&produktid=ratenkredit&dt_url=
Frame ID: 94FC60F0270C2F83AE14664F9628B9B1
Requests: 1 HTTP requests in this frame

Frame: https://pb.media01.eu/view.aspx?trackid=FCAFEED7E361667AB6C39756DB56E118&dt_subid1=6549c2aa22d4c960abae7d06&dt_subid2=&actionid=56481&produktid=&bannerID=FYRSTDisplay&dt_url=
Frame ID: 5801E925FD8A4E18214F73D9DB425436
Requests: 1 HTTP requests in this frame

Frame: https://hal90006.redintelligence.net/request_content.php?s=62868300009232104444550012501006&a=6b823d86
Frame ID: B05CBED20B038499B0B8C803EFF11CD0
Requests: 7 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/62bHydCX.html
Frame ID: 3C5C3E084E8FE1E206FFD2E8B0E62AE6
Requests: 3 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/62bHydCX.html
Frame ID: D1EA4FF6C21E85E0B24CF9170B548A20
Requests: 3 HTTP requests in this frame

Frame: https://adv.office-partner.de/?utm_source=webgains&utm_campaign=webgains
Frame ID: 5880F10A6414392FB9AA4E33BB096647
Requests: 3 HTTP requests in this frame

Frame: https://futalis.de/htlp?utm_medium=affiliate&utm_source=retailads&utm_campaign=150337&ra_id=3277294883
Frame ID: 943260635351915A666F377C13522584
Requests: 2 HTTP requests in this frame

Frame: https://hal900021.redintelligence.net/request_content.php?s=65431600010064204444550012501021&a=465930d8
Frame ID: 6C0661F79A847AB92ED724AA6904FC00
Requests: 6 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 0ABB76D8D9F9D9801F279CFC9D138175
Requests: 9 HTTP requests in this frame

Frame: https://adv.office-partner.de/?utm_source=webgains&utm_campaign=webgains
Frame ID: CE4419FF39F01920B30C2F6F18C3A942
Requests: 3 HTTP requests in this frame

Frame: https://futalis.de/htlp?utm_medium=affiliate&utm_source=retailads&utm_campaign=150337&ra_id=3277294884
Frame ID: A2C501767D09DEF4831F18E2B95247ED
Requests: 2 HTTP requests in this frame

Frame: https://hal900016.redintelligence.net/request_content.php?s=88756100008870204444550012501016&a=941daffc
Frame ID: 7A7AA945AC275F34DB23750E1C111ACF
Requests: 6 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 57D67322835ABE4689A745B1D1E9D2B3
Requests: 9 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 6DC7A42029C939AC6261CED1074366FA
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: FF472CBDCCC31A58C4AA0D84B2AE803B
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Watch It - כל התוכן החדש במקום אחד!

Page URL History Show full URLs

http://zobi.cc/ HTTP 301
https://zobi.pw/ Page URL

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

/wp-(?:content|includes)/

AppNexus (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.(?:net|com)

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

OpenX (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.openx\.net

Webgains (Affiliate programs) Expand

Overall confidence: 100%
Detected patterns

analytics\.webgains\.io

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

201
Requests

88 %
HTTPS

34 %
IPv6

37
Domains

49
Subdomains

38
IPs

8
Countries

2735 kB
Transfer

6352 kB
Size

36
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://zobi.cc/ HTTP 301
https://zobi.pw/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 42

https://googleads.g.doubleclick.net/pagead/adview?ai=CTC4XqMJJZbacKdvd_tMPtuenkA60j8uGdPqrmq6lEtOO3uGwOhABIPqfrn5gleKQgqAHoAGfpomjKcgBCakCzESjjCL8sT6oAwHIA8sEqgTmAU_QbzJ67VSzhEoRPPFreoMb4vmqXY7vCzS0sQL3AqjQsfI2Gf4q8GNwPWHW7_D630F4hzEpBIknevfURKmPJle7OKo50mF37j24xO3WQiydq94QDZ5w1LNAzfpaKsLaKGkzwu696SdayRQpkUocaeUjGq82YVN6d9ItoGwFvevL0fhz54ArXyFKEgQWD9hJgxeVZRBsLrkkguW6q2wF5qMG0yuk2oDsc5p8UgKlgMZIqlVQUyl4SEE3cOShsuBv6mb_8I0GD4sVXTReU6vqjePuU3-WdlIMDZ7OJzGGqKujsifMo844wAS5mvC4zwSIBf-xlKFNkgUECAQYAZIFBAgFGASgBi6AB7KE8J8EqAfZtrECqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhvYBwDyBwQQh_AI0ggWCIDhgBAQARgfMgKqAjoCgEBIvf3BOpoJ_QFodHRwczovL3RvcC5zcGVlZGZpbmRyLmNvbS9zZXJwP3V0bV9zb3VyY2U9Z2RuMyZvcmFpZD02ODM4MDE2NDA1Jm9yYWdpZD0yMDczOTA3MDIwNyZvcmNpZD0yMDczOTA3MDIwNyZvcnRpZD0yMDQ5MzAwODExMTI1NTk5OTg5MV9fX18xMDA0MzYzX18xNTg3NjQ2MzM0MDEmcT1DYWxsK0NlbnRlcitXb3JrZm9yY2UrTWFuYWdlbWVudCtTb2Z0d2FyZStkZW1vJnJhYz1DYWxsK0NlbnRlcitXb3JrZm9yY2UrTWFuYWdlbWVudCtTb2Z0d2FyZStkZW1vgAoByAsBogwMKgoKCOS0sQLutbECuBPkA9gTDdAVAYAXAbIXHAoaCAASFHB1Yi05MDA1OTQwODEyMzM2Mzg3GAA&sigh=udlh-W7v4U8&uach_m=[UACH]&ase=2&nis=4&cid=CAQSTgDICaaN8NeK0RMg5dqFIukYYVwi145LgTPoCR92jFFftKoOQJnhnlH44XtfgGo_OeEpHzrQD1PqofAbH5kllug8hr8Ts9mxEqGeifamZhgB&template_id=484&cbvp=2&vis=1 HTTP 302
https://www.googleadservices.com/pagead/ar-adview/?nrh={%22debug_key%22:%226740333561162086704%22,%22debug_reporting%22:true,%22destination%22:%22https://speedfindr.com%22,%22event_report_window%22:%22259200%22,%22expiry%22:%222592000%22,%22filter_data%22:{%222%22:[%2211079406367%22],%224%22:[%2211-07%22],%226%22:[%22true%22]},%22priority%22:%22500%22,%22source_event_id%22:%228162688320669127377%22}&andc=true

Request Chain 59

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEPjgQXUQrYugyMiHug00TAU&google_cver=1

Request Chain 60

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZUnCqT24OZVL2Lv-VuNplAAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEPjgQXUQrYugyMiHug00TAU&google_cver=1

Request Chain 61

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESEJebq5UuzlF7TW3lMTlkrZE&google_cver=1

Request Chain 62

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=ODA4NTg2NTcxMzkzMTkxMjk1OQ%3D%3D

Request Chain 74

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Request Chain 96

https://hal90006.redintelligence.net/request.php?zone=g72h7lz2c4az&nw=20&renderingType=javascript&namespace=34c8c91f72&subid=&uid=a6869933d6a6aeb9&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=728x90&scrollPos=0x0&extData[]=&extVar[]=DV360_SSP%3A1&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DC1e-MqMJJZZTAKc2l_tMP4MygqAOm5b2gaYWVnKfJD_AuEAEg-p-ufmCV4pCCoAfIAQmpAsxEo4wi_LE-qAMByAObBKoEjgJP0Ks-SzxEMDiWkmzYgHe0H92r8SHGR1NPLZMndyYpEG2tOHmkRTjEHN0y05zOepSElBAWrL8pIEFoxI3iutPnS1f9UOwm4r0jbmwhFmzzXrQ1goHTlBkrjXD-Dg3e2ipMZDpGYA8DnDfLTm0Mhwqv4fcu7QYl_BYdcePDc7HagEN-XS918sJgYg1Vw2BzkKRsjHj0TTYeIZg42V2UO37wGBW74TFY8ruLne3HUYr8JgnY0PW5jEquSXrftG2tddYxt8kuiyLODJD5LhOfVaHmpwVNtX_ttoxpVKXXywgGSVGPQjyiUN9RrdyZnRdk1W8pwjCa0ADxh7_Gnz1QmlHj_UNYWDW6sLNoKO7R3DjABOuP_I73A-AEA4gF76-WiD6QBgGgBk2AB6yt9Z8DqAfZtrECqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhuoB5oGqAfz0RuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIFgiA4YAQEAEYHzICqgI6AoBASL39wTqACgGYCwHICwGADAGiDAwqCgoI5LSxAu61sQKqDQJERbATh--xFdATANgTA4gUAdgUAdAVAfgWAYAXAQ%26ae%3D1%26num%3D1%26cid%3DCAQSTgDICaaNpUYM0hu_OqvkSC5BraIOs9ixjKqzulc7pQ8wNLLLXuZzyTURv_T-kOvgPAHoSFWmdo4zgOtH47K23Pj_DjTO-yazU2xYkxZRrBgB%26sig%3DAOD64_2HhUZKcBZQM-0gHPakgLzdbuTiTQ%26client%3Dca-pub-9005940812336387%26dbm_c%3DAKAmf-D-0f2zfDzI7_H1eLPkEBJ3mCfTd37LQJ0SnFureiBGjaK_BD13cd6xBbIwDG8WonJCPoMKhiCUPpA4b7gpka3DaPZq1E8COtKfLU53ixuaD-NWqli48R6xA0w5Cfi3b1H_XtbW5CGIaM7iG-G3vg5Th_HA4i6BIc-PO5M91gCxJAgG_qU%26cry%3D1%26dbm_d%3DAKAmf-C4bmLHdCx7vZvb_MGkx0IsMufnFgPoG4FAe8QShjF8qcMJbQ6RvfGs41fMLB_xN_Cr8BGashylwxN_68p-VdfT4N1gbkQiM5vV1AAv4oMCRkOdASPUr3YNZ_nPWGyrRVhXvOCLe6iHZ3uIw8lT5HdHq5nM0ieMPDKivuPywfvWk0bhjaSL1W4njMAaZTU9a3M3XGfUsj9ahmeiljEjH06R9uFotohIl9mC1AH1i8Fy9YSLN8nc7L7fhB42qr78iY6WC3LSLYIUFnkw6SbuYNC-_qfTskPLJu8igmUWoSRy7Ckgf8UMazuEjwicyad7veLPsdRxpm9r9D7DJdhbjqn0d4XI02F47J4UTQLeesdiLi1djBMvUOGwtVJyugOp4L5n7wvtjEutV8bKobMcyrg1cqPnzdIqyGsEX_dBX-S0aWwdReXcuZNEurU_o1Bm3Vf9keaY3Rg4VTDvojXLzUwXM618KCwRnVtQHWEX2g55RVaZFgI%26adurl%3D&documentReferer=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fpagead%2Fhtml%2Fr20231102%2Fr20110914%2Fzrt_lookup.html%3Ffsb%3D1%23RS-1-%26adk%3D2569712851%26client%3Dca-pub-9005940812336387%26fa%3D1%26ifi%3D6%26uci%3Da!6%26btvi%3D3%26xpc%3DaBirqOwenr%26p%3Dhttps%253A%2F%2Fzobi.pw&ancestorOrigins=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Chttps%3A%2F%2Fzobi.pw&random=7918661743701&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0 HTTP 302
https://hal90006.redintelligence.net/request.php?zone=g72h7lz2c4az&nw=20&renderingType=javascript&namespace=34c8c91f72&subid=&uid=a6869933d6a6aeb9&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=728x90&scrollPos=0x0&extData[]=&extVar[]=DV360_SSP%3A1&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DC1e-MqMJJZZTAKc2l_tMP4MygqAOm5b2gaYWVnKfJD_AuEAEg-p-ufmCV4pCCoAfIAQmpAsxEo4wi_LE-qAMByAObBKoEjgJP0Ks-SzxEMDiWkmzYgHe0H92r8SHGR1NPLZMndyYpEG2tOHmkRTjEHN0y05zOepSElBAWrL8pIEFoxI3iutPnS1f9UOwm4r0jbmwhFmzzXrQ1goHTlBkrjXD-Dg3e2ipMZDpGYA8DnDfLTm0Mhwqv4fcu7QYl_BYdcePDc7HagEN-XS918sJgYg1Vw2BzkKRsjHj0TTYeIZg42V2UO37wGBW74TFY8ruLne3HUYr8JgnY0PW5jEquSXrftG2tddYxt8kuiyLODJD5LhOfVaHmpwVNtX_ttoxpVKXXywgGSVGPQjyiUN9RrdyZnRdk1W8pwjCa0ADxh7_Gnz1QmlHj_UNYWDW6sLNoKO7R3DjABOuP_I73A-AEA4gF76-WiD6QBgGgBk2AB6yt9Z8DqAfZtrECqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhuoB5oGqAfz0RuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIFgiA4YAQEAEYHzICqgI6AoBASL39wTqACgGYCwHICwGADAGiDAwqCgoI5LSxAu61sQKqDQJERbATh--xFdATANgTA4gUAdgUAdAVAfgWAYAXAQ%26ae%3D1%26num%3D1%26cid%3DCAQSTgDICaaNpUYM0hu_OqvkSC5BraIOs9ixjKqzulc7pQ8wNLLLXuZzyTURv_T-kOvgPAHoSFWmdo4zgOtH47K23Pj_DjTO-yazU2xYkxZRrBgB%26sig%3DAOD64_2HhUZKcBZQM-0gHPakgLzdbuTiTQ%26client%3Dca-pub-9005940812336387%26dbm_c%3DAKAmf-D-0f2zfDzI7_H1eLPkEBJ3mCfTd37LQJ0SnFureiBGjaK_BD13cd6xBbIwDG8WonJCPoMKhiCUPpA4b7gpka3DaPZq1E8COtKfLU53ixuaD-NWqli48R6xA0w5Cfi3b1H_XtbW5CGIaM7iG-G3vg5Th_HA4i6BIc-PO5M91gCxJAgG_qU%26cry%3D1%26dbm_d%3DAKAmf-C4bmLHdCx7vZvb_MGkx0IsMufnFgPoG4FAe8QShjF8qcMJbQ6RvfGs41fMLB_xN_Cr8BGashylwxN_68p-VdfT4N1gbkQiM5vV1AAv4oMCRkOdASPUr3YNZ_nPWGyrRVhXvOCLe6iHZ3uIw8lT5HdHq5nM0ieMPDKivuPywfvWk0bhjaSL1W4njMAaZTU9a3M3XGfUsj9ahmeiljEjH06R9uFotohIl9mC1AH1i8Fy9YSLN8nc7L7fhB42qr78iY6WC3LSLYIUFnkw6SbuYNC-_qfTskPLJu8igmUWoSRy7Ckgf8UMazuEjwicyad7veLPsdRxpm9r9D7DJdhbjqn0d4XI02F47J4UTQLeesdiLi1djBMvUOGwtVJyugOp4L5n7wvtjEutV8bKobMcyrg1cqPnzdIqyGsEX_dBX-S0aWwdReXcuZNEurU_o1Bm3Vf9keaY3Rg4VTDvojXLzUwXM618KCwRnVtQHWEX2g55RVaZFgI%26adurl%3D&documentReferer=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fpagead%2Fhtml%2Fr20231102%2Fr20110914%2Fzrt_lookup.html%3Ffsb%3D1%23RS-1-%26adk%3D2569712851%26client%3Dca-pub-9005940812336387%26fa%3D1%26ifi%3D6%26uci%3Da!6%26btvi%3D3%26xpc%3DaBirqOwenr%26p%3Dhttps%253A%2F%2Fzobi.pw&ancestorOrigins=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Chttps%3A%2F%2Fzobi.pw&random=7918661743701&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0&uidRedirect=1

Request Chain 97

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESENhZWIaIjamuRRKCY4Ajd3c&google_cver=1

Request Chain 98

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZUnCqT24OZVL2Lv-VuNplAAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESENhZWIaIjamuRRKCY4Ajd3c&google_cver=1

Request Chain 99

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESEEWkHdRtKF1fpN0oFjVHuTQ&google_cver=1

Request Chain 100

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=ODA4NTg2NTcxMzkzMTkxMjk1OQ%3D%3D

Request Chain 104

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_dbm HTTP 302
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEKnpW1LdlMK4pDxSuNvWD5Q&google_cver=1

Request Chain 106

https://cm.g.doubleclick.net/pixel?google_nid=teadstv_dbm&google_cm&google_dbm HTTP 302
https://sync.teads.tv/um?eid=3&uid=CAESEEmgZhWBFi1Lg8PAqnj8DKs&google_cver=1

Request Chain 113

https://pv.medialead.de/trck/epv/e99aace94e6e5873881d3400993e1e7e?subid=62868300009232104444550012501006&t=htlp&gdpr=1&consent=1&gdpr_consent= HTTP 302
https://pb.media01.eu/view.aspx?trackid=529D4F146E3238B0FD87AE72E1190AD4&dt_subid1=52180&dt_subid2=62868300009232104444550012501006&actionid=879111&produktid=ratenkredit&dt_url=

Request Chain 114

https://pv.medialead.de/trck/epv/89f7480c0afa0150827cf163f8728151?subid=62868300009232104444550012501006&t=htlp&gdpr=1&consent=1&gdpr_consent= HTTP 302
https://pb.media01.eu/view.aspx?trackid=FCAFEED7E361667AB6C39756DB56E118&dt_subid1=6549c2aa22d4c960abae7d06&dt_subid2=&actionid=56481&produktid=&bannerID=FYRSTDisplay&dt_url=

Request Chain 117

https://medialead.de/trck/eview/e99aace94e6e5873881d3400993e1e7e?subid=62868300009232104444550012501006&t=htlp&gdpr=1&consent=1&gdpr_consent= HTTP 302
https://pv.medialead.de/trck/eview/e99aace94e6e5873881d3400993e1e7e?subid=62868300009232104444550012501006&t=htlp&gdpr=1&consent=1&gdpr_consent=

Request Chain 137

https://cdn.retailads.net/tb.php?t=150337V2172132532M&subid=65431600010064204444550012501021&ra_cnt_active=1&ra_cnt=1 HTTP 302
https://futalis.de/htlp?utm_medium=affiliate&utm_source=retailads&utm_campaign=150337&ra_id=3277294883

Request Chain 144

https://cdn.retailads.net/tb.php?t=150337V2172132532M&subid=88756100008870204444550012501016&ra_cnt_active=1&ra_cnt=1 HTTP 302
https://futalis.de/htlp?utm_medium=affiliate&utm_source=retailads&utm_campaign=150337&ra_id=3277294884

Request Chain 161

https://ad.turn.com/r/cs?pid=3&google_gid=CAESEM3cEyVcB7ePvfInRiFAZNg&google_cver=1&google_push=AXcoOmS-Oqz6H6iWkV25S-hfU42VDBK7hlORcCeBSYwdI5L2CQwph_81IU7J2BVAmXmPY6uo-K-bdw-7NNEg44jDICOmLl2PmPyXia4 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=turn1&google_cm&google_sc&google_hm=Mjg0OTUzOTc4MDE4MTQwMjE0MQ==&gdpr=&gdpr_consent= HTTP 302
https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?gdpr=&gdpr_consent=&google_gid=CAESEP_S06BOrPFZMi4LOz8jhPU&google_cver=1

Request Chain 162

https://pm.w55c.net/ping_match.gif?ei=GOOGLE&rurl=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3D9675309%26google_hm%3D_wfivefivec64esc_&google_gid=CAESEA_L24OFoEAWGdfyEEVNxpU&google_cver=1&google_push=AXcoOmQdAC08m8O2mbSX0Mu7k4Y8ltRqWP7QiOOFMzrUIytQFJEWE60JSCIr7iLPgIF1MEVBi20TBnkLVlpRcHzhmRJe5OFW-k7ZUA HTTP 302
https://pm.w55c.net/ping_match.gif?scc=1&ei=GOOGLE&rurl=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3D9675309%26google_hm%3D_wfivefivec64esc_&google_gid=CAESEA_L24OFoEAWGdfyEEVNxpU&google_cver=1&google_push=AXcoOmQdAC08m8O2mbSX0Mu7k4Y8ltRqWP7QiOOFMzrUIytQFJEWE60JSCIr7iLPgIF1MEVBi20TBnkLVlpRcHzhmRJe5OFW-k7ZUA HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=aFNNV3JvMGkxUjBlNWM1&google_gid=CAESEA_L24OFoEAWGdfyEEVNxpU&google_cver=1&google_push=AXcoOmQdAC08m8O2mbSX0Mu7k4Y8ltRqWP7QiOOFMzrUIytQFJEWE60JSCIr7iLPgIF1MEVBi20TBnkLVlpRcHzhmRJe5OFW-k7ZUA

Request Chain 163

https://sync-tm.everesttech.net/upi/pid/5w3jqr4k?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dg8f47s39e399f3fe%26google_hm%3D%24%7BTM_USER_ID_BASE64ENC_URLENC%7D&google_gid=CAESEFkRqEIjDEu475XCvbW9FSw&google_cver=1&google_push=AXcoOmSWAveYcjk3M4DsEc876UGaMOsZST1CpK-VtA7N5kzVwxKqa00hl8ixBsbsSnhRHgxf2CECw15g_P_80xVog0TO_qlbuCLTz9A HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=&google_cver=1&google_gid=CAESEFkRqEIjDEu475XCvbW9FSw&google_push=AXcoOmSWAveYcjk3M4DsEc876UGaMOsZST1CpK-VtA7N5kzVwxKqa00hl8ixBsbsSnhRHgxf2CECw15g_P_80xVog0TO_qlbuCLTz9A

Request Chain 164

https://um.simpli.fi/gp_match?google_gid=CAESENdWu6w_2nxO4ThiP3Ot-Do&google_cver=1&google_push=AXcoOmTk4i0PrRmfp5btff3R32ucrp199gQVJsvyHZ4ePaWtDbCWRtGoZ0x83mJ-yIIWYVBm5I7r2DmsYsPn0RSwc9uO_LiyJADNMMI HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=4DCF5E5EAE084CBEB434E40DD1B88B72&google_push=AXcoOmTk4i0PrRmfp5btff3R32ucrp199gQVJsvyHZ4ePaWtDbCWRtGoZ0x83mJ-yIIWYVBm5I7r2DmsYsPn0RSwc9uO_LiyJADNMMI

Request Chain 166

https://c1.adform.net/serving/cookie/match/?party=1&google_gid=CAESEJdbxf0l5tnesLT2ZhcuP3U&google_cver=1&google_push=AXcoOmQ27aQ_-uXweVW53CKaRmPQfBqfpFpPfq8TVVc4Lrw_Swb8iCqWxQDBEQ_fAGAp73xn6xk9t82xbXIAjPe_Co7aI34ZeWADnpU HTTP 302
https://c1.adform.net/serving/cookie/match/?CC=1&party=1&google_gid=CAESEJdbxf0l5tnesLT2ZhcuP3U&google_cver=1&google_push=AXcoOmQ27aQ_-uXweVW53CKaRmPQfBqfpFpPfq8TVVc4Lrw_Swb8iCqWxQDBEQ_fAGAp73xn6xk9t82xbXIAjPe_Co7aI34ZeWADnpU HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=NjU1MDkwMDA0NTM0NjM4NjQwOQ&google_push=AXcoOmQ27aQ_-uXweVW53CKaRmPQfBqfpFpPfq8TVVc4Lrw_Swb8iCqWxQDBEQ_fAGAp73xn6xk9t82xbXIAjPe_Co7aI34ZeWADnpU

Request Chain 167

https://onetag-sys.com/match/?int_id=19&redir=1&google_gid=CAESEFdHJ9YOQ9OUm8rYcpF8OsA&google_cver=1&google_push=AXcoOmRcEb_j6pcgSvddC_baWbnMxKNC_eyOjLR5NWLOKgmi4W7FcuydLFhFdD_zNn8hqTXvx0YnxUHSYhP71bcDHmDk4rdAntMCWRs HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=AXcoOmRcEb_j6pcgSvddC_baWbnMxKNC_eyOjLR5NWLOKgmi4W7FcuydLFhFdD_zNn8hqTXvx0YnxUHSYhP71bcDHmDk4rdAntMCWRs

Request Chain 172

https://ad.turn.com/r/cs?pid=3&google_gid=CAESEP_S06BOrPFZMi4LOz8jhPU&google_cver=1&google_push=AXcoOmS-A3axsDVPPmdkO7ktJXqDtE6AUV1PUpi8K-2A0GyNbZK7cml4_5t8yJ8xpV4zVYr1x8ay-Hd2bMPhPogiUj2el6lw0v5tmfD35qiqj1ZGtvN89Y2X-_zT7qiQ6W9ywh65OA7efZA-lV_xjCSOIgQb46s HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=turn1&google_cm&google_sc&google_hm=MjM0NTEzNjYyMTkxNTkwNjU4OQ==&gdpr=&gdpr_consent= HTTP 302
https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?gdpr=&gdpr_consent=&google_gid=CAESEP_S06BOrPFZMi4LOz8jhPU&google_cver=1

Request Chain 173

https://um.simpli.fi/gp_match?google_gid=CAESEFb77Bf17_6QTQE773jXNTc&google_cver=1&google_push=AXcoOmRBea2oXaMlsfaK5c0QrVt0adNzFXt_Lmu6kboZC0-bEk0ZMB4SdX7Z6K74Im2XApap9yMomIV1hEDUoExnzASCbtxuvJrsYdwPY5ikviPtmBGPsrcRqhxwE8Flq31nU7WvrsT11qrL_PE3k8w_Ns5rusU HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=E94727EBEFEB40AA8C3E9B854B22A05F&google_push=AXcoOmRBea2oXaMlsfaK5c0QrVt0adNzFXt_Lmu6kboZC0-bEk0ZMB4SdX7Z6K74Im2XApap9yMomIV1hEDUoExnzASCbtxuvJrsYdwPY5ikviPtmBGPsrcRqhxwE8Flq31nU7WvrsT11qrL_PE3k8w_Ns5rusU

Request Chain 174

https://ads.travelaudience.com/google_pixel?google_gid=CAESED5Ma7WUENxeBVyBBXQZsro&google_cver=1&google_push=AXcoOmTikTTywe3E-rSUVJJ9J6vGADi3TGINul1kLLJFcc60DUW-WjA8Yi5WZjKsNnnSvm_0URZmmMsSCxslmYnD4a7GI6G3ZRjedOMqqA9UmI9LrN7nTBhjpG5vi6p2whT74eR6ASrhNrTRM0gRR1eI4UVqbxQ HTTP 307
https://cm.g.doubleclick.net/pixel?google_nid=ta&google_hm=oxODYkbVT1ogvqb_TKqjSA&google_push=AXcoOmTikTTywe3E-rSUVJJ9J6vGADi3TGINul1kLLJFcc60DUW-WjA8Yi5WZjKsNnnSvm_0URZmmMsSCxslmYnD4a7GI6G3ZRjedOMqqA9UmI9LrN7nTBhjpG5vi6p2whT74eR6ASrhNrTRM0gRR1eI4UVqbxQ

Request Chain 176

https://pr-bh.ybp.yahoo.com/sync/adx?google_gid=CAESELmkW72EQ2c2IBT-sd4RE4M&google_cver=1&google_push=AXcoOmQ8c9gX8niOezMkgWWhofpFveIOZUgxV6Ect2H8hziXO3AtqPUw_EOb8JWk6CQ8zzmtvFA_IsMWG_op5nsXy6-fNtwXqTT63lBrmxWYrH6KdaSst191ylhEIReIPfmpfNYwBfTsC4agV3bT4uSxoQDJ5A HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=AXcoOmQ8c9gX8niOezMkgWWhofpFveIOZUgxV6Ect2H8hziXO3AtqPUw_EOb8JWk6CQ8zzmtvFA_IsMWG_op5nsXy6-fNtwXqTT63lBrmxWYrH6KdaSst191ylhEIReIPfmpfNYwBfTsC4agV3bT4uSxoQDJ5A&google_hm=eS1jM213WmdWRTJwRlZjQ1dzcXljcXFBcnRzYzZvcHpUSX5B

Request Chain 177

https://c1.adform.net/serving/cookie/match/?party=1&google_gid=CAESEPdAfgezbRVpKaP4JLH0gD8&google_cver=1&google_push=AXcoOmS5QAJZIY-JVIVIOFWR5jEBb2cjzKfpggA0FBuwdCZdo6vVL2rx8JZI91fXRmeIEwhlwbpWqW34htk3E6uGReSHHaGYrHOboaqCnd-MjHK-iuLGhJsiTTyMT8MKWLS02nxADxlS5irMnIW1X1lAGIfzV1g HTTP 302
https://c1.adform.net/serving/cookie/match/?CC=1&party=1&google_gid=CAESEPdAfgezbRVpKaP4JLH0gD8&google_cver=1&google_push=AXcoOmS5QAJZIY-JVIVIOFWR5jEBb2cjzKfpggA0FBuwdCZdo6vVL2rx8JZI91fXRmeIEwhlwbpWqW34htk3E6uGReSHHaGYrHOboaqCnd-MjHK-iuLGhJsiTTyMT8MKWLS02nxADxlS5irMnIW1X1lAGIfzV1g HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=Nzc2Mjg5MDAyNTk5NDU1ODY5MA&google_push=AXcoOmS5QAJZIY-JVIVIOFWR5jEBb2cjzKfpggA0FBuwdCZdo6vVL2rx8JZI91fXRmeIEwhlwbpWqW34htk3E6uGReSHHaGYrHOboaqCnd-MjHK-iuLGhJsiTTyMT8MKWLS02nxADxlS5irMnIW1X1lAGIfzV1g

Request Chain 178

https://ius.ctnsnet.com/int/cm?exc=1&acc=crimtan_holdings_limited&google_gid=CAESED7d8aeoGD_4RSp8Dce70po&google_cver=1&google_push=AXcoOmTjQm5NnYq4U4y-_w5058MS1Gw0I-Unz8m1elE837OukuU_8ge7ACkV3wVeGAZ4tA8n4_p9Yj7DOWDgH_RyFlRlhKbut6tCHeCskT6BNDX_q284eOnRu5KIF_4B-QmBdKScH4JB72MSe5iYKYRxrlEeLJk HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=crimtan_holdings_limited&google_push=AXcoOmTjQm5NnYq4U4y-_w5058MS1Gw0I-Unz8m1elE837OukuU_8ge7ACkV3wVeGAZ4tA8n4_p9Yj7DOWDgH_RyFlRlhKbut6tCHeCskT6BNDX_q284eOnRu5KIF_4B-QmBdKScH4JB72MSe5iYKYRxrlEeLJk&google_hm=ucByduQ4T3mzaTeOG7S8moU

201 HTTP transactions
5 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request / Show response
zobi.pw/
Redirect Chain

http://zobi.cc/
https://zobi.pw/

116 KB
34 KB

131ms
89ms

Document
text/html

2606:4700:3030::6815:2c8b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://zobi.pw/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3030::6815:2c8b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / PHP/8.2.12 PleskLin
Resource Hash: ce84a95c33252b1f36382e7f509f24932adff7bbf00bf252ceced0d976c4c504

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: max-age=3, must-revalidate
cf-cache-status: DYNAMIC
cf-ray: 8222f8392859691f-FRA
content-encoding: br
content-type: text/html; charset=UTF-8
date: Tue, 07 Nov 2023 04:52:55 GMT
last-modified: Mon, 06 Nov 2023 04:22:52 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3n18LJ8jok27NYcWf28AEluxHf14sQVP37zuQH5YKNgYc%2Fwy7ttGVdBj1zqrIQiP3%2BcB8Q2PMcln0l%2B31GLdUp5hfP3HKcWaCqa7irGT8lvKHMcIfnJp5dzQXLY9xa7FnHJUtxqo"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding,Cookie
x-powered-by: PHP/8.2.12 PleskLin

Redirect headers

CF-RAY: 8222f838c9481d88-FRA
Cache-Control: max-age=3600
Connection: keep-alive
Date: Tue, 07 Nov 2023 04:52:55 GMT
Expires: Tue, 07 Nov 2023 05:52:55 GMT
Location: https://zobi.pw/
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=R44Zsb84TKuPYETiRptMMXVErjsURmn1EVJpjoRra8nFXdg2mD0uCIECGe7ObtOGeQv8EhxvZStvLK2YdXDptdUeJvpqB0XhfuykweEtjQvudJJQ0Q8B2xyXhNRgbi5Z163cgHIW"}],"group":"cf-nel","max_age":604800}
Server: cloudflare
Transfer-Encoding: chunked
Vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400

GET
H2 200 autoptimize_5b02a421712c6182d0d9d7b3747d98d1.css
zobi.pw/wp-content/cache/autoptimize/css/ 394 KB
63 KB 55ms
52ms Stylesheet
text/css 2606:4700:3030::6815:2c8b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://zobi.pw/wp-content/cache/autoptimize/css/autoptimize_5b02a421712c6182d0d9d7b3747d98d1.css
Requested by: Host: zobi.pw
URL: https://zobi.pw/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3030::6815:2c8b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / PleskLin
Resource Hash: afed0fad09801822c22eaf704f7c33f51c39d710ec5646fe4626c09f38e31c21

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://zobi.pw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Tue, 07 Nov 2023 04:52:56 GMT
content-encoding: br
cf-cache-status: REVALIDATED
last-modified: Mon, 06 Nov 2023 04:12:56 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"654867c8-62831"
x-powered-by: PleskLin
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yRad%2FGs7gy2Qe9mQ3O%2BVsKGPRi2pv937xt40L6mw3WuIS%2FTnqMm%2By8RQ4owR%2F19fveqHvG3SpIRSL5WtpGGeu0I0ZJxQLbL8mb%2FPaGVGEcwNaNWvj8oTjmOKltQ0Tj2b%2FuyGhmqK"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=14400
cf-ray: 8222f839b8da691f-FRA
alt-svc: h3=":443"; ma=86400

GET
H2 200 autoptimize_1f27fc077a8322c83868c23676beadf5.css
zobi.pw/wp-content/cache/autoptimize/css/ 15 KB
2 KB 61ms
59ms Stylesheet
text/css 2606:4700:3030::6815:2c8b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://zobi.pw/wp-content/cache/autoptimize/css/autoptimize_1f27fc077a8322c83868c23676beadf5.css
Requested by: Host: zobi.pw
URL: https://zobi.pw/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3030::6815:2c8b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / PleskLin
Resource Hash: 856b7619de4c8766e983a3f2bb0acad308d9c485a87c5bddda589834edb97e04

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://zobi.pw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Tue, 07 Nov 2023 04:52:56 GMT
content-encoding: br
cf-cache-status: REVALIDATED
last-modified: Mon, 06 Nov 2023 04:12:56 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"654867c8-3c03"
x-powered-by: PleskLin
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zkzvoENzvHBKCAJaHRR%2FIMCB8lA7rh3dM2uuWU4fYpYsDBjn4QXXc3JV9a5yIaqF5QbdMJYTEdITfRNErSMoV5hwe6V3fb4JkEGfGUxteY%2BMrYvPq8H%2FzJoI8KwYo%2F7qzCHJwVEk"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=14400
cf-ray: 8222f839b8db691f-FRA
alt-svc: h3=":443"; ma=86400

GET
H2 200 css
fonts.googleapis.com/ 8 KB
1 KB 39ms
17ms Stylesheet
text/css 2a00:1450:4001:828::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Oswald:400,700|Frank+Ruhl+Libre:400,700|Domine:400,700&display=swap

Requested by

Host: zobi.pw
URL: https://zobi.pw/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

8625329d73c741c9367ed33e4503579cf99e389cf43b9c6af35867fdb6285465

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://zobi.pw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Tue, 07 Nov 2023 04:52:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Tue, 07 Nov 2023 04:52:55 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Tue, 07 Nov 2023 04:52:55 GMT

GET
H2 200 jquery.min.js Show response
zobi.pw/wp-includes/js/jquery/ 85 KB
31 KB 60ms
59ms Script
application/javascript 2606:4700:3030::6815:2c8b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://zobi.pw/wp-includes/js/jquery/jquery.min.js?ver=3.7.0
Requested by: Host: zobi.pw
URL: https://zobi.pw/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3030::6815:2c8b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / PleskLin
Resource Hash: 5c93f77799d122fb5255ee24da285f9f228cc118cba11e6ceb2b6bda8cdf4164

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://zobi.pw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Tue, 07 Nov 2023 04:52:56 GMT
content-encoding: br
cf-cache-status: REVALIDATED
last-modified: Tue, 08 Aug 2023 21:23:35 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"64d2b257-155ba"
x-powered-by: PleskLin
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fZY14M4Y3Z8UxUsE1jH%2BGWy8sfPA4iEbeUT%2Fxx6Z4Tqx09Eas6gGFaUsi33heOAGhzxiqR0QGrc6DN3Mo2N8FW%2FNt4tU5B92zmeq9W6%2BiFEckYkXXg5cmsb37Ey7VJlyHENbsOHp"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=14400
cf-ray: 8222f839b8dc691f-FRA
alt-svc: h3=":443"; ma=86400

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 186 KB
67 KB 44ms
23ms Script
application/javascript 2a00:1450:4001:806::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=UA-132860397-17

Requested by

Host: zobi.pw
URL: https://zobi.pw/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

b06ab88119b3413dfb4618b37753905fb663acc2f9939e067f9267e3195d41df

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://zobi.pw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Tue, 07 Nov 2023 04:52:56 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 68710
x-xss-protection: 0
last-modified: Tue, 07 Nov 2023 03:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Tue, 07 Nov 2023 04:52:56 GMT

GET
H2 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ 148 KB
51 KB 71ms
28ms Script
text/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-9005940812336387

Requested by

Host: zobi.pw
URL: https://zobi.pw/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

aaac10b2ce11afe7261c349bb75e15638cdd166c2437b79942bbabf43135fa66

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://zobi.pw/
Origin: https://zobi.pw
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Tue, 07 Nov 2023 04:52:56 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 52280
x-xss-protection: 0
server: cafe
etag: 574603523774678287
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Tue, 07 Nov 2023 04:52:56 GMT

GET
H3 200 autoptimize_f88fd1e995e845f90d74249ed8115d79.js Show response
zobi.pw/wp-content/cache/autoptimize/js/ 46 KB
14 KB 24ms
24ms Script
application/javascript 2606:4700:3030::6815:2c8b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://zobi.pw/wp-content/cache/autoptimize/js/autoptimize_f88fd1e995e845f90d74249ed8115d79.js
Requested by: Host: zobi.pw
URL: https://zobi.pw/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3030::6815:2c8b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / PleskLin
Resource Hash: 0f7fd5c57e6092e3605461028d93e36f26a11a071e87ef19eeab5e85094cc89b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://zobi.pw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Tue, 07 Nov 2023 04:52:56 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 2126871
x-powered-by: PleskLin
alt-svc: h3=":443"; ma=86400
last-modified: Fri, 13 Oct 2023 11:43:04 GMT
server: cloudflare
etag: W/"65292d48-b802"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=V%2Fc9LVDU3KYIvc9b1%2B0vwBew8vo9JLj4AUp6iD3bjvmvuRRglZb3tF0klSHbhRmERMFEKTyqzD2VxfzFAAdWa%2Fe4ZSEN574mY4KFqHLONs6Z2uBkU%2FsjynHHS2RPFtEicpMU3Ffi"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=30672000, immutable
cf-ray: 8222f83a4a234d56-FRA
expires: Wed, 02 Oct 2024 14:05:05 GMT

GET
DATA 200
OK truncated
/ 42 B
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

Content-Type: image/gif

GET
H3 200 background.png
zobi.pw/wp-content/themes/gridhot/assets/images/ 3 KB
3 KB 47ms
47ms Image
image/png 2606:4700:3030::6815:2c8b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://zobi.pw/wp-content/themes/gridhot/assets/images/background.png
Requested by: Host: zobi.pw
URL: https://zobi.pw/wp-content/cache/autoptimize/css/autoptimize_5b02a421712c6182d0d9d7b3747d98d1.css
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3030::6815:2c8b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / PleskLin
Resource Hash: 4ceab23af1ef06b19ea4f0b703fe4cd99b513c0552d46aa28dcc8e67dca7f5be

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://zobi.pw/wp-content/cache/autoptimize/css/autoptimize_5b02a421712c6182d0d9d7b3747d98d1.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Tue, 07 Nov 2023 04:52:56 GMT
cf-cache-status: REVALIDATED
last-modified: Tue, 06 Jun 2023 17:34:46 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: "647f6e36-bce"
x-powered-by: PleskLin
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2Fl%2BWAyqztqYy0ypeGjbs4r%2B1HS2DN3xWSdzexiEiUvl%2BXYHjYxTTcUl4InwsS7qk05tVtdqvn9wEkSO0eNBjLOYT5T00xr%2Bc2pKSd4H0eUoO%2BiK3Xy3VT39K9exBN0ktKX1R7xGW"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 8222f83a5a374d56-FRA
alt-svc: h3=":443"; ma=86400
content-length: 3022

GET
H3 200 widgets-header.png
zobi.pw/wp-content/themes/gridhot/assets/images/ 935 B
1 KB 48ms
48ms Image
image/png 2606:4700:3030::6815:2c8b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://zobi.pw/wp-content/themes/gridhot/assets/images/widgets-header.png
Requested by: Host: zobi.pw
URL: https://zobi.pw/wp-content/cache/autoptimize/css/autoptimize_5b02a421712c6182d0d9d7b3747d98d1.css
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3030::6815:2c8b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / PleskLin
Resource Hash: ef1b413ab73ff2c9c8508a4c2b154dd74146183a1a0f4b364ce1c216f8c7298a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://zobi.pw/wp-content/cache/autoptimize/css/autoptimize_5b02a421712c6182d0d9d7b3747d98d1.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Tue, 07 Nov 2023 04:52:56 GMT
cf-cache-status: REVALIDATED
last-modified: Tue, 06 Jun 2023 17:34:46 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: "647f6e36-3a7"
x-powered-by: PleskLin
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QJK74RyUho478OUnPhf8SAgQy54BCUTXrkUd9%2FFXf9MN4U8wrY%2FDnvANdL4u4uWRS3MbU8BFxzIuNvsQ2l%2BcdBxGNkUeSNVC2dm7K%2BU%2FxE%2BxMi9zLeWatwWQvxEt4xs0qfXAetpq"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 8222f83a5a3b4d56-FRA
alt-svc: h3=":443"; ma=86400
content-length: 935

GET
H2 200 L0x8DFMnlVwD4h3hu_qn.woff2
fonts.gstatic.com/s/domine/v20/ 27 KB
28 KB 28ms
7ms Font
font/woff2 2a00:1450:4001:82f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/domine/v20/L0x8DFMnlVwD4h3hu_qn.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Oswald:400,700|Frank+Ruhl+Libre:400,700|Domine:400,700&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4ca7a2bf57b8f60a37d94646e7e67ffda591d8816c58a054d8ff1cc4103ba902

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://zobi.pw
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Thu, 02 Nov 2023 22:14:19 GMT
x-content-type-options: nosniff
age: 369517
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 28060
x-xss-protection: 0
last-modified: Wed, 13 Sep 2023 22:44:38 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 01 Nov 2024 22:14:19 GMT

GET
H2 200 j8_w6_fAw7jrcalD7oKYNX0QfAnPW7Dl4Q.woff2
fonts.gstatic.com/s/frankruhllibre/v20/ 43 KB
44 KB 30ms
13ms Font
font/woff2 2a00:1450:4001:82f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/frankruhllibre/v20/j8_w6_fAw7jrcalD7oKYNX0QfAnPW7Dl4Q.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Oswald:400,700|Frank+Ruhl+Libre:400,700|Domine:400,700&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

fbc774cb96be46cab2c4f68a761ba7f4b5cfa0bd2d7a9487e1fbed4b60e547c5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://zobi.pw
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Sat, 04 Nov 2023 05:01:23 GMT
x-content-type-options: nosniff
age: 258693
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 44476
x-xss-protection: 0
last-modified: Thu, 22 Jun 2023 15:33:25 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 03 Nov 2024 05:01:23 GMT

GET
H2 200 TK3IWkUHHAIjg75cFRf3bXL8LICs1_Fv40pKlN4NNSeSASz7FmlWHYg.woff2
fonts.gstatic.com/s/oswald/v53/ 21 KB
21 KB 35ms
18ms Font
font/woff2 2a00:1450:4001:82f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/oswald/v53/TK3IWkUHHAIjg75cFRf3bXL8LICs1_Fv40pKlN4NNSeSASz7FmlWHYg.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Oswald:400,700|Frank+Ruhl+Libre:400,700|Domine:400,700&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

99027d866818f716d208569108a962ac72200197cae503efe5b6bf002bf4915b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://zobi.pw
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Fri, 03 Nov 2023 00:18:32 GMT
x-content-type-options: nosniff
age: 362064
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 21444
x-xss-protection: 0
last-modified: Tue, 15 Aug 2023 18:38:40 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 02 Nov 2024 00:18:32 GMT

GET
H3 200 fa-solid-900.woff2
zobi.pw/wp-content/themes/gridhot/assets/webfonts/ 74 KB
74 KB 47ms
46ms Font
font/woff2 2606:4700:3030::6815:2c8b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://zobi.pw/wp-content/themes/gridhot/assets/webfonts/fa-solid-900.woff2
Requested by: Host: zobi.pw
URL: https://zobi.pw/wp-content/cache/autoptimize/css/autoptimize_5b02a421712c6182d0d9d7b3747d98d1.css
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3030::6815:2c8b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / PleskLin
Resource Hash: 3d1080625d3030e88357b3ac9aa377dcec23f1b529c4ad03f7a9a435ccae04be

Request headers

Referer: https://zobi.pw/wp-content/cache/autoptimize/css/autoptimize_5b02a421712c6182d0d9d7b3747d98d1.css
Origin: https://zobi.pw
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Tue, 07 Nov 2023 04:52:56 GMT
cf-cache-status: REVALIDATED
last-modified: Tue, 06 Jun 2023 17:34:46 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: "647f6e36-127d0"
x-powered-by: PleskLin
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vSvgsVR%2FvlrspgM1HC7wp4mGks8tFHBG9bn67cA89xYxW1atCWlgFgV7gkDedcpOt2Ul3cRxUuyyHqIQ0p7LjI1pHI6ZJ%2FVPbEPGJ4cP3FfiDu9IsG4UaGS6pL7V8zwaI%2FMKHFqn"}],"group":"cf-nel","max_age":604800}
content-type: font/woff2
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 8222f83a5a454d56-FRA
alt-svc: h3=":443"; ma=86400
content-length: 75728

GET
H2 200 j8_w6_fAw7jrcalD7oKYNX0QfAnPW7Ll4ajn.woff2
fonts.gstatic.com/s/frankruhllibre/v20/ 18 KB
18 KB 30ms
16ms Font
font/woff2 2a00:1450:4001:82f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/frankruhllibre/v20/j8_w6_fAw7jrcalD7oKYNX0QfAnPW7Ll4ajn.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Oswald:400,700|Frank+Ruhl+Libre:400,700|Domine:400,700&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

bfef1759264ee1ff070033df8721daf99c8228952e56df3290ce78e99b941f25

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://zobi.pw
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Sat, 04 Nov 2023 04:39:38 GMT
x-content-type-options: nosniff
age: 259998
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 18648
x-xss-protection: 0
last-modified: Thu, 22 Jun 2023 15:33:19 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 03 Nov 2024 04:39:38 GMT

GET
H3 200 WhatsApp-Image-2023-09-07-at-7.02.22-PM.jpeg
zobi.pw/wp-content/uploads/2023/09/ 35 KB
36 KB 54ms
53ms Image
image/jpeg 2606:4700:3030::6815:2c8b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://zobi.pw/wp-content/uploads/2023/09/WhatsApp-Image-2023-09-07-at-7.02.22-PM.jpeg
Requested by: Host: zobi.pw
URL: https://zobi.pw/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3030::6815:2c8b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / PleskLin
Resource Hash: 38cae8035587252fb011ce146f347d6a75d0551435230669028be4719cb48849

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://zobi.pw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Tue, 07 Nov 2023 04:52:56 GMT
cf-cache-status: REVALIDATED
last-modified: Fri, 08 Sep 2023 07:42:48 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: "64fad078-8d35"
x-powered-by: PleskLin
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=iDZF2E6qwJjOaGiALzh2YPcyTJFuzOf2su7xzdvNezR%2FJLxzQAf8%2BHdZc9qzZ%2FUOpbCj6keFube2Pp5WF%2FsfltPbofovGJZU4JZSZ6qhoQZhy278IUfq1Q2bCh4rKjb36DHUz0qh"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 8222f83abaa44d56-FRA
alt-svc: h3=":443"; ma=86400
content-length: 36149

GET
H3 200 %D7%96%D7%99%D7%92%D7%99-%D7%A2%D7%95%D7%A0%D7%94-5.jpg
zobi.pw/wp-content/uploads/2023/08/ 91 KB
91 KB 55ms
54ms Image
image/jpeg 2606:4700:3030::6815:2c8b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://zobi.pw/wp-content/uploads/2023/08/%D7%96%D7%99%D7%92%D7%99-%D7%A2%D7%95%D7%A0%D7%94-5.jpg
Requested by: Host: zobi.pw
URL: https://zobi.pw/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3030::6815:2c8b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / PleskLin
Resource Hash: 0cd950c13708ef9a32871614a97d2f950fb09971141a26794070612999ec77f3

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://zobi.pw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Tue, 07 Nov 2023 04:52:56 GMT
cf-cache-status: REVALIDATED
last-modified: Tue, 15 Aug 2023 13:16:04 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: "64db7a94-16afc"
x-powered-by: PleskLin
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=C9yRA4cSTHssyyqXACGZ9c2zKktQ7rjKjLAOYjERqACXoY8cQtwsoXGe6nPBiP%2Fn3Iu7bXcUoMKYOid%2BjWQbPOBQWtuN7z%2FviVeS5nfiAMsJfEMeQsu1SWtq%2FP2oZv3Vu6%2Buwmon"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 8222f83abaa64d56-FRA
alt-svc: h3=":443"; ma=86400
content-length: 92924

GET
H3 200 %D7%91%D7%A2%D7%9C%D7%AA-%D7%94%D7%97%D7%9C%D7%95%D7%9E%D7%95%D7%AA-%D7%A2%D7%95%D7%A0%D7%94-2.png
zobi.pw/wp-content/uploads/2023/06/ 404 KB
405 KB 47ms
47ms Image
image/png 2606:4700:3030::6815:2c8b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://zobi.pw/wp-content/uploads/2023/06/%D7%91%D7%A2%D7%9C%D7%AA-%D7%94%D7%97%D7%9C%D7%95%D7%9E%D7%95%D7%AA-%D7%A2%D7%95%D7%A0%D7%94-2.png
Requested by: Host: zobi.pw
URL: https://zobi.pw/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3030::6815:2c8b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / PleskLin
Resource Hash: e60f40a8ea10c459128b30c2444c2709fa88324163dc9a77dc4fa0616c143e5e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://zobi.pw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Tue, 07 Nov 2023 04:52:56 GMT
cf-cache-status: REVALIDATED
last-modified: Wed, 28 Jun 2023 12:38:39 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: "649c29cf-650ed"
x-powered-by: PleskLin
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=j9rKNXQO07uxFTHX6yFeRusz%2FzE0qRRuXjIRE0GV7YG3xfgJVvYzyvbPzFnP3zzmGd34D3ZUpIWCbnUyYnMbOUW%2FLc0W5OuWpZAxpnDUPGeBkXTQtAaCESRiX1Tngd27lpr9mEzf"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 8222f83abaa74d56-FRA
alt-svc: h3=":443"; ma=86400
content-length: 413933

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 217 KB
77 KB 25ms
24ms Script
application/javascript 2a00:1450:4001:806::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-S9JJ8V4PZ4&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-132860397-17

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

a5006670fbf92c880faae55f77a1a32f42cb0a814b0dc11ee87e5f148da662fe

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://zobi.pw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Tue, 07 Nov 2023 04:52:56 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 79146
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Tue, 07 Nov 2023 04:52:56 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 52 KB
21 KB 56ms
13ms Script
text/javascript 2a00:1450:4001:801::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-132860397-17

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://zobi.pw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Tue, 07 Nov 2023 03:51:32 GMT
last-modified: Mon, 12 Jun 2023 18:23:07 GMT
server: Golfe2
age: 3684
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20994
expires: Tue, 07 Nov 2023 05:51:32 GMT

GET
H3 200 show_ads_impl_with_ama_fy2021.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202311020101/ 400 KB
135 KB 53ms
39ms Script
text/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202311020101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-9005940812336387&plah=zobi.pw

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-9005940812336387

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

041eec9b3e8b74ebc736c113cc42cf2882f64a4189945da55c4984e9610cbd82

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://zobi.pw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Tue, 07 Nov 2023 04:52:56 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 138485
x-xss-protection: 0
server: cafe
etag: 4163261935696187149
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Tue, 07 Nov 2023 04:52:56 GMT

GET
H2 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20231102/r20190131/ Frame 334E 10 KB
5 KB 28ms
6ms Document
text/html 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20231102/r20190131/zrt_lookup.html

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-9005940812336387

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

626c65063bcb00fcc4574cffc418820fc209794a0519ec1e65931896c79a6ee1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://zobi.pw/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 61551
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4502
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 06 Nov 2023 11:47:05 GMT
etag: 251720774729838433
expires: Mon, 20 Nov 2023 11:47:05 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

POST
H2 204 collect
region1.google-analytics.com/g/ 0
248 B 368ms
16ms Ping
text/plain 2001:4860:4802:34::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.google-analytics.com/g/collect?v=2&tid=G-S9JJ8V4PZ4&gtm=45je3b60v9111954569&_p=1699332776042&gcd=11l1l1l1l1&dma_cps=sypham&dma=1&cid=176559181.1699332776&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_eu=AAAI&_s=1&sid=1699332776&sct=1&seg=0&dl=https%3A%2F%2Fzobi.pw%2F&dt=Watch%20It%20-%20%D7%9B%D7%9C%20%D7%94%D7%AA%D7%95%D7%9B%D7%9F%20%D7%94%D7%97%D7%93%D7%A9%20%D7%91%D7%9E%D7%A7%D7%95%D7%9D%20%D7%90%D7%97%D7%93!&en=page_view&_fv=1&_nsi=1&_ss=1&tfd=473
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-S9JJ8V4PZ4&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://zobi.pw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 07 Nov 2023 04:52:56 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://zobi.pw
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 collect Show response
www.google-analytics.com/j/ 1 B
200 B 14ms
14ms XHR
text/plain 2a00:1450:4001:801::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j101&a=70829529&t=pageview&_s=1&dl=https%3A%2F%2Fzobi.pw%2F&ul=en-us&de=UTF-8&dt=Watch%20It%20-%20%D7%9B%D7%9C%20%D7%94%D7%AA%D7%95%D7%9B%D7%9F%20%D7%94%D7%97%D7%93%D7%A9%20%D7%91%D7%9E%D7%A7%D7%95%D7%9D%20%D7%90%D7%97%D7%93!&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YADAAUABAAAAACAAI~&jid=1004091835&gjid=623806773&cid=176559181.1699332776&tid=UA-132860397-17&_gid=1814810197.1699332776&_r=1&gtm=457e3b60&gcd=11l1l1l1l1&jsscut=1&z=1605752159

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://zobi.pw/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 07 Nov 2023 04:52:56 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://zobi.pw
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 cookie.js Show response
partner.googleadservices.com/gampad/ 381 B
599 B 328ms
17ms Script
text/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://partner.googleadservices.com/gampad/cookie.js?domain=zobi.pw&callback=_gfp_s_&client=ca-pub-9005940812336387

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202311020101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-9005940812336387&plah=zobi.pw

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9de550bd45b8d23cd530be2ccf5384aec9443f1d6dbb9a22c6de3e14b175f0f4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://zobi.pw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Tue, 07 Nov 2023 04:52:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: text/javascript; charset=UTF-8
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 247
x-xss-protection: 0

GET
H2 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 1218 234 KB
61 KB 560ms
554ms Document
text/html 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9005940812336387&output=html&adk=2569712853&adf=3073754922&lmt=1699244572&plat=9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C41%3A32%2C42%3A32&plas=164x945_l%7C164x945_r&format=0x0&url=https%3A%2F%2Fzobi.pw%2F&ea=0&pra=5&wgl=1&easpi=0&asro=0&asiscm=1&aslmt=0.4&asamt=-1&asedf=0&asefa=1&aseiel=1~2&ascmds=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1699332776165&bpp=5&bdt=208&idt=109&shv=r20231102&mjsv=m202311020101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=478525774591&frm=20&pv=2&ga_vid=176559181.1699332776&ga_sid=1699332776&ga_hid=70829529&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C31079296%2C31079402%2C44807047%2C44807454%2C44807464%2C31078301&oid=2&pvsid=3306344477282987&tmod=933844701&uas=0&nvt=1&fsapi=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=1&uci=a!1&fsb=1&dtd=131

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

5865c86c17e2bfa0249e6b86635a1c50a37eb6fc54f9879fb96d523aeae8060f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://zobi.pw/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 62557
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 07 Nov 2023 04:52:57 GMT
expires: Tue, 07 Nov 2023 04:52:57 GMT
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame B9C7 120 KB
40 KB 487ms
481ms Document
text/html 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9005940812336387&output=html&h=280&slotname=2170889888&adk=3016986170&adf=1218384131&pi=t.ma~as.2170889888&w=1200&fwrn=4&fwrnh=100&lmt=1699244572&rafmt=1&format=1200x280&url=https%3A%2F%2Fzobi.pw%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1699332776170&bpp=1&bdt=213&idt=128&shv=r20231102&mjsv=m202311020101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=478525774591&frm=20&pv=1&ga_vid=176559181.1699332776&ga_sid=1699332776&ga_hid=70829529&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=170&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C31079296%2C31079402%2C44807047%2C44807454%2C44807464%2C31078301&oid=2&pvsid=3306344477282987&tmod=933844701&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=o%7C%7CoEe%7C&abl=CS&pfx=0&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&fsb=1&xpc=x4fdk3wZZp&p=https%3A//zobi.pw&dtd=132

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

1448a00448d69661aa057e02d83a33bb973fe59ee2cb08f50bc6898ed3f8c48a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://zobi.pw/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 40925
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 07 Nov 2023 04:52:57 GMT
expires: Tue, 07 Nov 2023 04:52:57 GMT
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 css
fonts.googleapis.com/ Frame B9C7 4 KB
751 B 18ms
17ms Stylesheet
text/css 2a00:1450:4001:828::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto%3A400%2C500

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9005940812336387&output=html&h=280&slotname=2170889888&adk=3016986170&adf=1218384131&pi=t.ma~as.2170889888&w=1200&fwrn=4&fwrnh=100&lmt=1699244572&rafmt=1&format=1200x280&url=https%3A%2F%2Fzobi.pw%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1699332776170&bpp=1&bdt=213&idt=128&shv=r20231102&mjsv=m202311020101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=478525774591&frm=20&pv=1&ga_vid=176559181.1699332776&ga_sid=1699332776&ga_hid=70829529&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=170&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C31079296%2C31079402%2C44807047%2C44807454%2C44807464%2C31078301&oid=2&pvsid=3306344477282987&tmod=933844701&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=o%7C%7CoEe%7C&abl=CS&pfx=0&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&fsb=1&xpc=x4fdk3wZZp&p=https%3A//zobi.pw&dtd=132

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

f8238cdd1cc6032f1c34cf7e559b55a936097f78cc8839628e5cc39a6fc3f390

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Tue, 07 Nov 2023 04:52:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Tue, 07 Nov 2023 04:52:54 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Tue, 07 Nov 2023 04:52:57 GMT

GET
H2 200 load_preloaded_resource_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231102/r20110914/client/ Frame B9C7 2 KB
903 B 29ms
8ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231102/r20110914/client/load_preloaded_resource_fy2021.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

41d2526e9c4595fc1fc747555bda18a041033a863a9b2ed180e7b5836918facd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Mon, 06 Nov 2023 14:05:39 GMT
content-encoding: br
x-content-type-options: nosniff
age: 53238
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 795
x-xss-protection: 0
server: cafe
etag: 4925184154378345226
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 20 Nov 2023 14:05:39 GMT

GET
H2 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231102/r20110914/ Frame B9C7 23 KB
9 KB 14ms
9ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231102/r20110914/abg_lite_fy2021.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8b1cd2613a5b066023f3aee22ea0cd501c2fb10eccaece8de94114f659c0d61f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Mon, 06 Nov 2023 13:53:59 GMT
content-encoding: br
x-content-type-options: nosniff
age: 53938
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9286
x-xss-protection: 0
server: cafe
etag: 5170786266788330719
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 20 Nov 2023 13:53:59 GMT

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231102/r20110914/client/ Frame B9C7 3 KB
1 KB 14ms
8ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231102/r20110914/client/window_focus_fy2021.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Mon, 06 Nov 2023 22:02:22 GMT
content-encoding: br
x-content-type-options: nosniff
age: 24635
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 20 Nov 2023 22:02:22 GMT

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231102/r20110914/client/ Frame B9C7 20 KB
9 KB 12ms
7ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231102/r20110914/client/qs_click_protection_fy2021.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ee46bdadc83beb5e76bce18bc7cc3d169c7f0490901f6be96ec41ee2c14d3776

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Mon, 06 Nov 2023 13:56:36 GMT
content-encoding: br
x-content-type-options: nosniff
age: 53781
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8543
x-xss-protection: 0
server: cafe
etag: 18034338113832500900
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 20 Nov 2023 13:56:36 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame B9C7 190 KB
60 KB 49ms
27ms Script
text/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6a67d82954e869f63863c01de1404e74d89722d7774b105176d253292b75b6aa

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Tue, 07 Nov 2023 04:52:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 61127
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1699274420466708"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 07 Nov 2023 04:52:57 GMT

GET
H2 200 ac1dbca482530a26bafc7a8c1241173a.js Show response
www.gstatic.com/mysidia/ Frame B9C7 36 KB
15 KB 27ms
7ms Script
text/javascript 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/ac1dbca482530a26bafc7a8c1241173a.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cddb42bd69440699ae8fe758dac4d5f52911fa67b2a7a637d5d1bcfa2d88b0d3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Mon, 06 Nov 2023 06:26:06 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 80811
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15099
x-xss-protection: 0
last-modified: Wed, 01 Nov 2023 17:23:42 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Sun, 04 Feb 2024 06:26:06 GMT

GET
H2 200 14763004658117789537
tpc.googlesyndication.com/simgad/8808360879658012812/ Frame B9C7 37 KB
37 KB 14ms
14ms Image
image/jpeg 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/8808360879658012812/14763004658117789537

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

66acd04a5e1770a0f2d59fcd18a5f120df65783d4420a633454de11a3c994b91

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Tue, 31 Oct 2023 06:13:10 GMT
x-content-type-options: nosniff
age: 599987
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 38149
x-xss-protection: 0
last-modified: Wed, 19 Apr 2023 18:06:55 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Wed, 30 Oct 2024 06:13:10 GMT

GET
H2 200 14763004658117789537
tpc.googlesyndication.com/simgad/2374973791745387585/ Frame B9C7 1 KB
2 KB 14ms
13ms Image
image/jpeg 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/2374973791745387585/14763004658117789537?w=100&h=100&tw=1&q=75

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

eb5326b1a810d23ff0f6f568bc0e8e8e90b13992b1f5232b61d863b671969922

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Tue, 31 Oct 2023 07:40:43 GMT
x-content-type-options: nosniff
age: 594734
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1513
x-xss-protection: 0
last-modified: Fri, 07 Apr 2023 09:41:39 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Wed, 30 Oct 2024 07:40:43 GMT

GET
DATA 200
OK truncated
/ Frame B9C7 213 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 8c87a06d5dc32c60636c8d34c0791a5576fc696aa8ed9705b2dc1dee05abc7a2

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 reactive_library_fy2021.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202311020101/ 160 KB
55 KB 25ms
24ms Script
text/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202311020101/reactive_library_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c4d7ccafc72e3cfb015ffb4eae17df010bd22696043e03d550c47034a797d8be

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://zobi.pw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Tue, 07 Nov 2023 04:52:57 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 55820
x-xss-protection: 0
server: cafe
etag: 4609436798826319078
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=1209600
timing-allow-origin: *
expires: Tue, 07 Nov 2023 04:52:57 GMT

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame AFE2 31 KB
13 KB 547ms
547ms Document
text/html 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9005940812336387&output=html&h=90&adk=3276878225&adf=3959326066&pi=t.aa~a.1462100283~rp.4&w=1200&fwrn=4&fwrnh=100&lmt=1699244572&rafmt=1&to=qs&pwprc=8733112097&format=1200x90&url=https%3A%2F%2Fzobi.pw%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1699332777235&bpp=1&bdt=1278&idt=-M&shv=r20231102&mjsv=m202311020101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D1420813f022afac5%3AT%3D1699332776%3ART%3D1699332776%3AS%3DALNI_MYSCxAC-onTTakmK6gLqxYWxD8nsw&gpic=UID%3D00000cb74907bc80%3AT%3D1699332776%3ART%3D1699332776%3AS%3DALNI_Mb00tq47dWSQdH0uUg5QeUo3eYbkw&prev_fmts=0x0%2C1200x280&nras=2&correlator=478525774591&frm=20&pv=1&ga_vid=176559181.1699332776&ga_sid=1699332776&ga_hid=70829529&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=1605&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C31079296%2C31079402%2C44807047%2C44807454%2C44807464%2C31078301&oid=2&psts=AOrYGskejcUVOFrBvqPKf7nqU8J421tGcb5auGFrJHJiW-3KcUrSYE3R5L1XbsMcfUkx17K1ZcPe5MdHVNqrIx3a-fWLASyT&pvsid=3306344477282987&tmod=933844701&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=3&uci=a!3&btvi=1&fsb=1&xpc=EEHRQVsWBU&p=https%3A//zobi.pw&dtd=6

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

af2567361123be0002aa076022fba6e5dceae39d4716420332c7be88f9eb1148

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://zobi.pw/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 13447
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 07 Nov 2023 04:52:57 GMT
expires: Tue, 07 Nov 2023 04:52:57 GMT
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame DCE2 32 KB
13 KB 508ms
508ms Document
text/html 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9005940812336387&output=html&h=90&adk=3436455706&adf=1853938316&pi=t.aa~a.425326084~rp.1&w=1200&fwrn=4&fwrnh=100&lmt=1699244572&rafmt=1&to=qs&pwprc=8733112097&format=1200x90&url=https%3A%2F%2Fzobi.pw%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1699332777235&bpp=1&bdt=1278&idt=1&shv=r20231102&mjsv=m202311020101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D1420813f022afac5%3AT%3D1699332776%3ART%3D1699332776%3AS%3DALNI_MYSCxAC-onTTakmK6gLqxYWxD8nsw&gpic=UID%3D00000cb74907bc80%3AT%3D1699332776%3ART%3D1699332776%3AS%3DALNI_Mb00tq47dWSQdH0uUg5QeUo3eYbkw&prev_fmts=0x0%2C1200x280%2C1200x90&nras=3&correlator=478525774591&frm=20&pv=1&ga_vid=176559181.1699332776&ga_sid=1699332776&ga_hid=70829529&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=1721&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C31079296%2C31079402%2C44807047%2C44807454%2C44807464%2C31078301&oid=2&psts=AOrYGskejcUVOFrBvqPKf7nqU8J421tGcb5auGFrJHJiW-3KcUrSYE3R5L1XbsMcfUkx17K1ZcPe5MdHVNqrIx3a-fWLASyT&pvsid=3306344477282987&tmod=933844701&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=4&uci=a!4&btvi=2&fsb=1&xpc=vJC33qhC8p&p=https%3A//zobi.pw&dtd=9

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

57ee13e57e8c0ce2dc46ef0b08d22265abf14c1fe04f2bd4ded7e4a6d9055cf7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://zobi.pw/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 13469
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 07 Nov 2023 04:52:57 GMT
expires: Tue, 07 Nov 2023 04:52:57 GMT
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 KFOlCnqEu92Fr1MmEU9fBBc4.woff2
fonts.gstatic.com/s/roboto/v30/ Frame B9C7 16 KB
16 KB 8ms
7ms Font
font/woff2 2a00:1450:4001:82f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto%3A400%2C500

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b019538234514166ec7665359d097403358f8a4c991901983922fb4d56989f1e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://googleads.g.doubleclick.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Fri, 03 Nov 2023 15:18:02 GMT
x-content-type-options: nosniff
age: 308095
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15920
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:45 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 02 Nov 2024 15:18:02 GMT

GET
H2 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v30/ Frame B9C7 15 KB
15 KB 8ms
7ms Font
font/woff2 2a00:1450:4001:82f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto%3A400%2C500

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://googleads.g.doubleclick.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Fri, 03 Nov 2023 04:06:52 GMT
x-content-type-options: nosniff
age: 348365
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15744
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:48 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 02 Nov 2024 04:06:52 GMT

GET
H3

200

/
www.googleadservices.com/pagead/ar-adview/ Frame B9C7
Redirect Chain

https://googleads.g.doubleclick.net/pagead/adview?ai=CTC4XqMJJZbacKdvd_tMPtuenkA60j8uGdPqrmq6lEtOO3uGwOhABIPqfrn5gleKQgqAHoAGfpomjKcgBCakCzESjjCL8sT6oAwHIA8sEqgTmAU_QbzJ67VSzhEoRPPFreoMb4vmqXY7vCzS...
https://www.googleadservices.com/pagead/ar-adview/?nrh={%22debug_key%22:%226740333561162086704%22,%22debug_reporting%22:true,%22destination%22:%22https://speedfindr.com%22,%22event_report_window%22...

0
0

58ms
41ms

Fetch
text/css

142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/ar-adview/?nrh={%22debug_key%22:%226740333561162086704%22,%22debug_reporting%22:true,%22destination%22:%22https://speedfindr.com%22,%22event_report_window%22:%22259200%22,%22expiry%22:%222592000%22,%22filter_data%22:{%222%22:[%2211079406367%22],%224%22:[%2211-07%22],%226%22:[%22true%22]},%22priority%22:%22500%22,%22source_event_id%22:%228162688320669127377%22}&andc=true

Requested by

Host: zobi.pw
URL: https://zobi.pw/

Protocol

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Tue, 07 Nov 2023 04:52:57 GMT
x-content-type-options: nosniff
attribution-reporting-register-source: {"debug_key":"6740333561162086704","debug_reporting":true,"destination":"https://speedfindr.com","event_report_window":"259200","expiry":"2592000","filter_data":{"2":["11079406367"],"4":["11-07"],"6":["true"]},"priority":"500","source_event_id":"8162688320669127377"}
server: cafe
content-type: text/css; charset=UTF-8
access-control-allow-origin: https://googleads.g.doubleclick.net
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: private
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Tue, 07 Nov 2023 04:52:57 GMT

Redirect headers

content-security-policy: script-src 'none'; object-src 'none'
date: Tue, 07 Nov 2023 04:52:57 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
location: https://www.googleadservices.com/pagead/ar-adview/?nrh={"debug_key":"6740333561162086704","debug_reporting":true,"destination":"https://speedfindr.com","event_report_window":"259200","expiry":"2592000","filter_data":{"2":["11079406367"],"4":["11-07"],"6":["true"]},"priority":"500","source_event_id":"8162688320669127377"}&andc=true
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H3 200 lJko_tUUCSg1zleom4HNSQb4WTO0YIIk7wxKK6Unhpg.js Show response
pagead2.googlesyndication.com/bg/ Frame 1141 50 KB
19 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/lJko_tUUCSg1zleom4HNSQb4WTO0YIIk7wxKK6Unhpg.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

949928fed514092835ce57a89b81cd4906f85933b4608224ef0c4a2ba5278698

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Wed, 01 Nov 2023 19:21:34 GMT
content-encoding: br
x-content-type-options: nosniff
age: 466283
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 19684
x-xss-protection: 0
last-modified: Tue, 31 Oct 2023 13:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 31 Oct 2024 19:21:34 GMT

GET
H3 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20231102/r20110914/ Frame 7403 10 KB
4 KB 7ms
7ms Document
text/html 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20231102/r20110914/zrt_lookup.html?fsb=1

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

626c65063bcb00fcc4574cffc418820fc209794a0519ec1e65931896c79a6ee1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://zobi.pw/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 21959
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4502
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 06 Nov 2023 22:46:58 GMT
etag: 251720774729838433
expires: Mon, 20 Nov 2023 22:46:58 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20231102/r20110914/ Frame 1C4A 10 KB
4 KB 7ms
7ms Document
text/html 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20231102/r20110914/zrt_lookup.html?fsb=1

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

626c65063bcb00fcc4574cffc418820fc209794a0519ec1e65931896c79a6ee1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://zobi.pw/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 21959
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4502
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 06 Nov 2023 22:46:58 GMT
etag: 251720774729838433
expires: Mon, 20 Nov 2023 22:46:58 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

OPTIONS
H2 204 /
www.googleadservices.com/pagead/ar-adview/ Frame 0
0 78ms
41ms Preflight
text/html 142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept: */*
Access-Control-Request-Headers: attribution-reporting-eligible
Access-Control-Request-Method: GET
Origin: https://googleads.g.doubleclick.net
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: attribution-reporting-eligible
access-control-allow-methods: POST, GET, OPTIONS
access-control-allow-origin: https://googleads.g.doubleclick.net
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
content-type: text/html; charset=UTF-8
date: Tue, 07 Nov 2023 04:52:57 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 css2
fonts.googleapis.com/ Frame 7403 4 KB
671 B 17ms
17ms Stylesheet
text/css 2a00:1450:4001:828::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Roboto:wght@400;700&display=swap

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231102/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

2d0922bd18f06df3c7413fcd6a3f1c5ec9545b4b07b131e362f30df7275fc058

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Tue, 07 Nov 2023 04:52:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Tue, 07 Nov 2023 03:09:01 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Tue, 07 Nov 2023 04:52:57 GMT

GET
H2 200 feedback_grey600_24dp.png
www.gstatic.com/images/icons/material/system/2x/ Frame 7403 205 B
520 B 9ms
8ms Image
image/png 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/images/icons/material/system/2x/feedback_grey600_24dp.png

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231102/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4d45982f2dc34f36c9045ee46a75a1943666bb7fd64e103cac8c7429e7012840

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Sun, 05 Nov 2023 15:16:22 GMT
x-content-type-options: nosniff
age: 135395
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 205
x-xss-protection: 0
last-modified: Thu, 20 Jul 2023 22:48:00 GMT
server: sffe
vary: Origin
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
expires: Mon, 04 Nov 2024 15:16:22 GMT

GET
H2 200 settings_grey600_24dp.png
www.gstatic.com/images/icons/material/system/2x/ Frame 7403 604 B
696 B 9ms
8ms Image
image/png 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/images/icons/material/system/2x/settings_grey600_24dp.png

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231102/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5c4a713ee4250851232be9f9f68d41586be39b299528cfc7266e0b0e7e582e1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Fri, 03 Nov 2023 12:18:27 GMT
x-content-type-options: nosniff
age: 318870
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 604
x-xss-protection: 0
last-modified: Thu, 20 Jul 2023 22:48:00 GMT
server: sffe
vary: Origin
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
expires: Sat, 02 Nov 2024 12:18:27 GMT

GET
H2 200 fullscreen_api_adapter_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231102/r20110914/elements/html/ Frame 7403 16 KB
7 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231102/r20110914/elements/html/fullscreen_api_adapter_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231102/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

87cb3f981317ccf5ad632f64e531aa7da8d49571127cfa1f142483a085f89d82

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Mon, 06 Nov 2023 13:06:54 GMT
content-encoding: br
x-content-type-options: nosniff
age: 56763
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6758
x-xss-protection: 0
server: cafe
etag: 15318980762987274547
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 20 Nov 2023 13:06:54 GMT

GET
H2 200 interstitial_ad_frame_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231102/r20110914/elements/html/ Frame 7403 21 KB
9 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231102/r20110914/elements/html/interstitial_ad_frame_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231102/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

bfd4745fee7e2635754df4ff32e620ff7356b538283d881968cf48255db8eebc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Mon, 06 Nov 2023 18:59:05 GMT
content-encoding: br
x-content-type-options: nosniff
age: 35632
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8785
x-xss-protection: 0
server: cafe
etag: 17726888854999048520
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 20 Nov 2023 18:59:05 GMT

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame DCEE 624 B
242 B 22ms
21ms Document
text/html 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxj-rbvGATAB&v=APEucNX6Y0yJ1xC0yXFjxlgXeFYlyj8f2sh8yw5rde2rGitwT1Bu4nJ6DH2fkIpf2kdmPT2ZhATYJY7oRlH08XUBMtHTapnt5eLTKoXP_CfcstgihdsBBkbscGdqWjz7YQvUi_gXBcnU8_Gl0llbzQutwd2ToMhj8E1iL7U6OmhcS6NikrqZQF0

Requested by

Host: zobi.pw
URL: https://zobi.pw/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/html/r20231102/r20110914/zrt_lookup.html?fsb=1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: br
content-length: 222
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 07 Nov 2023 04:52:57 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 dv3.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame 9CF6 89 KB
31 KB 37ms
36ms Script
text/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/dv3.js

Requested by

Host: zobi.pw
URL: https://zobi.pw/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

6c0bd41a591f67aa54215c9f9c1f0e86935d86b6546a0ba0bf9cebbed53a9ebc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Tue, 07 Nov 2023 04:52:57 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 31491
x-xss-protection: 0
server: cafe
etag: 6167930392490353973
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=600
timing-allow-origin: *
expires: Tue, 07 Nov 2023 04:52:57 GMT

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231102/r20110914/client/ Frame 9CF6 3 KB
1 KB 12ms
9ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231102/r20110914/client/window_focus_fy2021.js

Requested by

Host: zobi.pw
URL: https://zobi.pw/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Mon, 06 Nov 2023 22:02:22 GMT
content-encoding: br
x-content-type-options: nosniff
age: 24635
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 20 Nov 2023 22:02:22 GMT

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231102/r20110914/client/ Frame 9CF6 20 KB
8 KB 11ms
8ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231102/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: zobi.pw
URL: https://zobi.pw/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ee46bdadc83beb5e76bce18bc7cc3d169c7f0490901f6be96ec41ee2c14d3776

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Mon, 06 Nov 2023 13:56:36 GMT
content-encoding: br
x-content-type-options: nosniff
age: 53781
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8543
x-xss-protection: 0
server: cafe
etag: 18034338113832500900
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 20 Nov 2023 13:56:36 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 9CF6 190 KB
60 KB 67ms
66ms Script
text/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: zobi.pw
URL: https://zobi.pw/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6a67d82954e869f63863c01de1404e74d89722d7774b105176d253292b75b6aa

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Tue, 07 Nov 2023 04:52:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 61127
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1699274420466708"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 07 Nov 2023 04:52:57 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 9CF6 42 B
63 B 41ms
39ms Image
image/gif 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-AKld4g4Kz-eyBEcRKV-SSXiKp2TRfLd6j1OLZOwnJmj-4-pNbrIWAbQYiKdtWLUR9ZE524YSGhdzzoXiGi-P0SnjVRlFmKa9JWCIH-mYCEnzZ3wf0

Requested by

Host: zobi.pw
URL: https://zobi.pw/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 07 Nov 2023 04:52:57 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 9CF6 0
20 B 41ms
40ms Image
image/gif 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=fetch&cor=2157976085678388868&x=1&ct=77

Requested by

Host: zobi.pw
URL: https://zobi.pw/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 07 Nov 2023 04:52:57 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

rum
dsum-sec.casalemedia.com/ Frame DCEE
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEPjgQXUQrYugyMiHug00TAU&google_cver=1

43 B
338 B

19ms
19ms

Image
image/gif

172.64.151.101
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEPjgQXUQrYugyMiHug00TAU&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxj-rbvGATAB&v=APEucNX6Y0yJ1xC0yXFjxlgXeFYlyj8f2sh8yw5rde2rGitwT1Bu4nJ6DH2fkIpf2kdmPT2ZhATYJY7oRlH08XUBMtHTapnt5eLTKoXP_CfcstgihdsBBkbscGdqWjz7YQvUi_gXBcnU8_Gl0llbzQutwd2ToMhj8E1iL7U6OmhcS6NikrqZQF0
Protocol: H2
Server: 172.64.151.101 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 07 Nov 2023 04:52:57 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=AcoAGl8PIpeGwJ5wHkA%2FzZEIgCm57tfDqmowtqms%2Br5z4fbpfKXU6bnpMDLSoZK0sxDAREyciWXPOkm30oX%2BTSyZ11iBgD9IrrNhPFEDdy%2BrQA2AuXmdj6MzNfrMT2IemyFaxEqTbUERCw%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type: image/gif
cache-control: no-cache
cf-ray: 8222f843592a9b76-FRA
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Tue, 07 Nov 2023 04:52:57 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEPjgQXUQrYugyMiHug00TAU&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

rum
dsum-sec.casalemedia.com/ Frame DCEE
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZUnCqT24OZVL2Lv-VuNplAAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEPjgQXUQrYugyMiHug00TAU&google_cver=1

43 B
775 B

23ms
23ms

Image
image/gif

172.64.151.101
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEPjgQXUQrYugyMiHug00TAU&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxj-rbvGATAB&v=APEucNX6Y0yJ1xC0yXFjxlgXeFYlyj8f2sh8yw5rde2rGitwT1Bu4nJ6DH2fkIpf2kdmPT2ZhATYJY7oRlH08XUBMtHTapnt5eLTKoXP_CfcstgihdsBBkbscGdqWjz7YQvUi_gXBcnU8_Gl0llbzQutwd2ToMhj8E1iL7U6OmhcS6NikrqZQF0
Protocol: H3
Server: 172.64.151.101 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 07 Nov 2023 04:52:57 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1M%2BeOu2qI0FgSZX3mm8Xi4O%2FnQ8Zp53gzfTsau3TjVVthiNkmTnKpIhfDSITljl41seuNPg57drnTQ%2BClbWSNQkXffB0WMUoBQ%2BS7NZxiZuf%2FJ8yxrF4YSH5iTufwE%2Fy7fXTCR5%2FSjKKrA%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type: image/gif
cache-control: no-cache
cf-ray: 8222f8438c914d9d-FRA
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Tue, 07 Nov 2023 04:52:57 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEPjgQXUQrYugyMiHug00TAU&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

setuid
ib.adnxs.com/ Frame DCEE
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEJebq5UuzlF7TW3lMTlkrZE&google_cver=1

43 B
841 B

14ms
13ms

Image
image/gif

185.89.210.212
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=101&code=CAESEJebq5UuzlF7TW3lMTlkrZE&google_cver=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxj-rbvGATAB&v=APEucNX6Y0yJ1xC0yXFjxlgXeFYlyj8f2sh8yw5rde2rGitwT1Bu4nJ6DH2fkIpf2kdmPT2ZhATYJY7oRlH08XUBMtHTapnt5eLTKoXP_CfcstgihdsBBkbscGdqWjz7YQvUi_gXBcnU8_Gl0llbzQutwd2ToMhj8E1iL7U6OmhcS6NikrqZQF0

Protocol

Server

185.89.210.212 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

942.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 07 Nov 2023 04:52:57 GMT
an-x-request-uuid: dafb45e3-9e0e-4ec4-afee-6c74acb02b5b
server: nginx/1.21.3
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: image/gif
cache-control: no-store, no-cache, private
x-proxy-origin: 138.199.38.133; 138.199.38.133; 942.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
content-length: 43
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Tue, 07 Nov 2023 04:52:57 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://ib.adnxs.com/setuid?entity=101&code=CAESEJebq5UuzlF7TW3lMTlkrZE&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 290
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

pixel
cm.g.doubleclick.net/ Frame DCEE
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=ODA4NTg2NTcxMzkzMTkxMjk1OQ%3D%3D

170 B
243 B

19ms
18ms

Image
image/png

142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=ODA4NTg2NTcxMzkzMTkxMjk1OQ%3D%3D

Requested by

Protocol

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 07 Nov 2023 04:52:57 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Tue, 07 Nov 2023 04:52:57 GMT
an-x-request-uuid: 39efce3c-bae4-4dc5-8fb2-625ea7868a99
server: nginx/1.21.3
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: text/html; charset=utf-8
access-control-allow-origin: *
cache-control: no-store, no-cache, private
access-control-allow-credentials: true
location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=ODA4NTg2NTcxMzkzMTkxMjk1OQ%3D%3D
x-proxy-origin: 138.199.38.133; 138.199.38.133; 942.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
content-length: 0
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3 200 css
fonts.googleapis.com/ Frame 06BF 14 KB
1 KB 19ms
18ms Stylesheet
text/css 2a00:1450:4001:828::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500%7CHeebo%3A400

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231102/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

3fd59922fbd55bd99d24e8cb2df6d53c0ae9500d5fa028b286639a6d4cfe044b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Tue, 07 Nov 2023 04:52:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script';report-uri https://csp.withgoogle.com/csp/bcfae741e379a885f2ab2cf83ebe6d32/mr
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Tue, 07 Nov 2023 04:52:57 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Tue, 07 Nov 2023 04:52:57 GMT

GET
H3 200 load_preloaded_resource_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231102/r20110914/client/ Frame 06BF 2 KB
822 B 7ms
7ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231102/r20110914/client/load_preloaded_resource_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231102/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

41d2526e9c4595fc1fc747555bda18a041033a863a9b2ed180e7b5836918facd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Mon, 06 Nov 2023 14:05:39 GMT
content-encoding: br
x-content-type-options: nosniff
age: 53238
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 795
x-xss-protection: 0
server: cafe
etag: 4925184154378345226
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 20 Nov 2023 14:05:39 GMT

GET
H3 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231102/r20110914/ Frame 06BF 23 KB
9 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231102/r20110914/abg_lite_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231102/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8b1cd2613a5b066023f3aee22ea0cd501c2fb10eccaece8de94114f659c0d61f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Mon, 06 Nov 2023 13:53:59 GMT
content-encoding: br
x-content-type-options: nosniff
age: 53938
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9286
x-xss-protection: 0
server: cafe
etag: 5170786266788330719
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 20 Nov 2023 13:53:59 GMT

GET
H3 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame DA24 143 B
166 B 10ms
8ms Document
text/html 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231102/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/html/r20231102/r20110914/zrt_lookup.html?fsb=1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 1739
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=3600
content-encoding: gzip
content-length: 145
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 07 Nov 2023 04:23:58 GMT
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231102/r20110914/client/ Frame 06BF 3 KB
1 KB 8ms
8ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231102/r20110914/client/window_focus_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231102/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Mon, 06 Nov 2023 22:02:22 GMT
content-encoding: br
x-content-type-options: nosniff
age: 24635
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 20 Nov 2023 22:02:22 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231102/r20110914/client/ Frame 06BF 20 KB
8 KB 9ms
7ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231102/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231102/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ee46bdadc83beb5e76bce18bc7cc3d169c7f0490901f6be96ec41ee2c14d3776

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Mon, 06 Nov 2023 13:56:36 GMT
content-encoding: br
x-content-type-options: nosniff
age: 53781
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8543
x-xss-protection: 0
server: cafe
etag: 18034338113832500900
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 20 Nov 2023 13:56:36 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 06BF 190 KB
60 KB 513ms
512ms Script
text/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231102/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6a67d82954e869f63863c01de1404e74d89722d7774b105176d253292b75b6aa

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Tue, 07 Nov 2023 04:52:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 61127
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1699274420466708"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 07 Nov 2023 04:52:57 GMT

GET
H3 200 ac1dbca482530a26bafc7a8c1241173a.js Show response
www.gstatic.com/mysidia/ Frame 06BF 36 KB
15 KB 9ms
8ms Script
text/javascript 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/ac1dbca482530a26bafc7a8c1241173a.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231102/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cddb42bd69440699ae8fe758dac4d5f52911fa67b2a7a637d5d1bcfa2d88b0d3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Mon, 06 Nov 2023 06:26:06 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 80811
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15099
x-xss-protection: 0
last-modified: Wed, 01 Nov 2023 17:23:42 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Sun, 04 Feb 2024 06:26:06 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 9CF6 0
20 B 41ms
39ms Ping
image/gif 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=running&ord=8119158531781&version=m202309260101

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 07 Nov 2023 04:52:57 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 9CF6 0
20 B 40ms
40ms Ping
image/gif 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tlbr&ord=8119158531781&version=m202309260101&ct=77&x=1&cor=2157976085678389000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 07 Nov 2023 04:52:57 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 9CF6 19 KB
13 KB 171ms
171ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-BrNhfDWrsUSB1wXoFzCfWgy8Q1-Bk4dAkuOPYHGhq_fKSo6FN37F2palktSfHT018Iz-uCjTTzFej1AL0RrqjIq8r297Jf8VXE3otoWeJEbTsxbxfrl0foi-8pW9vFzbTNTrVlkqAy5ke6p6NYIyCQ8UJrO4ZzFwXVuTSHZf80-gUScx8&cry=1&dbm_d=AKAmf-AcUvvhRvjnA6YOJnbHmFOg8c1rynvOrnurUoi-32X5Rzch5JjsW_saZLw8VEFbazR9FeMD5VR2yDIzm9MTYONZCs1XpKySnikIe24hnw4w_sOZPjv6JIWIJXg0MuYy_YstQK3RKyPmBSf8xbbZlbNQjNlKYg_IGhYvWbHFqYC7OWBd6q4wciaN7JNEn1v9HyKqU6ftNBQUf3CFU6BSY1Mf8x9_PrQ48CuQ2GtHGCBzQLC6_xPWRl01M3uOOHWC1IZYgHUP5x6ZMpN9EldPxGcGd4UB5pHkUljCzziy54y67lS8qHveDP1u6Q9KO9A-Lzgak0cNlIy-b5o6kvJYa17Mbp3X3kyTEIiniRCYMC0MjkOVscKmPyXYYW8LL5RXCo8JlDyc57D98eAKL0g_4t3TiqcpbrARwA6JnpFbcvBj2-SKbMOx1LjAOFWU7WuUprG1KzzhJfTUMH5B-S86n-aTIv4YFEUvcoAbTC9N68d3N_kiYneAbtf-1KtO9wgG8CoLHka5nsDUFGCnbDM_2z-ysw_AJXxyTwIQFyICsJ0wMsELlvsVhafIMNA_r5iYJyl1d5c2HyluSM8s-JMGyL0rU8qML1cnXXH0cOqjbY4UKK0TnVHxSagFLNq2tzucGXyjghtllOR2RZPptZiqEPI8sy3QD8KP499FvS9c4x6di7VC_HORIwzheoBiVk1k2cBFlewp_8KWtKhey10RI2_pSDagZyO_ZC1cWSvNYxHHnH5Qpd0sxQYuy0MMsT-ma40CusD-O75XKmw0LSMwJKBZ-IBvZSaP2nfP5_WxJYEhY14Sq3hG2NDtXXc8N8Gn5MkGO4I8JVZrVpXjYZN3ZPg2TUtYnTwlMXbra9LbpUp2Jng7d685i3KUrP2I5SYn5ee94Aqx9QlHSigawk-cen7b1MsAwZ1gsCp2DX7Fs-N5pXEbesnXNih13ErvyV060Pui7VFbh216gbWx8avo3OMwsCYOhYRw6X-ciFydc3CNKM9ZvWVeL7yEQxTBzj6FP74rJCQIWviiwCwH-vjXu-QWQJZnWMcMvoTwR2QINUAmg44SClNAWhbnb175MazSaNdZuSqx4H7d02CnhDA3zmCQagZFPmYAhP2s55sG0oGb1ZUzn4nDXbzac9rQHa-t3Ozdu_-SBXosC4TrQU8VLM-stz8S2z1yyggTNR_p5bgI6gEUC1Fedx0vRtRU12n-ds19QS-AGLwvEoiCzBDjv5rS9fHUsoPLKOVt9qcyE0JOagUubLz1HwdA9qGvr-XSv8v70TiIp2WNRfEeTqnE_G9hd6RrNm3tfwawZUcQLZc6fKVCj4ij-I_6T36DDUbK9fEvc0YornSz27fhVSxtglb_0NWV8eZGBuFI9FKOyXvV_pqHbgw641oVbsrwH4CrTChxSeSxoLrGnRSBpPlwQWYRbylURXFFTJRxnaDcyJdvD5rhPcbwpJUILfoCFYN9OK77pHfL2ZpT-OoLI0MJud92Q2s2uLavUomBMMrlCl1VR7hq_fWedBB4kLPhxp_kg2fuUsZAAq6hMJOc2hSak0DhpEBKMIrU9L6HbaQqX1gndgENev88EufsOxgS5WFYUE4a-nKk4xmgItKUfSu6fB0aWJyWbstNMj8DIFAhWVUB4VqwHPcdrwpuUAlesALW5BqrpgUvDSSRKHGMW6b0qqlnxIY4C9--_QFk--GtnhJMAT4FUtakNH-Mj0i-uIWM1qj9AY6P2cxEbe6rag0V9_A1yJyL8njkRGDxUMJ10-pVmCHkax5a4pdLKC_i2If0si-cLJeEQqsQODU7QKqHPGVi_dJ_z1ctCxzQWWm8q26_P44Eu2Ir7cew7QPHQkimemjK19G3RSuQe1Q0Ry11EbD_JkaXKUIbhP2kz8XIxYJrLoKHmQgHDkxGZyUTJliTzv0mCzsTVFHjXSyImWMcFilZLjNEzMG83CkMUsqvfJ77SWebLaKrV2VOvfnFqumC9yX8qIwEU7aIFsVMhjMNHCbcu8ynmNlHnCVwegBRsUkjB65oyVmBL5Ff75mrrIRvRSDuN7X47DIO1QyTheO2nRUJ6os1sxcoVxuZPhjZqgFUKRiZ9xSADinh_A6KJopcfZbnImgUNxww0MHyykDMVZ41WuyCjRPLrk_vXlJ5ZjZsyT1yZeSxVqC032haT6jvE1SfzoH9XthpxWcXVEzSPsuft1cFmvuWBsE-_ud_eSPtcj8ueQ9CmuCBz-06WFRkqg732p9yYp0s_lXSJ1KUdFYF6Jk94av1JaoAZE-b_KFEhJPW0Mqazykpw-wB8eYgtu2kOn_ipMzB753vodZ1iirDfGSZBVQNL0Y5Tt2DQ0rr_NUrcD-gxoBK3YAs03XMhA7PV23jzka4APd9SDebNMPwVpzKpOHt6QqYCN0Y7RPdTSv2TKwlcZris_nVjNnlArZHFZD_oA36bRQlCow0Q6xcDKX7j6-bIeY32zNqHajvf0RPTEPiYx3H8W4JSpKw7SKeZ7k2SqAJ9uSjWFVZUXsj3xen7KE391jmzqK7QYoYSOi9V7i1zuWCq5o6bKKgJpvFKh5yA5b6OEzO0imVjfNdwBUNwU0CjsulXuQ3PlzwKO2j3mrwc0n0G6_VifGCbv7sS1tR7zVyW7xKPKruXVhBsc9MeTBt89KXhJuc1_ywN3Lz7FZpuKfxLd2BOInm4WzY8-0WAYQIc7JlRDVOowKFzIZii0awdN19wmNBlAxezGYUZwR7dFtauVlJ7tOgjLVdZSr4SIWZ7SeHMRuWq849sHxAffRq9PG6h0j2FM4_oKyrX4W3Fmi_qwCbvXpndb_YpI5ATl-R5LhWDVtDr8BhKXZ8TYbDQQ-MJjLYJzSRRtbdfsd_kQdFJ8UfeCnQEWJGMmkV4axn5EEJHWySernNmd0cMiS7Y-yzXTNrrekBes7jwjw0dQCZIwhAlIF4rjXb2vNEKxoSzEpnrWDI_M4W3OqrId8dFITP5mMT9etmnBZ-cOO_0YPq0uu3oW_JwU3oDusNqAVYG87SfEDMZgMk0YRFY5mlKwmj4vj1aEPbmQCFyYurfBrwftqubgNtV9vhebQrLtsrfCsQMYEvPFGtd1NyvicqXt7SMZ8N_j4G4Too5CRqOC9Q8jI0Ctd2V-iUwl8Lq0RH3NqzhgD1C_cBVeh7KRKASqhoceSGBWYaH1Yw8YPcdfkLzi0T-Peu6aLivRREzDl-3MEA14AqtRSOV1IUZ_5C8hUmKg4A3aiv3D-9lP3yfg7HwZdLgQCbjqDhgqm_mSRVTGtYx5ATanFWUQgBCc2Kkotl6xp_negGYaAU2_7G1keG9LKVs3eIN4mtW3fNVrDk8e-5-kMl4BaRFELdrh2l4pSpo-rFE3OIJo1URDNIF4gglov0MR_Uqpd8i0YiN-iyXgA_GfSKeg3nnDZWsC4yTTSaNPTjEWCe7sBxZXtnqSf9IR7ieNW8Wqpt5nH22PSVPBjdn0vOe81J6qqAyz3rYfwYLcQYICk6uzdl2Bd6RtuDqoD8o8yoS0-AK03i1Pd0KBSTimiRJHuzqyaD37piPO7zWw_kPTpDmurdLE2QOhqEwFr98w3l_m3353LQJ3ZV1d88xzZ7-6X0aZOd1NC88tJo2vLoCs5d4M0lxAq39Df9U3ztlFkpaanZrmU_V-hhSiOCMqLC3lZ9vcxrlcis8-YQtpTh28VadYQJUwI2ahi-vWVHbswUfhoxh3ril1wvbGeEWG87aV3E__hsu9r0wwcxcCSrvbaHl2_GaSa2lfN-vZklWsVc5zPTgRjNByJawnI_njo8yuQaiEuPtA1A40EpsjZnGOQdVl2En0N3366Jh9UwfD8p-heyvkjh8HJE_fJ2CRBJBTQkDJdSRhL83sf5RkpA498tbmqB_E7SyMsA0LOa7U0q3XXgEI4ETQ-JDPo-1VTbfA6TWZI5SPO-_kChkE4RF8eydt23AXAx0s7MeGjTJ5Klj-7wgy0TuE4XUthve7rzeEvJLCDQI8XvQbuYXR5_aoYoDxbDzC82ShXoB8WAceU79IO7FxpA&cid=CAQSTgDICaaNpUYM0hu_OqvkSC5BraIOs9ixjKqzulc7pQ8wNLLLXuZzyTURv_T-kOvgPAHoSFWmdo4zgOtH47K23Pj_DjTO-yazU2xYkxZRrBgB&dv3_ver=m202309260101&rfl=https%3A%2F%2Fzobi.pw%2F&ds=l&xdt=1&iif=1&cor=2157976085678389000&adk=521587874&idt=38&cac=0&dtd=17

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a2b6b5e50730a60351d2012d1bea5bbff069786e2268062efb203a1762681af4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/html/r20231102/r20110914/zrt_lookup.html?fsb=1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 07 Nov 2023 04:52:57 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13635
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame DA24
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

0
17 B

23ms
22ms

Document
text/html

2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231102/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 07 Nov 2023 04:52:57 GMT
expires: Tue, 07 Nov 2023 04:52:57 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
x-content-type-options: nosniff
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 07 Nov 2023 04:52:57 GMT
location: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 Q12zgMmT.js Show response
tpc.googlesyndication.com/sodar/ Frame 9CF6 41 KB
14 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Q12zgMmT.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-BrNhfDWrsUSB1wXoFzCfWgy8Q1-Bk4dAkuOPYHGhq_fKSo6FN37F2palktSfHT018Iz-uCjTTzFej1AL0RrqjIq8r297Jf8VXE3otoWeJEbTsxbxfrl0foi-8pW9vFzbTNTrVlkqAy5ke6p6NYIyCQ8UJrO4ZzFwXVuTSHZf80-gUScx8&cry=1&dbm_d=AKAmf-AcUvvhRvjnA6YOJnbHmFOg8c1rynvOrnurUoi-32X5Rzch5JjsW_saZLw8VEFbazR9FeMD5VR2yDIzm9MTYONZCs1XpKySnikIe24hnw4w_sOZPjv6JIWIJXg0MuYy_YstQK3RKyPmBSf8xbbZlbNQjNlKYg_IGhYvWbHFqYC7OWBd6q4wciaN7JNEn1v9HyKqU6ftNBQUf3CFU6BSY1Mf8x9_PrQ48CuQ2GtHGCBzQLC6_xPWRl01M3uOOHWC1IZYgHUP5x6ZMpN9EldPxGcGd4UB5pHkUljCzziy54y67lS8qHveDP1u6Q9KO9A-Lzgak0cNlIy-b5o6kvJYa17Mbp3X3kyTEIiniRCYMC0MjkOVscKmPyXYYW8LL5RXCo8JlDyc57D98eAKL0g_4t3TiqcpbrARwA6JnpFbcvBj2-SKbMOx1LjAOFWU7WuUprG1KzzhJfTUMH5B-S86n-aTIv4YFEUvcoAbTC9N68d3N_kiYneAbtf-1KtO9wgG8CoLHka5nsDUFGCnbDM_2z-ysw_AJXxyTwIQFyICsJ0wMsELlvsVhafIMNA_r5iYJyl1d5c2HyluSM8s-JMGyL0rU8qML1cnXXH0cOqjbY4UKK0TnVHxSagFLNq2tzucGXyjghtllOR2RZPptZiqEPI8sy3QD8KP499FvS9c4x6di7VC_HORIwzheoBiVk1k2cBFlewp_8KWtKhey10RI2_pSDagZyO_ZC1cWSvNYxHHnH5Qpd0sxQYuy0MMsT-ma40CusD-O75XKmw0LSMwJKBZ-IBvZSaP2nfP5_WxJYEhY14Sq3hG2NDtXXc8N8Gn5MkGO4I8JVZrVpXjYZN3ZPg2TUtYnTwlMXbra9LbpUp2Jng7d685i3KUrP2I5SYn5ee94Aqx9QlHSigawk-cen7b1MsAwZ1gsCp2DX7Fs-N5pXEbesnXNih13ErvyV060Pui7VFbh216gbWx8avo3OMwsCYOhYRw6X-ciFydc3CNKM9ZvWVeL7yEQxTBzj6FP74rJCQIWviiwCwH-vjXu-QWQJZnWMcMvoTwR2QINUAmg44SClNAWhbnb175MazSaNdZuSqx4H7d02CnhDA3zmCQagZFPmYAhP2s55sG0oGb1ZUzn4nDXbzac9rQHa-t3Ozdu_-SBXosC4TrQU8VLM-stz8S2z1yyggTNR_p5bgI6gEUC1Fedx0vRtRU12n-ds19QS-AGLwvEoiCzBDjv5rS9fHUsoPLKOVt9qcyE0JOagUubLz1HwdA9qGvr-XSv8v70TiIp2WNRfEeTqnE_G9hd6RrNm3tfwawZUcQLZc6fKVCj4ij-I_6T36DDUbK9fEvc0YornSz27fhVSxtglb_0NWV8eZGBuFI9FKOyXvV_pqHbgw641oVbsrwH4CrTChxSeSxoLrGnRSBpPlwQWYRbylURXFFTJRxnaDcyJdvD5rhPcbwpJUILfoCFYN9OK77pHfL2ZpT-OoLI0MJud92Q2s2uLavUomBMMrlCl1VR7hq_fWedBB4kLPhxp_kg2fuUsZAAq6hMJOc2hSak0DhpEBKMIrU9L6HbaQqX1gndgENev88EufsOxgS5WFYUE4a-nKk4xmgItKUfSu6fB0aWJyWbstNMj8DIFAhWVUB4VqwHPcdrwpuUAlesALW5BqrpgUvDSSRKHGMW6b0qqlnxIY4C9--_QFk--GtnhJMAT4FUtakNH-Mj0i-uIWM1qj9AY6P2cxEbe6rag0V9_A1yJyL8njkRGDxUMJ10-pVmCHkax5a4pdLKC_i2If0si-cLJeEQqsQODU7QKqHPGVi_dJ_z1ctCxzQWWm8q26_P44Eu2Ir7cew7QPHQkimemjK19G3RSuQe1Q0Ry11EbD_JkaXKUIbhP2kz8XIxYJrLoKHmQgHDkxGZyUTJliTzv0mCzsTVFHjXSyImWMcFilZLjNEzMG83CkMUsqvfJ77SWebLaKrV2VOvfnFqumC9yX8qIwEU7aIFsVMhjMNHCbcu8ynmNlHnCVwegBRsUkjB65oyVmBL5Ff75mrrIRvRSDuN7X47DIO1QyTheO2nRUJ6os1sxcoVxuZPhjZqgFUKRiZ9xSADinh_A6KJopcfZbnImgUNxww0MHyykDMVZ41WuyCjRPLrk_vXlJ5ZjZsyT1yZeSxVqC032haT6jvE1SfzoH9XthpxWcXVEzSPsuft1cFmvuWBsE-_ud_eSPtcj8ueQ9CmuCBz-06WFRkqg732p9yYp0s_lXSJ1KUdFYF6Jk94av1JaoAZE-b_KFEhJPW0Mqazykpw-wB8eYgtu2kOn_ipMzB753vodZ1iirDfGSZBVQNL0Y5Tt2DQ0rr_NUrcD-gxoBK3YAs03XMhA7PV23jzka4APd9SDebNMPwVpzKpOHt6QqYCN0Y7RPdTSv2TKwlcZris_nVjNnlArZHFZD_oA36bRQlCow0Q6xcDKX7j6-bIeY32zNqHajvf0RPTEPiYx3H8W4JSpKw7SKeZ7k2SqAJ9uSjWFVZUXsj3xen7KE391jmzqK7QYoYSOi9V7i1zuWCq5o6bKKgJpvFKh5yA5b6OEzO0imVjfNdwBUNwU0CjsulXuQ3PlzwKO2j3mrwc0n0G6_VifGCbv7sS1tR7zVyW7xKPKruXVhBsc9MeTBt89KXhJuc1_ywN3Lz7FZpuKfxLd2BOInm4WzY8-0WAYQIc7JlRDVOowKFzIZii0awdN19wmNBlAxezGYUZwR7dFtauVlJ7tOgjLVdZSr4SIWZ7SeHMRuWq849sHxAffRq9PG6h0j2FM4_oKyrX4W3Fmi_qwCbvXpndb_YpI5ATl-R5LhWDVtDr8BhKXZ8TYbDQQ-MJjLYJzSRRtbdfsd_kQdFJ8UfeCnQEWJGMmkV4axn5EEJHWySernNmd0cMiS7Y-yzXTNrrekBes7jwjw0dQCZIwhAlIF4rjXb2vNEKxoSzEpnrWDI_M4W3OqrId8dFITP5mMT9etmnBZ-cOO_0YPq0uu3oW_JwU3oDusNqAVYG87SfEDMZgMk0YRFY5mlKwmj4vj1aEPbmQCFyYurfBrwftqubgNtV9vhebQrLtsrfCsQMYEvPFGtd1NyvicqXt7SMZ8N_j4G4Too5CRqOC9Q8jI0Ctd2V-iUwl8Lq0RH3NqzhgD1C_cBVeh7KRKASqhoceSGBWYaH1Yw8YPcdfkLzi0T-Peu6aLivRREzDl-3MEA14AqtRSOV1IUZ_5C8hUmKg4A3aiv3D-9lP3yfg7HwZdLgQCbjqDhgqm_mSRVTGtYx5ATanFWUQgBCc2Kkotl6xp_negGYaAU2_7G1keG9LKVs3eIN4mtW3fNVrDk8e-5-kMl4BaRFELdrh2l4pSpo-rFE3OIJo1URDNIF4gglov0MR_Uqpd8i0YiN-iyXgA_GfSKeg3nnDZWsC4yTTSaNPTjEWCe7sBxZXtnqSf9IR7ieNW8Wqpt5nH22PSVPBjdn0vOe81J6qqAyz3rYfwYLcQYICk6uzdl2Bd6RtuDqoD8o8yoS0-AK03i1Pd0KBSTimiRJHuzqyaD37piPO7zWw_kPTpDmurdLE2QOhqEwFr98w3l_m3353LQJ3ZV1d88xzZ7-6X0aZOd1NC88tJo2vLoCs5d4M0lxAq39Df9U3ztlFkpaanZrmU_V-hhSiOCMqLC3lZ9vcxrlcis8-YQtpTh28VadYQJUwI2ahi-vWVHbswUfhoxh3ril1wvbGeEWG87aV3E__hsu9r0wwcxcCSrvbaHl2_GaSa2lfN-vZklWsVc5zPTgRjNByJawnI_njo8yuQaiEuPtA1A40EpsjZnGOQdVl2En0N3366Jh9UwfD8p-heyvkjh8HJE_fJ2CRBJBTQkDJdSRhL83sf5RkpA498tbmqB_E7SyMsA0LOa7U0q3XXgEI4ETQ-JDPo-1VTbfA6TWZI5SPO-_kChkE4RF8eydt23AXAx0s7MeGjTJ5Klj-7wgy0TuE4XUthve7rzeEvJLCDQI8XvQbuYXR5_aoYoDxbDzC82ShXoB8WAceU79IO7FxpA&cid=CAQSTgDICaaNpUYM0hu_OqvkSC5BraIOs9ixjKqzulc7pQ8wNLLLXuZzyTURv_T-kOvgPAHoSFWmdo4zgOtH47K23Pj_DjTO-yazU2xYkxZRrBgB&dv3_ver=m202309260101&rfl=https%3A%2F%2Fzobi.pw%2F&ds=l&xdt=1&iif=1&cor=2157976085678389000&adk=521587874&idt=38&cac=0&dtd=17

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

435db380c9936c0970dcd3d9941eab6aec2fcf2a38c3e2b4e02d957e8e76bd1f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Mon, 06 Nov 2023 06:26:22 GMT
content-encoding: br
x-content-type-options: nosniff
age: 80795
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13937
x-xss-protection: 0
last-modified: Fri, 25 Aug 2023 23:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 05 Nov 2024 06:26:22 GMT

GET
H2 200 attribution_src_register;crd=cXVlcnlfZXZlbnRfaWQgewogIHRpbWVfdXNlYzogMTY5OTMzMjc3NzUwMTAwOQogIHNlcnZlcl9pcDogMTI2MDY3MTgyCiAgcHJvY2Vzc19pZDogMjA4MTAxMTEyMQp9CmZsb29kbGlnaHRfY29uZmlnX2lkOiAxMTg2ODk0...
ad.doubleclick.net/ddm/activity/ Frame 9CF6 0
857 B 215ms
43ms Image
image/png 142.250.186.70
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ad.doubleclick.net/ddm/activity/attribution_src_register;crd=cXVlcnlfZXZlbnRfaWQgewogIHRpbWVfdXNlYzogMTY5OTMzMjc3NzUwMTAwOQogIHNlcnZlcl9pcDogMTI2MDY3MTgyCiAgcHJvY2Vzc19pZDogMjA4MTAxMTEyMQp9CmZsb29kbGlnaHRfY29uZmlnX2lkOiAxMTg2ODk0MwphZHZlcnRpc2VyX2RvbWFpbjogImh0dHBzOi8vcmVkaW50ZWxsaWdlbmNlLm5ldCIKeGZhX2F0dHJpYnV0aW9uX2ludGVyYWN0aW9uX3R5cGU6IFZJRVcKaW1wcmVzc2lvbl9wcmlvcml0eTogMAppbXByZXNzaW9uX2V4cGlyeV9pbl9kYXlzOiAzMApldmVudF9pbXByZXNzaW9uX2lkOiAxMDg0MjQzNjg5Mjc1NTQ0MzYxNgpkZWJ1Z19rZXk6IDE2MjI1MzIzNjM2MTQ1OTczNzQ3CmltcHJlc3Npb25fbWVhc3VyZW1lbnRfZGltZW5zaW9uc19kYXRhIHsKICBtZWFzdXJlbWVudF9kaW1lbnNpb246IElNUFJFU1NJT05fRElNRU5TSU9OX1BST0RVQ1RfVFlQRQogIG1lYXN1cmVtZW50X2RpbWVuc2lvbl92YWx1ZSB7CiAgICBpbnQ2NF92YWx1ZTogMgogIH0KfQppbXByZXNzaW9uX21lYXN1cmVtZW50X2RpbWVuc2lvbnNfZGF0YSB7CiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uOiBJTVBSRVNTSU9OX0RJTUVOU0lPTl9JTlRFUkFDVElPTl9UWVBFCiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uX3ZhbHVlIHsKICAgIGludDY0X3ZhbHVlOiAzCiAgfQp9CmltcHJlc3Npb25fbWVhc3VyZW1lbnRfZGltZW5zaW9uc19kYXRhIHsKICBtZWFzdXJlbWVudF9kaW1lbnNpb246IElNUFJFU1NJT05fRElNRU5TSU9OX0lOVEVSQUNUSU9OX0RBVEUKICBtZWFzdXJlbWVudF9kaW1lbnNpb25fdmFsdWUgewogICAgc3RyaW5nX3ZhbHVlOiAiMjAyMy0xMS0wNyIKICB9Cn0KaW1wcmVzc2lvbl9tZWFzdXJlbWVudF9kaW1lbnNpb25zX2RhdGEgewogIG1lYXN1cmVtZW50X2RpbWVuc2lvbjogSU1QUkVTU0lPTl9ESU1FTlNJT05fRkxPT0RMSUdIVF9DT05GSUdfSUQKICBtZWFzdXJlbWVudF9kaW1lbnNpb25fdmFsdWUgewogICAgaW50NjRfdmFsdWU6IDExODY4OTQzCiAgfQp9CmltcHJlc3Npb25fbWVhc3VyZW1lbnRfZGltZW5zaW9uc19kYXRhIHsKICBtZWFzdXJlbWVudF9kaW1lbnNpb246IElNUFJFU1NJT05fRElNRU5TSU9OX1BMQUNFTUVOVF9JRAogIG1lYXN1cmVtZW50X2RpbWVuc2lvbl92YWx1ZSB7CiAgICBpbnQ2NF92YWx1ZTogMzMyMTc0ODQwCiAgfQp9CmltcHJlc3Npb25fbWVhc3VyZW1lbnRfZGltZW5zaW9uc19kYXRhIHsKICBtZWFzdXJlbWVudF9kaW1lbnNpb246IElNUFJFU1NJT05fRElNRU5TSU9OX0RWM19BRFZFUlRJU0VSX0lECiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uX3ZhbHVlIHsKICAgIGludDY0X3ZhbHVlOiA4NzgyNDM2OTYKICB9Cn0KaW1wcmVzc2lvbl9tZWFzdXJlbWVudF9kaW1lbnNpb25zX2RhdGEgewogIG1lYXN1cmVtZW50X2RpbWVuc2lvbjogSU1QUkVTU0lPTl9ESU1FTlNJT05fRFYzX0xJTkVfSVRFTV9JRAogIG1lYXN1cmVtZW50X2RpbWVuc2lvbl92YWx1ZSB7CiAgICBpbnQ2NF92YWx1ZTogMTY2NjAxNDIwNjMKICB9Cn0KaW1wcmVzc2lvbl9tZWFzdXJlbWVudF9kaW1lbnNpb25zX2RhdGEgewogIG1lYXN1cmVtZW50X2RpbWVuc2lvbjogSU1QUkVTU0lPTl9ESU1FTlNJT05fRFYzX0NSRUFUSVZFX0lECiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uX3ZhbHVlIHsKICAgIGludDY0X3ZhbHVlOiA0MTYyMDg2MzgKICB9Cn0KYXJjaGV0eXBlX2lkOiAxCmFyY2hldHlwZV9pZDogMwphcmNoZXR5cGVfaWQ6IDQKYXJjaGV0eXBlX2lkOiA1CmFkdmVydGlzZXJfY29udmVyc2lvbl9kb21haW5zOiAiaHR0cHM6Ly9yZWRpbnRlbGxpZ2VuY2UubmV0IgphZHZlcnRpc2VyX2NvbnZlcnNpb25fZG9tYWluczogImh0dHBzOi8vYWQtc3J2Lm5ldCIKYWR2ZXJ0aXNlcl9jb252ZXJzaW9uX2RvbWFpbnM6ICJodHRwczovL2tsaWNrLXdlbHQuZGUiCmltcHJlc3Npb25fZXZlbnRfcmVwb3J0aW5nX3dpbmRvd19kYXlzOiA0CmJyb3dzZXJfYXR0cmlidXRpb25fYXBpX3JlcXVlc3RfcHJvY2Vzc2luZ19iaXRzOiA3MzgxOTc1MDQK

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231102/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.70 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f6.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 07 Nov 2023 04:52:57 GMT
x-content-type-options: nosniff
attribution-reporting-register-source: {"aggregation_keys":{"1":"0xe70d678d009e3e6a0000000000000000","3":"0xa7d03838d4250c580000000000000000","4":"0xb48d66e8b94b892b0000000000000000","5":"0x5a088752c15d61570000000000000000"},"debug_key":"16225323636145973747","debug_reporting":true,"destination":"https://redintelligence.net","event_report_window":"345600","expiry":"2592000","filter_data":{"14":[],"8":["11868943"]},"priority":"0","source_event_id":"10842436892755443616"}
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type: image/png
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK g72h7lz2c4az Show response
hal9000.redintelligence.net/zone/ Frame 9CF6 11 KB
4 KB 183ms
12ms Script
text/html 138.201.63.116
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal9000.redintelligence.net/zone/g72h7lz2c4az?subid=&gdpr=&gdpr_consent=&rnd=1699332776679956&extVar[]=DV360_SSP:1&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DC1e-MqMJJZZTAKc2l_tMP4MygqAOm5b2gaYWVnKfJD_AuEAEg-p-ufmCV4pCCoAfIAQmpAsxEo4wi_LE-qAMByAObBKoEjgJP0Ks-SzxEMDiWkmzYgHe0H92r8SHGR1NPLZMndyYpEG2tOHmkRTjEHN0y05zOepSElBAWrL8pIEFoxI3iutPnS1f9UOwm4r0jbmwhFmzzXrQ1goHTlBkrjXD-Dg3e2ipMZDpGYA8DnDfLTm0Mhwqv4fcu7QYl_BYdcePDc7HagEN-XS918sJgYg1Vw2BzkKRsjHj0TTYeIZg42V2UO37wGBW74TFY8ruLne3HUYr8JgnY0PW5jEquSXrftG2tddYxt8kuiyLODJD5LhOfVaHmpwVNtX_ttoxpVKXXywgGSVGPQjyiUN9RrdyZnRdk1W8pwjCa0ADxh7_Gnz1QmlHj_UNYWDW6sLNoKO7R3DjABOuP_I73A-AEA4gF76-WiD6QBgGgBk2AB6yt9Z8DqAfZtrECqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhuoB5oGqAfz0RuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIFgiA4YAQEAEYHzICqgI6AoBASL39wTqACgGYCwHICwGADAGiDAwqCgoI5LSxAu61sQKqDQJERbATh--xFdATANgTA4gUAdgUAdAVAfgWAYAXAQ%26ae%3D1%26num%3D1%26cid%3DCAQSTgDICaaNpUYM0hu_OqvkSC5BraIOs9ixjKqzulc7pQ8wNLLLXuZzyTURv_T-kOvgPAHoSFWmdo4zgOtH47K23Pj_DjTO-yazU2xYkxZRrBgB%26sig%3DAOD64_2HhUZKcBZQM-0gHPakgLzdbuTiTQ%26client%3Dca-pub-9005940812336387%26dbm_c%3DAKAmf-D-0f2zfDzI7_H1eLPkEBJ3mCfTd37LQJ0SnFureiBGjaK_BD13cd6xBbIwDG8WonJCPoMKhiCUPpA4b7gpka3DaPZq1E8COtKfLU53ixuaD-NWqli48R6xA0w5Cfi3b1H_XtbW5CGIaM7iG-G3vg5Th_HA4i6BIc-PO5M91gCxJAgG_qU%26cry%3D1%26dbm_d%3DAKAmf-C4bmLHdCx7vZvb_MGkx0IsMufnFgPoG4FAe8QShjF8qcMJbQ6RvfGs41fMLB_xN_Cr8BGashylwxN_68p-VdfT4N1gbkQiM5vV1AAv4oMCRkOdASPUr3YNZ_nPWGyrRVhXvOCLe6iHZ3uIw8lT5HdHq5nM0ieMPDKivuPywfvWk0bhjaSL1W4njMAaZTU9a3M3XGfUsj9ahmeiljEjH06R9uFotohIl9mC1AH1i8Fy9YSLN8nc7L7fhB42qr78iY6WC3LSLYIUFnkw6SbuYNC-_qfTskPLJu8igmUWoSRy7Ckgf8UMazuEjwicyad7veLPsdRxpm9r9D7DJdhbjqn0d4XI02F47J4UTQLeesdiLi1djBMvUOGwtVJyugOp4L5n7wvtjEutV8bKobMcyrg1cqPnzdIqyGsEX_dBX-S0aWwdReXcuZNEurU_o1Bm3Vf9keaY3Rg4VTDvojXLzUwXM618KCwRnVtQHWEX2g55RVaZFgI%26adurl%3D
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231102/r20110914/zrt_lookup.html?fsb=1
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.63.116 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.116.63.201.138.clients.your-server.de
Software: Apache /
Resource Hash: 2c7184068bd68053a8ea8ba44a7d3bfb93b60e433ed1963a0d83ef7b509bf679

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

Date: Tue, 07 Nov 2023 04:52:57 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 4146
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8

GET
H3 200 62bHydCX.html Show response
tpc.googlesyndication.com/sodar/ Frame D788 38 KB
13 KB 7ms
7ms Document
text/html 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/62bHydCX.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Q12zgMmT.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

eb66c7c9d097d5ba414230f422484c17fa6f37157d30e1ded2cc5f65a9667987

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 80795
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: br
content-length: 13045
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Mon, 06 Nov 2023 06:26:22 GMT
expires: Tue, 05 Nov 2024 06:26:22 GMT
last-modified: Fri, 25 Aug 2023 23:48:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 4WwaGfWzeDAeGvs0ZrtmWMJUG7fu6zGPBJzQt4duOkA.js Show response
pagead2.googlesyndication.com/bg/ Frame D788 38 KB
15 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/4WwaGfWzeDAeGvs0ZrtmWMJUG7fu6zGPBJzQt4duOkA.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/62bHydCX.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e16c1a19f5b378301e1afb3466bb6658c2541bb7eeeb318f049cd0b7876e3a40

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Mon, 06 Nov 2023 20:13:02 GMT
content-encoding: br
x-content-type-options: nosniff
age: 31195
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15096
x-xss-protection: 0
last-modified: Tue, 31 Oct 2023 13:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 05 Nov 2024 20:13:02 GMT

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame F26B 624 B
242 B 24ms
22ms Document
text/html 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxj-rbvGATAB&v=APEucNUD8nlP-HEesUcdgg95Awja_qrcm0eKj0kkBJYzt1L12WbOllzCcC50jq5m1ZnnVM9MIDXyaUmIlSRLNtzkQPG4Ghe6iXH1w7IebmOvMDxjBFxfe_b-WyLGYEWf_ZjPjXX15ZIJL4mO3bH9avoBD072J4ZPeYj903MTT6bemQwPQhXbgRY

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9005940812336387&output=html&h=90&adk=3436455706&adf=1853938316&pi=t.aa~a.425326084~rp.1&w=1200&fwrn=4&fwrnh=100&lmt=1699244572&rafmt=1&to=qs&pwprc=8733112097&format=1200x90&url=https%3A%2F%2Fzobi.pw%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1699332777235&bpp=1&bdt=1278&idt=1&shv=r20231102&mjsv=m202311020101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D1420813f022afac5%3AT%3D1699332776%3ART%3D1699332776%3AS%3DALNI_MYSCxAC-onTTakmK6gLqxYWxD8nsw&gpic=UID%3D00000cb74907bc80%3AT%3D1699332776%3ART%3D1699332776%3AS%3DALNI_Mb00tq47dWSQdH0uUg5QeUo3eYbkw&prev_fmts=0x0%2C1200x280%2C1200x90&nras=3&correlator=478525774591&frm=20&pv=1&ga_vid=176559181.1699332776&ga_sid=1699332776&ga_hid=70829529&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=1721&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C31079296%2C31079402%2C44807047%2C44807454%2C44807464%2C31078301&oid=2&psts=AOrYGskejcUVOFrBvqPKf7nqU8J421tGcb5auGFrJHJiW-3KcUrSYE3R5L1XbsMcfUkx17K1ZcPe5MdHVNqrIx3a-fWLASyT&pvsid=3306344477282987&tmod=933844701&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=4&uci=a!4&btvi=2&fsb=1&xpc=vJC33qhC8p&p=https%3A//zobi.pw&dtd=9

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9005940812336387&output=html&h=90&adk=3436455706&adf=1853938316&pi=t.aa~a.425326084~rp.1&w=1200&fwrn=4&fwrnh=100&lmt=1699244572&rafmt=1&to=qs&pwprc=8733112097&format=1200x90&url=https%3A%2F%2Fzobi.pw%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1699332777235&bpp=1&bdt=1278&idt=1&shv=r20231102&mjsv=m202311020101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D1420813f022afac5%3AT%3D1699332776%3ART%3D1699332776%3AS%3DALNI_MYSCxAC-onTTakmK6gLqxYWxD8nsw&gpic=UID%3D00000cb74907bc80%3AT%3D1699332776%3ART%3D1699332776%3AS%3DALNI_Mb00tq47dWSQdH0uUg5QeUo3eYbkw&prev_fmts=0x0%2C1200x280%2C1200x90&nras=3&correlator=478525774591&frm=20&pv=1&ga_vid=176559181.1699332776&ga_sid=1699332776&ga_hid=70829529&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=1721&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C31079296%2C31079402%2C44807047%2C44807454%2C44807464%2C31078301&oid=2&psts=AOrYGskejcUVOFrBvqPKf7nqU8J421tGcb5auGFrJHJiW-3KcUrSYE3R5L1XbsMcfUkx17K1ZcPe5MdHVNqrIx3a-fWLASyT&pvsid=3306344477282987&tmod=933844701&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=4&uci=a!4&btvi=2&fsb=1&xpc=vJC33qhC8p&p=https%3A//zobi.pw&dtd=9
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: br
content-length: 222
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 07 Nov 2023 04:52:57 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 dv3.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame F3F7 89 KB
31 KB 32ms
31ms Script
text/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/dv3.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

6c0bd41a591f67aa54215c9f9c1f0e86935d86b6546a0ba0bf9cebbed53a9ebc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Tue, 07 Nov 2023 04:52:57 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 31491
x-xss-protection: 0
server: cafe
etag: 6167930392490353973
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=600
timing-allow-origin: *
expires: Tue, 07 Nov 2023 04:52:57 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231102/r20110914/client/ Frame F3F7 3 KB
1 KB 8ms
6ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231102/r20110914/client/window_focus_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Mon, 06 Nov 2023 22:02:22 GMT
content-encoding: br
x-content-type-options: nosniff
age: 24635
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 20 Nov 2023 22:02:22 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231102/r20110914/client/ Frame F3F7 20 KB
8 KB 9ms
8ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231102/r20110914/client/qs_click_protection_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ee46bdadc83beb5e76bce18bc7cc3d169c7f0490901f6be96ec41ee2c14d3776

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Mon, 06 Nov 2023 13:56:36 GMT
content-encoding: br
x-content-type-options: nosniff
age: 53781
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8543
x-xss-protection: 0
server: cafe
etag: 18034338113832500900
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 20 Nov 2023 13:56:36 GMT

GET
H2 204 l
www.google.com/ads/measurement/ Frame F3F7 0
0 17ms
15ms Image
text/html 2a00:1450:4001:80f::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaSyL9cGtdHL2yMRYDqB8V3Xg22sGt40VFKlQPEnHHwsllENMibyguq_3G992h4XyAS7N5-opO8lLJc5kjnCj-IHqj8dZg
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9005940812336387&output=html&h=90&adk=3436455706&adf=1853938316&pi=t.aa~a.425326084~rp.1&w=1200&fwrn=4&fwrnh=100&lmt=1699244572&rafmt=1&to=qs&pwprc=8733112097&format=1200x90&url=https%3A%2F%2Fzobi.pw%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1699332777235&bpp=1&bdt=1278&idt=1&shv=r20231102&mjsv=m202311020101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D1420813f022afac5%3AT%3D1699332776%3ART%3D1699332776%3AS%3DALNI_MYSCxAC-onTTakmK6gLqxYWxD8nsw&gpic=UID%3D00000cb74907bc80%3AT%3D1699332776%3ART%3D1699332776%3AS%3DALNI_Mb00tq47dWSQdH0uUg5QeUo3eYbkw&prev_fmts=0x0%2C1200x280%2C1200x90&nras=3&correlator=478525774591&frm=20&pv=1&ga_vid=176559181.1699332776&ga_sid=1699332776&ga_hid=70829529&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=1721&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C31079296%2C31079402%2C44807047%2C44807454%2C44807464%2C31078301&oid=2&psts=AOrYGskejcUVOFrBvqPKf7nqU8J421tGcb5auGFrJHJiW-3KcUrSYE3R5L1XbsMcfUkx17K1ZcPe5MdHVNqrIx3a-fWLASyT&pvsid=3306344477282987&tmod=933844701&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=4&uci=a!4&btvi=2&fsb=1&xpc=vJC33qhC8p&p=https%3A//zobi.pw&dtd=9
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:80f::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame F3F7 190 KB
60 KB 120ms
119ms Script
text/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6a67d82954e869f63863c01de1404e74d89722d7774b105176d253292b75b6aa

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Tue, 07 Nov 2023 04:52:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 61127
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1699274420466708"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 07 Nov 2023 04:52:57 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame F3F7 42 B
63 B 41ms
40ms Image
image/gif 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-AFXDs63XuhGnppwtSramAzJuAnUO6UsbpKX9B0DHrrCtJIng6FuSXUMKYSdkmatmDmgmB29-B1_JNBTrP3S4EZWo7zfzXltJje2nwgJDgk9fjYhwQ

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 07 Nov 2023 04:52:57 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame F3F7 0
20 B 43ms
42ms Image
image/gif 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=fetch&cor=9252786887650132294&x=1&ct=77

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 07 Nov 2023 04:52:57 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame B6AF 640 B
262 B 22ms
21ms Document
text/html 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxj-rbvGATAB&v=APEucNW23PlhmoSwSNePjIhwKN16gE15uV-ehjwI6fqLRvCm8uL4_LBwHJiGEc6DZ4GM8uth2J87Dctwka-m1pO-nPJOE8jwNjgZiXyVNVLueE_V4os8c6x-x3FeBKg02O5Tj5hohiroExl41rfkvbeQPl_hj8eob62D9-efI8400Bddkumn3RU

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9005940812336387&output=html&h=90&adk=3276878225&adf=3959326066&pi=t.aa~a.1462100283~rp.4&w=1200&fwrn=4&fwrnh=100&lmt=1699244572&rafmt=1&to=qs&pwprc=8733112097&format=1200x90&url=https%3A%2F%2Fzobi.pw%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1699332777235&bpp=1&bdt=1278&idt=-M&shv=r20231102&mjsv=m202311020101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D1420813f022afac5%3AT%3D1699332776%3ART%3D1699332776%3AS%3DALNI_MYSCxAC-onTTakmK6gLqxYWxD8nsw&gpic=UID%3D00000cb74907bc80%3AT%3D1699332776%3ART%3D1699332776%3AS%3DALNI_Mb00tq47dWSQdH0uUg5QeUo3eYbkw&prev_fmts=0x0%2C1200x280&nras=2&correlator=478525774591&frm=20&pv=1&ga_vid=176559181.1699332776&ga_sid=1699332776&ga_hid=70829529&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=1605&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C31079296%2C31079402%2C44807047%2C44807454%2C44807464%2C31078301&oid=2&psts=AOrYGskejcUVOFrBvqPKf7nqU8J421tGcb5auGFrJHJiW-3KcUrSYE3R5L1XbsMcfUkx17K1ZcPe5MdHVNqrIx3a-fWLASyT&pvsid=3306344477282987&tmod=933844701&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=3&uci=a!3&btvi=1&fsb=1&xpc=EEHRQVsWBU&p=https%3A//zobi.pw&dtd=6

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d0e8821e889280c3b745b859e6b3971924723a4562bac65ba8aa0fe44bfc83b2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9005940812336387&output=html&h=90&adk=3276878225&adf=3959326066&pi=t.aa~a.1462100283~rp.4&w=1200&fwrn=4&fwrnh=100&lmt=1699244572&rafmt=1&to=qs&pwprc=8733112097&format=1200x90&url=https%3A%2F%2Fzobi.pw%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1699332777235&bpp=1&bdt=1278&idt=-M&shv=r20231102&mjsv=m202311020101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D1420813f022afac5%3AT%3D1699332776%3ART%3D1699332776%3AS%3DALNI_MYSCxAC-onTTakmK6gLqxYWxD8nsw&gpic=UID%3D00000cb74907bc80%3AT%3D1699332776%3ART%3D1699332776%3AS%3DALNI_Mb00tq47dWSQdH0uUg5QeUo3eYbkw&prev_fmts=0x0%2C1200x280&nras=2&correlator=478525774591&frm=20&pv=1&ga_vid=176559181.1699332776&ga_sid=1699332776&ga_hid=70829529&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=1605&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C31079296%2C31079402%2C44807047%2C44807454%2C44807464%2C31078301&oid=2&psts=AOrYGskejcUVOFrBvqPKf7nqU8J421tGcb5auGFrJHJiW-3KcUrSYE3R5L1XbsMcfUkx17K1ZcPe5MdHVNqrIx3a-fWLASyT&pvsid=3306344477282987&tmod=933844701&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=3&uci=a!3&btvi=1&fsb=1&xpc=EEHRQVsWBU&p=https%3A//zobi.pw&dtd=6
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: br
content-length: 242
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 07 Nov 2023 04:52:57 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 dv3.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame 5565 89 KB
31 KB 23ms
23ms Script
text/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/dv3.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

6c0bd41a591f67aa54215c9f9c1f0e86935d86b6546a0ba0bf9cebbed53a9ebc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Tue, 07 Nov 2023 04:52:57 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 31491
x-xss-protection: 0
server: cafe
etag: 6167930392490353973
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=600
timing-allow-origin: *
expires: Tue, 07 Nov 2023 04:52:57 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231102/r20110914/client/ Frame 5565 3 KB
1 KB 9ms
7ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231102/r20110914/client/window_focus_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Mon, 06 Nov 2023 22:02:22 GMT
content-encoding: br
x-content-type-options: nosniff
age: 24635
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 20 Nov 2023 22:02:22 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231102/r20110914/client/ Frame 5565 20 KB
8 KB 9ms
8ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231102/r20110914/client/qs_click_protection_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ee46bdadc83beb5e76bce18bc7cc3d169c7f0490901f6be96ec41ee2c14d3776

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Mon, 06 Nov 2023 13:56:36 GMT
content-encoding: br
x-content-type-options: nosniff
age: 53781
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8543
x-xss-protection: 0
server: cafe
etag: 18034338113832500900
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 20 Nov 2023 13:56:36 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame 5565 0
0 16ms
15ms Image
text/html 2a00:1450:4001:80f::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaSB1qGhPfDVVXmbeH7qT1iqGGuQRGSJ9SHIkf31u_z6HvHIXENbxfaqsFPeKviD_WNZSBgHvYQGLIgxnRVgKU9MCPDb6w
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9005940812336387&output=html&h=90&adk=3276878225&adf=3959326066&pi=t.aa~a.1462100283~rp.4&w=1200&fwrn=4&fwrnh=100&lmt=1699244572&rafmt=1&to=qs&pwprc=8733112097&format=1200x90&url=https%3A%2F%2Fzobi.pw%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1699332777235&bpp=1&bdt=1278&idt=-M&shv=r20231102&mjsv=m202311020101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D1420813f022afac5%3AT%3D1699332776%3ART%3D1699332776%3AS%3DALNI_MYSCxAC-onTTakmK6gLqxYWxD8nsw&gpic=UID%3D00000cb74907bc80%3AT%3D1699332776%3ART%3D1699332776%3AS%3DALNI_Mb00tq47dWSQdH0uUg5QeUo3eYbkw&prev_fmts=0x0%2C1200x280&nras=2&correlator=478525774591&frm=20&pv=1&ga_vid=176559181.1699332776&ga_sid=1699332776&ga_hid=70829529&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=1605&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C31079296%2C31079402%2C44807047%2C44807454%2C44807464%2C31078301&oid=2&psts=AOrYGskejcUVOFrBvqPKf7nqU8J421tGcb5auGFrJHJiW-3KcUrSYE3R5L1XbsMcfUkx17K1ZcPe5MdHVNqrIx3a-fWLASyT&pvsid=3306344477282987&tmod=933844701&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=3&uci=a!3&btvi=1&fsb=1&xpc=EEHRQVsWBU&p=https%3A//zobi.pw&dtd=6
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:80f::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 5565 190 KB
60 KB 97ms
96ms Script
text/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6a67d82954e869f63863c01de1404e74d89722d7774b105176d253292b75b6aa

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Tue, 07 Nov 2023 04:52:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 61127
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1699274420466708"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 07 Nov 2023 04:52:57 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 5565 42 B
63 B 41ms
41ms Image
image/gif 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-AQdU4MwzySmefX3y76ejz1Gi_7ReC_Y18m6yXRh9K-B_IRJKG6b3t9Uu_bW8CCZi_t475vvvq2VAfgMaeJkPq00RMb9Vl-aIyu4RI0IBIpPq3_9HI

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 07 Nov 2023 04:52:57 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 5565 0
20 B 43ms
42ms Image
image/gif 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=fetch&cor=1529534089303955709&x=1&ct=77

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 07 Nov 2023 04:52:57 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

request.php Show response
hal90006.redintelligence.net/ Frame 9CF6
Redirect Chain

https://hal90006.redintelligence.net/request.php?zone=g72h7lz2c4az&nw=20&renderingType=javascript&namespace=34c8c91f72&subid=&uid=a6869933d6a6aeb9&screenSize=1600x1200&screenSizeAvail=1600x1200&cli...
https://hal90006.redintelligence.net/request.php?zone=g72h7lz2c4az&nw=20&renderingType=javascript&namespace=34c8c91f72&subid=&uid=a6869933d6a6aeb9&screenSize=1600x1200&screenSizeAvail=1600x1200&cli...

3 KB
2 KB

107ms
85ms

Script
application/x-javascript

138.201.63.164
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal90006.redintelligence.net/request.php?zone=g72h7lz2c4az&nw=20&renderingType=javascript&namespace=34c8c91f72&subid=&uid=a6869933d6a6aeb9&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=728x90&scrollPos=0x0&extData[]=&extVar[]=DV360_SSP%3A1&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DC1e-MqMJJZZTAKc2l_tMP4MygqAOm5b2gaYWVnKfJD_AuEAEg-p-ufmCV4pCCoAfIAQmpAsxEo4wi_LE-qAMByAObBKoEjgJP0Ks-SzxEMDiWkmzYgHe0H92r8SHGR1NPLZMndyYpEG2tOHmkRTjEHN0y05zOepSElBAWrL8pIEFoxI3iutPnS1f9UOwm4r0jbmwhFmzzXrQ1goHTlBkrjXD-Dg3e2ipMZDpGYA8DnDfLTm0Mhwqv4fcu7QYl_BYdcePDc7HagEN-XS918sJgYg1Vw2BzkKRsjHj0TTYeIZg42V2UO37wGBW74TFY8ruLne3HUYr8JgnY0PW5jEquSXrftG2tddYxt8kuiyLODJD5LhOfVaHmpwVNtX_ttoxpVKXXywgGSVGPQjyiUN9RrdyZnRdk1W8pwjCa0ADxh7_Gnz1QmlHj_UNYWDW6sLNoKO7R3DjABOuP_I73A-AEA4gF76-WiD6QBgGgBk2AB6yt9Z8DqAfZtrECqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhuoB5oGqAfz0RuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIFgiA4YAQEAEYHzICqgI6AoBASL39wTqACgGYCwHICwGADAGiDAwqCgoI5LSxAu61sQKqDQJERbATh--xFdATANgTA4gUAdgUAdAVAfgWAYAXAQ%26ae%3D1%26num%3D1%26cid%3DCAQSTgDICaaNpUYM0hu_OqvkSC5BraIOs9ixjKqzulc7pQ8wNLLLXuZzyTURv_T-kOvgPAHoSFWmdo4zgOtH47K23Pj_DjTO-yazU2xYkxZRrBgB%26sig%3DAOD64_2HhUZKcBZQM-0gHPakgLzdbuTiTQ%26client%3Dca-pub-9005940812336387%26dbm_c%3DAKAmf-D-0f2zfDzI7_H1eLPkEBJ3mCfTd37LQJ0SnFureiBGjaK_BD13cd6xBbIwDG8WonJCPoMKhiCUPpA4b7gpka3DaPZq1E8COtKfLU53ixuaD-NWqli48R6xA0w5Cfi3b1H_XtbW5CGIaM7iG-G3vg5Th_HA4i6BIc-PO5M91gCxJAgG_qU%26cry%3D1%26dbm_d%3DAKAmf-C4bmLHdCx7vZvb_MGkx0IsMufnFgPoG4FAe8QShjF8qcMJbQ6RvfGs41fMLB_xN_Cr8BGashylwxN_68p-VdfT4N1gbkQiM5vV1AAv4oMCRkOdASPUr3YNZ_nPWGyrRVhXvOCLe6iHZ3uIw8lT5HdHq5nM0ieMPDKivuPywfvWk0bhjaSL1W4njMAaZTU9a3M3XGfUsj9ahmeiljEjH06R9uFotohIl9mC1AH1i8Fy9YSLN8nc7L7fhB42qr78iY6WC3LSLYIUFnkw6SbuYNC-_qfTskPLJu8igmUWoSRy7Ckgf8UMazuEjwicyad7veLPsdRxpm9r9D7DJdhbjqn0d4XI02F47J4UTQLeesdiLi1djBMvUOGwtVJyugOp4L5n7wvtjEutV8bKobMcyrg1cqPnzdIqyGsEX_dBX-S0aWwdReXcuZNEurU_o1Bm3Vf9keaY3Rg4VTDvojXLzUwXM618KCwRnVtQHWEX2g55RVaZFgI%26adurl%3D&documentReferer=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fpagead%2Fhtml%2Fr20231102%2Fr20110914%2Fzrt_lookup.html%3Ffsb%3D1%23RS-1-%26adk%3D2569712851%26client%3Dca-pub-9005940812336387%26fa%3D1%26ifi%3D6%26uci%3Da!6%26btvi%3D3%26xpc%3DaBirqOwenr%26p%3Dhttps%253A%2F%2Fzobi.pw&ancestorOrigins=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Chttps%3A%2F%2Fzobi.pw&random=7918661743701&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0&uidRedirect=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231102/r20110914/zrt_lookup.html?fsb=1
Protocol: HTTP/1.1
Server: 138.201.63.164 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.164.63.201.138.clients.your-server.de
Software: Apache /
Resource Hash: 7ac1e446f0593d8fcac6b0173f39f67aa556103ae5663835b5abcff31cef2dec

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 07 Nov 2023 04:52:57 GMT
Content-Encoding: gzip
Server: Apache
Vary: Accept-Encoding
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: application/x-javascript; charset=utf-8
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
X-NEORY-SubId: 62868300009232104444550012501006
Connection: close
Content-Length: 931
Expires: Tue, 07 Nov 2023 04:52:57 +0100

Redirect headers

Pragma: no-cache
Date: Tue, 07 Nov 2023 04:52:57 GMT
Server: Apache
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Location: request.php?zone=g72h7lz2c4az&nw=20&renderingType=javascript&namespace=34c8c91f72&subid=&uid=a6869933d6a6aeb9&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=728x90&scrollPos=0x0&extData[]=&extVar[]=DV360_SSP%3A1&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DC1e-MqMJJZZTAKc2l_tMP4MygqAOm5b2gaYWVnKfJD_AuEAEg-p-ufmCV4pCCoAfIAQmpAsxEo4wi_LE-qAMByAObBKoEjgJP0Ks-SzxEMDiWkmzYgHe0H92r8SHGR1NPLZMndyYpEG2tOHmkRTjEHN0y05zOepSElBAWrL8pIEFoxI3iutPnS1f9UOwm4r0jbmwhFmzzXrQ1goHTlBkrjXD-Dg3e2ipMZDpGYA8DnDfLTm0Mhwqv4fcu7QYl_BYdcePDc7HagEN-XS918sJgYg1Vw2BzkKRsjHj0TTYeIZg42V2UO37wGBW74TFY8ruLne3HUYr8JgnY0PW5jEquSXrftG2tddYxt8kuiyLODJD5LhOfVaHmpwVNtX_ttoxpVKXXywgGSVGPQjyiUN9RrdyZnRdk1W8pwjCa0ADxh7_Gnz1QmlHj_UNYWDW6sLNoKO7R3DjABOuP_I73A-AEA4gF76-WiD6QBgGgBk2AB6yt9Z8DqAfZtrECqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhuoB5oGqAfz0RuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIFgiA4YAQEAEYHzICqgI6AoBASL39wTqACgGYCwHICwGADAGiDAwqCgoI5LSxAu61sQKqDQJERbATh--xFdATANgTA4gUAdgUAdAVAfgWAYAXAQ%26ae%3D1%26num%3D1%26cid%3DCAQSTgDICaaNpUYM0hu_OqvkSC5BraIOs9ixjKqzulc7pQ8wNLLLXuZzyTURv_T-kOvgPAHoSFWmdo4zgOtH47K23Pj_DjTO-yazU2xYkxZRrBgB%26sig%3DAOD64_2HhUZKcBZQM-0gHPakgLzdbuTiTQ%26client%3Dca-pub-9005940812336387%26dbm_c%3DAKAmf-D-0f2zfDzI7_H1eLPkEBJ3mCfTd37LQJ0SnFureiBGjaK_BD13cd6xBbIwDG8WonJCPoMKhiCUPpA4b7gpka3DaPZq1E8COtKfLU53ixuaD-NWqli48R6xA0w5Cfi3b1H_XtbW5CGIaM7iG-G3vg5Th_HA4i6BIc-PO5M91gCxJAgG_qU%26cry%3D1%26dbm_d%3DAKAmf-C4bmLHdCx7vZvb_MGkx0IsMufnFgPoG4FAe8QShjF8qcMJbQ6RvfGs41fMLB_xN_Cr8BGashylwxN_68p-VdfT4N1gbkQiM5vV1AAv4oMCRkOdASPUr3YNZ_nPWGyrRVhXvOCLe6iHZ3uIw8lT5HdHq5nM0ieMPDKivuPywfvWk0bhjaSL1W4njMAaZTU9a3M3XGfUsj9ahmeiljEjH06R9uFotohIl9mC1AH1i8Fy9YSLN8nc7L7fhB42qr78iY6WC3LSLYIUFnkw6SbuYNC-_qfTskPLJu8igmUWoSRy7Ckgf8UMazuEjwicyad7veLPsdRxpm9r9D7DJdhbjqn0d4XI02F47J4UTQLeesdiLi1djBMvUOGwtVJyugOp4L5n7wvtjEutV8bKobMcyrg1cqPnzdIqyGsEX_dBX-S0aWwdReXcuZNEurU_o1Bm3Vf9keaY3Rg4VTDvojXLzUwXM618KCwRnVtQHWEX2g55RVaZFgI%26adurl%3D&documentReferer=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fpagead%2Fhtml%2Fr20231102%2Fr20110914%2Fzrt_lookup.html%3Ffsb%3D1%23RS-1-%26adk%3D2569712851%26client%3Dca-pub-9005940812336387%26fa%3D1%26ifi%3D6%26uci%3Da!6%26btvi%3D3%26xpc%3DaBirqOwenr%26p%3Dhttps%253A%2F%2Fzobi.pw&ancestorOrigins=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Chttps%3A%2F%2Fzobi.pw&random=7918661743701&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0&uidRedirect=1
Content-Type: text/html; charset=UTF-8
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Connection: close
Content-Length: 0
Expires: Tue, 07 Nov 2023 04:52:57 +0100

GET
H3

200

rum
dsum-sec.casalemedia.com/ Frame F26B
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESENhZWIaIjamuRRKCY4Ajd3c&google_cver=1

43 B
737 B

21ms
20ms

Image
image/gif

172.64.151.101
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESENhZWIaIjamuRRKCY4Ajd3c&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxj-rbvGATAB&v=APEucNUD8nlP-HEesUcdgg95Awja_qrcm0eKj0kkBJYzt1L12WbOllzCcC50jq5m1ZnnVM9MIDXyaUmIlSRLNtzkQPG4Ghe6iXH1w7IebmOvMDxjBFxfe_b-WyLGYEWf_ZjPjXX15ZIJL4mO3bH9avoBD072J4ZPeYj903MTT6bemQwPQhXbgRY
Protocol: H3
Server: 172.64.151.101 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 07 Nov 2023 04:52:57 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YFHqW0NYl9CDh0q%2FMOass63E187dGNHGXipPW%2BO%2BRxQ8UKx6GfLwAxABz%2B%2FT6tNaLeCzqP6pqALE2qxgN4Mrtm13BjMvuzyFUwRjVsqZXLe2pnGyukpUvVM3GLoOdKubAMFBRdI5oAWuww%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type: image/gif
cache-control: no-cache
cf-ray: 8222f8461ea44d9d-FRA
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Tue, 07 Nov 2023 04:52:57 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESENhZWIaIjamuRRKCY4Ajd3c&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

rum
dsum-sec.casalemedia.com/ Frame F26B
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZUnCqT24OZVL2Lv-VuNplAAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESENhZWIaIjamuRRKCY4Ajd3c&google_cver=1

43 B
735 B

20ms
20ms

Image
image/gif

172.64.151.101
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESENhZWIaIjamuRRKCY4Ajd3c&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxj-rbvGATAB&v=APEucNUD8nlP-HEesUcdgg95Awja_qrcm0eKj0kkBJYzt1L12WbOllzCcC50jq5m1ZnnVM9MIDXyaUmIlSRLNtzkQPG4Ghe6iXH1w7IebmOvMDxjBFxfe_b-WyLGYEWf_ZjPjXX15ZIJL4mO3bH9avoBD072J4ZPeYj903MTT6bemQwPQhXbgRY
Protocol: H3
Server: 172.64.151.101 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 07 Nov 2023 04:52:57 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NAmBW2CxwM0X1Bx7jgAJvW%2BnwtujwSDWPsMMWfG7Cz4V6uXeKsBgdY8AQtnNt5U1HNx0JLf7CKI5rRSbTsnli6Z%2Bo%2FIRzJwHEhqdjKxYEXkeP7wTksBGEqdzspTllQPW%2Fx7bO2Ua9DdzqA%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type: image/gif
cache-control: no-cache
cf-ray: 8222f8464ebe4d9d-FRA
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Tue, 07 Nov 2023 04:52:57 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESENhZWIaIjamuRRKCY4Ajd3c&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

setuid
ib.adnxs.com/ Frame F26B
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEEWkHdRtKF1fpN0oFjVHuTQ&google_cver=1

43 B
845 B

14ms
14ms

Image
image/gif

185.89.210.212
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=101&code=CAESEEWkHdRtKF1fpN0oFjVHuTQ&google_cver=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxj-rbvGATAB&v=APEucNUD8nlP-HEesUcdgg95Awja_qrcm0eKj0kkBJYzt1L12WbOllzCcC50jq5m1ZnnVM9MIDXyaUmIlSRLNtzkQPG4Ghe6iXH1w7IebmOvMDxjBFxfe_b-WyLGYEWf_ZjPjXX15ZIJL4mO3bH9avoBD072J4ZPeYj903MTT6bemQwPQhXbgRY

Protocol

Server

185.89.210.212 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

942.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 07 Nov 2023 04:52:57 GMT
an-x-request-uuid: 7bd4032f-c381-46f1-ae0a-f4475d2e4291
server: nginx/1.21.3
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: image/gif
cache-control: no-store, no-cache, private
x-proxy-origin: 138.199.38.133; 138.199.38.133; 942.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
content-length: 43
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Tue, 07 Nov 2023 04:52:57 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://ib.adnxs.com/setuid?entity=101&code=CAESEEWkHdRtKF1fpN0oFjVHuTQ&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 290
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame F26B
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=ODA4NTg2NTcxMzkzMTkxMjk1OQ%3D%3D

170 B
188 B

28ms
28ms

Image
image/png

142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=ODA4NTg2NTcxMzkzMTkxMjk1OQ%3D%3D

Requested by

Protocol

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 07 Nov 2023 04:52:57 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Tue, 07 Nov 2023 04:52:57 GMT
an-x-request-uuid: 022dc5d3-fdd0-4b06-af4f-03810d9c505a
server: nginx/1.21.3
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: text/html; charset=utf-8
access-control-allow-origin: *
cache-control: no-store, no-cache, private
access-control-allow-credentials: true
location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=ODA4NTg2NTcxMzkzMTkxMjk1OQ%3D%3D
x-proxy-origin: 138.199.38.133; 138.199.38.133; 942.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
content-length: 0
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame F3F7 0
20 B 40ms
40ms Ping
image/gif 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=running&ord=4053147804013&version=m202309260101

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 07 Nov 2023 04:52:57 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame F3F7 0
20 B 41ms
41ms Ping
image/gif 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tlbr&ord=4053147804013&version=m202309260101&ct=77&x=1&cor=9252786887650132000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 07 Nov 2023 04:52:57 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame F3F7 16 KB
12 KB 174ms
173ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-Bg_5gSfZ3A6JhZJddZchnP9qyRO_DSSaC717eT2HaJM3adthKymZdpuyGuL52LDIkL7Cnu3P6myrFaqWZ3VwN0GgjVY5jBbOIYhb4cE7_rDnXAQ_vjmgG8CiROomeenzVtPFlaOsGQVCV1eJCI-_ixSFXUZfkBxaIFMj26VHZLwETS4Y9zvHGNkdYSM9gQqq19lyH2bwT3DeEoak9SSGIBqM4yMw&cry=1&dbm_d=AKAmf-CYEDE0X3ltv3UXZFsHlLaK2ipAKpf_rzb0C0fOAII6uOcAPBFwR3FqbV7MG19Zw5WeYosUBtDKeX4DIAgDrJNCAHKw28VSnkq-_rWSZFW4dUVLq4aTiB1pXufhogJ844dksw8LF85pgoP9lR_vk-ypSgGpy3E5fet3lda3O7jN0-zsYWh9H4nmftDZ35befxwxp8EK-zXgdQPNe01AO3JldyNFK_xpuyIhIS34yMlQHn6rw97YfCouhB1Iafdhvst7XRos5jsFxhTofki_KhoA6icCY8jUQlYZZ01B26NEQIF5WmjramqY8wxQlesoqMHl440aixW81RErRcPiANCXBlW9o9kEa9e4ndNGUrrcFI1_ZNXnED8sQ8lksYkdmdoubGRVklq6yi9gi9GWNii44bILMaaD5bGINbw6Gnh2yf7vMq3Hq7j0xdCin-CiQQV9wKPiWmTVK8YIMrhzK4YqExzh8yL2usTh_BiEDzdA6tQ-TAeJbElXB46ILkLgl8P-VHxcN1jVq9Ku6AWPBs3jcbgeQIAopQjwndKD4P-RFMo4EhIkHrW1zfovxjbHn8q2yqUqVzy2K_rUT_oNhB3nLLyE3NtrSG6FoxU8DFCBOShdhiQJLlqPhBkFmqI2fQsnloGRRzO7nK-l-zrHh6FNSSHjAO3-TX1jDx9hv4pud1Wc_7X3RDWhAAw9GoDHJDHr4LYbhuKZRVyl6mUCH6Viq4rbw4jktgs3p5UwAzcntYX9-xKjcXy3Ls6a_OLe5Q-Zoafe5WB58NOB1S27PoJGjMrBurtNTThBUebWyAs25H6zrQcGzlfMxMpE3iEJBLImUpZM4hOfbae_nLs4Xv9OhIe_eiFA2UXo0QsiT4drbu-SMHnLy_sAJDg6xUcjkF_F7r1S5G-dxx1S-NNYDDIxo8hqCTTKZge_2AL5T4Kn-GQux3ntBu6Xt9vaiK1lx1gnFDeg_SObjZ73FqNMqw-CakzeZbHaG1cOhp_KYBpHpacFB2TlEwv4aN75reVBVgMoSF7AnhFiU0pq7-o0oGc72H9yfgG2VH9-VXqAX4RN7FSluUXvO9UFffv24D6BPwynBBC81B-DGGya6q8kQzEwWAnYVhkgegJK6FJC2IouC_Wd_MQIcNN-Dwv0OZEJb-anS_ukwg3ZIh4T5R5LaXZv4cGU_I6R174okr4JIr-cAMlwgIK-TZTOPkUoUUp90cpdcJCe_z-3pX5GAVTbmxFXQNu-mc4Yy81KsQIh0vPU2qkwg5_4m6p8fUTY7ijQ_6knjm0bjgj4vat3rqyX_XiChvW8phhqiC5MdNTWd4J2ADpvMzl1XtqOrvzl5Kh7dGADtz24n8Q4qwQc6ey7_CYqdCKJC_McYm_U0Tc3SSn1sZwEaq9BuSjHZ2a8gLDX28quj5VBo_1BP8s3ldBBIPo9fPCbSHlTiCxB9hgomtIguhId-_yjyinWNRwBNa0RNzTJKWvOogscGm_fzB8xmdu-fVMIXiuZcwe0LvjFjg2ftuU9ZbReZLzoARO8D8Fg_Wu-9z4ouQFkUGRFi0dfREEWNbBKuGx0jrzdWng-48k6PvMZhboBL5WrA-tmCNpXGhaGYRLZTui33f4HaToVVrT8KZEiAmkYhLU-x6tk1tYTQyhXL_Sd7qKx2IorQ0wsUW6DVMkxzpm7aEtrypWXYk0mnzTG56TSrAhU3rX_f5MmDkTBfAJKoklE5ib_wa1zpz0tD30U0jLwM6xF5_88GE0mOoBBLzstIiQZA010NWUUqNQBy_9InebNtl7IXLZEHeiEgmGT_jigSlVVJhYaCAse1q2YTixSe_tWutyBw-CMglN3i_t5Lk6PPcE_e_LgtHWl49HXgXLcL1B_evK4a-HONrbrb7Qa2v_Wb1ojZblcjc7l-Y_BhRvTeYwP5n6W87qopUFm8f46KJnSJm9sh8xmClmKAKXGrGYQ53977cZFT7mDB55g724boeYywtVW9PKLrb3LbIQ-MVRFS0XVkGB8ApcNmowPq54T637die00cw9CBbPU-GTR5-33jIFjwDEAe4rURvn5eQpMmvX4U95K0jkJX4u3_YGKbVBp3ZRKH0Z7zigR0QvFSZ0RQvEIv817CgjrgKETT8xBhtkvfOC1vL-Y0Ie5XS55iKI_19u5Y7Ph0sE43_5wd2Bb_bJfgW6kuIzJJAY8S3ITHw8p-21qGEKvFncHtjI3x4-qJtPWfgGe7aXcDQ11asbR6R6c-IlKYiFB_xTyg23Imbl3eQ2GLJbjdiXpMYny802L1o4n7BLM0oqsSNLJxPZbkGrBLuR7TBNLoQeWlkCZQiK3SE0AB9zlEZUB0ReU7LilqRxQO4_Qdv3oqjnR5_NSdON1wwpW2dHq_GCY-DhVy2BOdgOQhXeV96Rg1oPuoaRO2D4bjXrgnysF7kh0Lby1VnOILjJIRuRa3oMlj0BigchxeaswV9tUH0JYwN7Zoa56we0_h620pSzs_hU3woHYyPk6i3H8DefxpIPO5LpE5eR4InSHTysNWpkFr0EIrZZ5thE64j5kIrLjNbNMU_0YtxYhkR4Q1gQAKDeW51ltdKDkBpkAryAurouKxJHkTDDkM7pABy1hArv-8Myw90LRa8f7yXOdbSTDYwGe8RYygBS8StHfnc2jswSxb_gXk4Dcsc0bpNiyX9qohE7zmtTIx1kGvN3g6o29SvL0M26tbwUSkrNHYN3-X0O3tIwJrrghkozeKpjLlYWZPFVSqKURHrl4IjxQnYLQEMT7G1LTkqqayIBNFJlXDOwJREbCrd4JV-6LaOYC8G7BQlpnXawczwLEhtGIKZwxVLgyQM2dDn7j8fqZfbZUonhf4QVXXd4vhTEwsDe-jNJJRLy5LNNIQzK1tr9h3W8CQMgLREYae95fqyedhf7Q-s3hy52br0bAT3yCQfF6o6cWspPnJhboJqCwAK9501W13q5oBU_i8cZiB29IeatrYz-5Vy6hUAAiE5B3BXWUAYBLU7oHjP63ARGRObVWT1Fw_Z58RN9DoGelp4n_gWGULGusKyDjzy9SRm1FUJt05hWo-6nltIPi6kGK_VUaBHCAda8lbMUa0Mj9XMJ5JVP27ktHnWustUf_MFWaEDwLhVyNTBMn5ny6UftxEcBpZZSX4ajr2MiL5c0DkjS9Ke77F1yPo66eZaLRBmM5zEyQYetohRwggPxJGnOBHR1QTWzOr4H74fTSjSA8BLPERQUADJDIe-w_TlgRLqaOW2HmTtq1t9SopYH6Ya7sF9XOj_nntjrnmI4mCNJtaP3tYyxCb1LBHJu0e-UHejDG17H_c8W35eK4eJrMpRZiE3eTstnmqTPLP1kYEjGjEQoyPagKHBC0z3dxfCZLEcJccdlRaYQEheH8Igc4HqMD5PZT1nIU5OrCwZAzpfLtvLQhIWrrqRJIK-_DetpkI12cQxCjzcEMl2My4tZRexIj2Z7XUAK9eonPZAM8OyDmBgNp5VFydj4TCul1TJVWVs8iPAp2VwRbKq5X4deuLX3Sbc2n7ThbvcqUl8_D0G2veBn4EXfHGuu8TAjDtUgMjmFIIMEheRoykXGKF7j1Zl1PaMq7cU1eiDoWUunj1cDad5uaf9kPjZWkzlEbNcF80i471ESHYfBAO6Q7JcZ3HJY1ycQqN_9arH3hKa1Wk17Wm_1YlX2PhC0XM-jUCDpvsKfSrVgSORCNzlIBEjCpM4-TLTViedByQounVhrVqa7uxO5Xpqofv3jsqpppolt6nE4ctuTiNMnJqP2bMpkpuEiOEZbDsLwV9q7bwP73-98jZ3Fh3vr5otuP_WICgSh1N1SepPqKu2-O3EBSAS5ANUhmVozDMxx__qA3mi8xZBnx0SDG091DSESu0SUJy582OmMm4GT0rHcrG30A659ZRsn_5anPN1P9dP_ieO49wdnZC3HnZjjgzdlBYWw2TqAXxA6j5TfdyfFjAWvXafluLXiY_pGILQnH24OmUJ9d7LOWIHmPG8DGcluWONGz19t2vVffFSc--8WlFJCYAkDxmAYmzRW9xCbs&cid=CAQSOwDICaaNm4CGai6_7jYUihtXs9_ih-9B6n3UCT6q4vmKbie-15gP--64Frlh0mNrwXiBbdPHzhfUxjaAGAE&dv3_ver=m202309260101&rfl=https%3A%2F%2Fzobi.pw%2F&ds=l&xdt=1&iif=1&cor=9252786887650132000&adk=1761367587&idt=33&cac=0&dtd=12

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

875beba9aa7e34ac3455b1497f647718472d934b551283f69a440fe00f31c764

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9005940812336387&output=html&h=90&adk=3436455706&adf=1853938316&pi=t.aa~a.425326084~rp.1&w=1200&fwrn=4&fwrnh=100&lmt=1699244572&rafmt=1&to=qs&pwprc=8733112097&format=1200x90&url=https%3A%2F%2Fzobi.pw%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1699332777235&bpp=1&bdt=1278&idt=1&shv=r20231102&mjsv=m202311020101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D1420813f022afac5%3AT%3D1699332776%3ART%3D1699332776%3AS%3DALNI_MYSCxAC-onTTakmK6gLqxYWxD8nsw&gpic=UID%3D00000cb74907bc80%3AT%3D1699332776%3ART%3D1699332776%3AS%3DALNI_Mb00tq47dWSQdH0uUg5QeUo3eYbkw&prev_fmts=0x0%2C1200x280%2C1200x90&nras=3&correlator=478525774591&frm=20&pv=1&ga_vid=176559181.1699332776&ga_sid=1699332776&ga_hid=70829529&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=1721&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C31079296%2C31079402%2C44807047%2C44807454%2C44807464%2C31078301&oid=2&psts=AOrYGskejcUVOFrBvqPKf7nqU8J421tGcb5auGFrJHJiW-3KcUrSYE3R5L1XbsMcfUkx17K1ZcPe5MdHVNqrIx3a-fWLASyT&pvsid=3306344477282987&tmod=933844701&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=4&uci=a!4&btvi=2&fsb=1&xpc=vJC33qhC8p&p=https%3A//zobi.pw&dtd=9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 07 Nov 2023 04:52:57 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 12255
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

sd
us-u.openx.net/w/1.0/ Frame B6AF
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_dbm
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEKnpW1LdlMK4pDxSuNvWD5Q&google_cver=1

43 B
105 B

16ms
15ms

Image
image/gif

35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEKnpW1LdlMK4pDxSuNvWD5Q&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxj-rbvGATAB&v=APEucNW23PlhmoSwSNePjIhwKN16gE15uV-ehjwI6fqLRvCm8uL4_LBwHJiGEc6DZ4GM8uth2J87Dctwka-m1pO-nPJOE8jwNjgZiXyVNVLueE_V4os8c6x-x3FeBKg02O5Tj5hohiroExl41rfkvbeQPl_hj8eob62D9-efI8400Bddkumn3RU
Protocol: H2
Server: 35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/0.0.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 07 Nov 2023 04:52:57 GMT
via: 1.1 google
server: OXGW/0.0.0
vary: Accept
content-type: image/gif
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma: no-cache
date: Tue, 07 Nov 2023 04:52:57 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEKnpW1LdlMK4pDxSuNvWD5Q&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 295
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 cm
us-u.openx.net/w/1.0/ Frame B6AF 43 B
295 B 39ms
16ms Image
image/gif 35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/cm?id=9ca165a9-d9fe-2ff6-d83d-d145a80b0d37&r=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dopenx%26google_hm%3D%7Bopenx_uuid_base64%7D
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxj-rbvGATAB&v=APEucNW23PlhmoSwSNePjIhwKN16gE15uV-ehjwI6fqLRvCm8uL4_LBwHJiGEc6DZ4GM8uth2J87Dctwka-m1pO-nPJOE8jwNjgZiXyVNVLueE_V4os8c6x-x3FeBKg02O5Tj5hohiroExl41rfkvbeQPl_hj8eob62D9-efI8400Bddkumn3RU
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/0.0.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 07 Nov 2023 04:52:57 GMT
content-encoding: gzip
via: 1.1 google
server: OXGW/0.0.0
vary: Accept, Accept-Encoding
content-type: image/gif
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 56
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H2

200

um
sync.teads.tv/ Frame B6AF
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=teadstv_dbm&google_cm&google_dbm
https://sync.teads.tv/um?eid=3&uid=CAESEEmgZhWBFi1Lg8PAqnj8DKs&google_cver=1

23 B
163 B

39ms
33ms

Image
image/gif

2.16.97.41
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.teads.tv/um?eid=3&uid=CAESEEmgZhWBFi1Lg8PAqnj8DKs&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxj-rbvGATAB&v=APEucNW23PlhmoSwSNePjIhwKN16gE15uV-ehjwI6fqLRvCm8uL4_LBwHJiGEc6DZ4GM8uth2J87Dctwka-m1pO-nPJOE8jwNjgZiXyVNVLueE_V4os8c6x-x3FeBKg02O5Tj5hohiroExl41rfkvbeQPl_hj8eob62D9-efI8400Bddkumn3RU
Protocol: H2
Server: 2.16.97.41 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-16-97-41.deploy.static.akamaitechnologies.com
Software: pekko-http/1.0.0 /
Resource Hash: 328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

expires: Tue, 07 Nov 2023 04:52:58 GMT
pragma: no-cache
date: Tue, 07 Nov 2023 04:52:58 GMT
cache-control: max-age=0, no-cache, no-store
server: pekko-http/1.0.0
content-length: 23
content-type: image/gif

Redirect headers

pragma: no-cache
date: Tue, 07 Nov 2023 04:52:57 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://sync.teads.tv/um?eid=3&uid=CAESEEmgZhWBFi1Lg8PAqnj8DKs&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 281
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 um
sync.teads.tv/ Frame B6AF 23 B
163 B 70ms
34ms Image
image/gif 2.16.97.41
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.teads.tv/um?eid=3&uid=&fb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dteadstv_dbm%26google_hm%3D%5BVID_B64%5D
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxj-rbvGATAB&v=APEucNW23PlhmoSwSNePjIhwKN16gE15uV-ehjwI6fqLRvCm8uL4_LBwHJiGEc6DZ4GM8uth2J87Dctwka-m1pO-nPJOE8jwNjgZiXyVNVLueE_V4os8c6x-x3FeBKg02O5Tj5hohiroExl41rfkvbeQPl_hj8eob62D9-efI8400Bddkumn3RU
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.16.97.41 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-16-97-41.deploy.static.akamaitechnologies.com
Software: pekko-http/1.0.0 /
Resource Hash: 328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

expires: Tue, 07 Nov 2023 04:52:58 GMT
pragma: no-cache
date: Tue, 07 Nov 2023 04:52:58 GMT
cache-control: max-age=0, no-cache, no-store
server: pekko-http/1.0.0
content-length: 23
content-type: image/gif

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 5565 0
20 B 40ms
40ms Ping
image/gif 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=running&ord=7212069900434&version=m202309260101

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 07 Nov 2023 04:52:57 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 5565 0
20 B 40ms
39ms Ping
image/gif 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tlbr&ord=7212069900434&version=m202309260101&ct=77&x=1&cor=1529534089303955700

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 07 Nov 2023 04:52:57 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 5565 19 KB
13 KB 170ms
169ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-Awnn3Ke5bQZi1E5SnS8qPFD0Bd0_8-Yov_WQxrnFRSwTnzTtgHw0SEeYRuGhJeaDJ3WkVMB9gc_7_hOCELKIZJ8C17jj-WIfYKOjOErmw7sL_LdBsNlWGSfWv1aXEm3CxQADZntX4uwCy4q0uHLEgNwP8GsSbYn7j-xzhqe03Pt4RVcrA&cry=1&dbm_d=AKAmf-CguPAyShn7_ohK9DwNGVfGNr1Y5Zd_ZTl-_4A1yC1S4vkL51iC40Zon3dac70yrOzZNdJhi-OR2TlmKfZZ1F_6qYMNcQlaZ2mRoeUeBxhXalpkxxMSXrBiXFvV3sFu-si802ULdcInAfL44N3oG21-0aNHJAXKWrSr4W_40jpdAOu6Pk7HFtjipXFQK9NVPSpRU-j6i-ARIlrpsa3IBkeLxd90cF3FY3-7ud_1ZPEJ6HIw6AeUnWL3WF7K8fgoecR9Ez4KnU8SaaDbdQqGSFKk6wXrjm_N859UNqGkJBv-FzgaNku1PRWLoi_gH6T3bAYJUnCl8yk0fTO-EloWZlm16l_gVjzB8vzhkPWS_H8iFW36p4IIFdT-SAxROz0PLYwHcuqctMqs9Ca9m9PQMFqUi_nTZwMacUTY4he9-g4L_rFg8TaOUaKQQ3dGNVquWJcRdDUdmbKm_2kQ2y8FiXbP3sjLmZ8YHJHtEftEZuJMI7lZx8KDCuOKZH4tVMAUyOThaBlWDmDWiAqYwqUbH1DhNVXvjIYL4eEimVJWfqw82RoLhAOYGEGiNyqDlh3uZ4SUjN-YsfCmFgRz8qo8uLT-6Gb5fHScAjDzWrNZNC1UgwZpX1kszaL554GgtN5FzLpZBCBSg8GxcOAZbOD_vAsr61qJY8akBEVZNagq639mt7eXLEJ9u1abid8Oj0yshWBN5iDaMX6v5lJfVu-DUuhLWnQEAH0pM4wWW3QMRXwAqb289QsEZjoTUdHg0hz69qo5spBjvWXFieg105IVP_ET1dLaTS1rYssf0VqSI5k2lFcpVDBlUNgtazFwzQwlyXEO7gLxjyDK4wy6tBcVMFpxDHpIdTe6CT33J5aARW7zgg7IaI_1MU1pkLnEwS0lMnvvR5N8qKZt_v6WgcCyk0zSOoNVfLcy-4V9qfdRRNKhRSTZnGCrkH8vhE4k6TjoXfwiuHw7DWYGkKjG_qMAoXIH-lQwXZuc6VVgc2UAOnoWp42EEYdi181ecRXpv2ATKx90Udr0mrGOzwyBZFwGWz2bKMd5C8p7nCpaC-zGM8ld6EDm019k7uoUaOu0Agukp2Yw5rV8e9DYrnNPsxdKe7w_wy7-Mu7n2ihWUcvolqQp67nDiohLqnzFrlM-v5BbM5lTr6Cc1rZ_CZ1Ya4kVpDQJXYSJYPJgmDY5T3De6ZyW37JUSsTyiqSUlbjGbnyExz6uh-nZGrzCJSoKTRovQlHpYAXYwW2I6XgTWPu6LXAAcEQqxbY1uHX4dxkDgrulWtmBWR-GIE7cwovZDzGWYnVh7832O5VSppv5wQRxlM4K4N0sE-bx8oVPCYgclJp6kfna3M13jQQi7f7RoouyfxtMJODkoXPwjwjXoB31APo1VDVIq2j1z5aXKvg1AfVxoWkNyGmuJhoAwPoeCIr3csb9pIym6GPUkTHWVHzEmprOZyzV5c1uievEVYV0FehK_7EeEz_pH2_CwMGT4VR9yMaqUM3PXUAH7FbnsTdDAjC7znWFJhvKm22LSPilb3bS9gAUYdDdMKhrQ72L1mL1mKGBzlFdLplwzMcV1T3zD7tKtKys7_rTdK0hAtmNOonHDw7W2EMV99l-iKPQa_z7eQoX2ffZY661aVuOZhXwel-amSueN2xJXcc4Rn3xvwHIbyq4FtKvUqNEdCToAnDchTgFf7tCufZaFCDkxdHve-gNRnFkDXXZ7tgpwlK_umsRUMccrkWtq6m-BUAjREp3rmoeNqp1MYsh8qIA2KNqSplw2UCiahWQ627jPwXgKOwwFLdamv-yhPASzwHgJgvHZ0ECqYR39-8W13xYg10tQxgQkBX_fHLUQ6QZ10xid1IqFOfYkbOxV0_BhjzjsSSw9iv3V9gnVLBxN-61IGiWSY-yXT02CRiqXRXasI-aK11wC85RpW6cv9tq0K-aGREPEoaWknmgw7ptSzr69UJAjtXYynyzpiBb4Fmr6nI8DkVNgyd7_9022srbGv_jKzAm0Zgp6HZk8kxQmoxGR-iov7c-hpQ-Z2sV4EQXA0YUNfkse1UUElSfKMpep2lqOpHhQbEYUm4PhajSXeOO3pJCxP6emSrjBWkBvWuQhQ-nnYOq-xFc1Xsa-I0d2keqGMBxzVerHBPuSOLsX2jvfGHg27SJoZYU3x_LGp4nwfpvKk6Z5uMuyU92mCKQWW-Hr3f0qV49aZo1lP8QPB2-9sdD6s1tk71XFeTurICZ45xRFs6F4yGvF1PITG6-gmiQ5rKhIFQNSgR9lz4hxMrvQ3brpDSSsQwyazjgiZ9iJt7Rek0NgD_kbhoEhFej4X6n7tFEMttj9bwAfEq85TwGl8n7gebyThPQa0v7idM29l1_s6Tf87T-25E7NOaal5ssQa_aHgeOtBYvYpsNmt94matAU2a0uBxuJhgqcj_urwiMvIZ0stXtbW2CWzcfLn1ceATAtNTzxROzykRnkhAdOCgOX5LXMBVoa9EnxIy1la-nzoneEjtkODf9LmTqktIpqsJSkwyhWhzuP1QC5RQapnm7kmkeYdu6R2Gx1mFh8EVQAyBFl0pNELFZObrOYl99B5gfN03OsVQLltVEDtMkz_DJOFGUH_ZSIDeAfUS8pJZnXN63vaa61Slrg8Hze6nznw8X6w3ruqMcOoaXpUrBH1oROA4IK4QAufg0q_ZfqSs9Y7g9ItuESL9xGvu_bkGeNOFUE6BNWk3cO5i2XK90GDPTUTGfcM6DaMV_agqxO4O4qe7ByzC6F7pvJLjehyb1uMnIeWYFcGJc1DmRmeyr99mFKCd-wXIAHXw_oO0kTchXHlkL4Dwp8ryLyR5b1-nUDMDHIlGqR-CNV6y9TAy4Z_8zLREZc1M70zZ1opCuaSxovvWLnjREaxw4DyfCVbylnfX78kQ_FGV6MSYg087NcxgPD-Ig-TFgI1k9CCWZfhZ_UxUMeoF_ebRh-PhHQk5IKlvDbejoLTeS4LlJZRqUusztAdcMWVkGwPbsu7G-WluvzJ7iqNmqYtvGgiFh3SDKG0KXyKl557QkXTC4XRIEVhaBgi7bGn-2Q6P-Rmy7nw9-IVOf3Ao4M04GEtaqp8fv7p-NnOqMGRodiBhDhUO7KuCBdxpeunlk8UBpgZ7l97Ze0LiuoVWTuH8p1MWF-3-Nd4mCc3aMIynkc33vVvuU8DSf7Ddih8exc5jZHacA0N-Ss208whK9MmQ6Two-EAaIy7ErSMV8ZjuWwwntKimuBfkNNwzddxBm_xAFxzhabOIXd7gtvdCwCO3wVGBPgJ7jH8mY_sNj9onvtxmOWH7j4DymrWZRJdwEyWgnh-FGFcbTDbxvaCt64ZwwLrZhnE_wFXL1W20KrpxWn7KUgqffgnT5x-fPzQx0JmNh-g1EzoV4p1kW-IGtkQZdGoZp_IJ5tCzaJN0WtzTpF3mI_bun1mXuwzRXskVnl3g6HCCP7_2vZsiMgZYWGMXgkiYViWcDz4DQTBw_c6UouI5scAoGiU9KWG82oGgncWk2flPzluQI0a_nxZWbOXSZnE05U_vblgDryzIYUMadYHpZzaGYt_07UGcCpM25_mA5BW2jSELKFu2apPxLtmV4eJnoRUxKZ1zQHH6gGHookhxL6iFVFKSuP2TCj-VD0EwSQ992NmzfSYr2JJQzFv9fjYnIt_96KZHEA_lPBFI0um6gquyWmY0scmBZMsq86TRvwJMrNtPtrXU8HcFmSlZ-XfXEE_ud_pNPpDGmZsRzA2htvLwK1umVQPz0zwkbrYKj8BPbzKevdA-JeI6kw3K_AND2btlFJ2ZW4kvat-l7s4GzlSxYUT3G9OV8GniLMUhyZKl7q9vz46H9KWQ8WLysaKc0idkNnZwL1muPsQKirxxE_LE9L1Xvc8Rks_XdBNQpUw7a7O04A_Tdpo-R2sU7Ws9PPyW3xdqkKSnpIu57WlI6oYCtCBP0UlgdPl5ZED3UcZLsSgpEpAu4-XuJWWgb&cid=CAQSOwDICaaN29k_fC-4XYgVUdGfAEkMdghUijSmxJp930XLMhN4jzzLCRPVn01urCJAQ5Xu9jklkj-cjne6GAE&dv3_ver=m202309260101&rfl=https%3A%2F%2Fzobi.pw%2F&ds=l&xdt=1&iif=1&cor=1529534089303955700&adk=497053795&idt=25&cac=0&dtd=3

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

680baa5b8a123453459b1623966addb321b0b513a2fc6bcf97975ac4d53b9a49

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9005940812336387&output=html&h=90&adk=3276878225&adf=3959326066&pi=t.aa~a.1462100283~rp.4&w=1200&fwrn=4&fwrnh=100&lmt=1699244572&rafmt=1&to=qs&pwprc=8733112097&format=1200x90&url=https%3A%2F%2Fzobi.pw%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1699332777235&bpp=1&bdt=1278&idt=-M&shv=r20231102&mjsv=m202311020101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D1420813f022afac5%3AT%3D1699332776%3ART%3D1699332776%3AS%3DALNI_MYSCxAC-onTTakmK6gLqxYWxD8nsw&gpic=UID%3D00000cb74907bc80%3AT%3D1699332776%3ART%3D1699332776%3AS%3DALNI_Mb00tq47dWSQdH0uUg5QeUo3eYbkw&prev_fmts=0x0%2C1200x280&nras=2&correlator=478525774591&frm=20&pv=1&ga_vid=176559181.1699332776&ga_sid=1699332776&ga_hid=70829529&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=1605&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C31079296%2C31079402%2C44807047%2C44807454%2C44807464%2C31078301&oid=2&psts=AOrYGskejcUVOFrBvqPKf7nqU8J421tGcb5auGFrJHJiW-3KcUrSYE3R5L1XbsMcfUkx17K1ZcPe5MdHVNqrIx3a-fWLASyT&pvsid=3306344477282987&tmod=933844701&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=3&uci=a!3&btvi=1&fsb=1&xpc=EEHRQVsWBU&p=https%3A//zobi.pw&dtd=6
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 07 Nov 2023 04:52:57 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13676
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame D788 0
20 B 43ms
43ms Image
image/gif 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=44&t=2&bgai=BogHNqcJJZZHKHu7DjuwPseum4AcAAAAAOAHgBAI&bg=!np2lndLNAAb4oU7C2KE7ADQBe5WfOEngKCGfS54l3KL4TQD2oW8jcWXbK1Iv7Yd7fdmqEtt5IIIAbEFoJqNIMhhWbtefAgAAAH9SAAAABmgBBwoAEvM3dS7Ld9ZB3U-oiUaglapWp5kDW3Nz7Ykf077C4KSgorbVw86ETMsFy4IXSsxLApt6wQR0sGAMxjqcaIGlS89XXgEKlBb8bYjM5Yjfvb9zPhQOyIyIwxkmYNpAyUtEkrXIwhKoKRtWR5o422V02enPy9wc51NOoJIxCXSyBwbuumcnXWBnoYAZ3fOhcZad3TJfRPV5Ml1NBsQOghQO-YtIFALwb0Uo1nonqcmB8sMyr4C37PfYvoIwBUTMFEO_CrYo4C3VxC_mAWdFAdp1pyghXo0OB4xDp3IISEHXPIsRcm1JlOhNIWd_BIFWcBVyHwvMUVkqNqMGd44SP8Bk6J-2-oTZNUeZcV1vt5AbKrdNaHCWAH36nQby8FuXKMVS6VLEOvRAIgiwq6lNY4MCCP3GmfJJyoAATvATQi4hk2ge669TMIQ5MgkiUuPN9OrrewQcEpsL6ssw68hRD8rH-sZn8UGJrLwRG4Tb3EVvj567uBLL8lUwKMXdG0Xpil_SsFmFBcY-rFXEJ8mf7vDbKBbwLSwkp1EHYhTZvtylJ-btG-_U_gHciRRy6arqbJa_jQY4-EbSkD3xLneRcMG9n_IfgXR-4qMmS372_X9v7u891jRb5vmH-80W_-Sxn0PMuTxiaE3rGAUAyhJu2-XSbb3W5NCttoD6985HHdsVuuLa8yRW_7OH4Bt3ttnMJO6Abr8xQBnapm4SgOhm2XbbN5wkFJBMHljSFHZsvdCWpv6OppgA4nHZiORXFRcK_MYg6sHXPHr0OsqHDewvpkLVZouRA8ZDtxx57wWblQZd-aMXZtwqKdUaIpd1RuaC_XhB3x1x4M8boa0aRWnjO8O9hcYEflEhKvq8mhBDSxNQkGrdA70hc4dC5_J5XUwVLBHV3KBQk74nSKlgTSe1HbgFv085p_Wd4mXr2wKGIeldP11ZeWKqEUdhytliykye34cQG4JKaQybH0Mg0Qlk2yrKKyLs6r0zzl9OLa_Mu9Lw8xFP3EHTVL9uCJvi-66k3BcgvYorFqST6stMytZH1CwhxIm5YhXKpQaHE4KzzWQjuSJdaxD1ZKV4gWMqYdjt2CkCBW_AEzPftBDq9ta2peU3tihjhMl_hy1NPI1narets8gvWWMjr7OdppfECC-1WNCqSR3BB7hnPORlb-FV8McjHH0

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231102/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 07 Nov 2023 04:52:57 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 lJko_tUUCSg1zleom4HNSQb4WTO0YIIk7wxKK6Unhpg.js Show response
pagead2.googlesyndication.com/bg/ Frame 16AF 50 KB
19 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/lJko_tUUCSg1zleom4HNSQb4WTO0YIIk7wxKK6Unhpg.js

Requested by

Host: zobi.pw
URL: https://zobi.pw/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

949928fed514092835ce57a89b81cd4906f85933b4608224ef0c4a2ba5278698

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Wed, 01 Nov 2023 19:21:34 GMT
content-encoding: br
x-content-type-options: nosniff
age: 466284
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 19684
x-xss-protection: 0
last-modified: Tue, 31 Oct 2023 13:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 31 Oct 2024 19:21:34 GMT

GET
H2

200

view.aspx Show response
pb.media01.eu/ Frame 94FC
Redirect Chain

https://pv.medialead.de/trck/epv/e99aace94e6e5873881d3400993e1e7e?subid=62868300009232104444550012501006&t=htlp&gdpr=1&consent=1&gdpr_consent=
https://pb.media01.eu/view.aspx?trackid=529D4F146E3238B0FD87AE72E1190AD4&dt_subid1=52180&dt_subid2=62868300009232104444550012501006&actionid=879111&produktid=ratenkredit&dt_url=

0
179 B

60ms
22ms

Document
text/html

88.198.250.30
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://pb.media01.eu/view.aspx?trackid=529D4F146E3238B0FD87AE72E1190AD4&dt_subid1=52180&dt_subid2=62868300009232104444550012501006&actionid=879111&produktid=ratenkredit&dt_url=

Requested by

Host: hal90006.redintelligence.net
URL: https://hal90006.redintelligence.net/request.php?zone=g72h7lz2c4az&nw=20&renderingType=javascript&namespace=34c8c91f72&subid=&uid=a6869933d6a6aeb9&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=728x90&scrollPos=0x0&extData[]=&extVar[]=DV360_SSP%3A1&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DC1e-MqMJJZZTAKc2l_tMP4MygqAOm5b2gaYWVnKfJD_AuEAEg-p-ufmCV4pCCoAfIAQmpAsxEo4wi_LE-qAMByAObBKoEjgJP0Ks-SzxEMDiWkmzYgHe0H92r8SHGR1NPLZMndyYpEG2tOHmkRTjEHN0y05zOepSElBAWrL8pIEFoxI3iutPnS1f9UOwm4r0jbmwhFmzzXrQ1goHTlBkrjXD-Dg3e2ipMZDpGYA8DnDfLTm0Mhwqv4fcu7QYl_BYdcePDc7HagEN-XS918sJgYg1Vw2BzkKRsjHj0TTYeIZg42V2UO37wGBW74TFY8ruLne3HUYr8JgnY0PW5jEquSXrftG2tddYxt8kuiyLODJD5LhOfVaHmpwVNtX_ttoxpVKXXywgGSVGPQjyiUN9RrdyZnRdk1W8pwjCa0ADxh7_Gnz1QmlHj_UNYWDW6sLNoKO7R3DjABOuP_I73A-AEA4gF76-WiD6QBgGgBk2AB6yt9Z8DqAfZtrECqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhuoB5oGqAfz0RuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIFgiA4YAQEAEYHzICqgI6AoBASL39wTqACgGYCwHICwGADAGiDAwqCgoI5LSxAu61sQKqDQJERbATh--xFdATANgTA4gUAdgUAdAVAfgWAYAXAQ%26ae%3D1%26num%3D1%26cid%3DCAQSTgDICaaNpUYM0hu_OqvkSC5BraIOs9ixjKqzulc7pQ8wNLLLXuZzyTURv_T-kOvgPAHoSFWmdo4zgOtH47K23Pj_DjTO-yazU2xYkxZRrBgB%26sig%3DAOD64_2HhUZKcBZQM-0gHPakgLzdbuTiTQ%26client%3Dca-pub-9005940812336387%26dbm_c%3DAKAmf-D-0f2zfDzI7_H1eLPkEBJ3mCfTd37LQJ0SnFureiBGjaK_BD13cd6xBbIwDG8WonJCPoMKhiCUPpA4b7gpka3DaPZq1E8COtKfLU53ixuaD-NWqli48R6xA0w5Cfi3b1H_XtbW5CGIaM7iG-G3vg5Th_HA4i6BIc-PO5M91gCxJAgG_qU%26cry%3D1%26dbm_d%3DAKAmf-C4bmLHdCx7vZvb_MGkx0IsMufnFgPoG4FAe8QShjF8qcMJbQ6RvfGs41fMLB_xN_Cr8BGashylwxN_68p-VdfT4N1gbkQiM5vV1AAv4oMCRkOdASPUr3YNZ_nPWGyrRVhXvOCLe6iHZ3uIw8lT5HdHq5nM0ieMPDKivuPywfvWk0bhjaSL1W4njMAaZTU9a3M3XGfUsj9ahmeiljEjH06R9uFotohIl9mC1AH1i8Fy9YSLN8nc7L7fhB42qr78iY6WC3LSLYIUFnkw6SbuYNC-_qfTskPLJu8igmUWoSRy7Ckgf8UMazuEjwicyad7veLPsdRxpm9r9D7DJdhbjqn0d4XI02F47J4UTQLeesdiLi1djBMvUOGwtVJyugOp4L5n7wvtjEutV8bKobMcyrg1cqPnzdIqyGsEX_dBX-S0aWwdReXcuZNEurU_o1Bm3Vf9keaY3Rg4VTDvojXLzUwXM618KCwRnVtQHWEX2g55RVaZFgI%26adurl%3D&documentReferer=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fpagead%2Fhtml%2Fr20231102%2Fr20110914%2Fzrt_lookup.html%3Ffsb%3D1%23RS-1-%26adk%3D2569712851%26client%3Dca-pub-9005940812336387%26fa%3D1%26ifi%3D6%26uci%3Da!6%26btvi%3D3%26xpc%3DaBirqOwenr%26p%3Dhttps%253A%2F%2Fzobi.pw&ancestorOrigins=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Chttps%3A%2F%2Fzobi.pw&random=7918661743701&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

88.198.250.30 , Germany, ASN24940 (HETZNER-AS, DE),

Reverse DNS

static.88-198-250-30.clients.your-server.de

Software

Microsoft-IIS/10.0 / ASP.NET

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	1; mode=block

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Content-Range, Content-Disposition, Content-Description, X-XSRF-TOKEN, X-Location
access-control-allow-methods: GET,POST
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
content-length: 0
content-type: text/html; charset=UTF-8
date: Tue, 07 Nov 2023 04:52:57 GMT
expires: Mon, 26 Jul 1997 05:00:00 GMT
last-modified: Tue, 07 Nov 2023 05:52:58 GMT
p3p: policyref="https://pb.media01.eu/pb.media01.eu/p3p.xml", CP="NOI NID PSA OUR BUS NAV STA"
pragma: no-cache
server: Microsoft-IIS/10.0
x-aspnet-version: 4.0.30319
x-powered-by: ASP.NET
x-xss-protection: 1; mode=block

Redirect headers

access-control-allow-credentials: true
access-control-allow-origin: *
access-control-expose-headers: X-Request-ID
attribution-reporting-register-source: {"source_event_id":"17200521800104416","destination":"https://trck.easy-m.de","expiry":5184000,"filter_data":{}}
content-length: 0
content-type: application/javascript
date: Tue, 07 Nov 2023 04:52:58 GMT
host: pv.medialead.de
keep-alive: timeout=20
location: https://pb.media01.eu/view.aspx?trackid=529D4F146E3238B0FD87AE72E1190AD4&dt_subid1=52180&dt_subid2=62868300009232104444550012501006&actionid=879111&produktid=ratenkredit&dt_url=
proxy-host: pv.medialead.de
server: nginx/1.17.5
strict-transport-security: max-age=15768000
vary: Origin
x-iplb-instance: 40028
x-iplb-request-id: 8AC72685:EC5E_91EFC182:01BB_6549C2AA_1CD8B93:1A428

GET
H2

200

view.aspx Show response
pb.media01.eu/ Frame 5801
Redirect Chain

https://pv.medialead.de/trck/epv/89f7480c0afa0150827cf163f8728151?subid=62868300009232104444550012501006&t=htlp&gdpr=1&consent=1&gdpr_consent=
https://pb.media01.eu/view.aspx?trackid=FCAFEED7E361667AB6C39756DB56E118&dt_subid1=6549c2aa22d4c960abae7d06&dt_subid2=&actionid=56481&produktid=&bannerID=FYRSTDisplay&dt_url=

0
608 B

51ms
22ms

Document
text/html

88.198.250.30
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://pb.media01.eu/view.aspx?trackid=FCAFEED7E361667AB6C39756DB56E118&dt_subid1=6549c2aa22d4c960abae7d06&dt_subid2=&actionid=56481&produktid=&bannerID=FYRSTDisplay&dt_url=

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

88.198.250.30 , Germany, ASN24940 (HETZNER-AS, DE),

Reverse DNS

static.88-198-250-30.clients.your-server.de

Software

Microsoft-IIS/10.0 / ASP.NET

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	1; mode=block

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Content-Range, Content-Disposition, Content-Description, X-XSRF-TOKEN, X-Location
access-control-allow-methods: GET,POST
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
content-length: 0
content-type: text/html; charset=UTF-8
date: Tue, 07 Nov 2023 04:52:57 GMT
expires: Mon, 26 Jul 1997 05:00:00 GMT
last-modified: Tue, 07 Nov 2023 05:52:58 GMT
p3p: policyref="https://pb.media01.eu/pb.media01.eu/p3p.xml", CP="NOI NID PSA OUR BUS NAV STA"
pragma: no-cache
server: Microsoft-IIS/10.0
x-aspnet-version: 4.0.30319
x-powered-by: ASP.NET
x-xss-protection: 1; mode=block

Redirect headers

access-control-allow-credentials: true
access-control-allow-origin: *
access-control-expose-headers: X-Request-ID
attribution-reporting-register-source: {"source_event_id":"25200521800103636","destination":"https://trck.easy-m.de","expiry":5184000,"filter_data":{}}
content-length: 0
content-type: application/javascript
date: Tue, 07 Nov 2023 04:52:58 GMT
host: pv.medialead.de
keep-alive: timeout=20
location: https://pb.media01.eu/view.aspx?trackid=FCAFEED7E361667AB6C39756DB56E118&dt_subid1=6549c2aa22d4c960abae7d06&dt_subid2=&actionid=56481&produktid=&bannerID=FYRSTDisplay&dt_url=
proxy-host: pv.medialead.de
server: nginx/1.17.5
strict-transport-security: max-age=15768000
vary: Origin
x-iplb-instance: 40028
x-iplb-request-id: 8AC72685:EC60_91EFC182:01BB_6549C2AA_1CD74A7:1A42B

GET
H/1.1 200
OK request_content.php Show response
hal90006.redintelligence.net/ Frame B05C 7 KB
2 KB 33ms
11ms Document
text/html 138.201.63.164
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal90006.redintelligence.net/request_content.php?s=62868300009232104444550012501006&a=6b823d86
Requested by: Host: hal90006.redintelligence.net
URL: https://hal90006.redintelligence.net/request.php?zone=g72h7lz2c4az&nw=20&renderingType=javascript&namespace=34c8c91f72&subid=&uid=a6869933d6a6aeb9&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=728x90&scrollPos=0x0&extData[]=&extVar[]=DV360_SSP%3A1&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DC1e-MqMJJZZTAKc2l_tMP4MygqAOm5b2gaYWVnKfJD_AuEAEg-p-ufmCV4pCCoAfIAQmpAsxEo4wi_LE-qAMByAObBKoEjgJP0Ks-SzxEMDiWkmzYgHe0H92r8SHGR1NPLZMndyYpEG2tOHmkRTjEHN0y05zOepSElBAWrL8pIEFoxI3iutPnS1f9UOwm4r0jbmwhFmzzXrQ1goHTlBkrjXD-Dg3e2ipMZDpGYA8DnDfLTm0Mhwqv4fcu7QYl_BYdcePDc7HagEN-XS918sJgYg1Vw2BzkKRsjHj0TTYeIZg42V2UO37wGBW74TFY8ruLne3HUYr8JgnY0PW5jEquSXrftG2tddYxt8kuiyLODJD5LhOfVaHmpwVNtX_ttoxpVKXXywgGSVGPQjyiUN9RrdyZnRdk1W8pwjCa0ADxh7_Gnz1QmlHj_UNYWDW6sLNoKO7R3DjABOuP_I73A-AEA4gF76-WiD6QBgGgBk2AB6yt9Z8DqAfZtrECqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhuoB5oGqAfz0RuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIFgiA4YAQEAEYHzICqgI6AoBASL39wTqACgGYCwHICwGADAGiDAwqCgoI5LSxAu61sQKqDQJERbATh--xFdATANgTA4gUAdgUAdAVAfgWAYAXAQ%26ae%3D1%26num%3D1%26cid%3DCAQSTgDICaaNpUYM0hu_OqvkSC5BraIOs9ixjKqzulc7pQ8wNLLLXuZzyTURv_T-kOvgPAHoSFWmdo4zgOtH47K23Pj_DjTO-yazU2xYkxZRrBgB%26sig%3DAOD64_2HhUZKcBZQM-0gHPakgLzdbuTiTQ%26client%3Dca-pub-9005940812336387%26dbm_c%3DAKAmf-D-0f2zfDzI7_H1eLPkEBJ3mCfTd37LQJ0SnFureiBGjaK_BD13cd6xBbIwDG8WonJCPoMKhiCUPpA4b7gpka3DaPZq1E8COtKfLU53ixuaD-NWqli48R6xA0w5Cfi3b1H_XtbW5CGIaM7iG-G3vg5Th_HA4i6BIc-PO5M91gCxJAgG_qU%26cry%3D1%26dbm_d%3DAKAmf-C4bmLHdCx7vZvb_MGkx0IsMufnFgPoG4FAe8QShjF8qcMJbQ6RvfGs41fMLB_xN_Cr8BGashylwxN_68p-VdfT4N1gbkQiM5vV1AAv4oMCRkOdASPUr3YNZ_nPWGyrRVhXvOCLe6iHZ3uIw8lT5HdHq5nM0ieMPDKivuPywfvWk0bhjaSL1W4njMAaZTU9a3M3XGfUsj9ahmeiljEjH06R9uFotohIl9mC1AH1i8Fy9YSLN8nc7L7fhB42qr78iY6WC3LSLYIUFnkw6SbuYNC-_qfTskPLJu8igmUWoSRy7Ckgf8UMazuEjwicyad7veLPsdRxpm9r9D7DJdhbjqn0d4XI02F47J4UTQLeesdiLi1djBMvUOGwtVJyugOp4L5n7wvtjEutV8bKobMcyrg1cqPnzdIqyGsEX_dBX-S0aWwdReXcuZNEurU_o1Bm3Vf9keaY3Rg4VTDvojXLzUwXM618KCwRnVtQHWEX2g55RVaZFgI%26adurl%3D&documentReferer=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fpagead%2Fhtml%2Fr20231102%2Fr20110914%2Fzrt_lookup.html%3Ffsb%3D1%23RS-1-%26adk%3D2569712851%26client%3Dca-pub-9005940812336387%26fa%3D1%26ifi%3D6%26uci%3Da!6%26btvi%3D3%26xpc%3DaBirqOwenr%26p%3Dhttps%253A%2F%2Fzobi.pw&ancestorOrigins=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Chttps%3A%2F%2Fzobi.pw&random=7918661743701&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.63.164 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.164.63.201.138.clients.your-server.de
Software: Apache /
Resource Hash: 3e7006477780af18d8367d87281981dcce655e16db16691e196c36a045bee555

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Connection: close
Content-Encoding: gzip
Content-Length: 2084
Content-Type: text/html; charset=utf-8
Date: Tue, 07 Nov 2023 04:52:58 GMT
Expires: Tue, 07 Nov 2023 04:52:58 +0100
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Pragma: no-cache
Server: Apache
Vary: Accept-Encoding

GET
H2 200 impression.php
t23.intelliad.de/ Frame 9CF6 43 B
555 B 44ms
15ms Image
image/gif 3.124.138.165
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://t23.intelliad.de/impression.php?cl=2353636373136323131303&cp=101&ag=248&bm=100&bmcl=5373735313236323131303&crid=101&timestamp=1699332778&co=
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231102/r20110914/zrt_lookup.html?fsb=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.124.138.165 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-124-138-165.eu-central-1.compute.amazonaws.com
Software: Apache /
Resource Hash: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 07 Nov 2023 04:52:58 GMT
server: Apache
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR LAW NID PSAo PSDo OUR STP OTC"
content-type: image/gif
cache-control: no-store, no-cache, max-age=0, must-revalidate
content-length: 43
expires: Sat, 26 Jul 1997 05:00:00 GMT

GET
H/1.1

200
OK

e99aace94e6e5873881d3400993e1e7e
pv.medialead.de/trck/eview/ Frame 9CF6
Redirect Chain

https://medialead.de/trck/eview/e99aace94e6e5873881d3400993e1e7e?subid=62868300009232104444550012501006&t=htlp&gdpr=1&consent=1&gdpr_consent=
https://pv.medialead.de/trck/eview/e99aace94e6e5873881d3400993e1e7e?subid=62868300009232104444550012501006&t=htlp&gdpr=1&consent=1&gdpr_consent=

43 B
666 B

90ms
72ms

Image
image/gif

145.239.193.130
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pv.medialead.de/trck/eview/e99aace94e6e5873881d3400993e1e7e?subid=62868300009232104444550012501006&t=htlp&gdpr=1&consent=1&gdpr_consent=

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231102/r20110914/zrt_lookup.html?fsb=1

Protocol

HTTP/1.1

Server

145.239.193.130 , France, ASN16276 (OVH, FR),

Reverse DNS

Software

nginx/1.17.5 /

Resource Hash

548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Tue, 07 Nov 2023 04:52:58 GMT
strict-transport-security: max-age=15768000
attribution-reporting-register-source: {"source_event_id":"17200521800104416","destination":"https://trck.easy-m.de","expiry":5184000,"filter_data":{}}
server: nginx/1.17.5
host: pv.medialead.de
x-iplb-request-id: 8AC72685:EC7C_91EFC182:01BB_6549C2AA_1CD3B73:1A429
x-iplb-instance: 40028
vary: Origin
content-type: image/gif
access-control-allow-origin: *
access-control-expose-headers: X-Request-ID
access-control-allow-credentials: true
keep-alive: timeout=20
content-length: 43
proxy-host: pv.medialead.de

Redirect headers

location: https://pv.medialead.de/trck/eview/e99aace94e6e5873881d3400993e1e7e?subid=62868300009232104444550012501006&t=htlp&gdpr=1&consent=1&gdpr_consent=
date: Tue, 07 Nov 2023 04:52:58 GMT
server: nginx
content-length: 154
content-type: text/html

GET
DATA 200
OK truncated
/ Frame 9CF6 210 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b6c6018b7794c3fcc22faf8ed1df785e498b9d1ac1689c9501aedec12da13341

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 Q12zgMmT.js Show response
tpc.googlesyndication.com/sodar/ Frame F3F7 41 KB
14 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Q12zgMmT.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-Bg_5gSfZ3A6JhZJddZchnP9qyRO_DSSaC717eT2HaJM3adthKymZdpuyGuL52LDIkL7Cnu3P6myrFaqWZ3VwN0GgjVY5jBbOIYhb4cE7_rDnXAQ_vjmgG8CiROomeenzVtPFlaOsGQVCV1eJCI-_ixSFXUZfkBxaIFMj26VHZLwETS4Y9zvHGNkdYSM9gQqq19lyH2bwT3DeEoak9SSGIBqM4yMw&cry=1&dbm_d=AKAmf-CYEDE0X3ltv3UXZFsHlLaK2ipAKpf_rzb0C0fOAII6uOcAPBFwR3FqbV7MG19Zw5WeYosUBtDKeX4DIAgDrJNCAHKw28VSnkq-_rWSZFW4dUVLq4aTiB1pXufhogJ844dksw8LF85pgoP9lR_vk-ypSgGpy3E5fet3lda3O7jN0-zsYWh9H4nmftDZ35befxwxp8EK-zXgdQPNe01AO3JldyNFK_xpuyIhIS34yMlQHn6rw97YfCouhB1Iafdhvst7XRos5jsFxhTofki_KhoA6icCY8jUQlYZZ01B26NEQIF5WmjramqY8wxQlesoqMHl440aixW81RErRcPiANCXBlW9o9kEa9e4ndNGUrrcFI1_ZNXnED8sQ8lksYkdmdoubGRVklq6yi9gi9GWNii44bILMaaD5bGINbw6Gnh2yf7vMq3Hq7j0xdCin-CiQQV9wKPiWmTVK8YIMrhzK4YqExzh8yL2usTh_BiEDzdA6tQ-TAeJbElXB46ILkLgl8P-VHxcN1jVq9Ku6AWPBs3jcbgeQIAopQjwndKD4P-RFMo4EhIkHrW1zfovxjbHn8q2yqUqVzy2K_rUT_oNhB3nLLyE3NtrSG6FoxU8DFCBOShdhiQJLlqPhBkFmqI2fQsnloGRRzO7nK-l-zrHh6FNSSHjAO3-TX1jDx9hv4pud1Wc_7X3RDWhAAw9GoDHJDHr4LYbhuKZRVyl6mUCH6Viq4rbw4jktgs3p5UwAzcntYX9-xKjcXy3Ls6a_OLe5Q-Zoafe5WB58NOB1S27PoJGjMrBurtNTThBUebWyAs25H6zrQcGzlfMxMpE3iEJBLImUpZM4hOfbae_nLs4Xv9OhIe_eiFA2UXo0QsiT4drbu-SMHnLy_sAJDg6xUcjkF_F7r1S5G-dxx1S-NNYDDIxo8hqCTTKZge_2AL5T4Kn-GQux3ntBu6Xt9vaiK1lx1gnFDeg_SObjZ73FqNMqw-CakzeZbHaG1cOhp_KYBpHpacFB2TlEwv4aN75reVBVgMoSF7AnhFiU0pq7-o0oGc72H9yfgG2VH9-VXqAX4RN7FSluUXvO9UFffv24D6BPwynBBC81B-DGGya6q8kQzEwWAnYVhkgegJK6FJC2IouC_Wd_MQIcNN-Dwv0OZEJb-anS_ukwg3ZIh4T5R5LaXZv4cGU_I6R174okr4JIr-cAMlwgIK-TZTOPkUoUUp90cpdcJCe_z-3pX5GAVTbmxFXQNu-mc4Yy81KsQIh0vPU2qkwg5_4m6p8fUTY7ijQ_6knjm0bjgj4vat3rqyX_XiChvW8phhqiC5MdNTWd4J2ADpvMzl1XtqOrvzl5Kh7dGADtz24n8Q4qwQc6ey7_CYqdCKJC_McYm_U0Tc3SSn1sZwEaq9BuSjHZ2a8gLDX28quj5VBo_1BP8s3ldBBIPo9fPCbSHlTiCxB9hgomtIguhId-_yjyinWNRwBNa0RNzTJKWvOogscGm_fzB8xmdu-fVMIXiuZcwe0LvjFjg2ftuU9ZbReZLzoARO8D8Fg_Wu-9z4ouQFkUGRFi0dfREEWNbBKuGx0jrzdWng-48k6PvMZhboBL5WrA-tmCNpXGhaGYRLZTui33f4HaToVVrT8KZEiAmkYhLU-x6tk1tYTQyhXL_Sd7qKx2IorQ0wsUW6DVMkxzpm7aEtrypWXYk0mnzTG56TSrAhU3rX_f5MmDkTBfAJKoklE5ib_wa1zpz0tD30U0jLwM6xF5_88GE0mOoBBLzstIiQZA010NWUUqNQBy_9InebNtl7IXLZEHeiEgmGT_jigSlVVJhYaCAse1q2YTixSe_tWutyBw-CMglN3i_t5Lk6PPcE_e_LgtHWl49HXgXLcL1B_evK4a-HONrbrb7Qa2v_Wb1ojZblcjc7l-Y_BhRvTeYwP5n6W87qopUFm8f46KJnSJm9sh8xmClmKAKXGrGYQ53977cZFT7mDB55g724boeYywtVW9PKLrb3LbIQ-MVRFS0XVkGB8ApcNmowPq54T637die00cw9CBbPU-GTR5-33jIFjwDEAe4rURvn5eQpMmvX4U95K0jkJX4u3_YGKbVBp3ZRKH0Z7zigR0QvFSZ0RQvEIv817CgjrgKETT8xBhtkvfOC1vL-Y0Ie5XS55iKI_19u5Y7Ph0sE43_5wd2Bb_bJfgW6kuIzJJAY8S3ITHw8p-21qGEKvFncHtjI3x4-qJtPWfgGe7aXcDQ11asbR6R6c-IlKYiFB_xTyg23Imbl3eQ2GLJbjdiXpMYny802L1o4n7BLM0oqsSNLJxPZbkGrBLuR7TBNLoQeWlkCZQiK3SE0AB9zlEZUB0ReU7LilqRxQO4_Qdv3oqjnR5_NSdON1wwpW2dHq_GCY-DhVy2BOdgOQhXeV96Rg1oPuoaRO2D4bjXrgnysF7kh0Lby1VnOILjJIRuRa3oMlj0BigchxeaswV9tUH0JYwN7Zoa56we0_h620pSzs_hU3woHYyPk6i3H8DefxpIPO5LpE5eR4InSHTysNWpkFr0EIrZZ5thE64j5kIrLjNbNMU_0YtxYhkR4Q1gQAKDeW51ltdKDkBpkAryAurouKxJHkTDDkM7pABy1hArv-8Myw90LRa8f7yXOdbSTDYwGe8RYygBS8StHfnc2jswSxb_gXk4Dcsc0bpNiyX9qohE7zmtTIx1kGvN3g6o29SvL0M26tbwUSkrNHYN3-X0O3tIwJrrghkozeKpjLlYWZPFVSqKURHrl4IjxQnYLQEMT7G1LTkqqayIBNFJlXDOwJREbCrd4JV-6LaOYC8G7BQlpnXawczwLEhtGIKZwxVLgyQM2dDn7j8fqZfbZUonhf4QVXXd4vhTEwsDe-jNJJRLy5LNNIQzK1tr9h3W8CQMgLREYae95fqyedhf7Q-s3hy52br0bAT3yCQfF6o6cWspPnJhboJqCwAK9501W13q5oBU_i8cZiB29IeatrYz-5Vy6hUAAiE5B3BXWUAYBLU7oHjP63ARGRObVWT1Fw_Z58RN9DoGelp4n_gWGULGusKyDjzy9SRm1FUJt05hWo-6nltIPi6kGK_VUaBHCAda8lbMUa0Mj9XMJ5JVP27ktHnWustUf_MFWaEDwLhVyNTBMn5ny6UftxEcBpZZSX4ajr2MiL5c0DkjS9Ke77F1yPo66eZaLRBmM5zEyQYetohRwggPxJGnOBHR1QTWzOr4H74fTSjSA8BLPERQUADJDIe-w_TlgRLqaOW2HmTtq1t9SopYH6Ya7sF9XOj_nntjrnmI4mCNJtaP3tYyxCb1LBHJu0e-UHejDG17H_c8W35eK4eJrMpRZiE3eTstnmqTPLP1kYEjGjEQoyPagKHBC0z3dxfCZLEcJccdlRaYQEheH8Igc4HqMD5PZT1nIU5OrCwZAzpfLtvLQhIWrrqRJIK-_DetpkI12cQxCjzcEMl2My4tZRexIj2Z7XUAK9eonPZAM8OyDmBgNp5VFydj4TCul1TJVWVs8iPAp2VwRbKq5X4deuLX3Sbc2n7ThbvcqUl8_D0G2veBn4EXfHGuu8TAjDtUgMjmFIIMEheRoykXGKF7j1Zl1PaMq7cU1eiDoWUunj1cDad5uaf9kPjZWkzlEbNcF80i471ESHYfBAO6Q7JcZ3HJY1ycQqN_9arH3hKa1Wk17Wm_1YlX2PhC0XM-jUCDpvsKfSrVgSORCNzlIBEjCpM4-TLTViedByQounVhrVqa7uxO5Xpqofv3jsqpppolt6nE4ctuTiNMnJqP2bMpkpuEiOEZbDsLwV9q7bwP73-98jZ3Fh3vr5otuP_WICgSh1N1SepPqKu2-O3EBSAS5ANUhmVozDMxx__qA3mi8xZBnx0SDG091DSESu0SUJy582OmMm4GT0rHcrG30A659ZRsn_5anPN1P9dP_ieO49wdnZC3HnZjjgzdlBYWw2TqAXxA6j5TfdyfFjAWvXafluLXiY_pGILQnH24OmUJ9d7LOWIHmPG8DGcluWONGz19t2vVffFSc--8WlFJCYAkDxmAYmzRW9xCbs&cid=CAQSOwDICaaNm4CGai6_7jYUihtXs9_ih-9B6n3UCT6q4vmKbie-15gP--64Frlh0mNrwXiBbdPHzhfUxjaAGAE&dv3_ver=m202309260101&rfl=https%3A%2F%2Fzobi.pw%2F&ds=l&xdt=1&iif=1&cor=9252786887650132000&adk=1761367587&idt=33&cac=0&dtd=12

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

435db380c9936c0970dcd3d9941eab6aec2fcf2a38c3e2b4e02d957e8e76bd1f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Mon, 06 Nov 2023 06:26:22 GMT
content-encoding: br
x-content-type-options: nosniff
age: 80796
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13937
x-xss-protection: 0
last-modified: Fri, 25 Aug 2023 23:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 05 Nov 2024 06:26:22 GMT

GET
H/1.1 200
OK g72h7lz2c4az Show response
hal9000.redintelligence.net/zone/ Frame F3F7 11 KB
4 KB 33ms
11ms Script
text/html 138.201.63.116
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal9000.redintelligence.net/zone/g72h7lz2c4az?subid=&gdpr=&gdpr_consent=&rnd=1699332777329396&extVar[]=DV360_SSP:1&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCwZOCqcJJZbSNFLDc_tMP75iXkAam5b2gaYWVnKfJD_AuEAEg-p-ufmCV4pCCoAfIAQmpAsxEo4wi_LE-qAMByAObBKoEhgJP0BxAQ8Elt9VVO-E_9-t5otcXGPza9d-CeC95ys-vllkdI5CXU847jDo5G396XinL5ucpdK9FMqbaszQew4snXwzBbTUOk1t4Eyg1lVRNdNBt_If5Tn9iq9PSHV1iEe61tNQArsS_wTzQke-kZaqAbyTZDUpv3lb-4haaUDrHgIUDMCY6xaB2NexR_pinl07CLJymjfzBTAN4fLGytFzwRgqu6XN6FPqKhnOakTfGZH3b7Du9SzWzXNPXubznnzRsMu8OVFz6kRyr4UqlpKOyWrBNmIeJMjS6Sq4XKSRUXm3lWscbIKAc-P7ZO68u9Kd4IWLrIAI8634Nj8BDAWpUKfdgySSbwATrj_yO9wPgBAOIBe-vlog-kAYBoAZNgAesrfWfA6gH2baxAqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBYIgOGAEBABGB8yAqoCOgKAQEi9_cE6gAoBmAsByAsBgAwBogwMKgoKCOS0sQLutbECqg0CREWwE4fvsRXQEwDYEwOIFAHYFAHQFQH4FgGAFwE%26ae%3D1%26num%3D1%26cid%3DCAQSOwDICaaNm4CGai6_7jYUihtXs9_ih-9B6n3UCT6q4vmKbie-15gP--64Frlh0mNrwXiBbdPHzhfUxjaAGAE%26sig%3DAOD64_0IVmPW0GOfnTKzxnwa3egJoBTupA%26client%3Dca-pub-9005940812336387%26dbm_c%3DAKAmf-Dfu_9S451pVqD-i_jZNeA3m8FrK6BL8yBtsca-ubMb91K9JNwPnJ5T4JIXpkzAOnUQmAHY93TGhOxiFWwJIKTZMOiJ0NSU6bMFlmvpCiyNqkDmwf63vIuN6EaRCCBqeT9cwBqFTe8IVMWfV5Gdjp3sxClqW2Ci_ApayS_H5LraxZXfUAQLRlDSzaLZQskGN5UL16qjz5lPes-dqCGapdUPSBDhqw%26cry%3D1%26dbm_d%3DAKAmf-CCyf7vkgbJUeP8oJWe0dQLcXSHAkrCkHXiDDqKCq2dgazp-YBCRJvauph5Q22WPF9zIBFa43TvcVwV3NPDk3TMWMZAV8Nwn_QNDfh0n_oZU8ujrO97XZtYonqqcmZgxu1S1nDsZx-QNKVYu3TaMT4USSoo0K1PL5f7qZ-aZUPtmi0hht3KKhfFNqQWQz9xRsr4zyGxB6q9XgUBoJpmrQAl4EiWZuQooe0cdBcJCWkY9-vNd-y_FQbxYBfFXJQ2gRWYFXAi9LuFwny-jrXoFr4gc2JbRvEBmvwPn8Ln_ZXZeUyjjHmjvjHeLa7wS3H490IVal1NBJPZNMXzjrsN3Jb0eetWmRC2UJ7qVChuHBer1A450LMj5CCrHR_N9Sa8NRlmjhmAWqTusUeP2mgeViVzsyVsBryF31EdARrgb6AXEbsz-nAqLfjbXVSz4fc-lYRl7SlYm4kP_DIY6f0BaJTowWnbsj3gS4Nba1KzGSaAPAO2zZyZSRkTjatWIop4UOnNzRxzRvJkXjmn6tCdjjQKYRwBGg%26adurl%3D
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9005940812336387&output=html&h=90&adk=3436455706&adf=1853938316&pi=t.aa~a.425326084~rp.1&w=1200&fwrn=4&fwrnh=100&lmt=1699244572&rafmt=1&to=qs&pwprc=8733112097&format=1200x90&url=https%3A%2F%2Fzobi.pw%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1699332777235&bpp=1&bdt=1278&idt=1&shv=r20231102&mjsv=m202311020101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D1420813f022afac5%3AT%3D1699332776%3ART%3D1699332776%3AS%3DALNI_MYSCxAC-onTTakmK6gLqxYWxD8nsw&gpic=UID%3D00000cb74907bc80%3AT%3D1699332776%3ART%3D1699332776%3AS%3DALNI_Mb00tq47dWSQdH0uUg5QeUo3eYbkw&prev_fmts=0x0%2C1200x280%2C1200x90&nras=3&correlator=478525774591&frm=20&pv=1&ga_vid=176559181.1699332776&ga_sid=1699332776&ga_hid=70829529&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=1721&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C31079296%2C31079402%2C44807047%2C44807454%2C44807464%2C31078301&oid=2&psts=AOrYGskejcUVOFrBvqPKf7nqU8J421tGcb5auGFrJHJiW-3KcUrSYE3R5L1XbsMcfUkx17K1ZcPe5MdHVNqrIx3a-fWLASyT&pvsid=3306344477282987&tmod=933844701&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=4&uci=a!4&btvi=2&fsb=1&xpc=vJC33qhC8p&p=https%3A//zobi.pw&dtd=9
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.63.116 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.116.63.201.138.clients.your-server.de
Software: Apache /
Resource Hash: 40987e19d8f3e2e152b1c326ff85117fd2040b90a797d618598b9a6bd82cd564

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

Date: Tue, 07 Nov 2023 04:52:58 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 4186
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8

GET
H3 200 css
fonts.googleapis.com/ Frame B05C 2 KB
434 B 18ms
17ms Stylesheet
text/css 2a00:1450:4001:828::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Titillium+Web:400,700

Requested by

Host: hal90006.redintelligence.net
URL: https://hal90006.redintelligence.net/request_content.php?s=62868300009232104444550012501006&a=6b823d86

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

bf5b911ce6645add415b3dbf40d50dc8cda426f38f5300525bf4793c4131b2c2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal90006.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Tue, 07 Nov 2023 04:52:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Tue, 07 Nov 2023 04:51:04 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Tue, 07 Nov 2023 04:52:58 GMT

GET
H/1.1 200
OK /
hal9000.redintelligence.net/scale/ Frame B05C 7 KB
7 KB 135ms
113ms Image
image/png 138.201.63.116
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://hal9000.redintelligence.net/scale/?nw=20&mode=bb&width=62&height=62&url=https://cdn.contentspread.net/24i/advertiser/71572/creativesup/iQ_Online-Deutschkurse_627x627px.jpg
Requested by: Host: hal90006.redintelligence.net
URL: https://hal90006.redintelligence.net/request_content.php?s=62868300009232104444550012501006&a=6b823d86
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.63.116 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.116.63.201.138.clients.your-server.de
Software: Apache /
Resource Hash: 3406487065a706dc2717d2eab5d5fb7a7230a664449a649dfe6375b3018bf575

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal90006.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

Date: Tue, 07 Nov 2023 04:52:58 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 7080
Vary: Accept-Encoding
Content-Type: image/png

GET
H/1.1 200
OK /
hal9000.redintelligence.net/scale/ Frame B05C 10 KB
10 KB 40ms
12ms Image
image/png 138.201.63.116
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://hal9000.redintelligence.net/scale/?nw=20&mode=bb&width=62&height=62&url=https://cdn.contentspread.net/24i/advertiser/6383/creativesup/produkte-kredite-privatkredit-mann-auf-pferd-teaser-logout-627x627.jpg
Requested by: Host: hal90006.redintelligence.net
URL: https://hal90006.redintelligence.net/request_content.php?s=62868300009232104444550012501006&a=6b823d86
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.63.116 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.116.63.201.138.clients.your-server.de
Software: Apache /
Resource Hash: bc9a55dee9d63794d1ed10f226353ff00b530fdfc65f7b014d64f9a8f0c29d12

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal90006.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

Date: Tue, 07 Nov 2023 04:52:58 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 9891
Vary: Accept-Encoding
Content-Type: image/png

GET
H/1.1 200
OK /
hal9000.redintelligence.net/scale/ Frame B05C 9 KB
9 KB 77ms
52ms Image
image/png 138.201.63.116
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://hal9000.redintelligence.net/scale/?nw=20&mode=bb&width=62&height=62&url=https://cdn.contentspread.net/24i/advertiser/50502/creativesup/Fyrst-627x627.jpg
Requested by: Host: hal90006.redintelligence.net
URL: https://hal90006.redintelligence.net/request_content.php?s=62868300009232104444550012501006&a=6b823d86
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.63.116 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.116.63.201.138.clients.your-server.de
Software: Apache /
Resource Hash: 46fa5de9b7c6a4ffb299cbb9de38a9e69acfb52a7041ad35da7fa6858a85878d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal90006.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

Date: Tue, 07 Nov 2023 04:52:58 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 8899
Vary: Accept-Encoding
Content-Type: image/png

GET
H3 200 Q12zgMmT.js Show response
tpc.googlesyndication.com/sodar/ Frame 5565 41 KB
14 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Q12zgMmT.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-Awnn3Ke5bQZi1E5SnS8qPFD0Bd0_8-Yov_WQxrnFRSwTnzTtgHw0SEeYRuGhJeaDJ3WkVMB9gc_7_hOCELKIZJ8C17jj-WIfYKOjOErmw7sL_LdBsNlWGSfWv1aXEm3CxQADZntX4uwCy4q0uHLEgNwP8GsSbYn7j-xzhqe03Pt4RVcrA&cry=1&dbm_d=AKAmf-CguPAyShn7_ohK9DwNGVfGNr1Y5Zd_ZTl-_4A1yC1S4vkL51iC40Zon3dac70yrOzZNdJhi-OR2TlmKfZZ1F_6qYMNcQlaZ2mRoeUeBxhXalpkxxMSXrBiXFvV3sFu-si802ULdcInAfL44N3oG21-0aNHJAXKWrSr4W_40jpdAOu6Pk7HFtjipXFQK9NVPSpRU-j6i-ARIlrpsa3IBkeLxd90cF3FY3-7ud_1ZPEJ6HIw6AeUnWL3WF7K8fgoecR9Ez4KnU8SaaDbdQqGSFKk6wXrjm_N859UNqGkJBv-FzgaNku1PRWLoi_gH6T3bAYJUnCl8yk0fTO-EloWZlm16l_gVjzB8vzhkPWS_H8iFW36p4IIFdT-SAxROz0PLYwHcuqctMqs9Ca9m9PQMFqUi_nTZwMacUTY4he9-g4L_rFg8TaOUaKQQ3dGNVquWJcRdDUdmbKm_2kQ2y8FiXbP3sjLmZ8YHJHtEftEZuJMI7lZx8KDCuOKZH4tVMAUyOThaBlWDmDWiAqYwqUbH1DhNVXvjIYL4eEimVJWfqw82RoLhAOYGEGiNyqDlh3uZ4SUjN-YsfCmFgRz8qo8uLT-6Gb5fHScAjDzWrNZNC1UgwZpX1kszaL554GgtN5FzLpZBCBSg8GxcOAZbOD_vAsr61qJY8akBEVZNagq639mt7eXLEJ9u1abid8Oj0yshWBN5iDaMX6v5lJfVu-DUuhLWnQEAH0pM4wWW3QMRXwAqb289QsEZjoTUdHg0hz69qo5spBjvWXFieg105IVP_ET1dLaTS1rYssf0VqSI5k2lFcpVDBlUNgtazFwzQwlyXEO7gLxjyDK4wy6tBcVMFpxDHpIdTe6CT33J5aARW7zgg7IaI_1MU1pkLnEwS0lMnvvR5N8qKZt_v6WgcCyk0zSOoNVfLcy-4V9qfdRRNKhRSTZnGCrkH8vhE4k6TjoXfwiuHw7DWYGkKjG_qMAoXIH-lQwXZuc6VVgc2UAOnoWp42EEYdi181ecRXpv2ATKx90Udr0mrGOzwyBZFwGWz2bKMd5C8p7nCpaC-zGM8ld6EDm019k7uoUaOu0Agukp2Yw5rV8e9DYrnNPsxdKe7w_wy7-Mu7n2ihWUcvolqQp67nDiohLqnzFrlM-v5BbM5lTr6Cc1rZ_CZ1Ya4kVpDQJXYSJYPJgmDY5T3De6ZyW37JUSsTyiqSUlbjGbnyExz6uh-nZGrzCJSoKTRovQlHpYAXYwW2I6XgTWPu6LXAAcEQqxbY1uHX4dxkDgrulWtmBWR-GIE7cwovZDzGWYnVh7832O5VSppv5wQRxlM4K4N0sE-bx8oVPCYgclJp6kfna3M13jQQi7f7RoouyfxtMJODkoXPwjwjXoB31APo1VDVIq2j1z5aXKvg1AfVxoWkNyGmuJhoAwPoeCIr3csb9pIym6GPUkTHWVHzEmprOZyzV5c1uievEVYV0FehK_7EeEz_pH2_CwMGT4VR9yMaqUM3PXUAH7FbnsTdDAjC7znWFJhvKm22LSPilb3bS9gAUYdDdMKhrQ72L1mL1mKGBzlFdLplwzMcV1T3zD7tKtKys7_rTdK0hAtmNOonHDw7W2EMV99l-iKPQa_z7eQoX2ffZY661aVuOZhXwel-amSueN2xJXcc4Rn3xvwHIbyq4FtKvUqNEdCToAnDchTgFf7tCufZaFCDkxdHve-gNRnFkDXXZ7tgpwlK_umsRUMccrkWtq6m-BUAjREp3rmoeNqp1MYsh8qIA2KNqSplw2UCiahWQ627jPwXgKOwwFLdamv-yhPASzwHgJgvHZ0ECqYR39-8W13xYg10tQxgQkBX_fHLUQ6QZ10xid1IqFOfYkbOxV0_BhjzjsSSw9iv3V9gnVLBxN-61IGiWSY-yXT02CRiqXRXasI-aK11wC85RpW6cv9tq0K-aGREPEoaWknmgw7ptSzr69UJAjtXYynyzpiBb4Fmr6nI8DkVNgyd7_9022srbGv_jKzAm0Zgp6HZk8kxQmoxGR-iov7c-hpQ-Z2sV4EQXA0YUNfkse1UUElSfKMpep2lqOpHhQbEYUm4PhajSXeOO3pJCxP6emSrjBWkBvWuQhQ-nnYOq-xFc1Xsa-I0d2keqGMBxzVerHBPuSOLsX2jvfGHg27SJoZYU3x_LGp4nwfpvKk6Z5uMuyU92mCKQWW-Hr3f0qV49aZo1lP8QPB2-9sdD6s1tk71XFeTurICZ45xRFs6F4yGvF1PITG6-gmiQ5rKhIFQNSgR9lz4hxMrvQ3brpDSSsQwyazjgiZ9iJt7Rek0NgD_kbhoEhFej4X6n7tFEMttj9bwAfEq85TwGl8n7gebyThPQa0v7idM29l1_s6Tf87T-25E7NOaal5ssQa_aHgeOtBYvYpsNmt94matAU2a0uBxuJhgqcj_urwiMvIZ0stXtbW2CWzcfLn1ceATAtNTzxROzykRnkhAdOCgOX5LXMBVoa9EnxIy1la-nzoneEjtkODf9LmTqktIpqsJSkwyhWhzuP1QC5RQapnm7kmkeYdu6R2Gx1mFh8EVQAyBFl0pNELFZObrOYl99B5gfN03OsVQLltVEDtMkz_DJOFGUH_ZSIDeAfUS8pJZnXN63vaa61Slrg8Hze6nznw8X6w3ruqMcOoaXpUrBH1oROA4IK4QAufg0q_ZfqSs9Y7g9ItuESL9xGvu_bkGeNOFUE6BNWk3cO5i2XK90GDPTUTGfcM6DaMV_agqxO4O4qe7ByzC6F7pvJLjehyb1uMnIeWYFcGJc1DmRmeyr99mFKCd-wXIAHXw_oO0kTchXHlkL4Dwp8ryLyR5b1-nUDMDHIlGqR-CNV6y9TAy4Z_8zLREZc1M70zZ1opCuaSxovvWLnjREaxw4DyfCVbylnfX78kQ_FGV6MSYg087NcxgPD-Ig-TFgI1k9CCWZfhZ_UxUMeoF_ebRh-PhHQk5IKlvDbejoLTeS4LlJZRqUusztAdcMWVkGwPbsu7G-WluvzJ7iqNmqYtvGgiFh3SDKG0KXyKl557QkXTC4XRIEVhaBgi7bGn-2Q6P-Rmy7nw9-IVOf3Ao4M04GEtaqp8fv7p-NnOqMGRodiBhDhUO7KuCBdxpeunlk8UBpgZ7l97Ze0LiuoVWTuH8p1MWF-3-Nd4mCc3aMIynkc33vVvuU8DSf7Ddih8exc5jZHacA0N-Ss208whK9MmQ6Two-EAaIy7ErSMV8ZjuWwwntKimuBfkNNwzddxBm_xAFxzhabOIXd7gtvdCwCO3wVGBPgJ7jH8mY_sNj9onvtxmOWH7j4DymrWZRJdwEyWgnh-FGFcbTDbxvaCt64ZwwLrZhnE_wFXL1W20KrpxWn7KUgqffgnT5x-fPzQx0JmNh-g1EzoV4p1kW-IGtkQZdGoZp_IJ5tCzaJN0WtzTpF3mI_bun1mXuwzRXskVnl3g6HCCP7_2vZsiMgZYWGMXgkiYViWcDz4DQTBw_c6UouI5scAoGiU9KWG82oGgncWk2flPzluQI0a_nxZWbOXSZnE05U_vblgDryzIYUMadYHpZzaGYt_07UGcCpM25_mA5BW2jSELKFu2apPxLtmV4eJnoRUxKZ1zQHH6gGHookhxL6iFVFKSuP2TCj-VD0EwSQ992NmzfSYr2JJQzFv9fjYnIt_96KZHEA_lPBFI0um6gquyWmY0scmBZMsq86TRvwJMrNtPtrXU8HcFmSlZ-XfXEE_ud_pNPpDGmZsRzA2htvLwK1umVQPz0zwkbrYKj8BPbzKevdA-JeI6kw3K_AND2btlFJ2ZW4kvat-l7s4GzlSxYUT3G9OV8GniLMUhyZKl7q9vz46H9KWQ8WLysaKc0idkNnZwL1muPsQKirxxE_LE9L1Xvc8Rks_XdBNQpUw7a7O04A_Tdpo-R2sU7Ws9PPyW3xdqkKSnpIu57WlI6oYCtCBP0UlgdPl5ZED3UcZLsSgpEpAu4-XuJWWgb&cid=CAQSOwDICaaN29k_fC-4XYgVUdGfAEkMdghUijSmxJp930XLMhN4jzzLCRPVn01urCJAQ5Xu9jklkj-cjne6GAE&dv3_ver=m202309260101&rfl=https%3A%2F%2Fzobi.pw%2F&ds=l&xdt=1&iif=1&cor=1529534089303955700&adk=497053795&idt=25&cac=0&dtd=3

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

435db380c9936c0970dcd3d9941eab6aec2fcf2a38c3e2b4e02d957e8e76bd1f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Mon, 06 Nov 2023 06:26:22 GMT
content-encoding: br
x-content-type-options: nosniff
age: 80796
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13937
x-xss-protection: 0
last-modified: Fri, 25 Aug 2023 23:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 05 Nov 2024 06:26:22 GMT

GET
H2 200 attribution_src_register;crd=cXVlcnlfZXZlbnRfaWQgewogIHRpbWVfdXNlYzogMTY5OTMzMjc3Nzk3MjcwNQogIHNlcnZlcl9pcDogMTI2MDY3MDM3CiAgcHJvY2Vzc19pZDogMjA4MTA1MjA0MQp9CmZsb29kbGlnaHRfY29uZmlnX2lkOiAxMTg2ODk0...
ad.doubleclick.net/ddm/activity/ Frame 5565 0
497 B 43ms
42ms Image
image/png 142.250.186.70
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ad.doubleclick.net/ddm/activity/attribution_src_register;crd=cXVlcnlfZXZlbnRfaWQgewogIHRpbWVfdXNlYzogMTY5OTMzMjc3Nzk3MjcwNQogIHNlcnZlcl9pcDogMTI2MDY3MDM3CiAgcHJvY2Vzc19pZDogMjA4MTA1MjA0MQp9CmZsb29kbGlnaHRfY29uZmlnX2lkOiAxMTg2ODk0MwphZHZlcnRpc2VyX2RvbWFpbjogImh0dHBzOi8vcmVkaW50ZWxsaWdlbmNlLm5ldCIKeGZhX2F0dHJpYnV0aW9uX2ludGVyYWN0aW9uX3R5cGU6IFZJRVcKaW1wcmVzc2lvbl9wcmlvcml0eTogMAppbXByZXNzaW9uX2V4cGlyeV9pbl9kYXlzOiAzMApldmVudF9pbXByZXNzaW9uX2lkOiAxMTcxNTE3NTU5MzIxMDA1NTAxNgpkZWJ1Z19rZXk6IDE2NTkzNTk2ODA4MDk2NjcwMTYwCmltcHJlc3Npb25fbWVhc3VyZW1lbnRfZGltZW5zaW9uc19kYXRhIHsKICBtZWFzdXJlbWVudF9kaW1lbnNpb246IElNUFJFU1NJT05fRElNRU5TSU9OX1BST0RVQ1RfVFlQRQogIG1lYXN1cmVtZW50X2RpbWVuc2lvbl92YWx1ZSB7CiAgICBpbnQ2NF92YWx1ZTogMgogIH0KfQppbXByZXNzaW9uX21lYXN1cmVtZW50X2RpbWVuc2lvbnNfZGF0YSB7CiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uOiBJTVBSRVNTSU9OX0RJTUVOU0lPTl9JTlRFUkFDVElPTl9UWVBFCiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uX3ZhbHVlIHsKICAgIGludDY0X3ZhbHVlOiAzCiAgfQp9CmltcHJlc3Npb25fbWVhc3VyZW1lbnRfZGltZW5zaW9uc19kYXRhIHsKICBtZWFzdXJlbWVudF9kaW1lbnNpb246IElNUFJFU1NJT05fRElNRU5TSU9OX0lOVEVSQUNUSU9OX0RBVEUKICBtZWFzdXJlbWVudF9kaW1lbnNpb25fdmFsdWUgewogICAgc3RyaW5nX3ZhbHVlOiAiMjAyMy0xMS0wNyIKICB9Cn0KaW1wcmVzc2lvbl9tZWFzdXJlbWVudF9kaW1lbnNpb25zX2RhdGEgewogIG1lYXN1cmVtZW50X2RpbWVuc2lvbjogSU1QUkVTU0lPTl9ESU1FTlNJT05fRkxPT0RMSUdIVF9DT05GSUdfSUQKICBtZWFzdXJlbWVudF9kaW1lbnNpb25fdmFsdWUgewogICAgaW50NjRfdmFsdWU6IDExODY4OTQzCiAgfQp9CmltcHJlc3Npb25fbWVhc3VyZW1lbnRfZGltZW5zaW9uc19kYXRhIHsKICBtZWFzdXJlbWVudF9kaW1lbnNpb246IElNUFJFU1NJT05fRElNRU5TSU9OX1BMQUNFTUVOVF9JRAogIG1lYXN1cmVtZW50X2RpbWVuc2lvbl92YWx1ZSB7CiAgICBpbnQ2NF92YWx1ZTogMzMyMTc0ODQwCiAgfQp9CmltcHJlc3Npb25fbWVhc3VyZW1lbnRfZGltZW5zaW9uc19kYXRhIHsKICBtZWFzdXJlbWVudF9kaW1lbnNpb246IElNUFJFU1NJT05fRElNRU5TSU9OX0RWM19BRFZFUlRJU0VSX0lECiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uX3ZhbHVlIHsKICAgIGludDY0X3ZhbHVlOiA4NzgyNDM2OTYKICB9Cn0KaW1wcmVzc2lvbl9tZWFzdXJlbWVudF9kaW1lbnNpb25zX2RhdGEgewogIG1lYXN1cmVtZW50X2RpbWVuc2lvbjogSU1QUkVTU0lPTl9ESU1FTlNJT05fRFYzX0xJTkVfSVRFTV9JRAogIG1lYXN1cmVtZW50X2RpbWVuc2lvbl92YWx1ZSB7CiAgICBpbnQ2NF92YWx1ZTogMTY2NjAxNDIwNjMKICB9Cn0KaW1wcmVzc2lvbl9tZWFzdXJlbWVudF9kaW1lbnNpb25zX2RhdGEgewogIG1lYXN1cmVtZW50X2RpbWVuc2lvbjogSU1QUkVTU0lPTl9ESU1FTlNJT05fRFYzX0NSRUFUSVZFX0lECiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uX3ZhbHVlIHsKICAgIGludDY0X3ZhbHVlOiA0MTYyMDg2MzgKICB9Cn0KYXJjaGV0eXBlX2lkOiAxCmFyY2hldHlwZV9pZDogMwphcmNoZXR5cGVfaWQ6IDQKYXJjaGV0eXBlX2lkOiA1CmFkdmVydGlzZXJfY29udmVyc2lvbl9kb21haW5zOiAiaHR0cHM6Ly9yZWRpbnRlbGxpZ2VuY2UubmV0IgphZHZlcnRpc2VyX2NvbnZlcnNpb25fZG9tYWluczogImh0dHBzOi8vYWQtc3J2Lm5ldCIKYWR2ZXJ0aXNlcl9jb252ZXJzaW9uX2RvbWFpbnM6ICJodHRwczovL2tsaWNrLXdlbHQuZGUiCmltcHJlc3Npb25fZXZlbnRfcmVwb3J0aW5nX3dpbmRvd19kYXlzOiA0CmJyb3dzZXJfYXR0cmlidXRpb25fYXBpX3JlcXVlc3RfcHJvY2Vzc2luZ19iaXRzOiA3MzgxOTc1MDQK

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.70 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f6.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 07 Nov 2023 04:52:58 GMT
x-content-type-options: nosniff
attribution-reporting-register-source: {"aggregation_keys":{"1":"0xe70d678d009e3e6a0000000000000000","3":"0xa7d03838d4250c580000000000000000","4":"0xb48d66e8b94b892b0000000000000000","5":"0x5a088752c15d61570000000000000000"},"debug_key":"16593596808096670160","debug_reporting":true,"destination":"https://redintelligence.net","event_report_window":"345600","expiry":"2592000","filter_data":{"14":[],"8":["11868943"]},"priority":"0","source_event_id":"11715175593210055016"}
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type: image/png
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK g72h7lz2c4az Show response
hal9000.redintelligence.net/zone/ Frame 5565 11 KB
4 KB 29ms
13ms Script
text/html 138.201.63.116
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal9000.redintelligence.net/zone/g72h7lz2c4az?subid=&gdpr=&gdpr_consent=&rnd=1699332777327071&extVar[]=DV360_SSP:1&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DChbmNqcJJZZ_7E5OW_tMPs7m5yA2m5b2gaYWVnKfJD_AuEAEg-p-ufmCV4pCCoAfIAQmpAsxEo4wi_LE-qAMByAObBKoEjAJP0NdFId15YPji-q0ljKb1zP32lXpvFBaSdyPcTiYs5EQ0RM_1Pa1gW9vDFB0B0XgZPXNFyAQ3VsmMKC3p7DWclV2H80Z29_wft9y3UBo9mxyeKt9QPVsF2UFsKSGzl71Pqlb51BXIcjd9BWEbsItnqhmR4598uLYvllXyh6YzzSFf0ffw_142ee0wpxGURqRumqf6PBlJThEQUbjMxU2IWoVxeYy_vgf6qYHUtYcKDh-V9RXiQEPVvzGQ3TXcfxM4Xtlw2W8JP66_K9UJgI7xtY_pw4kJmKs8vTPXIpA1Qg5XCYR3ZN7B0PBWrt6fXbors2x8ON_upZb4Iz71F2tNHvxdVJBPmOXQOqQjwATrj_yO9wPgBAOIBe-vlog-kAYBoAZNgAesrfWfA6gH2baxAqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBYIgOGAEBABGB8yAqoCOgKAQEi9_cE6gAoBmAsByAsBgAwBqg0CREWwE4fvsRXQEwDYEwOIFAHYFAHQFQH4FgGAFwE%26num%3D1%26cid%3DCAQSOwDICaaN29k_fC-4XYgVUdGfAEkMdghUijSmxJp930XLMhN4jzzLCRPVn01urCJAQ5Xu9jklkj-cjne6GAE%26sig%3DAOD64_0mF0KfYRauN1nxZQqVoJocL-KUXQ%26client%3Dca-pub-9005940812336387%26dbm_c%3DAKAmf-Cmq2bN4igH_tMttGK9RwEz9__tncT1wlLRzIkFu1C86PeEJjqC0-CXkdNw-ekFk6FAjYBo6ZXL5Ta-dtEtu3xkGE0ZID-mU2tZklgk-g5tq38Ul2V-BmBAi7TExHdOqCWxECWr4EQDBl3sNw11BBKqmiggwF9tUbgBTz9WnCnjmZ3HOLg%26cry%3D1%26dbm_d%3DAKAmf-D_0zbY1sg1B9PJIGbLjeGKW16umNgThcIv8gljM31CMHuQ2TvEwAgBI9wIkyI0J2UC7vh2SqpqLk-f_dVtaWKLszApLo_aq8Pv9mA-KCvsZnkmbzIv2384c7hRuS7Wq-YxCabpFwGmU71rpRmFPZf2Gf7q3VDHLVZ7V0cUsaPe3WIUCXuz7Rl5u_SDaKfQV35CkyC1IbzrxUwuMKiuO19wtzACabPc8jeTkV2anFpFf379fvt8GniO1W9qKZJ0APhI-OfitiehKWZKHnxgAJSAL4s7HbyhoJlrSGkrPDYxfx55WbHJbMB_-rtuRwX3aGqzlcZ6ckJXPy6OSAi7sMfjx-PmRgadYt0Y1y4LK_ojeY5ZWIe__pBQk7sOv-4YbpiEBSK9obaYPihlt5tAqRPxo0_bh4kNmDOMnKCLSRdfZou8zbaWVI8ltvwXVj51fwvGcmwS1umhe_QNazcFY39uMO6c1Zrmbrg-uJTpEoVaSGWMTB4%26adurl%3D
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9005940812336387&output=html&h=90&adk=3276878225&adf=3959326066&pi=t.aa~a.1462100283~rp.4&w=1200&fwrn=4&fwrnh=100&lmt=1699244572&rafmt=1&to=qs&pwprc=8733112097&format=1200x90&url=https%3A%2F%2Fzobi.pw%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1699332777235&bpp=1&bdt=1278&idt=-M&shv=r20231102&mjsv=m202311020101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D1420813f022afac5%3AT%3D1699332776%3ART%3D1699332776%3AS%3DALNI_MYSCxAC-onTTakmK6gLqxYWxD8nsw&gpic=UID%3D00000cb74907bc80%3AT%3D1699332776%3ART%3D1699332776%3AS%3DALNI_Mb00tq47dWSQdH0uUg5QeUo3eYbkw&prev_fmts=0x0%2C1200x280&nras=2&correlator=478525774591&frm=20&pv=1&ga_vid=176559181.1699332776&ga_sid=1699332776&ga_hid=70829529&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=1605&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C31079296%2C31079402%2C44807047%2C44807454%2C44807464%2C31078301&oid=2&psts=AOrYGskejcUVOFrBvqPKf7nqU8J421tGcb5auGFrJHJiW-3KcUrSYE3R5L1XbsMcfUkx17K1ZcPe5MdHVNqrIx3a-fWLASyT&pvsid=3306344477282987&tmod=933844701&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=3&uci=a!3&btvi=1&fsb=1&xpc=EEHRQVsWBU&p=https%3A//zobi.pw&dtd=6
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.63.116 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.116.63.201.138.clients.your-server.de
Software: Apache /
Resource Hash: 27dbdef3a4c368b67740973e49ab5d9f19896d01ad0af8386085f90a0c83c4b5

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

Date: Tue, 07 Nov 2023 04:52:58 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 4104
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8

GET
H3 200 62bHydCX.html Show response
tpc.googlesyndication.com/sodar/ Frame 3C5C 38 KB
13 KB 7ms
6ms Document
text/html 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/62bHydCX.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Q12zgMmT.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

eb66c7c9d097d5ba414230f422484c17fa6f37157d30e1ded2cc5f65a9667987

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 80796
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: br
content-length: 13045
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Mon, 06 Nov 2023 06:26:22 GMT
expires: Tue, 05 Nov 2024 06:26:22 GMT
last-modified: Fri, 25 Aug 2023 23:48:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 62bHydCX.html Show response
tpc.googlesyndication.com/sodar/ Frame D1EA 38 KB
13 KB 9ms
8ms Document
text/html 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/62bHydCX.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Q12zgMmT.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

eb66c7c9d097d5ba414230f422484c17fa6f37157d30e1ded2cc5f65a9667987

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 80796
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: br
content-length: 13045
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Mon, 06 Nov 2023 06:26:22 GMT
expires: Tue, 05 Nov 2024 06:26:22 GMT
last-modified: Fri, 25 Aug 2023 23:48:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H/1.1 200
OK viewability Show response
hal90006.redintelligence.net/ Frame B05C 0
150 B 34ms
12ms Script
text/html 138.201.63.164
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal90006.redintelligence.net/viewability?s=62868300009232104444550012501006&a=da8e10d0&vb=m
Requested by: Host: hal90006.redintelligence.net
URL: https://hal90006.redintelligence.net/request_content.php?s=62868300009232104444550012501006&a=6b823d86
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.63.164 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.164.63.201.138.clients.your-server.de
Software: Apache /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal90006.redintelligence.net/request_content.php?s=62868300009232104444550012501006&a=6b823d86
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

Date: Tue, 07 Nov 2023 04:52:58 GMT
Server: Apache
Connection: close
Content-Length: 0
Content-Type: text/html; charset=UTF-8

GET
H3 200 4WwaGfWzeDAeGvs0ZrtmWMJUG7fu6zGPBJzQt4duOkA.js Show response
pagead2.googlesyndication.com/bg/ Frame 3C5C 38 KB
15 KB 8ms
6ms Script
text/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/4WwaGfWzeDAeGvs0ZrtmWMJUG7fu6zGPBJzQt4duOkA.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/62bHydCX.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e16c1a19f5b378301e1afb3466bb6658c2541bb7eeeb318f049cd0b7876e3a40

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Mon, 06 Nov 2023 20:13:02 GMT
content-encoding: br
x-content-type-options: nosniff
age: 31196
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15096
x-xss-protection: 0
last-modified: Tue, 31 Oct 2023 13:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 05 Nov 2024 20:13:02 GMT

GET
H/1.1 200
OK request.php Show response
hal900021.redintelligence.net/ Frame F3F7 3 KB
2 KB 132ms
88ms Script
application/x-javascript 144.76.238.55
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal900021.redintelligence.net/request.php?zone=g72h7lz2c4az&nw=20&renderingType=javascript&namespace=80cd45f53f&subid=&uid=05f1700db13a2b77&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=728x90&scrollPos=0x0&extData[]=&extVar[]=DV360_SSP%3A1&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCwZOCqcJJZbSNFLDc_tMP75iXkAam5b2gaYWVnKfJD_AuEAEg-p-ufmCV4pCCoAfIAQmpAsxEo4wi_LE-qAMByAObBKoEhgJP0BxAQ8Elt9VVO-E_9-t5otcXGPza9d-CeC95ys-vllkdI5CXU847jDo5G396XinL5ucpdK9FMqbaszQew4snXwzBbTUOk1t4Eyg1lVRNdNBt_If5Tn9iq9PSHV1iEe61tNQArsS_wTzQke-kZaqAbyTZDUpv3lb-4haaUDrHgIUDMCY6xaB2NexR_pinl07CLJymjfzBTAN4fLGytFzwRgqu6XN6FPqKhnOakTfGZH3b7Du9SzWzXNPXubznnzRsMu8OVFz6kRyr4UqlpKOyWrBNmIeJMjS6Sq4XKSRUXm3lWscbIKAc-P7ZO68u9Kd4IWLrIAI8634Nj8BDAWpUKfdgySSbwATrj_yO9wPgBAOIBe-vlog-kAYBoAZNgAesrfWfA6gH2baxAqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBYIgOGAEBABGB8yAqoCOgKAQEi9_cE6gAoBmAsByAsBgAwBogwMKgoKCOS0sQLutbECqg0CREWwE4fvsRXQEwDYEwOIFAHYFAHQFQH4FgGAFwE%26ae%3D1%26num%3D1%26cid%3DCAQSOwDICaaNm4CGai6_7jYUihtXs9_ih-9B6n3UCT6q4vmKbie-15gP--64Frlh0mNrwXiBbdPHzhfUxjaAGAE%26sig%3DAOD64_0IVmPW0GOfnTKzxnwa3egJoBTupA%26client%3Dca-pub-9005940812336387%26dbm_c%3DAKAmf-Dfu_9S451pVqD-i_jZNeA3m8FrK6BL8yBtsca-ubMb91K9JNwPnJ5T4JIXpkzAOnUQmAHY93TGhOxiFWwJIKTZMOiJ0NSU6bMFlmvpCiyNqkDmwf63vIuN6EaRCCBqeT9cwBqFTe8IVMWfV5Gdjp3sxClqW2Ci_ApayS_H5LraxZXfUAQLRlDSzaLZQskGN5UL16qjz5lPes-dqCGapdUPSBDhqw%26cry%3D1%26dbm_d%3DAKAmf-CCyf7vkgbJUeP8oJWe0dQLcXSHAkrCkHXiDDqKCq2dgazp-YBCRJvauph5Q22WPF9zIBFa43TvcVwV3NPDk3TMWMZAV8Nwn_QNDfh0n_oZU8ujrO97XZtYonqqcmZgxu1S1nDsZx-QNKVYu3TaMT4USSoo0K1PL5f7qZ-aZUPtmi0hht3KKhfFNqQWQz9xRsr4zyGxB6q9XgUBoJpmrQAl4EiWZuQooe0cdBcJCWkY9-vNd-y_FQbxYBfFXJQ2gRWYFXAi9LuFwny-jrXoFr4gc2JbRvEBmvwPn8Ln_ZXZeUyjjHmjvjHeLa7wS3H490IVal1NBJPZNMXzjrsN3Jb0eetWmRC2UJ7qVChuHBer1A450LMj5CCrHR_N9Sa8NRlmjhmAWqTusUeP2mgeViVzsyVsBryF31EdARrgb6AXEbsz-nAqLfjbXVSz4fc-lYRl7SlYm4kP_DIY6f0BaJTowWnbsj3gS4Nba1KzGSaAPAO2zZyZSRkTjatWIop4UOnNzRxzRvJkXjmn6tCdjjQKYRwBGg%26adurl%3D&documentReferer=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fpagead%2Fads%3Fclient%3Dca-pub-9005940812336387%26output%3Dhtml%26h%3D90%26adk%3D3436455706%26adf%3D1853938316%26pi%3Dt.aa~a.425326084~rp.1%26w%3D1200%26fwrn%3D4%26fwrnh%3D100%26lmt%3D1699244572%26rafmt%3D1%26to%3Dqs%26pwprc%3D8733112097%26format%3D1200x90%26url%3Dhttps%253A%252F%252Fzobi.pw%252F%26fwr%3D0%26pra%3D3%26rpe%3D1%26resp_fmts%3D3%26wgl%3D1%26fa%3D40%26uach%3DWyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.%26dt%3D1699332777235%26bpp%3D1%26bdt%3D1278%26idt%3D1%26shv%3Dr20231102%26mjsv%3Dm202311020101%26ptt%3D9%26saldr%3Daa%26abxe%3D1%26cookie%3DID%253D1420813f022afac5%253AT%253D1699332776%253ART%253D1699332776%253AS%253DALNI_MYSCxAC-onTTakmK6gLqxYWxD8nsw%26gpic%3DUID%253D00000cb74907bc80%253AT%253D1699332776%253ART%253D1699332776%253AS%253DALNI_Mb00tq47dWSQdH0uUg5QeUo3eYbkw%26prev_fmts%3D0x0%252C1200x280%252C1200x90%26nras%3D3%26correlator%3D478525774591%26frm%3D20%26pv%3D1%26ga_vid%3D176559181.1699332776%26ga_sid%3D1699332776%26ga_hid%3D70829529%26ga_fc%3D1%26u_tz%3D60%26u_his%3D2%26u_h%3D1200%26u_w%3D1600%26u_ah%3D1200%26u_aw%3D1600%26u_cd%3D24%26u_sd%3D1%26dmc%3D8%26adx%3D200%26ady%3D1721%26biw%3D1600%26bih%3D1200%26scr_x%3D0%26scr_y%3D0%26eid%3D44759876%252C44759927%252C31079296%252C31079402%252C44807047%252C44807454%252C44807464%252C31078301%26oid%3D2%26psts%3DAOrYGskejcUVOFrBvqPKf7nqU8J421tGcb5auGFrJHJiW-3KcUrSYE3R5L1XbsMcfUkx17K1ZcPe5MdHVNqrIx3a-fWLASyT%26pvsid%3D3306344477282987%26tmod%3D933844701%26uas%3D0%26nvt%3D1%26fc%3D1920%26brdim%3D0%252C0%252C0%252C0%252C1600%252C0%252C1600%252C1200%252C1600%252C1200%26vis%3D1%26rsz%3D%257C%257Cs%257C%26abl%3DNS%26fu%3D128%26bc%3D31%26psd%3DW251bGwsbnVsbCxudWxsLDNd%26ifi%3D4%26uci%3Da!4%26btvi%3D2%26fsb%3D1%26xpc%3DvJC33qhC8p%26p%3Dhttps%253A%2F%2Fzobi.pw%26dtd%3D9&ancestorOrigins=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Chttps%3A%2F%2Fzobi.pw&random=2616463067172&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0
Requested by: Host: hal9000.redintelligence.net
URL: https://hal9000.redintelligence.net/zone/g72h7lz2c4az?subid=&gdpr=&gdpr_consent=&rnd=1699332777329396&extVar[]=DV360_SSP:1&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCwZOCqcJJZbSNFLDc_tMP75iXkAam5b2gaYWVnKfJD_AuEAEg-p-ufmCV4pCCoAfIAQmpAsxEo4wi_LE-qAMByAObBKoEhgJP0BxAQ8Elt9VVO-E_9-t5otcXGPza9d-CeC95ys-vllkdI5CXU847jDo5G396XinL5ucpdK9FMqbaszQew4snXwzBbTUOk1t4Eyg1lVRNdNBt_If5Tn9iq9PSHV1iEe61tNQArsS_wTzQke-kZaqAbyTZDUpv3lb-4haaUDrHgIUDMCY6xaB2NexR_pinl07CLJymjfzBTAN4fLGytFzwRgqu6XN6FPqKhnOakTfGZH3b7Du9SzWzXNPXubznnzRsMu8OVFz6kRyr4UqlpKOyWrBNmIeJMjS6Sq4XKSRUXm3lWscbIKAc-P7ZO68u9Kd4IWLrIAI8634Nj8BDAWpUKfdgySSbwATrj_yO9wPgBAOIBe-vlog-kAYBoAZNgAesrfWfA6gH2baxAqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBYIgOGAEBABGB8yAqoCOgKAQEi9_cE6gAoBmAsByAsBgAwBogwMKgoKCOS0sQLutbECqg0CREWwE4fvsRXQEwDYEwOIFAHYFAHQFQH4FgGAFwE%26ae%3D1%26num%3D1%26cid%3DCAQSOwDICaaNm4CGai6_7jYUihtXs9_ih-9B6n3UCT6q4vmKbie-15gP--64Frlh0mNrwXiBbdPHzhfUxjaAGAE%26sig%3DAOD64_0IVmPW0GOfnTKzxnwa3egJoBTupA%26client%3Dca-pub-9005940812336387%26dbm_c%3DAKAmf-Dfu_9S451pVqD-i_jZNeA3m8FrK6BL8yBtsca-ubMb91K9JNwPnJ5T4JIXpkzAOnUQmAHY93TGhOxiFWwJIKTZMOiJ0NSU6bMFlmvpCiyNqkDmwf63vIuN6EaRCCBqeT9cwBqFTe8IVMWfV5Gdjp3sxClqW2Ci_ApayS_H5LraxZXfUAQLRlDSzaLZQskGN5UL16qjz5lPes-dqCGapdUPSBDhqw%26cry%3D1%26dbm_d%3DAKAmf-CCyf7vkgbJUeP8oJWe0dQLcXSHAkrCkHXiDDqKCq2dgazp-YBCRJvauph5Q22WPF9zIBFa43TvcVwV3NPDk3TMWMZAV8Nwn_QNDfh0n_oZU8ujrO97XZtYonqqcmZgxu1S1nDsZx-QNKVYu3TaMT4USSoo0K1PL5f7qZ-aZUPtmi0hht3KKhfFNqQWQz9xRsr4zyGxB6q9XgUBoJpmrQAl4EiWZuQooe0cdBcJCWkY9-vNd-y_FQbxYBfFXJQ2gRWYFXAi9LuFwny-jrXoFr4gc2JbRvEBmvwPn8Ln_ZXZeUyjjHmjvjHeLa7wS3H490IVal1NBJPZNMXzjrsN3Jb0eetWmRC2UJ7qVChuHBer1A450LMj5CCrHR_N9Sa8NRlmjhmAWqTusUeP2mgeViVzsyVsBryF31EdARrgb6AXEbsz-nAqLfjbXVSz4fc-lYRl7SlYm4kP_DIY6f0BaJTowWnbsj3gS4Nba1KzGSaAPAO2zZyZSRkTjatWIop4UOnNzRxzRvJkXjmn6tCdjjQKYRwBGg%26adurl%3D
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 144.76.238.55 Nuremberg, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.55.238.76.144.clients.your-server.de
Software: Apache /
Resource Hash: c19b239dbd76e6baff2a23159223209040dc39989de867dc4b95dc7968da49ad

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 07 Nov 2023 04:52:58 GMT
Content-Encoding: gzip
Server: Apache
Vary: Accept-Encoding
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: application/x-javascript; charset=utf-8
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
X-NEORY-SubId: 65431600010064204444550012501021
Connection: close
Content-Length: 1075
Expires: Tue, 07 Nov 2023 04:52:58 +0100

GET
H3 200 4WwaGfWzeDAeGvs0ZrtmWMJUG7fu6zGPBJzQt4duOkA.js Show response
pagead2.googlesyndication.com/bg/ Frame D1EA 38 KB
15 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/4WwaGfWzeDAeGvs0ZrtmWMJUG7fu6zGPBJzQt4duOkA.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/62bHydCX.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e16c1a19f5b378301e1afb3466bb6658c2541bb7eeeb318f049cd0b7876e3a40

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Mon, 06 Nov 2023 20:13:02 GMT
content-encoding: br
x-content-type-options: nosniff
age: 31196
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15096
x-xss-protection: 0
last-modified: Tue, 31 Oct 2023 13:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 05 Nov 2024 20:13:02 GMT

GET
H/1.1 200
OK request.php Show response
hal900016.redintelligence.net/ Frame 5565 3 KB
2 KB 121ms
86ms Script
application/x-javascript 138.201.220.30
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal900016.redintelligence.net/request.php?zone=g72h7lz2c4az&nw=20&renderingType=javascript&namespace=04f0559ac9&subid=&uid=51512fc7d24e2ca2&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=728x90&scrollPos=0x0&extData[]=&extVar[]=DV360_SSP%3A1&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DChbmNqcJJZZ_7E5OW_tMPs7m5yA2m5b2gaYWVnKfJD_AuEAEg-p-ufmCV4pCCoAfIAQmpAsxEo4wi_LE-qAMByAObBKoEjAJP0NdFId15YPji-q0ljKb1zP32lXpvFBaSdyPcTiYs5EQ0RM_1Pa1gW9vDFB0B0XgZPXNFyAQ3VsmMKC3p7DWclV2H80Z29_wft9y3UBo9mxyeKt9QPVsF2UFsKSGzl71Pqlb51BXIcjd9BWEbsItnqhmR4598uLYvllXyh6YzzSFf0ffw_142ee0wpxGURqRumqf6PBlJThEQUbjMxU2IWoVxeYy_vgf6qYHUtYcKDh-V9RXiQEPVvzGQ3TXcfxM4Xtlw2W8JP66_K9UJgI7xtY_pw4kJmKs8vTPXIpA1Qg5XCYR3ZN7B0PBWrt6fXbors2x8ON_upZb4Iz71F2tNHvxdVJBPmOXQOqQjwATrj_yO9wPgBAOIBe-vlog-kAYBoAZNgAesrfWfA6gH2baxAqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBYIgOGAEBABGB8yAqoCOgKAQEi9_cE6gAoBmAsByAsBgAwBqg0CREWwE4fvsRXQEwDYEwOIFAHYFAHQFQH4FgGAFwE%26num%3D1%26cid%3DCAQSOwDICaaN29k_fC-4XYgVUdGfAEkMdghUijSmxJp930XLMhN4jzzLCRPVn01urCJAQ5Xu9jklkj-cjne6GAE%26sig%3DAOD64_0mF0KfYRauN1nxZQqVoJocL-KUXQ%26client%3Dca-pub-9005940812336387%26dbm_c%3DAKAmf-Cmq2bN4igH_tMttGK9RwEz9__tncT1wlLRzIkFu1C86PeEJjqC0-CXkdNw-ekFk6FAjYBo6ZXL5Ta-dtEtu3xkGE0ZID-mU2tZklgk-g5tq38Ul2V-BmBAi7TExHdOqCWxECWr4EQDBl3sNw11BBKqmiggwF9tUbgBTz9WnCnjmZ3HOLg%26cry%3D1%26dbm_d%3DAKAmf-D_0zbY1sg1B9PJIGbLjeGKW16umNgThcIv8gljM31CMHuQ2TvEwAgBI9wIkyI0J2UC7vh2SqpqLk-f_dVtaWKLszApLo_aq8Pv9mA-KCvsZnkmbzIv2384c7hRuS7Wq-YxCabpFwGmU71rpRmFPZf2Gf7q3VDHLVZ7V0cUsaPe3WIUCXuz7Rl5u_SDaKfQV35CkyC1IbzrxUwuMKiuO19wtzACabPc8jeTkV2anFpFf379fvt8GniO1W9qKZJ0APhI-OfitiehKWZKHnxgAJSAL4s7HbyhoJlrSGkrPDYxfx55WbHJbMB_-rtuRwX3aGqzlcZ6ckJXPy6OSAi7sMfjx-PmRgadYt0Y1y4LK_ojeY5ZWIe__pBQk7sOv-4YbpiEBSK9obaYPihlt5tAqRPxo0_bh4kNmDOMnKCLSRdfZou8zbaWVI8ltvwXVj51fwvGcmwS1umhe_QNazcFY39uMO6c1Zrmbrg-uJTpEoVaSGWMTB4%26adurl%3D&documentReferer=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fpagead%2Fads%3Fclient%3Dca-pub-9005940812336387%26output%3Dhtml%26h%3D90%26adk%3D3276878225%26adf%3D3959326066%26pi%3Dt.aa~a.1462100283~rp.4%26w%3D1200%26fwrn%3D4%26fwrnh%3D100%26lmt%3D1699244572%26rafmt%3D1%26to%3Dqs%26pwprc%3D8733112097%26format%3D1200x90%26url%3Dhttps%253A%252F%252Fzobi.pw%252F%26fwr%3D0%26pra%3D3%26rpe%3D1%26resp_fmts%3D3%26wgl%3D1%26fa%3D40%26uach%3DWyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.%26dt%3D1699332777235%26bpp%3D1%26bdt%3D1278%26idt%3D-M%26shv%3Dr20231102%26mjsv%3Dm202311020101%26ptt%3D9%26saldr%3Daa%26abxe%3D1%26cookie%3DID%253D1420813f022afac5%253AT%253D1699332776%253ART%253D1699332776%253AS%253DALNI_MYSCxAC-onTTakmK6gLqxYWxD8nsw%26gpic%3DUID%253D00000cb74907bc80%253AT%253D1699332776%253ART%253D1699332776%253AS%253DALNI_Mb00tq47dWSQdH0uUg5QeUo3eYbkw%26prev_fmts%3D0x0%252C1200x280%26nras%3D2%26correlator%3D478525774591%26frm%3D20%26pv%3D1%26ga_vid%3D176559181.1699332776%26ga_sid%3D1699332776%26ga_hid%3D70829529%26ga_fc%3D1%26u_tz%3D60%26u_his%3D2%26u_h%3D1200%26u_w%3D1600%26u_ah%3D1200%26u_aw%3D1600%26u_cd%3D24%26u_sd%3D1%26dmc%3D8%26adx%3D200%26ady%3D1605%26biw%3D1600%26bih%3D1200%26scr_x%3D0%26scr_y%3D0%26eid%3D44759876%252C44759927%252C31079296%252C31079402%252C44807047%252C44807454%252C44807464%252C31078301%26oid%3D2%26psts%3DAOrYGskejcUVOFrBvqPKf7nqU8J421tGcb5auGFrJHJiW-3KcUrSYE3R5L1XbsMcfUkx17K1ZcPe5MdHVNqrIx3a-fWLASyT%26pvsid%3D3306344477282987%26tmod%3D933844701%26uas%3D0%26nvt%3D1%26fc%3D1920%26brdim%3D0%252C0%252C0%252C0%252C1600%252C0%252C1600%252C1200%252C1600%252C1200%26vis%3D1%26rsz%3D%257C%257Cs%257C%26abl%3DNS%26fu%3D128%26bc%3D31%26psd%3DW251bGwsbnVsbCxudWxsLDNd%26ifi%3D3%26uci%3Da!3%26btvi%3D1%26fsb%3D1%26xpc%3DEEHRQVsWBU%26p%3Dhttps%253A%2F%2Fzobi.pw%26dtd%3D6&ancestorOrigins=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Chttps%3A%2F%2Fzobi.pw&random=4315774314116&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0
Requested by: Host: hal9000.redintelligence.net
URL: https://hal9000.redintelligence.net/zone/g72h7lz2c4az?subid=&gdpr=&gdpr_consent=&rnd=1699332777327071&extVar[]=DV360_SSP:1&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DChbmNqcJJZZ_7E5OW_tMPs7m5yA2m5b2gaYWVnKfJD_AuEAEg-p-ufmCV4pCCoAfIAQmpAsxEo4wi_LE-qAMByAObBKoEjAJP0NdFId15YPji-q0ljKb1zP32lXpvFBaSdyPcTiYs5EQ0RM_1Pa1gW9vDFB0B0XgZPXNFyAQ3VsmMKC3p7DWclV2H80Z29_wft9y3UBo9mxyeKt9QPVsF2UFsKSGzl71Pqlb51BXIcjd9BWEbsItnqhmR4598uLYvllXyh6YzzSFf0ffw_142ee0wpxGURqRumqf6PBlJThEQUbjMxU2IWoVxeYy_vgf6qYHUtYcKDh-V9RXiQEPVvzGQ3TXcfxM4Xtlw2W8JP66_K9UJgI7xtY_pw4kJmKs8vTPXIpA1Qg5XCYR3ZN7B0PBWrt6fXbors2x8ON_upZb4Iz71F2tNHvxdVJBPmOXQOqQjwATrj_yO9wPgBAOIBe-vlog-kAYBoAZNgAesrfWfA6gH2baxAqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBYIgOGAEBABGB8yAqoCOgKAQEi9_cE6gAoBmAsByAsBgAwBqg0CREWwE4fvsRXQEwDYEwOIFAHYFAHQFQH4FgGAFwE%26num%3D1%26cid%3DCAQSOwDICaaN29k_fC-4XYgVUdGfAEkMdghUijSmxJp930XLMhN4jzzLCRPVn01urCJAQ5Xu9jklkj-cjne6GAE%26sig%3DAOD64_0mF0KfYRauN1nxZQqVoJocL-KUXQ%26client%3Dca-pub-9005940812336387%26dbm_c%3DAKAmf-Cmq2bN4igH_tMttGK9RwEz9__tncT1wlLRzIkFu1C86PeEJjqC0-CXkdNw-ekFk6FAjYBo6ZXL5Ta-dtEtu3xkGE0ZID-mU2tZklgk-g5tq38Ul2V-BmBAi7TExHdOqCWxECWr4EQDBl3sNw11BBKqmiggwF9tUbgBTz9WnCnjmZ3HOLg%26cry%3D1%26dbm_d%3DAKAmf-D_0zbY1sg1B9PJIGbLjeGKW16umNgThcIv8gljM31CMHuQ2TvEwAgBI9wIkyI0J2UC7vh2SqpqLk-f_dVtaWKLszApLo_aq8Pv9mA-KCvsZnkmbzIv2384c7hRuS7Wq-YxCabpFwGmU71rpRmFPZf2Gf7q3VDHLVZ7V0cUsaPe3WIUCXuz7Rl5u_SDaKfQV35CkyC1IbzrxUwuMKiuO19wtzACabPc8jeTkV2anFpFf379fvt8GniO1W9qKZJ0APhI-OfitiehKWZKHnxgAJSAL4s7HbyhoJlrSGkrPDYxfx55WbHJbMB_-rtuRwX3aGqzlcZ6ckJXPy6OSAi7sMfjx-PmRgadYt0Y1y4LK_ojeY5ZWIe__pBQk7sOv-4YbpiEBSK9obaYPihlt5tAqRPxo0_bh4kNmDOMnKCLSRdfZou8zbaWVI8ltvwXVj51fwvGcmwS1umhe_QNazcFY39uMO6c1Zrmbrg-uJTpEoVaSGWMTB4%26adurl%3D
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.220.30 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.30.220.201.138.clients.your-server.de
Software: Apache /
Resource Hash: 484aa176883f72d1439f56b0b1ad097410945695697c6ced715aa7812ed86f19

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 07 Nov 2023 04:52:58 GMT
Content-Encoding: gzip
Server: Apache
Vary: Accept-Encoding
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: application/x-javascript; charset=utf-8
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
X-NEORY-SubId: 88756100008870204444550012501016
Connection: close
Content-Length: 1075
Expires: Tue, 07 Nov 2023 04:52:58 +0100

GET
H2 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame B9C7 42 B
174 B 47ms
46ms Fetch
image/gif 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjstkNg9zvin36hS3l1k7HS49O01ZPRenT06-SZShT__zkoBZGx8ZxDI-X1xMoHwvF8RltO27StAZXxx61eDAlgQYBmserunsp4CYKabmOHuzwKfQe1Hoz7sOYr5-ANusOsoKV7RFR-W1eZ1D&sai=AMfl-YQc11WsT9aHt9uRKcHAABYauWVWulu4muZWSEehuQRp1cue6uCekRJR-h26M-SSWZ7eV7PKdEdRNFQ-w23Y6GlyEw-wxGY75sP7PRnQURhsWwX3gMo0enj3hhz3MNmeoJ0t9VId56rRJ0D3Cmvd&sig=Cg0ArKJSzGC7MCdJBjzpEAE&cid=CAQSTgDICaaN8NeK0RMg5dqFIukYYVwi145LgTPoCR92jFFftKoOQJnhnlH44XtfgGo_OeEpHzrQD1PqofAbH5kllug8hr8Ts9mxEqGeifamZhgB&id=lidar2&mcvt=1021&p=0,0,280,1200&mtos=1021,1021,1021,1021,1021&tos=1021,0,0,0,0&v=20231106&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=22&adk=3016986170&rs=2&la=1&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0%3D&vs=4&r=v&rst=1699332776303&rpt=974&met=mue&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 07 Nov 2023 04:52:58 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 / Show response
adv.office-partner.de/ Frame 5880 930 B
923 B 42ms
6ms Document
text/html 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to

Full URL: https://adv.office-partner.de/?utm_source=webgains&utm_campaign=webgains
Requested by: Host: hal900021.redintelligence.net
URL: https://hal900021.redintelligence.net/request.php?zone=g72h7lz2c4az&nw=20&renderingType=javascript&namespace=80cd45f53f&subid=&uid=05f1700db13a2b77&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=728x90&scrollPos=0x0&extData[]=&extVar[]=DV360_SSP%3A1&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCwZOCqcJJZbSNFLDc_tMP75iXkAam5b2gaYWVnKfJD_AuEAEg-p-ufmCV4pCCoAfIAQmpAsxEo4wi_LE-qAMByAObBKoEhgJP0BxAQ8Elt9VVO-E_9-t5otcXGPza9d-CeC95ys-vllkdI5CXU847jDo5G396XinL5ucpdK9FMqbaszQew4snXwzBbTUOk1t4Eyg1lVRNdNBt_If5Tn9iq9PSHV1iEe61tNQArsS_wTzQke-kZaqAbyTZDUpv3lb-4haaUDrHgIUDMCY6xaB2NexR_pinl07CLJymjfzBTAN4fLGytFzwRgqu6XN6FPqKhnOakTfGZH3b7Du9SzWzXNPXubznnzRsMu8OVFz6kRyr4UqlpKOyWrBNmIeJMjS6Sq4XKSRUXm3lWscbIKAc-P7ZO68u9Kd4IWLrIAI8634Nj8BDAWpUKfdgySSbwATrj_yO9wPgBAOIBe-vlog-kAYBoAZNgAesrfWfA6gH2baxAqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBYIgOGAEBABGB8yAqoCOgKAQEi9_cE6gAoBmAsByAsBgAwBogwMKgoKCOS0sQLutbECqg0CREWwE4fvsRXQEwDYEwOIFAHYFAHQFQH4FgGAFwE%26ae%3D1%26num%3D1%26cid%3DCAQSOwDICaaNm4CGai6_7jYUihtXs9_ih-9B6n3UCT6q4vmKbie-15gP--64Frlh0mNrwXiBbdPHzhfUxjaAGAE%26sig%3DAOD64_0IVmPW0GOfnTKzxnwa3egJoBTupA%26client%3Dca-pub-9005940812336387%26dbm_c%3DAKAmf-Dfu_9S451pVqD-i_jZNeA3m8FrK6BL8yBtsca-ubMb91K9JNwPnJ5T4JIXpkzAOnUQmAHY93TGhOxiFWwJIKTZMOiJ0NSU6bMFlmvpCiyNqkDmwf63vIuN6EaRCCBqeT9cwBqFTe8IVMWfV5Gdjp3sxClqW2Ci_ApayS_H5LraxZXfUAQLRlDSzaLZQskGN5UL16qjz5lPes-dqCGapdUPSBDhqw%26cry%3D1%26dbm_d%3DAKAmf-CCyf7vkgbJUeP8oJWe0dQLcXSHAkrCkHXiDDqKCq2dgazp-YBCRJvauph5Q22WPF9zIBFa43TvcVwV3NPDk3TMWMZAV8Nwn_QNDfh0n_oZU8ujrO97XZtYonqqcmZgxu1S1nDsZx-QNKVYu3TaMT4USSoo0K1PL5f7qZ-aZUPtmi0hht3KKhfFNqQWQz9xRsr4zyGxB6q9XgUBoJpmrQAl4EiWZuQooe0cdBcJCWkY9-vNd-y_FQbxYBfFXJQ2gRWYFXAi9LuFwny-jrXoFr4gc2JbRvEBmvwPn8Ln_ZXZeUyjjHmjvjHeLa7wS3H490IVal1NBJPZNMXzjrsN3Jb0eetWmRC2UJ7qVChuHBer1A450LMj5CCrHR_N9Sa8NRlmjhmAWqTusUeP2mgeViVzsyVsBryF31EdARrgb6AXEbsz-nAqLfjbXVSz4fc-lYRl7SlYm4kP_DIY6f0BaJTowWnbsj3gS4Nba1KzGSaAPAO2zZyZSRkTjatWIop4UOnNzRxzRvJkXjmn6tCdjjQKYRwBGg%26adurl%3D&documentReferer=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fpagead%2Fads%3Fclient%3Dca-pub-9005940812336387%26output%3Dhtml%26h%3D90%26adk%3D3436455706%26adf%3D1853938316%26pi%3Dt.aa~a.425326084~rp.1%26w%3D1200%26fwrn%3D4%26fwrnh%3D100%26lmt%3D1699244572%26rafmt%3D1%26to%3Dqs%26pwprc%3D8733112097%26format%3D1200x90%26url%3Dhttps%253A%252F%252Fzobi.pw%252F%26fwr%3D0%26pra%3D3%26rpe%3D1%26resp_fmts%3D3%26wgl%3D1%26fa%3D40%26uach%3DWyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.%26dt%3D1699332777235%26bpp%3D1%26bdt%3D1278%26idt%3D1%26shv%3Dr20231102%26mjsv%3Dm202311020101%26ptt%3D9%26saldr%3Daa%26abxe%3D1%26cookie%3DID%253D1420813f022afac5%253AT%253D1699332776%253ART%253D1699332776%253AS%253DALNI_MYSCxAC-onTTakmK6gLqxYWxD8nsw%26gpic%3DUID%253D00000cb74907bc80%253AT%253D1699332776%253ART%253D1699332776%253AS%253DALNI_Mb00tq47dWSQdH0uUg5QeUo3eYbkw%26prev_fmts%3D0x0%252C1200x280%252C1200x90%26nras%3D3%26correlator%3D478525774591%26frm%3D20%26pv%3D1%26ga_vid%3D176559181.1699332776%26ga_sid%3D1699332776%26ga_hid%3D70829529%26ga_fc%3D1%26u_tz%3D60%26u_his%3D2%26u_h%3D1200%26u_w%3D1600%26u_ah%3D1200%26u_aw%3D1600%26u_cd%3D24%26u_sd%3D1%26dmc%3D8%26adx%3D200%26ady%3D1721%26biw%3D1600%26bih%3D1200%26scr_x%3D0%26scr_y%3D0%26eid%3D44759876%252C44759927%252C31079296%252C31079402%252C44807047%252C44807454%252C44807464%252C31078301%26oid%3D2%26psts%3DAOrYGskejcUVOFrBvqPKf7nqU8J421tGcb5auGFrJHJiW-3KcUrSYE3R5L1XbsMcfUkx17K1ZcPe5MdHVNqrIx3a-fWLASyT%26pvsid%3D3306344477282987%26tmod%3D933844701%26uas%3D0%26nvt%3D1%26fc%3D1920%26brdim%3D0%252C0%252C0%252C0%252C1600%252C0%252C1600%252C1200%252C1600%252C1200%26vis%3D1%26rsz%3D%257C%257Cs%257C%26abl%3DNS%26fu%3D128%26bc%3D31%26psd%3DW251bGwsbnVsbCxudWxsLDNd%26ifi%3D4%26uci%3Da!4%26btvi%3D2%26fsb%3D1%26xpc%3DvJC33qhC8p%26p%3Dhttps%253A%2F%2Fzobi.pw%26dtd%3D9&ancestorOrigins=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Chttps%3A%2F%2Fzobi.pw&random=2616463067172&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),
Reverse DNS
Software: keycdn /
Resource Hash: 384179ee8fb1fd393558e28ea811532ea776e8cd69f9e94f379ddefb78948bd7

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
cache-control: max-age=604800
content-encoding: gzip
content-length: 552
content-type: text/html
date: Tue, 07 Nov 2023 04:52:58 GMT
etag: "3a2-5c1ab16b3be00-gzip"
expires: Tue, 14 Nov 2023 04:52:58 GMT
last-modified: Thu, 06 May 2021 15:37:28 GMT
link: <https://adv-srv.office-partner.de/?utm_source=webgains&utm_campaign=webgains>; rel="canonical"
server: keycdn
vary: Accept-Encoding
x-accel-version: 0.01
x-cache: HIT
x-edge-location: defr

GET
H2

200

htlp Show response
futalis.de/ Frame 9432
Redirect Chain

https://cdn.retailads.net/tb.php?t=150337V2172132532M&subid=65431600010064204444550012501021&ra_cnt_active=1&ra_cnt=1
https://futalis.de/htlp?utm_medium=affiliate&utm_source=retailads&utm_campaign=150337&ra_id=3277294883

350 B
400 B

56ms
17ms

Document
text/html

49.12.22.42
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://futalis.de/htlp?utm_medium=affiliate&utm_source=retailads&utm_campaign=150337&ra_id=3277294883
Requested by: Host: hal900021.redintelligence.net
URL: https://hal900021.redintelligence.net/request.php?zone=g72h7lz2c4az&nw=20&renderingType=javascript&namespace=80cd45f53f&subid=&uid=05f1700db13a2b77&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=728x90&scrollPos=0x0&extData[]=&extVar[]=DV360_SSP%3A1&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCwZOCqcJJZbSNFLDc_tMP75iXkAam5b2gaYWVnKfJD_AuEAEg-p-ufmCV4pCCoAfIAQmpAsxEo4wi_LE-qAMByAObBKoEhgJP0BxAQ8Elt9VVO-E_9-t5otcXGPza9d-CeC95ys-vllkdI5CXU847jDo5G396XinL5ucpdK9FMqbaszQew4snXwzBbTUOk1t4Eyg1lVRNdNBt_If5Tn9iq9PSHV1iEe61tNQArsS_wTzQke-kZaqAbyTZDUpv3lb-4haaUDrHgIUDMCY6xaB2NexR_pinl07CLJymjfzBTAN4fLGytFzwRgqu6XN6FPqKhnOakTfGZH3b7Du9SzWzXNPXubznnzRsMu8OVFz6kRyr4UqlpKOyWrBNmIeJMjS6Sq4XKSRUXm3lWscbIKAc-P7ZO68u9Kd4IWLrIAI8634Nj8BDAWpUKfdgySSbwATrj_yO9wPgBAOIBe-vlog-kAYBoAZNgAesrfWfA6gH2baxAqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBYIgOGAEBABGB8yAqoCOgKAQEi9_cE6gAoBmAsByAsBgAwBogwMKgoKCOS0sQLutbECqg0CREWwE4fvsRXQEwDYEwOIFAHYFAHQFQH4FgGAFwE%26ae%3D1%26num%3D1%26cid%3DCAQSOwDICaaNm4CGai6_7jYUihtXs9_ih-9B6n3UCT6q4vmKbie-15gP--64Frlh0mNrwXiBbdPHzhfUxjaAGAE%26sig%3DAOD64_0IVmPW0GOfnTKzxnwa3egJoBTupA%26client%3Dca-pub-9005940812336387%26dbm_c%3DAKAmf-Dfu_9S451pVqD-i_jZNeA3m8FrK6BL8yBtsca-ubMb91K9JNwPnJ5T4JIXpkzAOnUQmAHY93TGhOxiFWwJIKTZMOiJ0NSU6bMFlmvpCiyNqkDmwf63vIuN6EaRCCBqeT9cwBqFTe8IVMWfV5Gdjp3sxClqW2Ci_ApayS_H5LraxZXfUAQLRlDSzaLZQskGN5UL16qjz5lPes-dqCGapdUPSBDhqw%26cry%3D1%26dbm_d%3DAKAmf-CCyf7vkgbJUeP8oJWe0dQLcXSHAkrCkHXiDDqKCq2dgazp-YBCRJvauph5Q22WPF9zIBFa43TvcVwV3NPDk3TMWMZAV8Nwn_QNDfh0n_oZU8ujrO97XZtYonqqcmZgxu1S1nDsZx-QNKVYu3TaMT4USSoo0K1PL5f7qZ-aZUPtmi0hht3KKhfFNqQWQz9xRsr4zyGxB6q9XgUBoJpmrQAl4EiWZuQooe0cdBcJCWkY9-vNd-y_FQbxYBfFXJQ2gRWYFXAi9LuFwny-jrXoFr4gc2JbRvEBmvwPn8Ln_ZXZeUyjjHmjvjHeLa7wS3H490IVal1NBJPZNMXzjrsN3Jb0eetWmRC2UJ7qVChuHBer1A450LMj5CCrHR_N9Sa8NRlmjhmAWqTusUeP2mgeViVzsyVsBryF31EdARrgb6AXEbsz-nAqLfjbXVSz4fc-lYRl7SlYm4kP_DIY6f0BaJTowWnbsj3gS4Nba1KzGSaAPAO2zZyZSRkTjatWIop4UOnNzRxzRvJkXjmn6tCdjjQKYRwBGg%26adurl%3D&documentReferer=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fpagead%2Fads%3Fclient%3Dca-pub-9005940812336387%26output%3Dhtml%26h%3D90%26adk%3D3436455706%26adf%3D1853938316%26pi%3Dt.aa~a.425326084~rp.1%26w%3D1200%26fwrn%3D4%26fwrnh%3D100%26lmt%3D1699244572%26rafmt%3D1%26to%3Dqs%26pwprc%3D8733112097%26format%3D1200x90%26url%3Dhttps%253A%252F%252Fzobi.pw%252F%26fwr%3D0%26pra%3D3%26rpe%3D1%26resp_fmts%3D3%26wgl%3D1%26fa%3D40%26uach%3DWyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.%26dt%3D1699332777235%26bpp%3D1%26bdt%3D1278%26idt%3D1%26shv%3Dr20231102%26mjsv%3Dm202311020101%26ptt%3D9%26saldr%3Daa%26abxe%3D1%26cookie%3DID%253D1420813f022afac5%253AT%253D1699332776%253ART%253D1699332776%253AS%253DALNI_MYSCxAC-onTTakmK6gLqxYWxD8nsw%26gpic%3DUID%253D00000cb74907bc80%253AT%253D1699332776%253ART%253D1699332776%253AS%253DALNI_Mb00tq47dWSQdH0uUg5QeUo3eYbkw%26prev_fmts%3D0x0%252C1200x280%252C1200x90%26nras%3D3%26correlator%3D478525774591%26frm%3D20%26pv%3D1%26ga_vid%3D176559181.1699332776%26ga_sid%3D1699332776%26ga_hid%3D70829529%26ga_fc%3D1%26u_tz%3D60%26u_his%3D2%26u_h%3D1200%26u_w%3D1600%26u_ah%3D1200%26u_aw%3D1600%26u_cd%3D24%26u_sd%3D1%26dmc%3D8%26adx%3D200%26ady%3D1721%26biw%3D1600%26bih%3D1200%26scr_x%3D0%26scr_y%3D0%26eid%3D44759876%252C44759927%252C31079296%252C31079402%252C44807047%252C44807454%252C44807464%252C31078301%26oid%3D2%26psts%3DAOrYGskejcUVOFrBvqPKf7nqU8J421tGcb5auGFrJHJiW-3KcUrSYE3R5L1XbsMcfUkx17K1ZcPe5MdHVNqrIx3a-fWLASyT%26pvsid%3D3306344477282987%26tmod%3D933844701%26uas%3D0%26nvt%3D1%26fc%3D1920%26brdim%3D0%252C0%252C0%252C0%252C1600%252C0%252C1600%252C1200%252C1600%252C1200%26vis%3D1%26rsz%3D%257C%257Cs%257C%26abl%3DNS%26fu%3D128%26bc%3D31%26psd%3DW251bGwsbnVsbCxudWxsLDNd%26ifi%3D4%26uci%3Da!4%26btvi%3D2%26fsb%3D1%26xpc%3DvJC33qhC8p%26p%3Dhttps%253A%2F%2Fzobi.pw%26dtd%3D9&ancestorOrigins=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Chttps%3A%2F%2Fzobi.pw&random=2616463067172&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 49.12.22.42 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: lb-3.futalis.de
Software: /
Resource Hash: 582e283baa4cce4006055beb2eb8fe257c1ec5ef573a40f173b880636089e8cd

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

content-length: 350
content-type: text/html; charset=utf-8

Redirect headers

content-length: 0
content-type: text/html; charset=utf-8
date: Tue, 07 Nov 2023 04:52:58 GMT
location: https://futalis.de/htlp?utm_medium=affiliate&utm_source=retailads&utm_campaign=150337&ra_id=3277294883
p3p: policyref="https://www.retailads.net/w3c/p3p.xml",CP="NOI CUR OUR STP"
server: Apache
xphp81: true

GET
H2 200 link.html Show response
track.webgains.com/ Frame F3F7 2 KB
2 KB 127ms
67ms Script
text/html 18.169.160.74
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://track.webgains.com/link.html?wglinkid=2513135&wgcampaignid=99582&js=1&viewref=65431600010064204444550012501021&nw=1
Requested by: Host: zobi.pw
URL: https://zobi.pw/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.169.160.74 London, United Kingdom, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-169-160-74.eu-west-2.compute.amazonaws.com
Software: nginx / PHP/7.4.26
Resource Hash: 11be88cd01155bf4f02732db8a67cddd70f5dce55347db34752ffecc7e16c2a9

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Tue, 07 Nov 2023 04:52:58 GMT
last-modified: Tue, 07 Nov 2023 04:52:58 GMT
server: nginx
x-powered-by: PHP/7.4.26
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=60
access-control-allow-headers: Authorization
expires: Tue, 07 Nov 2023 04:53:58 GMT

GET
H/1.1 200
OK request_content.php Show response
hal900021.redintelligence.net/ Frame 6C06 7 KB
2 KB 33ms
12ms Document
text/html 144.76.238.55
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal900021.redintelligence.net/request_content.php?s=65431600010064204444550012501021&a=465930d8
Requested by: Host: hal900021.redintelligence.net
URL: https://hal900021.redintelligence.net/request.php?zone=g72h7lz2c4az&nw=20&renderingType=javascript&namespace=80cd45f53f&subid=&uid=05f1700db13a2b77&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=728x90&scrollPos=0x0&extData[]=&extVar[]=DV360_SSP%3A1&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCwZOCqcJJZbSNFLDc_tMP75iXkAam5b2gaYWVnKfJD_AuEAEg-p-ufmCV4pCCoAfIAQmpAsxEo4wi_LE-qAMByAObBKoEhgJP0BxAQ8Elt9VVO-E_9-t5otcXGPza9d-CeC95ys-vllkdI5CXU847jDo5G396XinL5ucpdK9FMqbaszQew4snXwzBbTUOk1t4Eyg1lVRNdNBt_If5Tn9iq9PSHV1iEe61tNQArsS_wTzQke-kZaqAbyTZDUpv3lb-4haaUDrHgIUDMCY6xaB2NexR_pinl07CLJymjfzBTAN4fLGytFzwRgqu6XN6FPqKhnOakTfGZH3b7Du9SzWzXNPXubznnzRsMu8OVFz6kRyr4UqlpKOyWrBNmIeJMjS6Sq4XKSRUXm3lWscbIKAc-P7ZO68u9Kd4IWLrIAI8634Nj8BDAWpUKfdgySSbwATrj_yO9wPgBAOIBe-vlog-kAYBoAZNgAesrfWfA6gH2baxAqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBYIgOGAEBABGB8yAqoCOgKAQEi9_cE6gAoBmAsByAsBgAwBogwMKgoKCOS0sQLutbECqg0CREWwE4fvsRXQEwDYEwOIFAHYFAHQFQH4FgGAFwE%26ae%3D1%26num%3D1%26cid%3DCAQSOwDICaaNm4CGai6_7jYUihtXs9_ih-9B6n3UCT6q4vmKbie-15gP--64Frlh0mNrwXiBbdPHzhfUxjaAGAE%26sig%3DAOD64_0IVmPW0GOfnTKzxnwa3egJoBTupA%26client%3Dca-pub-9005940812336387%26dbm_c%3DAKAmf-Dfu_9S451pVqD-i_jZNeA3m8FrK6BL8yBtsca-ubMb91K9JNwPnJ5T4JIXpkzAOnUQmAHY93TGhOxiFWwJIKTZMOiJ0NSU6bMFlmvpCiyNqkDmwf63vIuN6EaRCCBqeT9cwBqFTe8IVMWfV5Gdjp3sxClqW2Ci_ApayS_H5LraxZXfUAQLRlDSzaLZQskGN5UL16qjz5lPes-dqCGapdUPSBDhqw%26cry%3D1%26dbm_d%3DAKAmf-CCyf7vkgbJUeP8oJWe0dQLcXSHAkrCkHXiDDqKCq2dgazp-YBCRJvauph5Q22WPF9zIBFa43TvcVwV3NPDk3TMWMZAV8Nwn_QNDfh0n_oZU8ujrO97XZtYonqqcmZgxu1S1nDsZx-QNKVYu3TaMT4USSoo0K1PL5f7qZ-aZUPtmi0hht3KKhfFNqQWQz9xRsr4zyGxB6q9XgUBoJpmrQAl4EiWZuQooe0cdBcJCWkY9-vNd-y_FQbxYBfFXJQ2gRWYFXAi9LuFwny-jrXoFr4gc2JbRvEBmvwPn8Ln_ZXZeUyjjHmjvjHeLa7wS3H490IVal1NBJPZNMXzjrsN3Jb0eetWmRC2UJ7qVChuHBer1A450LMj5CCrHR_N9Sa8NRlmjhmAWqTusUeP2mgeViVzsyVsBryF31EdARrgb6AXEbsz-nAqLfjbXVSz4fc-lYRl7SlYm4kP_DIY6f0BaJTowWnbsj3gS4Nba1KzGSaAPAO2zZyZSRkTjatWIop4UOnNzRxzRvJkXjmn6tCdjjQKYRwBGg%26adurl%3D&documentReferer=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fpagead%2Fads%3Fclient%3Dca-pub-9005940812336387%26output%3Dhtml%26h%3D90%26adk%3D3436455706%26adf%3D1853938316%26pi%3Dt.aa~a.425326084~rp.1%26w%3D1200%26fwrn%3D4%26fwrnh%3D100%26lmt%3D1699244572%26rafmt%3D1%26to%3Dqs%26pwprc%3D8733112097%26format%3D1200x90%26url%3Dhttps%253A%252F%252Fzobi.pw%252F%26fwr%3D0%26pra%3D3%26rpe%3D1%26resp_fmts%3D3%26wgl%3D1%26fa%3D40%26uach%3DWyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.%26dt%3D1699332777235%26bpp%3D1%26bdt%3D1278%26idt%3D1%26shv%3Dr20231102%26mjsv%3Dm202311020101%26ptt%3D9%26saldr%3Daa%26abxe%3D1%26cookie%3DID%253D1420813f022afac5%253AT%253D1699332776%253ART%253D1699332776%253AS%253DALNI_MYSCxAC-onTTakmK6gLqxYWxD8nsw%26gpic%3DUID%253D00000cb74907bc80%253AT%253D1699332776%253ART%253D1699332776%253AS%253DALNI_Mb00tq47dWSQdH0uUg5QeUo3eYbkw%26prev_fmts%3D0x0%252C1200x280%252C1200x90%26nras%3D3%26correlator%3D478525774591%26frm%3D20%26pv%3D1%26ga_vid%3D176559181.1699332776%26ga_sid%3D1699332776%26ga_hid%3D70829529%26ga_fc%3D1%26u_tz%3D60%26u_his%3D2%26u_h%3D1200%26u_w%3D1600%26u_ah%3D1200%26u_aw%3D1600%26u_cd%3D24%26u_sd%3D1%26dmc%3D8%26adx%3D200%26ady%3D1721%26biw%3D1600%26bih%3D1200%26scr_x%3D0%26scr_y%3D0%26eid%3D44759876%252C44759927%252C31079296%252C31079402%252C44807047%252C44807454%252C44807464%252C31078301%26oid%3D2%26psts%3DAOrYGskejcUVOFrBvqPKf7nqU8J421tGcb5auGFrJHJiW-3KcUrSYE3R5L1XbsMcfUkx17K1ZcPe5MdHVNqrIx3a-fWLASyT%26pvsid%3D3306344477282987%26tmod%3D933844701%26uas%3D0%26nvt%3D1%26fc%3D1920%26brdim%3D0%252C0%252C0%252C0%252C1600%252C0%252C1600%252C1200%252C1600%252C1200%26vis%3D1%26rsz%3D%257C%257Cs%257C%26abl%3DNS%26fu%3D128%26bc%3D31%26psd%3DW251bGwsbnVsbCxudWxsLDNd%26ifi%3D4%26uci%3Da!4%26btvi%3D2%26fsb%3D1%26xpc%3DvJC33qhC8p%26p%3Dhttps%253A%2F%2Fzobi.pw%26dtd%3D9&ancestorOrigins=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Chttps%3A%2F%2Fzobi.pw&random=2616463067172&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 144.76.238.55 Nuremberg, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.55.238.76.144.clients.your-server.de
Software: Apache /
Resource Hash: 9fc1098a50e252dcf79c47a17a314ab2eb52c9b979d07afd8872f90ab2658fb9

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Connection: close
Content-Encoding: gzip
Content-Length: 2036
Content-Type: text/html; charset=utf-8
Date: Tue, 07 Nov 2023 04:52:58 GMT
Expires: Tue, 07 Nov 2023 04:52:58 +0100
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Pragma: no-cache
Server: Apache
Vary: Accept-Encoding

GET
H/1.1 200
OK cshow.php
www.awin1.com/ Frame F3F7 43 B
703 B 74ms
53ms Image
image/gif 23.56.205.163
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.awin1.com/cshow.php?s=3266505&v=11601&q=357526&r=113440&pref1=65431600010064204444550012501021&pv=1

Requested by

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

23.56.205.163 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-56-205-163.deploy.static.akamaitechnologies.com

Software

Resource Hash

2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 07 Nov 2023 04:52:58 GMT
Strict-Transport-Security: max-age=86400
Node: Helix
Content-Type: image/gif
P3P: policyref="http://www.awin1.com/w3c/p3p.xml", CP="NOI NID CURa ADMa PSAa HISa OUR IND UNI PUR COM NAV"
Cache-Control: no-store, no-cache, max-age=0, must-revalidate
Awin-Akamai-Rule-Set: default
Connection: keep-alive
Content-Length: 43
Expires: 0

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 0ABB 1 KB
643 B 7ms
6ms Document
text/html 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 45061
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=86400
content-encoding: br
content-length: 618
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 06 Nov 2023 16:21:57 GMT
etag: 48472445140208031
expires: Tue, 07 Nov 2023 16:21:57 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame F3F7 217 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 63cb46d53f6b3b9160fbe0bcc8ca668630b6f6b6f68a4ac8124d0b1595f50127

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 / Show response
adv.office-partner.de/ Frame CE44 930 B
922 B 15ms
6ms Document
text/html 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to

Full URL: https://adv.office-partner.de/?utm_source=webgains&utm_campaign=webgains
Requested by: Host: hal900016.redintelligence.net
URL: https://hal900016.redintelligence.net/request.php?zone=g72h7lz2c4az&nw=20&renderingType=javascript&namespace=04f0559ac9&subid=&uid=51512fc7d24e2ca2&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=728x90&scrollPos=0x0&extData[]=&extVar[]=DV360_SSP%3A1&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DChbmNqcJJZZ_7E5OW_tMPs7m5yA2m5b2gaYWVnKfJD_AuEAEg-p-ufmCV4pCCoAfIAQmpAsxEo4wi_LE-qAMByAObBKoEjAJP0NdFId15YPji-q0ljKb1zP32lXpvFBaSdyPcTiYs5EQ0RM_1Pa1gW9vDFB0B0XgZPXNFyAQ3VsmMKC3p7DWclV2H80Z29_wft9y3UBo9mxyeKt9QPVsF2UFsKSGzl71Pqlb51BXIcjd9BWEbsItnqhmR4598uLYvllXyh6YzzSFf0ffw_142ee0wpxGURqRumqf6PBlJThEQUbjMxU2IWoVxeYy_vgf6qYHUtYcKDh-V9RXiQEPVvzGQ3TXcfxM4Xtlw2W8JP66_K9UJgI7xtY_pw4kJmKs8vTPXIpA1Qg5XCYR3ZN7B0PBWrt6fXbors2x8ON_upZb4Iz71F2tNHvxdVJBPmOXQOqQjwATrj_yO9wPgBAOIBe-vlog-kAYBoAZNgAesrfWfA6gH2baxAqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBYIgOGAEBABGB8yAqoCOgKAQEi9_cE6gAoBmAsByAsBgAwBqg0CREWwE4fvsRXQEwDYEwOIFAHYFAHQFQH4FgGAFwE%26num%3D1%26cid%3DCAQSOwDICaaN29k_fC-4XYgVUdGfAEkMdghUijSmxJp930XLMhN4jzzLCRPVn01urCJAQ5Xu9jklkj-cjne6GAE%26sig%3DAOD64_0mF0KfYRauN1nxZQqVoJocL-KUXQ%26client%3Dca-pub-9005940812336387%26dbm_c%3DAKAmf-Cmq2bN4igH_tMttGK9RwEz9__tncT1wlLRzIkFu1C86PeEJjqC0-CXkdNw-ekFk6FAjYBo6ZXL5Ta-dtEtu3xkGE0ZID-mU2tZklgk-g5tq38Ul2V-BmBAi7TExHdOqCWxECWr4EQDBl3sNw11BBKqmiggwF9tUbgBTz9WnCnjmZ3HOLg%26cry%3D1%26dbm_d%3DAKAmf-D_0zbY1sg1B9PJIGbLjeGKW16umNgThcIv8gljM31CMHuQ2TvEwAgBI9wIkyI0J2UC7vh2SqpqLk-f_dVtaWKLszApLo_aq8Pv9mA-KCvsZnkmbzIv2384c7hRuS7Wq-YxCabpFwGmU71rpRmFPZf2Gf7q3VDHLVZ7V0cUsaPe3WIUCXuz7Rl5u_SDaKfQV35CkyC1IbzrxUwuMKiuO19wtzACabPc8jeTkV2anFpFf379fvt8GniO1W9qKZJ0APhI-OfitiehKWZKHnxgAJSAL4s7HbyhoJlrSGkrPDYxfx55WbHJbMB_-rtuRwX3aGqzlcZ6ckJXPy6OSAi7sMfjx-PmRgadYt0Y1y4LK_ojeY5ZWIe__pBQk7sOv-4YbpiEBSK9obaYPihlt5tAqRPxo0_bh4kNmDOMnKCLSRdfZou8zbaWVI8ltvwXVj51fwvGcmwS1umhe_QNazcFY39uMO6c1Zrmbrg-uJTpEoVaSGWMTB4%26adurl%3D&documentReferer=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fpagead%2Fads%3Fclient%3Dca-pub-9005940812336387%26output%3Dhtml%26h%3D90%26adk%3D3276878225%26adf%3D3959326066%26pi%3Dt.aa~a.1462100283~rp.4%26w%3D1200%26fwrn%3D4%26fwrnh%3D100%26lmt%3D1699244572%26rafmt%3D1%26to%3Dqs%26pwprc%3D8733112097%26format%3D1200x90%26url%3Dhttps%253A%252F%252Fzobi.pw%252F%26fwr%3D0%26pra%3D3%26rpe%3D1%26resp_fmts%3D3%26wgl%3D1%26fa%3D40%26uach%3DWyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.%26dt%3D1699332777235%26bpp%3D1%26bdt%3D1278%26idt%3D-M%26shv%3Dr20231102%26mjsv%3Dm202311020101%26ptt%3D9%26saldr%3Daa%26abxe%3D1%26cookie%3DID%253D1420813f022afac5%253AT%253D1699332776%253ART%253D1699332776%253AS%253DALNI_MYSCxAC-onTTakmK6gLqxYWxD8nsw%26gpic%3DUID%253D00000cb74907bc80%253AT%253D1699332776%253ART%253D1699332776%253AS%253DALNI_Mb00tq47dWSQdH0uUg5QeUo3eYbkw%26prev_fmts%3D0x0%252C1200x280%26nras%3D2%26correlator%3D478525774591%26frm%3D20%26pv%3D1%26ga_vid%3D176559181.1699332776%26ga_sid%3D1699332776%26ga_hid%3D70829529%26ga_fc%3D1%26u_tz%3D60%26u_his%3D2%26u_h%3D1200%26u_w%3D1600%26u_ah%3D1200%26u_aw%3D1600%26u_cd%3D24%26u_sd%3D1%26dmc%3D8%26adx%3D200%26ady%3D1605%26biw%3D1600%26bih%3D1200%26scr_x%3D0%26scr_y%3D0%26eid%3D44759876%252C44759927%252C31079296%252C31079402%252C44807047%252C44807454%252C44807464%252C31078301%26oid%3D2%26psts%3DAOrYGskejcUVOFrBvqPKf7nqU8J421tGcb5auGFrJHJiW-3KcUrSYE3R5L1XbsMcfUkx17K1ZcPe5MdHVNqrIx3a-fWLASyT%26pvsid%3D3306344477282987%26tmod%3D933844701%26uas%3D0%26nvt%3D1%26fc%3D1920%26brdim%3D0%252C0%252C0%252C0%252C1600%252C0%252C1600%252C1200%252C1600%252C1200%26vis%3D1%26rsz%3D%257C%257Cs%257C%26abl%3DNS%26fu%3D128%26bc%3D31%26psd%3DW251bGwsbnVsbCxudWxsLDNd%26ifi%3D3%26uci%3Da!3%26btvi%3D1%26fsb%3D1%26xpc%3DEEHRQVsWBU%26p%3Dhttps%253A%2F%2Fzobi.pw%26dtd%3D6&ancestorOrigins=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Chttps%3A%2F%2Fzobi.pw&random=4315774314116&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),
Reverse DNS
Software: keycdn /
Resource Hash: 384179ee8fb1fd393558e28ea811532ea776e8cd69f9e94f379ddefb78948bd7

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
cache-control: max-age=604800
content-encoding: gzip
content-length: 552
content-type: text/html
date: Tue, 07 Nov 2023 04:52:58 GMT
etag: "3a2-5c1ab16b3be00-gzip"
expires: Tue, 14 Nov 2023 04:52:58 GMT
last-modified: Thu, 06 May 2021 15:37:28 GMT
link: <https://adv-srv.office-partner.de/?utm_source=webgains&utm_campaign=webgains>; rel="canonical"
server: keycdn
vary: Accept-Encoding
x-accel-version: 0.01
x-cache: HIT
x-edge-location: defr

GET
H2

200

htlp Show response
futalis.de/ Frame A2C5
Redirect Chain

https://cdn.retailads.net/tb.php?t=150337V2172132532M&subid=88756100008870204444550012501016&ra_cnt_active=1&ra_cnt=1
https://futalis.de/htlp?utm_medium=affiliate&utm_source=retailads&utm_campaign=150337&ra_id=3277294884

350 B
401 B

51ms
12ms

Document
text/html

49.12.22.42
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://futalis.de/htlp?utm_medium=affiliate&utm_source=retailads&utm_campaign=150337&ra_id=3277294884
Requested by: Host: hal900016.redintelligence.net
URL: https://hal900016.redintelligence.net/request.php?zone=g72h7lz2c4az&nw=20&renderingType=javascript&namespace=04f0559ac9&subid=&uid=51512fc7d24e2ca2&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=728x90&scrollPos=0x0&extData[]=&extVar[]=DV360_SSP%3A1&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DChbmNqcJJZZ_7E5OW_tMPs7m5yA2m5b2gaYWVnKfJD_AuEAEg-p-ufmCV4pCCoAfIAQmpAsxEo4wi_LE-qAMByAObBKoEjAJP0NdFId15YPji-q0ljKb1zP32lXpvFBaSdyPcTiYs5EQ0RM_1Pa1gW9vDFB0B0XgZPXNFyAQ3VsmMKC3p7DWclV2H80Z29_wft9y3UBo9mxyeKt9QPVsF2UFsKSGzl71Pqlb51BXIcjd9BWEbsItnqhmR4598uLYvllXyh6YzzSFf0ffw_142ee0wpxGURqRumqf6PBlJThEQUbjMxU2IWoVxeYy_vgf6qYHUtYcKDh-V9RXiQEPVvzGQ3TXcfxM4Xtlw2W8JP66_K9UJgI7xtY_pw4kJmKs8vTPXIpA1Qg5XCYR3ZN7B0PBWrt6fXbors2x8ON_upZb4Iz71F2tNHvxdVJBPmOXQOqQjwATrj_yO9wPgBAOIBe-vlog-kAYBoAZNgAesrfWfA6gH2baxAqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBYIgOGAEBABGB8yAqoCOgKAQEi9_cE6gAoBmAsByAsBgAwBqg0CREWwE4fvsRXQEwDYEwOIFAHYFAHQFQH4FgGAFwE%26num%3D1%26cid%3DCAQSOwDICaaN29k_fC-4XYgVUdGfAEkMdghUijSmxJp930XLMhN4jzzLCRPVn01urCJAQ5Xu9jklkj-cjne6GAE%26sig%3DAOD64_0mF0KfYRauN1nxZQqVoJocL-KUXQ%26client%3Dca-pub-9005940812336387%26dbm_c%3DAKAmf-Cmq2bN4igH_tMttGK9RwEz9__tncT1wlLRzIkFu1C86PeEJjqC0-CXkdNw-ekFk6FAjYBo6ZXL5Ta-dtEtu3xkGE0ZID-mU2tZklgk-g5tq38Ul2V-BmBAi7TExHdOqCWxECWr4EQDBl3sNw11BBKqmiggwF9tUbgBTz9WnCnjmZ3HOLg%26cry%3D1%26dbm_d%3DAKAmf-D_0zbY1sg1B9PJIGbLjeGKW16umNgThcIv8gljM31CMHuQ2TvEwAgBI9wIkyI0J2UC7vh2SqpqLk-f_dVtaWKLszApLo_aq8Pv9mA-KCvsZnkmbzIv2384c7hRuS7Wq-YxCabpFwGmU71rpRmFPZf2Gf7q3VDHLVZ7V0cUsaPe3WIUCXuz7Rl5u_SDaKfQV35CkyC1IbzrxUwuMKiuO19wtzACabPc8jeTkV2anFpFf379fvt8GniO1W9qKZJ0APhI-OfitiehKWZKHnxgAJSAL4s7HbyhoJlrSGkrPDYxfx55WbHJbMB_-rtuRwX3aGqzlcZ6ckJXPy6OSAi7sMfjx-PmRgadYt0Y1y4LK_ojeY5ZWIe__pBQk7sOv-4YbpiEBSK9obaYPihlt5tAqRPxo0_bh4kNmDOMnKCLSRdfZou8zbaWVI8ltvwXVj51fwvGcmwS1umhe_QNazcFY39uMO6c1Zrmbrg-uJTpEoVaSGWMTB4%26adurl%3D&documentReferer=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fpagead%2Fads%3Fclient%3Dca-pub-9005940812336387%26output%3Dhtml%26h%3D90%26adk%3D3276878225%26adf%3D3959326066%26pi%3Dt.aa~a.1462100283~rp.4%26w%3D1200%26fwrn%3D4%26fwrnh%3D100%26lmt%3D1699244572%26rafmt%3D1%26to%3Dqs%26pwprc%3D8733112097%26format%3D1200x90%26url%3Dhttps%253A%252F%252Fzobi.pw%252F%26fwr%3D0%26pra%3D3%26rpe%3D1%26resp_fmts%3D3%26wgl%3D1%26fa%3D40%26uach%3DWyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.%26dt%3D1699332777235%26bpp%3D1%26bdt%3D1278%26idt%3D-M%26shv%3Dr20231102%26mjsv%3Dm202311020101%26ptt%3D9%26saldr%3Daa%26abxe%3D1%26cookie%3DID%253D1420813f022afac5%253AT%253D1699332776%253ART%253D1699332776%253AS%253DALNI_MYSCxAC-onTTakmK6gLqxYWxD8nsw%26gpic%3DUID%253D00000cb74907bc80%253AT%253D1699332776%253ART%253D1699332776%253AS%253DALNI_Mb00tq47dWSQdH0uUg5QeUo3eYbkw%26prev_fmts%3D0x0%252C1200x280%26nras%3D2%26correlator%3D478525774591%26frm%3D20%26pv%3D1%26ga_vid%3D176559181.1699332776%26ga_sid%3D1699332776%26ga_hid%3D70829529%26ga_fc%3D1%26u_tz%3D60%26u_his%3D2%26u_h%3D1200%26u_w%3D1600%26u_ah%3D1200%26u_aw%3D1600%26u_cd%3D24%26u_sd%3D1%26dmc%3D8%26adx%3D200%26ady%3D1605%26biw%3D1600%26bih%3D1200%26scr_x%3D0%26scr_y%3D0%26eid%3D44759876%252C44759927%252C31079296%252C31079402%252C44807047%252C44807454%252C44807464%252C31078301%26oid%3D2%26psts%3DAOrYGskejcUVOFrBvqPKf7nqU8J421tGcb5auGFrJHJiW-3KcUrSYE3R5L1XbsMcfUkx17K1ZcPe5MdHVNqrIx3a-fWLASyT%26pvsid%3D3306344477282987%26tmod%3D933844701%26uas%3D0%26nvt%3D1%26fc%3D1920%26brdim%3D0%252C0%252C0%252C0%252C1600%252C0%252C1600%252C1200%252C1600%252C1200%26vis%3D1%26rsz%3D%257C%257Cs%257C%26abl%3DNS%26fu%3D128%26bc%3D31%26psd%3DW251bGwsbnVsbCxudWxsLDNd%26ifi%3D3%26uci%3Da!3%26btvi%3D1%26fsb%3D1%26xpc%3DEEHRQVsWBU%26p%3Dhttps%253A%2F%2Fzobi.pw%26dtd%3D6&ancestorOrigins=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Chttps%3A%2F%2Fzobi.pw&random=4315774314116&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 49.12.22.42 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: lb-3.futalis.de
Software: /
Resource Hash: 582e283baa4cce4006055beb2eb8fe257c1ec5ef573a40f173b880636089e8cd

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

content-length: 350
content-type: text/html; charset=utf-8

Redirect headers

content-length: 0
content-type: text/html; charset=utf-8
date: Tue, 07 Nov 2023 04:52:58 GMT
location: https://futalis.de/htlp?utm_medium=affiliate&utm_source=retailads&utm_campaign=150337&ra_id=3277294884
p3p: policyref="https://www.retailads.net/w3c/p3p.xml",CP="NOI CUR OUR STP"
server: Apache
xphp81: true

GET
H2 200 link.html Show response
track.webgains.com/ Frame 5565 2 KB
2 KB 101ms
70ms Script
text/html 18.169.160.74
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://track.webgains.com/link.html?wglinkid=2513145&wgcampaignid=99582&js=1&viewref=88756100008870204444550012501016&nw=1
Requested by: Host: zobi.pw
URL: https://zobi.pw/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.169.160.74 London, United Kingdom, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-169-160-74.eu-west-2.compute.amazonaws.com
Software: nginx / PHP/7.4.26
Resource Hash: 355eaabb1ce766c94e89b56c3cd15dd287653a69e50e259bbe1b6298470ae15d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Tue, 07 Nov 2023 04:52:58 GMT
last-modified: Tue, 07 Nov 2023 04:52:58 GMT
server: nginx
x-powered-by: PHP/7.4.26
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=60
access-control-allow-headers: Authorization
expires: Tue, 07 Nov 2023 04:53:58 GMT

GET
H/1.1 200
OK request_content.php Show response
hal900016.redintelligence.net/ Frame 7A7A 7 KB
2 KB 32ms
11ms Document
text/html 138.201.220.30
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal900016.redintelligence.net/request_content.php?s=88756100008870204444550012501016&a=941daffc
Requested by: Host: hal900016.redintelligence.net
URL: https://hal900016.redintelligence.net/request.php?zone=g72h7lz2c4az&nw=20&renderingType=javascript&namespace=04f0559ac9&subid=&uid=51512fc7d24e2ca2&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=728x90&scrollPos=0x0&extData[]=&extVar[]=DV360_SSP%3A1&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DChbmNqcJJZZ_7E5OW_tMPs7m5yA2m5b2gaYWVnKfJD_AuEAEg-p-ufmCV4pCCoAfIAQmpAsxEo4wi_LE-qAMByAObBKoEjAJP0NdFId15YPji-q0ljKb1zP32lXpvFBaSdyPcTiYs5EQ0RM_1Pa1gW9vDFB0B0XgZPXNFyAQ3VsmMKC3p7DWclV2H80Z29_wft9y3UBo9mxyeKt9QPVsF2UFsKSGzl71Pqlb51BXIcjd9BWEbsItnqhmR4598uLYvllXyh6YzzSFf0ffw_142ee0wpxGURqRumqf6PBlJThEQUbjMxU2IWoVxeYy_vgf6qYHUtYcKDh-V9RXiQEPVvzGQ3TXcfxM4Xtlw2W8JP66_K9UJgI7xtY_pw4kJmKs8vTPXIpA1Qg5XCYR3ZN7B0PBWrt6fXbors2x8ON_upZb4Iz71F2tNHvxdVJBPmOXQOqQjwATrj_yO9wPgBAOIBe-vlog-kAYBoAZNgAesrfWfA6gH2baxAqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBYIgOGAEBABGB8yAqoCOgKAQEi9_cE6gAoBmAsByAsBgAwBqg0CREWwE4fvsRXQEwDYEwOIFAHYFAHQFQH4FgGAFwE%26num%3D1%26cid%3DCAQSOwDICaaN29k_fC-4XYgVUdGfAEkMdghUijSmxJp930XLMhN4jzzLCRPVn01urCJAQ5Xu9jklkj-cjne6GAE%26sig%3DAOD64_0mF0KfYRauN1nxZQqVoJocL-KUXQ%26client%3Dca-pub-9005940812336387%26dbm_c%3DAKAmf-Cmq2bN4igH_tMttGK9RwEz9__tncT1wlLRzIkFu1C86PeEJjqC0-CXkdNw-ekFk6FAjYBo6ZXL5Ta-dtEtu3xkGE0ZID-mU2tZklgk-g5tq38Ul2V-BmBAi7TExHdOqCWxECWr4EQDBl3sNw11BBKqmiggwF9tUbgBTz9WnCnjmZ3HOLg%26cry%3D1%26dbm_d%3DAKAmf-D_0zbY1sg1B9PJIGbLjeGKW16umNgThcIv8gljM31CMHuQ2TvEwAgBI9wIkyI0J2UC7vh2SqpqLk-f_dVtaWKLszApLo_aq8Pv9mA-KCvsZnkmbzIv2384c7hRuS7Wq-YxCabpFwGmU71rpRmFPZf2Gf7q3VDHLVZ7V0cUsaPe3WIUCXuz7Rl5u_SDaKfQV35CkyC1IbzrxUwuMKiuO19wtzACabPc8jeTkV2anFpFf379fvt8GniO1W9qKZJ0APhI-OfitiehKWZKHnxgAJSAL4s7HbyhoJlrSGkrPDYxfx55WbHJbMB_-rtuRwX3aGqzlcZ6ckJXPy6OSAi7sMfjx-PmRgadYt0Y1y4LK_ojeY5ZWIe__pBQk7sOv-4YbpiEBSK9obaYPihlt5tAqRPxo0_bh4kNmDOMnKCLSRdfZou8zbaWVI8ltvwXVj51fwvGcmwS1umhe_QNazcFY39uMO6c1Zrmbrg-uJTpEoVaSGWMTB4%26adurl%3D&documentReferer=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fpagead%2Fads%3Fclient%3Dca-pub-9005940812336387%26output%3Dhtml%26h%3D90%26adk%3D3276878225%26adf%3D3959326066%26pi%3Dt.aa~a.1462100283~rp.4%26w%3D1200%26fwrn%3D4%26fwrnh%3D100%26lmt%3D1699244572%26rafmt%3D1%26to%3Dqs%26pwprc%3D8733112097%26format%3D1200x90%26url%3Dhttps%253A%252F%252Fzobi.pw%252F%26fwr%3D0%26pra%3D3%26rpe%3D1%26resp_fmts%3D3%26wgl%3D1%26fa%3D40%26uach%3DWyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.%26dt%3D1699332777235%26bpp%3D1%26bdt%3D1278%26idt%3D-M%26shv%3Dr20231102%26mjsv%3Dm202311020101%26ptt%3D9%26saldr%3Daa%26abxe%3D1%26cookie%3DID%253D1420813f022afac5%253AT%253D1699332776%253ART%253D1699332776%253AS%253DALNI_MYSCxAC-onTTakmK6gLqxYWxD8nsw%26gpic%3DUID%253D00000cb74907bc80%253AT%253D1699332776%253ART%253D1699332776%253AS%253DALNI_Mb00tq47dWSQdH0uUg5QeUo3eYbkw%26prev_fmts%3D0x0%252C1200x280%26nras%3D2%26correlator%3D478525774591%26frm%3D20%26pv%3D1%26ga_vid%3D176559181.1699332776%26ga_sid%3D1699332776%26ga_hid%3D70829529%26ga_fc%3D1%26u_tz%3D60%26u_his%3D2%26u_h%3D1200%26u_w%3D1600%26u_ah%3D1200%26u_aw%3D1600%26u_cd%3D24%26u_sd%3D1%26dmc%3D8%26adx%3D200%26ady%3D1605%26biw%3D1600%26bih%3D1200%26scr_x%3D0%26scr_y%3D0%26eid%3D44759876%252C44759927%252C31079296%252C31079402%252C44807047%252C44807454%252C44807464%252C31078301%26oid%3D2%26psts%3DAOrYGskejcUVOFrBvqPKf7nqU8J421tGcb5auGFrJHJiW-3KcUrSYE3R5L1XbsMcfUkx17K1ZcPe5MdHVNqrIx3a-fWLASyT%26pvsid%3D3306344477282987%26tmod%3D933844701%26uas%3D0%26nvt%3D1%26fc%3D1920%26brdim%3D0%252C0%252C0%252C0%252C1600%252C0%252C1600%252C1200%252C1600%252C1200%26vis%3D1%26rsz%3D%257C%257Cs%257C%26abl%3DNS%26fu%3D128%26bc%3D31%26psd%3DW251bGwsbnVsbCxudWxsLDNd%26ifi%3D3%26uci%3Da!3%26btvi%3D1%26fsb%3D1%26xpc%3DEEHRQVsWBU%26p%3Dhttps%253A%2F%2Fzobi.pw%26dtd%3D6&ancestorOrigins=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Chttps%3A%2F%2Fzobi.pw&random=4315774314116&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.220.30 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.30.220.201.138.clients.your-server.de
Software: Apache /
Resource Hash: 82dba1ba5cee747e5dc6cb2a4b5d37b0190a129c9d807300693e46c06951a60f

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Connection: close
Content-Encoding: gzip
Content-Length: 2054
Content-Type: text/html; charset=utf-8
Date: Tue, 07 Nov 2023 04:52:58 GMT
Expires: Tue, 07 Nov 2023 04:52:58 +0100
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Pragma: no-cache
Server: Apache
Vary: Accept-Encoding

GET
H/1.1 200
OK cshow.php
www.awin1.com/ Frame 5565 43 B
703 B 65ms
52ms Image
image/gif 23.56.205.163
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.awin1.com/cshow.php?s=3266505&v=11601&q=357526&r=113440&pref1=88756100008870204444550012501016&pv=1

Requested by

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

23.56.205.163 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-56-205-163.deploy.static.akamaitechnologies.com

Software

Resource Hash

2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 07 Nov 2023 04:52:58 GMT
Strict-Transport-Security: max-age=86400
Node: Helix
Content-Type: image/gif
P3P: policyref="http://www.awin1.com/w3c/p3p.xml", CP="NOI NID CURa ADMa PSAa HISa OUR IND UNI PUR COM NAV"
Cache-Control: no-store, no-cache, max-age=0, must-revalidate
Awin-Akamai-Rule-Set: default
Connection: keep-alive
Content-Length: 43
Expires: 0

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 57D6 1 KB
643 B 6ms
6ms Document
text/html 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 45061
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=86400
content-encoding: br
content-length: 618
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 06 Nov 2023 16:21:57 GMT
etag: 48472445140208031
expires: Tue, 07 Nov 2023 16:21:57 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame 5565 214 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 7e4b2c2de6bf762eca45aad9c2a60da4982464597e6dccc59443f84092e8bcc6

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 css
fonts.googleapis.com/ Frame 6C06 2 KB
434 B 16ms
15ms Stylesheet
text/css 2a00:1450:4001:828::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Titillium+Web:400,700

Requested by

Host: hal900021.redintelligence.net
URL: https://hal900021.redintelligence.net/request_content.php?s=65431600010064204444550012501021&a=465930d8

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

bf5b911ce6645add415b3dbf40d50dc8cda426f38f5300525bf4793c4131b2c2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal900021.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Tue, 07 Nov 2023 04:52:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Tue, 07 Nov 2023 04:10:42 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Tue, 07 Nov 2023 04:52:58 GMT

GET
H/1.1 200
OK /
hal9000.redintelligence.net/scale/ Frame 6C06 16 KB
16 KB 33ms
12ms Image
image/png 138.201.63.116
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://hal9000.redintelligence.net/scale/?nw=20&mode=bb&width=120&height=60&url=https://cdn.contentspread.net/24i/advertiser/30229/creativesup/1200x627_Office-Partner.jpg
Requested by: Host: hal900021.redintelligence.net
URL: https://hal900021.redintelligence.net/request_content.php?s=65431600010064204444550012501021&a=465930d8
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.63.116 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.116.63.201.138.clients.your-server.de
Software: Apache /
Resource Hash: fe216212f30a471bc63cc37f60198b2eb430fd5537580467ac9343df3b677527

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal900021.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

Date: Tue, 07 Nov 2023 04:52:58 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 16513
Vary: Accept-Encoding
Content-Type: image/png

GET
H/1.1 200
OK /
hal9000.redintelligence.net/scale/ Frame 6C06 13 KB
13 KB 84ms
63ms Image
image/png 138.201.63.116
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://hal9000.redintelligence.net/scale/?nw=20&mode=bb&width=120&height=60&url=https://cdn.contentspread.net/24i/advertiser/55487/creativesup/1200x627.jpg
Requested by: Host: hal900021.redintelligence.net
URL: https://hal900021.redintelligence.net/request_content.php?s=65431600010064204444550012501021&a=465930d8
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.63.116 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.116.63.201.138.clients.your-server.de
Software: Apache /
Resource Hash: f3cd5973b970209f09e9343865eea35789c7090d1d04a3c3620c3c30a122a11f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal900021.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

Date: Tue, 07 Nov 2023 04:52:58 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 12997
Vary: Accept-Encoding
Content-Type: image/png

GET
H/1.1 200
OK /
hal9000.redintelligence.net/scale/ Frame 6C06 11 KB
11 KB 34ms
12ms Image
image/png 138.201.63.116
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://hal9000.redintelligence.net/scale/?nw=20&mode=bb&width=120&height=60&url=https://cdn.contentspread.net/24i/advertiser/36340/creativesup/native2.png
Requested by: Host: hal900021.redintelligence.net
URL: https://hal900021.redintelligence.net/request_content.php?s=65431600010064204444550012501021&a=465930d8
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.63.116 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.116.63.201.138.clients.your-server.de
Software: Apache /
Resource Hash: 8edad86bbbb7acb03a1d9b205b744a381f5dfd5b8443c17355ace93dcef21a11

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal900021.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

Date: Tue, 07 Nov 2023 04:52:58 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 10942
Vary: Accept-Encoding
Content-Type: image/png

GET
H3 200 css
fonts.googleapis.com/ Frame 7A7A 2 KB
434 B 17ms
16ms Stylesheet
text/css 2a00:1450:4001:828::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Titillium+Web:400,700

Requested by

Host: hal900016.redintelligence.net
URL: https://hal900016.redintelligence.net/request_content.php?s=88756100008870204444550012501016&a=941daffc

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

bf5b911ce6645add415b3dbf40d50dc8cda426f38f5300525bf4793c4131b2c2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal900016.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Tue, 07 Nov 2023 04:52:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Tue, 07 Nov 2023 03:32:15 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Tue, 07 Nov 2023 04:52:58 GMT

GET
H/1.1 200
OK /
hal9000.redintelligence.net/scale/ Frame 7A7A 9 KB
9 KB 34ms
12ms Image
image/png 138.201.63.116
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://hal9000.redintelligence.net/scale/?nw=20&mode=bb&width=62&height=62&url=https://cdn.contentspread.net/24i/advertiser/30229/creativesup/627x627_Office-Partner.jpg
Requested by: Host: hal900016.redintelligence.net
URL: https://hal900016.redintelligence.net/request_content.php?s=88756100008870204444550012501016&a=941daffc
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.63.116 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.116.63.201.138.clients.your-server.de
Software: Apache /
Resource Hash: 21176046b2177d00b97d4d1e37c477efa2456977f1f8a6e010daaa7feada1501

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal900016.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

Date: Tue, 07 Nov 2023 04:52:58 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 9249
Vary: Accept-Encoding
Content-Type: image/png

GET
H/1.1 200
OK /
hal9000.redintelligence.net/scale/ Frame 7A7A 7 KB
8 KB 76ms
54ms Image
image/png 138.201.63.116
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://hal9000.redintelligence.net/scale/?nw=20&mode=bb&width=62&height=62&url=https://cdn.contentspread.net/24i/advertiser/55487/creativesup/627x627.jpg
Requested by: Host: hal900016.redintelligence.net
URL: https://hal900016.redintelligence.net/request_content.php?s=88756100008870204444550012501016&a=941daffc
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.63.116 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.116.63.201.138.clients.your-server.de
Software: Apache /
Resource Hash: 23c40c20343a4c953107753e400eadfbedf035b3165b92503b15ac18e984b211

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal900016.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

Date: Tue, 07 Nov 2023 04:52:58 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 7633
Vary: Accept-Encoding
Content-Type: image/png

GET
H/1.1 200
OK /
hal9000.redintelligence.net/scale/ Frame 7A7A 7 KB
7 KB 38ms
12ms Image
image/png 138.201.63.116
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://hal9000.redintelligence.net/scale/?nw=20&mode=bb&width=62&height=62&url=https://cdn.contentspread.net/24i/advertiser/36340/creativesup/native4.png
Requested by: Host: hal900016.redintelligence.net
URL: https://hal900016.redintelligence.net/request_content.php?s=88756100008870204444550012501016&a=941daffc
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.63.116 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.116.63.201.138.clients.your-server.de
Software: Apache /
Resource Hash: 1dbd64f052acde6f95351d6461bb4dbf62566c9a0af47394a2da06d0d4cbb5c1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal900016.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

Date: Tue, 07 Nov 2023 04:52:58 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 7117
Vary: Accept-Encoding
Content-Type: image/png

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 3C5C 0
20 B 44ms
44ms Image
image/gif 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=44&t=2&bgai=B24NUqcJJZaTTOfeG9u8PjL-rsAwAAAAAOAHgBAI&bg=!ammlaSbNAAb4oU7C2KE7ADQBe5WfOCvMRjW72X5bWj7vhjTpkWo7b6bAvYiUpLIA1CWol1wnJluHe_l0lHaTaGPmstsUAgAAAH1SAAAABmgBB5kDQpfz9552TNyxU6w35-7JmjQzfEg2r6m-tbOqbR4C1WMPEiA7rPV_lTYMmEDnX2T49Ju1GcXsOBBHlNouFJSG7YjVSRmhqxguGmO7E_cZ_WCvvw2bSANRmRaIZw-UefXOv-c37wSebIEV84k8-ZdavR7gg5PsbdQpAvpQG8m9Wql4ncqOZezQWknCmloYWjcyB89sj32O_cR85PK8ZWK90QVjBSM_rweNKTt_Oxbcfbz21GliK-LO6fvr8feqJDPa6mVDJwk57vpkBz48OZcfbjc7UhaevX4C0xwpn8Os9n_OMszeKsG_y26PqhQWAlfLvoKATEjP9T4a8PolwAZrSx4itzo-XdIqXEe_TqYDqNpkkltEsqyJ6ES-0xz3Bvr2Me2n9U0SgCjGFow-1ccMEt2rj-Ovs5RiJXwbeebwJN0JVbtyllK_x5AxaE_DrWBMmR6Vvg6DkMXvanV1QsSzAVd1h5FQBU8J04uTTnLf1c4QDicZ9tXNahlQJeedinVAmFaODWlJJU2a6dOTWuQGblCI23EjG0_-eRTcU5jKTQQwUqmJGo07cidbbazvpgldJTEGykpXCXuOTSlbO89cNCYTiztR-FjiJ07LhxbbUsU6hAeGvr1rCwtv61bnlvHADplt8FLJGMrAG7TiXcEAj8-rakARFlFCzeS5unMVyEvD6hcFBBp2X-UxkPL94-Y9ragUEIKv2ePh8MlIKfeqagtXM0ULmlpoiDXgx8oce4_TnBrAaLJ5JvpxnnEmbt22lY3T059PpnOaE_VCbzm6psOE3sVdKs4v4a8uKA-a602MlGk23tDyghxCdi910RZSw42VRo2ccJCoXkbn2pISaUCmMGm9N7fBCl1VFjHoOHJdLrPea2jixZONU12op0YciQSxVhYEx1qTm0hDrtn_hwaabpiIOjyztzymRmPzqk9PLOHicpuJ2O6Rx3X8xTC77v6x3xLbQYwQuMYCd28S6P3PmcuGdTDR7c4O-1R912umdOIAAcAwmthJ_ykTtHVOTkaz-DoETINwju1OLmGr-UhR1tKbklz_as2ngaEJyH4AlZ8zQ53TRXRcHwARKuEXKkYo-PbHTDqIgUEJqTalvbZOFw

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 07 Nov 2023 04:52:58 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 gtm.js Show response
www.googletagmanager.com/ Frame 5880 174 KB
62 KB 17ms
16ms Script
application/javascript 2a00:1450:4001:806::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-TBMT2SF

Requested by

Host: adv.office-partner.de
URL: https://adv.office-partner.de/?utm_source=webgains&utm_campaign=webgains

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

e6d52f2fdb86710d9e3ad49d7746cae243e1e0c6f4270cbc05692bb8f41ba6ac

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://adv.office-partner.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Tue, 07 Nov 2023 04:52:58 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 63840
x-xss-protection: 0
last-modified: Tue, 07 Nov 2023 03:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Tue, 07 Nov 2023 04:52:58 GMT

GET
H3 200 gtm.js Show response
www.googletagmanager.com/ Frame CE44 174 KB
62 KB 27ms
27ms Script
application/javascript 2a00:1450:4001:806::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-TBMT2SF

Requested by

Host: adv.office-partner.de
URL: https://adv.office-partner.de/?utm_source=webgains&utm_campaign=webgains

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

2b3001cef283f715e5e4e9816db751182ab92d89bcc961b6eff177792207aa71

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://adv.office-partner.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Tue, 07 Nov 2023 04:52:58 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 63839
x-xss-protection: 0
last-modified: Tue, 07 Nov 2023 03:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Tue, 07 Nov 2023 04:52:58 GMT

GET
H2

200

/
r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/ Frame 0ABB
Redirect Chain

https://ad.turn.com/r/cs?pid=3&google_gid=CAESEM3cEyVcB7ePvfInRiFAZNg&google_cver=1&google_push=AXcoOmS-Oqz6H6iWkV25S-hfU42VDBK7hlORcCeBSYwdI5L2CQwph_81IU7J2BVAmXmPY6uo-K-bdw-7NNEg44jDICOmLl2PmPyXia4
https://cm.g.doubleclick.net/pixel?google_nid=turn1&google_cm&google_sc&google_hm=Mjg0OTUzOTc4MDE4MTQwMjE0MQ==&gdpr=&gdpr_consent=
https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?gdpr=&gdpr_consent=&google_gid=CAESEP_S06BOrPFZMi4LOz8jhPU&google_cver=1

43 B
398 B

14ms
13ms

Image
image/gif

46.228.164.11
AMOBEE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?gdpr=&gdpr_consent=&google_gid=CAESEP_S06BOrPFZMi4LOz8jhPU&google_cver=1
Protocol: H2
Server: 46.228.164.11 , United Kingdom, ASN56396 (AMOBEE, GB),
Reverse DNS
Software: /
Resource Hash: 48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

content-type: image/gif
pragma: no-cache
date: Tue, 07 Nov 2023 04:52:57 GMT
cache-control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
content-length: 43
p3p: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"

Redirect headers

pragma: no-cache
date: Tue, 07 Nov 2023 04:52:58 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?gdpr=&gdpr_consent=&google_gid=CAESEP_S06BOrPFZMi4LOz8jhPU&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 329
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 0ABB
Redirect Chain

https://pm.w55c.net/ping_match.gif?ei=GOOGLE&rurl=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3D9675309%26google_hm%3D_wfivefivec64esc_&google_gid=CAESEA_L24OFoEAWGdfyEEVNxpU&google_cve...
https://pm.w55c.net/ping_match.gif?scc=1&ei=GOOGLE&rurl=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3D9675309%26google_hm%3D_wfivefivec64esc_&google_gid=CAESEA_L24OFoEAWGdfyEEVNxpU&goog...
https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=aFNNV3JvMGkxUjBlNWM1&google_gid=CAESEA_L24OFoEAWGdfyEEVNxpU&google_cver=1&google_push=AXcoOmQdAC08m8O2mbSX0Mu7k4Y8ltRqWP7QiOOFMzrUIyt...

170 B
188 B

29ms
29ms

Image
image/png

142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=aFNNV3JvMGkxUjBlNWM1&google_gid=CAESEA_L24OFoEAWGdfyEEVNxpU&google_cver=1&google_push=AXcoOmQdAC08m8O2mbSX0Mu7k4Y8ltRqWP7QiOOFMzrUIytQFJEWE60JSCIr7iLPgIF1MEVBi20TBnkLVlpRcHzhmRJe5OFW-k7ZUA

Requested by

Protocol

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 07 Nov 2023 04:52:58 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Tue, 07 Nov 2023 04:52:58 GMT
Strict-Transport-Security: max-age=2592000; includeSubDomains
Server: PingMatch/v2.0.30-794-ga594423#rel-ec2-master i-051642093d6c37fb5@eu-central-1b@dxedge-app-eu-central-1-prod-asg
Location: https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=aFNNV3JvMGkxUjBlNWM1&google_gid=CAESEA_L24OFoEAWGdfyEEVNxpU&google_cver=1&google_push=AXcoOmQdAC08m8O2mbSX0Mu7k4Y8ltRqWP7QiOOFMzrUIytQFJEWE60JSCIr7iLPgIF1MEVBi20TBnkLVlpRcHzhmRJe5OFW-k7ZUA
Cache-Control: no-cache, must-revalidate
Connection: keep-alive
Content-Length: 0
Expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 0ABB
Redirect Chain

https://sync-tm.everesttech.net/upi/pid/5w3jqr4k?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dg8f47s39e399f3fe%26google_hm%3D%24%7BTM_USER_ID_BASE64ENC_URLENC%7D&google_gid=CAESE...
https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=&google_cver=1&google_gid=CAESEFkRqEIjDEu475XCvbW9FSw&google_push=AXcoOmSWAveYcjk3M4DsEc876UGaMOsZST1CpK-VtA7N5kzVwxKqa00hl8...

170 B
188 B

29ms
29ms

Image
image/png

142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=&google_cver=1&google_gid=CAESEFkRqEIjDEu475XCvbW9FSw&google_push=AXcoOmSWAveYcjk3M4DsEc876UGaMOsZST1CpK-VtA7N5kzVwxKqa00hl8ixBsbsSnhRHgxf2CECw15g_P_80xVog0TO_qlbuCLTz9A

Requested by

Protocol

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 07 Nov 2023 04:52:58 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

x-served-by: cache-fra-eddf8230132-FRA
pragma: no-cache
date: Tue, 07 Nov 2023 04:52:58 GMT
via: 1.1 varnish
server: Jetty(9.4.35.v20201120)
x-timer: S1699332778.460762,VS0,VE90
x-cache: MISS
p3p: CP="NOI DSP COR LAW PSAo PSDo IVAo IVDo OUR BUS UNI DEM"
access-control-allow-origin: *
location: https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=&google_cver=1&google_gid=CAESEFkRqEIjDEu475XCvbW9FSw&google_push=AXcoOmSWAveYcjk3M4DsEc876UGaMOsZST1CpK-VtA7N5kzVwxKqa00hl8ixBsbsSnhRHgxf2CECw15g_P_80xVog0TO_qlbuCLTz9A
cache-control: no-cache
accept-ranges: bytes
content-length: 0
x-cache-hits: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 0ABB
Redirect Chain

https://um.simpli.fi/gp_match?google_gid=CAESENdWu6w_2nxO4ThiP3Ot-Do&google_cver=1&google_push=AXcoOmTk4i0PrRmfp5btff3R32ucrp199gQVJsvyHZ4ePaWtDbCWRtGoZ0x83mJ-yIIWYVBm5I7r2DmsYsPn0RSwc9uO_LiyJADNMMI
https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=4DCF5E5EAE084CBEB434E40DD1B88B72&google_push=AXcoOmTk4i0PrRmfp5btff3R32ucrp199gQVJsvyHZ4ePaWtDbCWRtGoZ0x83mJ-yIIWYVBm5I7r2DmsYsPn0RS...

170 B
188 B

29ms
29ms

Image
image/png

142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=4DCF5E5EAE084CBEB434E40DD1B88B72&google_push=AXcoOmTk4i0PrRmfp5btff3R32ucrp199gQVJsvyHZ4ePaWtDbCWRtGoZ0x83mJ-yIIWYVBm5I7r2DmsYsPn0RSwc9uO_LiyJADNMMI

Requested by

Protocol

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 07 Nov 2023 04:52:58 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Tue, 07 Nov 2023 04:52:58 GMT
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-content-type-options: nosniff
server: openresty
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/html
location: https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=4DCF5E5EAE084CBEB434E40DD1B88B72&google_push=AXcoOmTk4i0PrRmfp5btff3R32ucrp199gQVJsvyHZ4ePaWtDbCWRtGoZ0x83mJ-yIIWYVBm5I7r2DmsYsPn0RSwc9uO_LiyJADNMMI
access-control-allow-origin: *
cache-control: no-cache
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length: 142
expires: Mon, 06 Nov 2023 04:52:58 GMT

GET
H2 200 usersync.aspx
dis.criteo.com/dis/ Frame 0ABB 43 B
363 B 47ms
12ms Image
image/gif 178.250.1.9
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dis.criteo.com/dis/usersync.aspx?r=4&p=14&cp=google&cu=1&url=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcjp%26google_hm%3D%40%40CRITEO_USERID%40%40%26google_push%3DAXcoOmTI67VjzaQ36gbdmqkDfYIOf2qag6uB2Q5zUJvlvRasspjku-IysHzq1O7UFygTtARioJgUAtfzz6YHm6qXGR0r7zGAb6uD_48&google_gid=CAESEJNu_tYsNuYxgUTc_SZTub8&google_cver=1

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.1.9 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 07 Nov 2023 04:52:58 GMT
x-errorlevel: 0
strict-transport-security: max-age=31536000; preload;
server: Kestrel
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
content-type: image/gif
cache-control: no-cache
cross-origin-resource-policy: cross-origin
server-processing-duration-in-ticks: 260565
expires: Tue, 07 Nov 2023 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 0ABB
Redirect Chain

https://c1.adform.net/serving/cookie/match/?party=1&google_gid=CAESEJdbxf0l5tnesLT2ZhcuP3U&google_cver=1&google_push=AXcoOmQ27aQ_-uXweVW53CKaRmPQfBqfpFpPfq8TVVc4Lrw_Swb8iCqWxQDBEQ_fAGAp73xn6xk9t82x...
https://c1.adform.net/serving/cookie/match/?CC=1&party=1&google_gid=CAESEJdbxf0l5tnesLT2ZhcuP3U&google_cver=1&google_push=AXcoOmQ27aQ_-uXweVW53CKaRmPQfBqfpFpPfq8TVVc4Lrw_Swb8iCqWxQDBEQ_fAGAp73xn6xk...
https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=NjU1MDkwMDA0NTM0NjM4NjQwOQ&google_push=AXcoOmQ27aQ_-uXweVW53CKaRmPQfBqfpFpPfq8TVVc4Lrw_Swb8iCqWxQDBEQ_fAGAp73xn6xk9t8...

170 B
188 B

28ms
28ms

Image
image/png

142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=NjU1MDkwMDA0NTM0NjM4NjQwOQ&google_push=AXcoOmQ27aQ_-uXweVW53CKaRmPQfBqfpFpPfq8TVVc4Lrw_Swb8iCqWxQDBEQ_fAGAp73xn6xk9t82xbXIAjPe_Co7aI34ZeWADnpU

Requested by

Protocol

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 07 Nov 2023 04:52:58 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Tue, 07 Nov 2023 04:52:58 GMT
strict-transport-security: max-age=31536000; includeSubDomains
server: nginx
accept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version
access-control-max-age: 86400
access-control-allow-methods: GET
location: https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=NjU1MDkwMDA0NTM0NjM4NjQwOQ&google_push=AXcoOmQ27aQ_-uXweVW53CKaRmPQfBqfpFpPfq8TVVc4Lrw_Swb8iCqWxQDBEQ_fAGAp73xn6xk9t82xbXIAjPe_Co7aI34ZeWADnpU
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
content-length: 0
expires: -1

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 0ABB
Redirect Chain

https://onetag-sys.com/match/?int_id=19&redir=1&google_gid=CAESEFdHJ9YOQ9OUm8rYcpF8OsA&google_cver=1&google_push=AXcoOmRcEb_j6pcgSvddC_baWbnMxKNC_eyOjLR5NWLOKgmi4W7FcuydLFhFdD_zNn8hqTXvx0YnxUHSYhP7...
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=AXcoOmRcEb_j6pcgSvddC_baWbnMxKNC_eyOjLR5NWLOKgmi4W7FcuydLFhFdD_zNn8hqTXvx0YnxUHSYhP71bcDHmDk4rdAntMCWRs

170 B
188 B

29ms
28ms

Image
image/png

142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=AXcoOmRcEb_j6pcgSvddC_baWbnMxKNC_eyOjLR5NWLOKgmi4W7FcuydLFhFdD_zNn8hqTXvx0YnxUHSYhP71bcDHmDk4rdAntMCWRs

Requested by

Protocol

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 07 Nov 2023 04:52:58 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=AXcoOmRcEb_j6pcgSvddC_baWbnMxKNC_eyOjLR5NWLOKgmi4W7FcuydLFhFdD_zNn8hqTXvx0YnxUHSYhP71bcDHmDk4rdAntMCWRs
strict-transport-security: max-age=15552000
cache-control: no-transform, no-cache
alt-svc: h3=":443"; ma=900, h3-29=":443"; ma=900
content-length: 0
p3p: CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame 0ABB 0
12 B 28ms
28ms Image
text/html 142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13JyQsFnpVISd3ZX6po6em8HV4ZRJqXEpABtFZu_NhH1saPp3KuitgIdrMBK45MERwtZRdBn

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Tue, 07 Nov 2023 04:52:58 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame D1EA 0
20 B 44ms
43ms Image
image/gif 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=44&t=2&bgai=BHrIWqcJJZaGvO93CjuwPiaup4AcAAAAAOAHgBAI&bg=!cHOlczzNAAb4oU7C2KE7ADQBe5WfOKZyIFe3lAgyh-ZsFMiPiDY1oYBUcCM9bph_89Sd98vat4q_IfkJOdkUT21p8FPjAgAAAKdSAAAAB2gBB5kDLr-4jch4MXn4glfIMYo74sqKtErer_BNbqSv3gZgK9v9U5jbanl10X0C4u57LwM3hp3FOP7AgwTTFs02vBbWTx-KTvBSa8OYM76W-VRfvuMwKA3rmqrssHFfaI2BHczrfP8GFux9Jm-7Up-UWEJGHePue9ysJyl0oZQPx8FKYVbjUBjQf3ii3SRM-JjuAJUDE97wwOd5vsFqA3r9_YR8bzKDGKBI4Y0kGeaTBPw1WZqgxFRGP9InMLOJjJJmJgv3ZqScWs6ByE7mArtDs_llOEAGzS0ciI8aXvW8kL5e7KmQrFiCMUx1ciu3LrZFpRzgPyrAL9TIHOdAT66kWlaTCy1sPw58sYXQqnXODvGl2a-ARRIJUllqeA9sV539RppB7mW-8S1VRAazbVFOY8pG0-NSRTG-MDOR8ngWjQdtru-LuMJ9iCyXaVQXLJvg2cPXIisVklRA0yE4XS8k5E3gDfnI7gHykZM6zIQ93SCMr0IfgHt36r2UG6L786nAh1WP4Fz1HawxcNtLqdbvEl-sAv1ticyX-313CEGFs7ZMUse1GKjEh0PgYKJLWFP66x9ZT2-7fzOgKCI05iYyQQYJ_SYfnGt2gn8z2CiHrSiiafsOYedRzC1Xk1J0ruEYvlWKW840SEb3sy1dbMoiwXxKajpqQOfDaARs4A7yAotbqcRTJiyg08q4QVzDC2SsjcMzFm3mFNcxxr8HLsUduQdXmFpvy9tD_qRWLPO5kk2vsJlCqgaHYArR8Ndj4QfRtCKKz9oFmt5gV0lL-jG3xJR45ZBHxeLnnxq_0rXFCgehodMeHsmYjiWztKZa1A9iBlZ7mg6cVWF8eH0T_YJa_Qnys8irvFYbpjl9CNNRyeDdmdmzkQOwZpDRyC8G1lccSLkTJAg46latxsjNvUglGoLLvpVhWizL6AzW7Kk4TGkvuj0QZiirdM-xFLjAME5uQQglyh9Y8UBAqw0n2EipobpatCYFUpocixhKrL5TdpDb64CdzXnIqDv5Mc_0yJG5KV0zBIdZn8vyKDb0G9GotA9M1JHwql3Ho0Zdk3oEcHmpG6yfiA2SAJaI4iu2kY_A4sU

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 07 Nov 2023 04:52:58 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ts.js Show response
cdn.retailads.net/ Frame A2C5 5 KB
5 KB 10ms
9ms Script
application/javascript 2a01:4f8:d0a:2321::2
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.retailads.net/ts.js
Requested by: Host: futalis.de
URL: https://futalis.de/htlp?utm_medium=affiliate&utm_source=retailads&utm_campaign=150337&ra_id=3277294884
Protocol: H2
Security: TLS 1.3, , CHACHA20_POLY1305
Server: 2a01:4f8:d0a:2321::2 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
Software: Apache /
Resource Hash: 525e7c89461afb3f73ea7030fbceba4f9e9383570159926acee637b4f86b8148

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://futalis.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Tue, 07 Nov 2023 04:52:58 GMT
last-modified: Wed, 05 Apr 2023 20:14:46 GMT
server: Apache
etag: "1416-5f89c717cdc2f"
content-type: application/javascript
xphp81: true
accept-ranges: bytes
content-length: 5142

GET
H2 200 ts.js Show response
cdn.retailads.net/ Frame 9432 5 KB
5 KB 11ms
9ms Script
application/javascript 2a01:4f8:d0a:2321::2
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.retailads.net/ts.js
Requested by: Host: futalis.de
URL: https://futalis.de/htlp?utm_medium=affiliate&utm_source=retailads&utm_campaign=150337&ra_id=3277294883
Protocol: H2
Security: TLS 1.3, , CHACHA20_POLY1305
Server: 2a01:4f8:d0a:2321::2 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
Software: Apache /
Resource Hash: 525e7c89461afb3f73ea7030fbceba4f9e9383570159926acee637b4f86b8148

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://futalis.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Tue, 07 Nov 2023 04:52:58 GMT
last-modified: Wed, 05 Apr 2023 20:14:46 GMT
server: Apache
etag: "1416-5f89c717cdc2f"
content-type: application/javascript
xphp81: true
accept-ranges: bytes
content-length: 5142

GET
H2

200

/
r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/ Frame 57D6
Redirect Chain

https://ad.turn.com/r/cs?pid=3&google_gid=CAESEP_S06BOrPFZMi4LOz8jhPU&google_cver=1&google_push=AXcoOmS-A3axsDVPPmdkO7ktJXqDtE6AUV1PUpi8K-2A0GyNbZK7cml4_5t8yJ8xpV4zVYr1x8ay-Hd2bMPhPogiUj2el6lw0v5tm...
https://cm.g.doubleclick.net/pixel?google_nid=turn1&google_cm&google_sc&google_hm=MjM0NTEzNjYyMTkxNTkwNjU4OQ==&gdpr=&gdpr_consent=
https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?gdpr=&gdpr_consent=&google_gid=CAESEP_S06BOrPFZMi4LOz8jhPU&google_cver=1

43 B
398 B

15ms
14ms

Image
image/gif

46.228.164.11
AMOBEE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?gdpr=&gdpr_consent=&google_gid=CAESEP_S06BOrPFZMi4LOz8jhPU&google_cver=1
Protocol: H2
Server: 46.228.164.11 , United Kingdom, ASN56396 (AMOBEE, GB),
Reverse DNS
Software: /
Resource Hash: 48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

content-type: image/gif
pragma: no-cache
date: Tue, 07 Nov 2023 04:52:57 GMT
cache-control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
content-length: 43
p3p: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"

Redirect headers

pragma: no-cache
date: Tue, 07 Nov 2023 04:52:58 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?gdpr=&gdpr_consent=&google_gid=CAESEP_S06BOrPFZMi4LOz8jhPU&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 329
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 57D6
Redirect Chain

https://um.simpli.fi/gp_match?google_gid=CAESEFb77Bf17_6QTQE773jXNTc&google_cver=1&google_push=AXcoOmRBea2oXaMlsfaK5c0QrVt0adNzFXt_Lmu6kboZC0-bEk0ZMB4SdX7Z6K74Im2XApap9yMomIV1hEDUoExnzASCbtxuvJrsYd...
https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=E94727EBEFEB40AA8C3E9B854B22A05F&google_push=AXcoOmRBea2oXaMlsfaK5c0QrVt0adNzFXt_Lmu6kboZC0-bEk0ZMB4SdX7Z6K74Im2XApap9yMomIV1hEDUoEx...

170 B
188 B

29ms
29ms

Image
image/png

142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=E94727EBEFEB40AA8C3E9B854B22A05F&google_push=AXcoOmRBea2oXaMlsfaK5c0QrVt0adNzFXt_Lmu6kboZC0-bEk0ZMB4SdX7Z6K74Im2XApap9yMomIV1hEDUoExnzASCbtxuvJrsYdwPY5ikviPtmBGPsrcRqhxwE8Flq31nU7WvrsT11qrL_PE3k8w_Ns5rusU

Requested by

Protocol

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 07 Nov 2023 04:52:58 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Tue, 07 Nov 2023 04:52:58 GMT
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-content-type-options: nosniff
server: openresty
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/html
location: https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=E94727EBEFEB40AA8C3E9B854B22A05F&google_push=AXcoOmRBea2oXaMlsfaK5c0QrVt0adNzFXt_Lmu6kboZC0-bEk0ZMB4SdX7Z6K74Im2XApap9yMomIV1hEDUoExnzASCbtxuvJrsYdwPY5ikviPtmBGPsrcRqhxwE8Flq31nU7WvrsT11qrL_PE3k8w_Ns5rusU
access-control-allow-origin: *
cache-control: no-cache
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length: 142
expires: Mon, 06 Nov 2023 04:52:58 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 57D6
Redirect Chain

https://ads.travelaudience.com/google_pixel?google_gid=CAESED5Ma7WUENxeBVyBBXQZsro&google_cver=1&google_push=AXcoOmTikTTywe3E-rSUVJJ9J6vGADi3TGINul1kLLJFcc60DUW-WjA8Yi5WZjKsNnnSvm_0URZmmMsSCxslmYnD...
https://cm.g.doubleclick.net/pixel?google_nid=ta&google_hm=oxODYkbVT1ogvqb_TKqjSA&google_push=AXcoOmTikTTywe3E-rSUVJJ9J6vGADi3TGINul1kLLJFcc60DUW-WjA8Yi5WZjKsNnnSvm_0URZmmMsSCxslmYnD4a7GI6G3ZRjedOM...

170 B
188 B

28ms
28ms

Image
image/png

142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=ta&google_hm=oxODYkbVT1ogvqb_TKqjSA&google_push=AXcoOmTikTTywe3E-rSUVJJ9J6vGADi3TGINul1kLLJFcc60DUW-WjA8Yi5WZjKsNnnSvm_0URZmmMsSCxslmYnD4a7GI6G3ZRjedOMqqA9UmI9LrN7nTBhjpG5vi6p2whT74eR6ASrhNrTRM0gRR1eI4UVqbxQ

Requested by

Protocol

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 07 Nov 2023 04:52:58 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Tue, 07 Nov 2023 04:52:58 GMT
via: 1.1 google
x-engine-version: 0.0.0
server: nginx/1.21.6
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR LAW CUR DEV PSA PSD IVA OUR BUS UNI COM NAV INT CNT LOC"
location: https://cm.g.doubleclick.net/pixel?google_nid=ta&google_hm=oxODYkbVT1ogvqb_TKqjSA&google_push=AXcoOmTikTTywe3E-rSUVJJ9J6vGADi3TGINul1kLLJFcc60DUW-WjA8Yi5WZjKsNnnSvm_0URZmmMsSCxslmYnD4a7GI6G3ZRjedOMqqA9UmI9LrN7nTBhjpG5vi6p2whT74eR6ASrhNrTRM0gRR1eI4UVqbxQ
x-host: tde-deliveryengine-production-bb588bf9-zp7gw
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H2 200 sync
x.bidswitch.net/ Frame 57D6 43 B
146 B 39ms
7ms Image
image/gif 3.65.104.224
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://x.bidswitch.net/sync?ssp=google&google_gid=CAESELpBvZkPPt8lOMu5nw1uNy8&google_cver=1&google_push=AXcoOmQOlX_Lifb3Vn6je9NaTrEuJulXz1d4FwPI8EE3kKFY39GNLYpbWbEWEOVBxAzh1AAOrYg81tGbvnRMD58jcuaWgwQR_Cv0Q0GadzrunslILJESVIavFvYJM-oVidRa-TgxmLL_7nFLky6Das6t27iyKnY
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9005940812336387&output=html&h=90&adk=3276878225&adf=3959326066&pi=t.aa~a.1462100283~rp.4&w=1200&fwrn=4&fwrnh=100&lmt=1699244572&rafmt=1&to=qs&pwprc=8733112097&format=1200x90&url=https%3A%2F%2Fzobi.pw%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1699332777235&bpp=1&bdt=1278&idt=-M&shv=r20231102&mjsv=m202311020101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D1420813f022afac5%3AT%3D1699332776%3ART%3D1699332776%3AS%3DALNI_MYSCxAC-onTTakmK6gLqxYWxD8nsw&gpic=UID%3D00000cb74907bc80%3AT%3D1699332776%3ART%3D1699332776%3AS%3DALNI_Mb00tq47dWSQdH0uUg5QeUo3eYbkw&prev_fmts=0x0%2C1200x280&nras=2&correlator=478525774591&frm=20&pv=1&ga_vid=176559181.1699332776&ga_sid=1699332776&ga_hid=70829529&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=1605&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C31079296%2C31079402%2C44807047%2C44807454%2C44807464%2C31078301&oid=2&psts=AOrYGskejcUVOFrBvqPKf7nqU8J421tGcb5auGFrJHJiW-3KcUrSYE3R5L1XbsMcfUkx17K1ZcPe5MdHVNqrIx3a-fWLASyT&pvsid=3306344477282987&tmod=933844701&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=3&uci=a!3&btvi=1&fsb=1&xpc=EEHRQVsWBU&p=https%3A//zobi.pw&dtd=6
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.65.104.224 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-65-104-224.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Tue, 07 Nov 2023 04:52:58 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 43
content-type: image/gif

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 57D6
Redirect Chain

https://pr-bh.ybp.yahoo.com/sync/adx?google_gid=CAESELmkW72EQ2c2IBT-sd4RE4M&google_cver=1&google_push=AXcoOmQ8c9gX8niOezMkgWWhofpFveIOZUgxV6Ect2H8hziXO3AtqPUw_EOb8JWk6CQ8zzmtvFA_IsMWG_op5nsXy6-fNtw...
https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=AXcoOmQ8c9gX8niOezMkgWWhofpFveIOZUgxV6Ect2H8hziXO3AtqPUw_EOb8JWk6CQ8zzmtvFA_IsMWG_op5nsXy6-fNtwXqTT63lBrmxWYrH6KdaSst191ylhEIReIPfmpf...

170 B
188 B

30ms
29ms

Image
image/png

142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=AXcoOmQ8c9gX8niOezMkgWWhofpFveIOZUgxV6Ect2H8hziXO3AtqPUw_EOb8JWk6CQ8zzmtvFA_IsMWG_op5nsXy6-fNtwXqTT63lBrmxWYrH6KdaSst191ylhEIReIPfmpfNYwBfTsC4agV3bT4uSxoQDJ5A&google_hm=eS1jM213WmdWRTJwRlZjQ1dzcXljcXFBcnRzYzZvcHpUSX5B

Requested by

Protocol

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 07 Nov 2023 04:52:58 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Tue, 07 Nov 2023 04:52:58 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
server: ATS
content-security-policy: sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
age: 0
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-frame-options: DENY
location: https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=AXcoOmQ8c9gX8niOezMkgWWhofpFveIOZUgxV6Ect2H8hziXO3AtqPUw_EOb8JWk6CQ8zzmtvFA_IsMWG_op5nsXy6-fNtwXqTT63lBrmxWYrH6KdaSst191ylhEIReIPfmpfNYwBfTsC4agV3bT4uSxoQDJ5A&google_hm=eS1jM213WmdWRTJwRlZjQ1dzcXljcXFBcnRzYzZvcHpUSX5B
content-length: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 57D6
Redirect Chain

https://c1.adform.net/serving/cookie/match/?party=1&google_gid=CAESEPdAfgezbRVpKaP4JLH0gD8&google_cver=1&google_push=AXcoOmS5QAJZIY-JVIVIOFWR5jEBb2cjzKfpggA0FBuwdCZdo6vVL2rx8JZI91fXRmeIEwhlwbpWqW34...
https://c1.adform.net/serving/cookie/match/?CC=1&party=1&google_gid=CAESEPdAfgezbRVpKaP4JLH0gD8&google_cver=1&google_push=AXcoOmS5QAJZIY-JVIVIOFWR5jEBb2cjzKfpggA0FBuwdCZdo6vVL2rx8JZI91fXRmeIEwhlwbp...
https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=Nzc2Mjg5MDAyNTk5NDU1ODY5MA&google_push=AXcoOmS5QAJZIY-JVIVIOFWR5jEBb2cjzKfpggA0FBuwdCZdo6vVL2rx8JZI91fXRmeIEwhlwbpWqW...

170 B
188 B

32ms
31ms

Image
image/png

142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=Nzc2Mjg5MDAyNTk5NDU1ODY5MA&google_push=AXcoOmS5QAJZIY-JVIVIOFWR5jEBb2cjzKfpggA0FBuwdCZdo6vVL2rx8JZI91fXRmeIEwhlwbpWqW34htk3E6uGReSHHaGYrHOboaqCnd-MjHK-iuLGhJsiTTyMT8MKWLS02nxADxlS5irMnIW1X1lAGIfzV1g

Requested by

Protocol

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 07 Nov 2023 04:52:58 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Tue, 07 Nov 2023 04:52:58 GMT
strict-transport-security: max-age=31536000; includeSubDomains
server: nginx
accept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version
access-control-max-age: 86400
access-control-allow-methods: GET
location: https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=Nzc2Mjg5MDAyNTk5NDU1ODY5MA&google_push=AXcoOmS5QAJZIY-JVIVIOFWR5jEBb2cjzKfpggA0FBuwdCZdo6vVL2rx8JZI91fXRmeIEwhlwbpWqW34htk3E6uGReSHHaGYrHOboaqCnd-MjHK-iuLGhJsiTTyMT8MKWLS02nxADxlS5irMnIW1X1lAGIfzV1g
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
content-length: 0
expires: -1

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 57D6
Redirect Chain

https://ius.ctnsnet.com/int/cm?exc=1&acc=crimtan_holdings_limited&google_gid=CAESED7d8aeoGD_4RSp8Dce70po&google_cver=1&google_push=AXcoOmTjQm5NnYq4U4y-_w5058MS1Gw0I-Unz8m1elE837OukuU_8ge7ACkV3wVeGA...
https://cm.g.doubleclick.net/pixel?google_nid=crimtan_holdings_limited&google_push=AXcoOmTjQm5NnYq4U4y-_w5058MS1Gw0I-Unz8m1elE837OukuU_8ge7ACkV3wVeGAZ4tA8n4_p9Yj7DOWDgH_RyFlRlhKbut6tCHeCskT6BNDX_q2...

170 B
188 B

29ms
28ms

Image
image/png

142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=crimtan_holdings_limited&google_push=AXcoOmTjQm5NnYq4U4y-_w5058MS1Gw0I-Unz8m1elE837OukuU_8ge7ACkV3wVeGAZ4tA8n4_p9Yj7DOWDgH_RyFlRlhKbut6tCHeCskT6BNDX_q284eOnRu5KIF_4B-QmBdKScH4JB72MSe5iYKYRxrlEeLJk&google_hm=ucByduQ4T3mzaTeOG7S8moU

Requested by

Protocol

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 07 Nov 2023 04:52:58 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Tue, 07 Nov 2023 04:52:58 GMT
via: 1.1 google
server: Apache-Coyote/1.1
p3p: CP="NOI DSP COR NID CUR OUR NOR"
status: 302
location: https://cm.g.doubleclick.net/pixel?google_nid=crimtan_holdings_limited&google_push=AXcoOmTjQm5NnYq4U4y-_w5058MS1Gw0I-Unz8m1elE837OukuU_8ge7ACkV3wVeGAZ4tA8n4_p9Yj7DOWDgH_RyFlRlhKbut6tCHeCskT6BNDX_q284eOnRu5KIF_4B-QmBdKScH4JB72MSe5iYKYRxrlEeLJk&google_hm=ucByduQ4T3mzaTeOG7S8moU
content-type: text/html;charset=UTF-8
cache-control: no-cache, must-revalidate
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 1; mode=block
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame 57D6 0
12 B 27ms
27ms Image
text/html 142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13L3WAPVv7yrcvR6lQHAIOvPGk4PWX_i_F5LCquvfXlQgCjyTrZuneRYnC8ycepvZ_bdeplPNw

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Tue, 07 Nov 2023 04:52:58 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H/1.1 200
OK viewability Show response
hal900021.redintelligence.net/ Frame 6C06 0
150 B 34ms
12ms Script
text/html 144.76.238.55
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal900021.redintelligence.net/viewability?s=65431600010064204444550012501021&a=ed74182e&vb=m
Requested by: Host: hal900021.redintelligence.net
URL: https://hal900021.redintelligence.net/request_content.php?s=65431600010064204444550012501021&a=465930d8
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 144.76.238.55 Nuremberg, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.55.238.76.144.clients.your-server.de
Software: Apache /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal900021.redintelligence.net/request_content.php?s=65431600010064204444550012501021&a=465930d8
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

Date: Tue, 07 Nov 2023 04:52:58 GMT
Server: Apache
Connection: close
Content-Length: 0
Content-Type: text/html; charset=UTF-8

GET
H/1.1 200
OK viewability Show response
hal900016.redintelligence.net/ Frame 7A7A 0
150 B 36ms
12ms Script
text/html 138.201.220.30
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal900016.redintelligence.net/viewability?s=88756100008870204444550012501016&a=38f47e77&vb=m
Requested by: Host: hal900016.redintelligence.net
URL: https://hal900016.redintelligence.net/request_content.php?s=88756100008870204444550012501016&a=941daffc
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.220.30 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.30.220.201.138.clients.your-server.de
Software: Apache /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal900016.redintelligence.net/request_content.php?s=88756100008870204444550012501016&a=941daffc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

Date: Tue, 07 Nov 2023 04:52:58 GMT
Server: Apache
Connection: close
Content-Length: 0
Content-Type: text/html; charset=UTF-8

GET
H2 200 pvClk.min.js Show response
analytics.webgains.io/ Frame F3F7 53 KB
19 KB 89ms
18ms Script
application/javascript 18.66.147.98
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.webgains.io/pvClk.min.js
Requested by: Host: track.webgains.com
URL: https://track.webgains.com/link.html?wglinkid=2513135&wgcampaignid=99582&js=1&viewref=65431600010064204444550012501021&nw=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.147.98 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-147-98.fra60.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 75b11328827bb635b369ee1f4c8e9dad82b7b609d5bfc736d8ce1994a6f4c03b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Mon, 06 Nov 2023 18:38:11 GMT
content-encoding: gzip
via: 1.1 da392114e7046bd9720a70f40c796f62.cloudfront.net (CloudFront)
last-modified: Wed, 01 Nov 2023 16:51:16 GMT
server: AmazonS3
x-amz-cf-pop: FRA60-P4
age: 36888
x-amz-server-side-encryption: AES256
etag: W/"5d5bc5942e2e0a61b44429bb852bdc91"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
x-amz-cf-id: YJYaKIitgZr3sMWqZ6dxigoUoiN5f9gLVZUeuQ0avToYk0K9l_WszQ==

GET
H2 200 1x1.png
cdn.track.production.webgains.team/7121/ Frame F3F7 3 KB
3 KB 32ms
7ms Image
image/png 99.86.4.94
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.track.production.webgains.team/7121/1x1.png?Expires=1699333078&Signature=PVV0j4x38bcoY9-Hv1MU4Kzoq6ucRF2OlZKjBo-GRr-xaLR3Rwjj5ZF~xwZ4-ByGCJT5j-ZXztUQVger3OqmC9DVogc-HMeSrKk5bPVkmH-Qsefs205WsuumXh3p4E2ykVXyQ7Z0XpY3S-pNcFp0dGBVn~Yx7K2L8jynQYDedAq1KhE~Iga9O5KEZsyqj~KFaLYUN6~qR0jiyzJ6ZlSPaT1p7sRBLrxC93JSnOpy~LhiUy-J6~Dh6VUx8C9G93h9wDyeCSFJBm6Z495SuAeJoiRc0p7ApnAS41bxIBbyby7d0uIdQ2ppzoc-aKT359JgnNefWqA6M496iFaLdLpWwg__&Key-Pair-Id=K28VXAGA7VWE0O
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9005940812336387&output=html&h=90&adk=3436455706&adf=1853938316&pi=t.aa~a.425326084~rp.1&w=1200&fwrn=4&fwrnh=100&lmt=1699244572&rafmt=1&to=qs&pwprc=8733112097&format=1200x90&url=https%3A%2F%2Fzobi.pw%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1699332777235&bpp=1&bdt=1278&idt=1&shv=r20231102&mjsv=m202311020101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D1420813f022afac5%3AT%3D1699332776%3ART%3D1699332776%3AS%3DALNI_MYSCxAC-onTTakmK6gLqxYWxD8nsw&gpic=UID%3D00000cb74907bc80%3AT%3D1699332776%3ART%3D1699332776%3AS%3DALNI_Mb00tq47dWSQdH0uUg5QeUo3eYbkw&prev_fmts=0x0%2C1200x280%2C1200x90&nras=3&correlator=478525774591&frm=20&pv=1&ga_vid=176559181.1699332776&ga_sid=1699332776&ga_hid=70829529&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=1721&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C31079296%2C31079402%2C44807047%2C44807454%2C44807464%2C31078301&oid=2&psts=AOrYGskejcUVOFrBvqPKf7nqU8J421tGcb5auGFrJHJiW-3KcUrSYE3R5L1XbsMcfUkx17K1ZcPe5MdHVNqrIx3a-fWLASyT&pvsid=3306344477282987&tmod=933844701&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=4&uci=a!4&btvi=2&fsb=1&xpc=vJC33qhC8p&p=https%3A//zobi.pw&dtd=9
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.86.4.94 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-86-4-94.fra6.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 232d3fbf590a584138bb563319747dbef0c9e41db91f19ff45d41e785a5f4f98

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

x-amz-version-id: null
date: Tue, 07 Nov 2023 02:05:43 GMT
via: 1.1 7ff386cc5735ee5d428e6d9e2fdc8b2c.cloudfront.net (CloudFront)
last-modified: Fri, 06 May 2022 11:40:06 GMT
server: AmazonS3
x-amz-cf-pop: FRA6-C1
age: 10036
etag: "4e57de0506fbdb487ffcd53b450caee1"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: image/png
accept-ranges: bytes
content-length: 2808
x-amz-cf-id: ONYDFciwHwPRR9Oz2LCwn4VYgLl6N7f_smOiqkXvwaCF4HYn_1Kxtg==

GET
H2 200 pvClk.min.js Show response
analytics.webgains.io/ Frame 5565 53 KB
19 KB 91ms
20ms Script
application/javascript 18.66.147.98
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.webgains.io/pvClk.min.js
Requested by: Host: track.webgains.com
URL: https://track.webgains.com/link.html?wglinkid=2513145&wgcampaignid=99582&js=1&viewref=88756100008870204444550012501016&nw=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.147.98 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-147-98.fra60.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 75b11328827bb635b369ee1f4c8e9dad82b7b609d5bfc736d8ce1994a6f4c03b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Mon, 06 Nov 2023 18:38:11 GMT
content-encoding: gzip
via: 1.1 da392114e7046bd9720a70f40c796f62.cloudfront.net (CloudFront)
last-modified: Wed, 01 Nov 2023 16:51:16 GMT
server: AmazonS3
x-amz-cf-pop: FRA60-P4
age: 36888
x-amz-server-side-encryption: AES256
etag: W/"5d5bc5942e2e0a61b44429bb852bdc91"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
x-amz-cf-id: 18BwkeTFYEU97xMmaH1J4hk4ejXLBCXjlXOpL42CUEHIKtE5VHwy3A==

GET
H2 200 1x1_0.png
cdn.track.production.webgains.team/7121/ Frame 5565 3 KB
3 KB 31ms
8ms Image
image/png 99.86.4.94
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.track.production.webgains.team/7121/1x1_0.png?Expires=1699333078&Signature=JjiEDFPSHcoBNB08PVH7uu03x8u-pAMqBPRjIFvt40L2h5lha-P4bMsVP8RAFwzjPDLPfab~jLlcj74b~sZ4kaEs~M6Ezy3U9bYHxHROUtUpgBpTTAnxkrPMqGm6RzdEBy06Yn6ML66Xiw24iFwu9lteIG0MYi1ja7gHiM0eS00D7E6kl-Foaketo04lhHwABTfZgx6TVtDKeh7jsgiIbzW5MGJJnpg~ERj2-mpvvaGlu9IWG3ybpbZJq6HgII6~RVhqVf3zVX7J3Ji6zD03tG~YdLj6pX4b5qVBR2zuU6O3r5DRF4qwB5fbnq8zu9nt2gkUx3Ys-ZAfW2uXfH4dpw__&Key-Pair-Id=K28VXAGA7VWE0O
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9005940812336387&output=html&h=90&adk=3276878225&adf=3959326066&pi=t.aa~a.1462100283~rp.4&w=1200&fwrn=4&fwrnh=100&lmt=1699244572&rafmt=1&to=qs&pwprc=8733112097&format=1200x90&url=https%3A%2F%2Fzobi.pw%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1699332777235&bpp=1&bdt=1278&idt=-M&shv=r20231102&mjsv=m202311020101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D1420813f022afac5%3AT%3D1699332776%3ART%3D1699332776%3AS%3DALNI_MYSCxAC-onTTakmK6gLqxYWxD8nsw&gpic=UID%3D00000cb74907bc80%3AT%3D1699332776%3ART%3D1699332776%3AS%3DALNI_Mb00tq47dWSQdH0uUg5QeUo3eYbkw&prev_fmts=0x0%2C1200x280&nras=2&correlator=478525774591&frm=20&pv=1&ga_vid=176559181.1699332776&ga_sid=1699332776&ga_hid=70829529&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=1605&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C31079296%2C31079402%2C44807047%2C44807454%2C44807464%2C31078301&oid=2&psts=AOrYGskejcUVOFrBvqPKf7nqU8J421tGcb5auGFrJHJiW-3KcUrSYE3R5L1XbsMcfUkx17K1ZcPe5MdHVNqrIx3a-fWLASyT&pvsid=3306344477282987&tmod=933844701&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=3&uci=a!3&btvi=1&fsb=1&xpc=EEHRQVsWBU&p=https%3A//zobi.pw&dtd=6
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.86.4.94 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-86-4-94.fra6.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 232d3fbf590a584138bb563319747dbef0c9e41db91f19ff45d41e785a5f4f98

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

x-amz-version-id: null
date: Tue, 07 Nov 2023 03:01:44 GMT
via: 1.1 7ff386cc5735ee5d428e6d9e2fdc8b2c.cloudfront.net (CloudFront)
last-modified: Fri, 06 May 2022 11:40:06 GMT
server: AmazonS3
x-amz-cf-pop: FRA6-C1
age: 6675
etag: "4e57de0506fbdb487ffcd53b450caee1"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: image/png
accept-ranges: bytes
content-length: 2808
x-amz-cf-id: 8kXi2S6rsVNfwcS-clV-0DU5lznxmEjSJ6XKm4Fz9q_hWlTk2VJajw==

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ Frame 5880 273 KB
91 KB 15ms
15ms Script
application/javascript 2a00:1450:4001:806::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-Q7C756EV6G&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-TBMT2SF

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

62ff884cf4dd1b7f333c0275b57b2827e12bddf44ff5d1c37e4e8ec70f5ce235

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://adv.office-partner.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Tue, 07 Nov 2023 04:52:58 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 92752
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Tue, 07 Nov 2023 04:52:58 GMT

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ Frame CE44 273 KB
91 KB 16ms
15ms Script
application/javascript 2a00:1450:4001:806::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-Q7C756EV6G&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-TBMT2SF

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

62ff884cf4dd1b7f333c0275b57b2827e12bddf44ff5d1c37e4e8ec70f5ce235

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://adv.office-partner.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Tue, 07 Nov 2023 04:52:58 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 92752
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Tue, 07 Nov 2023 04:52:58 GMT

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 16 KB
12 KB 20ms
20ms XHR
application/json 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20231102&st=env

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3b19bff2c3ff7b20ef1b16a81de5ffbbd8aefbdf014849deb4906323796a11cc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://zobi.pw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Tue, 07 Nov 2023 04:52:58 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 12237
x-xss-protection: 0

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
6 KB 28ms
28ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://zobi.pw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Tue, 07 Nov 2023 04:52:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Tue, 07 Nov 2023 04:52:58 GMT

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 6DC7 13 KB
5 KB 8ms
7ms Document
text/html 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://zobi.pw/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 24486
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Mon, 06 Nov 2023 22:04:52 GMT
expires: Tue, 05 Nov 2024 22:04:52 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 aframe Show response
www.google.com/recaptcha/api2/ Frame FF47 829 B
560 B 19ms
18ms Document
text/html 2a00:1450:4001:80f::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

f7f4b4502d3e5526f0f78ad80804e1f610bb0745118fffa77ec81974720653cd

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-WgfmI4lf9FQnhhdGMXqX9g' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://zobi.pw/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=300
content-encoding: gzip
content-security-policy: script-src 'report-sample' 'nonce-WgfmI4lf9FQnhhdGMXqX9g' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Tue, 07 Nov 2023 04:52:58 GMT
expires: Tue, 07 Nov 2023 04:52:58 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H3 200 4WwaGfWzeDAeGvs0ZrtmWMJUG7fu6zGPBJzQt4duOkA.js Show response
pagead2.googlesyndication.com/bg/ Frame 6DC7 38 KB
15 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/4WwaGfWzeDAeGvs0ZrtmWMJUG7fu6zGPBJzQt4duOkA.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e16c1a19f5b378301e1afb3466bb6658c2541bb7eeeb318f049cd0b7876e3a40

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Mon, 06 Nov 2023 20:13:02 GMT
content-encoding: br
x-content-type-options: nosniff
age: 31196
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15096
x-xss-protection: 0
last-modified: Tue, 31 Oct 2023 13:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 05 Nov 2024 20:13:02 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame FF47 0
0 40ms
40ms Image
text/html 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gda_r20231102&jk=3306344477282987&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame 6DC7 0
10 B 6ms
6ms Image
text/plain 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?1fDi3Q
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Tue, 07 Nov 2023 04:52:58 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 9CF6 42 B
64 B 44ms
44ms Fetch
image/gif 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsvXVBbaA0Vi9H1dSKwxwotmwGI_jXyslKWOui_LUvZgK27URIhVETOgBS40SoYR8wVFDexQFDh6Y8EAfI4RMs_BOE-gjB5-sOOKZ1h0ffWCI4gGerQcuB289PPdPx2cTBE&sai=AMfl-YTQ7_X6sMok2dMDr8B0KSfKQ73Z8W3Z3mAILiV1_LFEwWGsMau2pHDswEzsvYwC9CZBiIhNAXvOYYE_KUMyS6YtBKOFo35-P2p243mm6Omfy_Qy5fijhuB-VFxsR5JHRjHokrFJ0NuNiV7Zwpfh&sig=Cg0ArKJSzO2wpIrBMMTFEAE&cid=CAQSTgDICaaNpUYM0hu_OqvkSC5BraIOs9ixjKqzulc7pQ8wNLLLXuZzyTURv_T-kOvgPAHoSFWmdo4zgOtH47K23Pj_DjTO-yazU2xYkxZRrBgB&id=lidar2&mcvt=1309&p=0,0,90,728&mtos=1059,1309,1309,1309,1309&tos=1059,250,0,0,0&v=20231106&bin=7&avms=nio&bs=0,0&mc=1&if=1&app=0&itpl=20&adk=2569712851&rs=2&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0%3D&vs=4&r=v&rst=1699332777363&rpt=750&met=ie&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 07 Nov 2023 04:52:59 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK viewability Show response
hal90006.redintelligence.net/ Frame B05C 0
150 B 33ms
12ms Script
text/html 138.201.63.164
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal90006.redintelligence.net/viewability?s=62868300009232104444550012501006&a=da8e10d0&vb=v
Requested by: Host: hal90006.redintelligence.net
URL: https://hal90006.redintelligence.net/request_content.php?s=62868300009232104444550012501006&a=6b823d86
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.63.164 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.164.63.201.138.clients.your-server.de
Software: Apache /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal90006.redintelligence.net/request_content.php?s=62868300009232104444550012501006&a=6b823d86
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

Date: Tue, 07 Nov 2023 04:52:59 GMT
Server: Apache
Connection: close
Content-Length: 0
Content-Type: text/html; charset=UTF-8

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 9CF6 0
20 B 40ms
40ms Ping
image/gif 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tler&ord=8119158531781&version=m202309260101&ct=77&x=1&cor=2157976085678389000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 07 Nov 2023 04:52:59 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 tracking-event Show response
api.webgains.io/ Frame F3F7 16 B
209 B 69ms
69ms Fetch
application/json 18.135.134.29
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://api.webgains.io/tracking-event

Requested by

Host: analytics.webgains.io
URL: https://analytics.webgains.io/pvClk.min.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

18.135.134.29 London, United Kingdom, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-18-135-134-29.eu-west-2.compute.amazonaws.com

Software

nginx / PHP/8.1.14

Resource Hash

c955e57777ec0d73639dca6748560d00aa5eb8e12f13ebb2ed9656add3908f97

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://googleads.g.doubleclick.net/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36
Content-Type: application/json

Response headers

date: Tue, 07 Nov 2023 04:52:59 GMT
x-content-type-options: nosniff
server: nginx
x-powered-by: PHP/8.1.14
content-type: application/json
access-control-allow-origin: *
cache-control: no-cache, private
x-xss-protection: 1; mode=block

OPTIONS
H2 204 tracking-event
api.webgains.io/ Frame 0
0 84ms
23ms Preflight 18.135.134.29
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://api.webgains.io/tracking-event
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.135.134.29 London, United Kingdom, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-135-134-29.eu-west-2.compute.amazonaws.com
Software: nginx /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://googleads.g.doubleclick.net
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

access-control-allow-headers: Authorization, Content-Type
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS
access-control-allow-origin: *
date: Tue, 07 Nov 2023 04:52:59 GMT
server: nginx

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ 0
0 44ms
43ms Image
text/html 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gda_r20231102&jk=3306344477282987&bg=!oaKlou3NAAb4oU7C2KE7ADQBe5WfOI0CmdDoFbrwwLp6hynIp6kmf2pnRxS1GtpXm7W57v8RsAXenJFNzwQokDN8bPxFAgAAADNSAAAABWgBB5kDAh_gJE3jC1H218LkbMhidLyNpILRUeEkZ1ZBMdC85lylSivWjqKzoZmuaqEljqsGsVD1SxPpkjB7yiqj7uL9NRMRPZYylV9PfeInKnuq3aZ6-HAiy3aKEPhm8_lFsF5mv-kLOx7z6Jlvyhj8Lq0heab_2W5iejfrJ5egPJm4w4VBMRmWzBRLJUdegwHzYDgNY9ZzJVlaG1aZuGHIaWTiVEYGLsppA8QBiQHUbRTN54RJVI6J6e4w-2gQb2boiEU53XCJ-gqVAnlV3zCD6ADZYGRA8n52_XOVmxKb9Gy4AG8smKqAu3-I6Kxi6OZneTpZiQxNqsr4NTwp8mD3VpLXTvlu5fSjzFtKwkIe0ixRABF6-FIAzjjxkw5uUXFYtW8FvIwg4wIwOy6n9S-3r77GmCkMIuXIxOdnH10n1WEIWXuMleoOQjiGhoG9mpO7w4l1D96TGGi_cvuf2LfesDk0TqfeB9pz3MSzlPioro15wcVHAFAkjJh3-iNRd8ysScSXD1YxtyYw-TuMHMTY7S3l-TnJgD0w1esEvhNYlxT4qU8oeUswY9zc0xI9E0Aga7WmlbyL-jgbH8bWosWPLYLPyjOdDVommoslvD3V5afiJyBbNO7UEkkKjxYd1vFyZjLMowly7bcc4YMEZ6Gu1EsxEYCOi6XaenxOA3TPqTamc0G-sYqmttIuZ_wEQ7VXY4VAotedaqphMzy2vgxSGnDdP4ZTATLq6Z-ZdNukbtep3NiqQSjpjJf4vhtdatABKYChmFKejQL3PLrcOoZuLqyisn1G6bGhWykZipBojfsRLAYFczGp4P5NIWxij-vBEB5BpkR9_dV5SjE-_uHphaPdUnpc03TCPw48DkHX-6uhXIpEN9OC6o16yOVn-ptTCocSWbZxwTb_OhrSyKW1tR3lTufmW1uAySMezOIY7nyZKFGQ4TH25E9tlR586HB5X6SCcIdloELY78CyScrfyylXnOmh_ED5jsvpcLMLJimu32tDNeeo0z24D_uuWEehL8dYzx4a
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://zobi.pw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

POST
H2 200 tracking-event Show response
api.webgains.io/ Frame 5565 16 B
209 B 77ms
77ms Fetch
application/json 18.135.134.29
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://api.webgains.io/tracking-event

Requested by

Host: analytics.webgains.io
URL: https://analytics.webgains.io/pvClk.min.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

18.135.134.29 London, United Kingdom, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-18-135-134-29.eu-west-2.compute.amazonaws.com

Software

nginx / PHP/8.1.14

Resource Hash

c955e57777ec0d73639dca6748560d00aa5eb8e12f13ebb2ed9656add3908f97

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://googleads.g.doubleclick.net/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36
Content-Type: application/json

Response headers

date: Tue, 07 Nov 2023 04:52:59 GMT
x-content-type-options: nosniff
server: nginx
x-powered-by: PHP/8.1.14
content-type: application/json
access-control-allow-origin: *
cache-control: no-cache, private
x-xss-protection: 1; mode=block

OPTIONS
H2 204 tracking-event
api.webgains.io/ Frame 0
0 68ms
21ms Preflight 18.135.134.29
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://api.webgains.io/tracking-event
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.135.134.29 London, United Kingdom, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-135-134-29.eu-west-2.compute.amazonaws.com
Software: nginx /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://googleads.g.doubleclick.net
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

access-control-allow-headers: Authorization, Content-Type
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS
access-control-allow-origin: *
date: Tue, 07 Nov 2023 04:52:59 GMT
server: nginx

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame F3F7 0
20 B 40ms
40ms Ping
image/gif 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tler&ord=4053147804013&version=m202309260101&ct=77&x=1&cor=9252786887650132000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 07 Nov 2023 04:52:59 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 5565 0
20 B 40ms
40ms Ping
image/gif 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tler&ord=7212069900434&version=m202309260101&ct=77&x=1&cor=1529534089303955700

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 07 Nov 2023 04:52:59 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Verdicts & Comments Add Verdict or Comment

88 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

36 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.zobi.pw/	1970-01-21 01:38:12	Name: _ga_S9JJ8V4PZ4 Value: GS1.1.1699332776.1.0.1699332776.0.0.0
.zobi.pw/	1970-01-21 01:38:12	Name: _ga Value: GA1.2.176559181.1699332776
.zobi.pw/	1970-01-20 16:03:39	Name: _gid Value: GA1.2.1814810197.1699332776
.zobi.pw/	1970-01-20 16:02:12	Name: _gat_gtag_UA_132860397_17 Value: 1
.zobi.pw/	1970-01-21 01:23:48	Name: __gads Value: ID=1420813f022afac5:T=1699332776:RT=1699332776:S=ALNI_MYSCxAC-onTTakmK6gLqxYWxD8nsw
.zobi.pw/	1970-01-21 01:23:48	Name: __gpi Value: UID=00000cb74907bc80:T=1699332776:RT=1699332776:S=ALNI_Mb00tq47dWSQdH0uUg5QeUo3eYbkw
.casalemedia.com/	1970-01-21 00:47:48	Name: CMID Value: ZUnCqT24OZVL2Lv-VuNplAAA
.casalemedia.com/	1970-01-20 18:11:48	Name: CMPS Value: 2180
.casalemedia.com/	1970-01-20 18:11:48	Name: CMPRO Value: 2180
.adnxs.com/	1970-01-20 18:11:48	Name: uuid2 Value: 8085865713931912959
.googleadservices.com/	1970-01-20 18:11:48	Name: ar_debug Value: 1
.doubleclick.net/	1970-01-20 16:02:16	Name: DSID Value: NO_DATA
.doubleclick.net/	1970-01-20 20:21:24	Name: APC Value: AfxxVi4Ravn0c8raDVoOuS5pzUPQ0ivPUPGqKZDn7kqXK9d2ucMTFA
.doubleclick.net/	1970-01-21 01:23:48	Name: IDE Value: AHWqTUk__8h0l1Qagkjzn3qiWlLtRu0OUqL0wmHeFwrj71xxNgKEOs33xct_G5y2U4w
.doubleclick.net/	1970-01-20 16:45:24	Name: ar_debug Value: 1
.redintelligence.net/	1970-01-20 18:11:48	Name: 8lcfmzhxc8d6_uid Value: 330d1b556eaf16e6
.adnxs.com/	1970-01-20 18:11:48	Name: anj Value: dTM7k!M41.D>6NRF']wIg2E?!qjI6w!@wnfH8K6pQK`!5=E<L5?%K>7TQ+/[8VL<3[n1>.U#g%ggM!C>liq$sq=OA%nugO%v4VB%nnSZ(s:9
.t23.intelliad.de/	1970-01-20 18:26:12	Name: iact Value: 0001173BC19B5F25289046A7310EBA01DB23
.t23.intelliad.de/	1970-01-20 18:26:12	Name: iaimp_42842 Value: 1699332778:42842:100:137:101:248:101:202311070452581217382fc4b99e65
pb.media01.eu/	1970-01-21 01:38:12	Name: DTU Value: AA41F3D59296C50A4A642C95719C6AAD
.retailads.net/	1970-01-20 16:45:24	Name: ppb2172 Value: 3277294884
.awin1.com/	1969-12-31 23:59:59	Name: AWSESS Value: 357526:3266505
.awin1.com/	1970-01-20 16:12:17	Name: awpv11601 Value: 113440\|1699332778\|859c2cc0-7d29-11ee-92fe-22394270969d
.futalis.de/	1970-01-20 17:28:36	Name: raSIDb Value: 3277294883
.w55c.net/	1970-01-21 01:32:27	Name: wfivefivec Value: hSMWro0i1R0e5c5
.ctnsnet.com/	1970-01-21 00:47:48	Name: gid_CAESED7d8aeoGD_4RSp8Dce70po Value: 1
.ctnsnet.com/	1970-01-21 00:47:48	Name: cid_b9c07276e4384f79b369378e1bb4bc9a Value: 1
.w55c.net/	1970-01-20 16:45:24	Name: matchgoogle Value: 5
.travelaudience.com/	1970-01-21 01:32:27	Name: _tracker Value: %7B%22UUID%22%3A%22A3138362-46D5-4F5A-20BE-A6FF4CAAA348%22%7D
.simpli.fi/	1970-01-21 00:49:15	Name: suid Value: 4DCF5E5EAE084CBEB434E40DD1B88B72
.office-partner.de/	1970-01-21 01:38:12	Name: source Value: {"webgains_webgains":{"timestamp":1699332778493,"clickCookie":false}}
.adform.net/	1970-01-20 16:45:24	Name: C Value: 1
.yahoo.com/	1970-01-21 00:48:10	Name: A3 Value: d=AQABBKrCSWUCEKVcHw808z_I0wYzoo6Xw-gFEgEBAQEUS2VTZQAAAAAA_eMAAA&S=AQAAAo0Lprf-CcBch0ttiWaCMkA
.adform.net/	1970-01-20 17:28:36	Name: uid Value: 6550900045346386409
.everesttech.net/	1970-01-21 00:47:48	Name: everest_g_v2 Value: g_surferid~ZUnCqgAB5n9GvAAU
.turn.com/	1970-01-20 20:21:24	Name: uid Value: 2849539780181402141

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ad.doubleclick.net
ad.turn.com
ads.travelaudience.com
adv.office-partner.de
analytics.webgains.io
api.webgains.io
c1.adform.net
cdn.retailads.net
cdn.track.production.webgains.team
cm.g.doubleclick.net
dis.criteo.com
dsum-sec.casalemedia.com
fonts.googleapis.com
fonts.gstatic.com
futalis.de
googleads.g.doubleclick.net
hal9000.redintelligence.net
hal900016.redintelligence.net
hal900021.redintelligence.net
hal90006.redintelligence.net
ib.adnxs.com
ius.ctnsnet.com
medialead.de
onetag-sys.com
pagead2.googlesyndication.com
partner.googleadservices.com
pb.media01.eu
pm.w55c.net
pr-bh.ybp.yahoo.com
pv.medialead.de
r.turn.com
region1.google-analytics.com
sync-tm.everesttech.net
sync.teads.tv
t23.intelliad.de
tpc.googlesyndication.com
track.webgains.com
um.simpli.fi
us-u.openx.net
www.awin1.com
www.google-analytics.com
www.google.com
www.googleadservices.com
www.googletagmanager.com
www.googletagservices.com
www.gstatic.com
x.bidswitch.net
zobi.cc
zobi.pw
138.201.220.30
138.201.63.116
138.201.63.164
142.250.184.194
142.250.186.66
142.250.186.70
144.76.238.55
145.239.193.130
151.101.66.49
172.64.151.101
178.250.1.9
18.135.134.29
18.169.160.74
18.66.147.98
185.89.210.212
2.16.97.41
2001:4860:4802:34::36
23.56.205.163
2606:4700:3030::6815:2c8b
2606:4700:3032::6815:53ee
2a00:1450:4001:801::200e
2a00:1450:4001:806::2008
2a00:1450:4001:80f::2002
2a00:1450:4001:80f::2004
2a00:1450:4001:813::2003
2a00:1450:4001:828::200a
2a00:1450:4001:829::2002
2a00:1450:4001:82b::2001
2a00:1450:4001:82f::2002
2a00:1450:4001:82f::2003
2a01:4f8:d0a:2321::2
2a05:d018:d29:3602:8ce9:e8fa:55bc:be2e
2a0b:4d07:101::1
3.124.138.165
3.65.104.224
35.186.193.173
35.190.0.66
35.204.74.118
35.244.159.8
37.157.6.237
46.228.164.11
49.12.22.42
51.89.9.251
52.57.124.150
88.198.250.30
94.23.99.218
99.86.4.94
041eec9b3e8b74ebc736c113cc42cf2882f64a4189945da55c4984e9610cbd82
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0cd950c13708ef9a32871614a97d2f950fb09971141a26794070612999ec77f3
0f7fd5c57e6092e3605461028d93e36f26a11a071e87ef19eeab5e85094cc89b
11be88cd01155bf4f02732db8a67cddd70f5dce55347db34752ffecc7e16c2a9
1448a00448d69661aa057e02d83a33bb973fe59ee2cb08f50bc6898ed3f8c48a
18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421
1dbd64f052acde6f95351d6461bb4dbf62566c9a0af47394a2da06d0d4cbb5c1
21176046b2177d00b97d4d1e37c477efa2456977f1f8a6e010daaa7feada1501
232d3fbf590a584138bb563319747dbef0c9e41db91f19ff45d41e785a5f4f98
23c40c20343a4c953107753e400eadfbedf035b3165b92503b15ac18e984b211
27dbdef3a4c368b67740973e49ab5d9f19896d01ad0af8386085f90a0c83c4b5
2b3001cef283f715e5e4e9816db751182ab92d89bcc961b6eff177792207aa71
2c7184068bd68053a8ea8ba44a7d3bfb93b60e433ed1963a0d83ef7b509bf679
2d0922bd18f06df3c7413fcd6a3f1c5ec9545b4b07b131e362f30df7275fc058
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363
3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5
328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7
3406487065a706dc2717d2eab5d5fb7a7230a664449a649dfe6375b3018bf575
355eaabb1ce766c94e89b56c3cd15dd287653a69e50e259bbe1b6298470ae15d
384179ee8fb1fd393558e28ea811532ea776e8cd69f9e94f379ddefb78948bd7
38cae8035587252fb011ce146f347d6a75d0551435230669028be4719cb48849
3b19bff2c3ff7b20ef1b16a81de5ffbbd8aefbdf014849deb4906323796a11cc
3d1080625d3030e88357b3ac9aa377dcec23f1b529c4ad03f7a9a435ccae04be
3e7006477780af18d8367d87281981dcce655e16db16691e196c36a045bee555
3fd59922fbd55bd99d24e8cb2df6d53c0ae9500d5fa028b286639a6d4cfe044b
40987e19d8f3e2e152b1c326ff85117fd2040b90a797d618598b9a6bd82cd564
41d2526e9c4595fc1fc747555bda18a041033a863a9b2ed180e7b5836918facd
435db380c9936c0970dcd3d9941eab6aec2fcf2a38c3e2b4e02d957e8e76bd1f
46fa5de9b7c6a4ffb299cbb9de38a9e69acfb52a7041ad35da7fa6858a85878d
484aa176883f72d1439f56b0b1ad097410945695697c6ced715aa7812ed86f19
48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4ca7a2bf57b8f60a37d94646e7e67ffda591d8816c58a054d8ff1cc4103ba902
4ceab23af1ef06b19ea4f0b703fe4cd99b513c0552d46aa28dcc8e67dca7f5be
4d45982f2dc34f36c9045ee46a75a1943666bb7fd64e103cac8c7429e7012840
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
525e7c89461afb3f73ea7030fbceba4f9e9383570159926acee637b4f86b8148
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
57ee13e57e8c0ce2dc46ef0b08d22265abf14c1fe04f2bd4ded7e4a6d9055cf7
582e283baa4cce4006055beb2eb8fe257c1ec5ef573a40f173b880636089e8cd
5865c86c17e2bfa0249e6b86635a1c50a37eb6fc54f9879fb96d523aeae8060f
5c4a713ee4250851232be9f9f68d41586be39b299528cfc7266e0b0e7e582e1b
5c93f77799d122fb5255ee24da285f9f228cc118cba11e6ceb2b6bda8cdf4164
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
626c65063bcb00fcc4574cffc418820fc209794a0519ec1e65931896c79a6ee1
62ff884cf4dd1b7f333c0275b57b2827e12bddf44ff5d1c37e4e8ec70f5ce235
63cb46d53f6b3b9160fbe0bcc8ca668630b6f6b6f68a4ac8124d0b1595f50127
66acd04a5e1770a0f2d59fcd18a5f120df65783d4420a633454de11a3c994b91
680baa5b8a123453459b1623966addb321b0b513a2fc6bcf97975ac4d53b9a49
6a67d82954e869f63863c01de1404e74d89722d7774b105176d253292b75b6aa
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
6c0bd41a591f67aa54215c9f9c1f0e86935d86b6546a0ba0bf9cebbed53a9ebc
75b11328827bb635b369ee1f4c8e9dad82b7b609d5bfc736d8ce1994a6f4c03b
7ac1e446f0593d8fcac6b0173f39f67aa556103ae5663835b5abcff31cef2dec
7e4b2c2de6bf762eca45aad9c2a60da4982464597e6dccc59443f84092e8bcc6
82dba1ba5cee747e5dc6cb2a4b5d37b0190a129c9d807300693e46c06951a60f
856b7619de4c8766e983a3f2bb0acad308d9c485a87c5bddda589834edb97e04
8625329d73c741c9367ed33e4503579cf99e389cf43b9c6af35867fdb6285465
875beba9aa7e34ac3455b1497f647718472d934b551283f69a440fe00f31c764
87cb3f981317ccf5ad632f64e531aa7da8d49571127cfa1f142483a085f89d82
8b1cd2613a5b066023f3aee22ea0cd501c2fb10eccaece8de94114f659c0d61f
8c87a06d5dc32c60636c8d34c0791a5576fc696aa8ed9705b2dc1dee05abc7a2
8edad86bbbb7acb03a1d9b205b744a381f5dfd5b8443c17355ace93dcef21a11
949928fed514092835ce57a89b81cd4906f85933b4608224ef0c4a2ba5278698
99027d866818f716d208569108a962ac72200197cae503efe5b6bf002bf4915b
9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062
9de550bd45b8d23cd530be2ccf5384aec9443f1d6dbb9a22c6de3e14b175f0f4
9fc1098a50e252dcf79c47a17a314ab2eb52c9b979d07afd8872f90ab2658fb9
9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120
a2b6b5e50730a60351d2012d1bea5bbff069786e2268062efb203a1762681af4
a5006670fbf92c880faae55f77a1a32f42cb0a814b0dc11ee87e5f148da662fe
aaac10b2ce11afe7261c349bb75e15638cdd166c2437b79942bbabf43135fa66
af2567361123be0002aa076022fba6e5dceae39d4716420332c7be88f9eb1148
afed0fad09801822c22eaf704f7c33f51c39d710ec5646fe4626c09f38e31c21
b019538234514166ec7665359d097403358f8a4c991901983922fb4d56989f1e
b06ab88119b3413dfb4618b37753905fb663acc2f9939e067f9267e3195d41df
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b6c6018b7794c3fcc22faf8ed1df785e498b9d1ac1689c9501aedec12da13341
bc9a55dee9d63794d1ed10f226353ff00b530fdfc65f7b014d64f9a8f0c29d12
bf5b911ce6645add415b3dbf40d50dc8cda426f38f5300525bf4793c4131b2c2
bfd4745fee7e2635754df4ff32e620ff7356b538283d881968cf48255db8eebc
bfef1759264ee1ff070033df8721daf99c8228952e56df3290ce78e99b941f25
c19b239dbd76e6baff2a23159223209040dc39989de867dc4b95dc7968da49ad
c4d7ccafc72e3cfb015ffb4eae17df010bd22696043e03d550c47034a797d8be
c955e57777ec0d73639dca6748560d00aa5eb8e12f13ebb2ed9656add3908f97
cddb42bd69440699ae8fe758dac4d5f52911fa67b2a7a637d5d1bcfa2d88b0d3
ce84a95c33252b1f36382e7f509f24932adff7bbf00bf252ceced0d976c4c504
d0e8821e889280c3b745b859e6b3971924723a4562bac65ba8aa0fe44bfc83b2
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
e16c1a19f5b378301e1afb3466bb6658c2541bb7eeeb318f049cd0b7876e3a40
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e60f40a8ea10c459128b30c2444c2709fa88324163dc9a77dc4fa0616c143e5e
e6d52f2fdb86710d9e3ad49d7746cae243e1e0c6f4270cbc05692bb8f41ba6ac
eb5326b1a810d23ff0f6f568bc0e8e8e90b13992b1f5232b61d863b671969922
eb66c7c9d097d5ba414230f422484c17fa6f37157d30e1ded2cc5f65a9667987
ee46bdadc83beb5e76bce18bc7cc3d169c7f0490901f6be96ec41ee2c14d3776
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
ef1b413ab73ff2c9c8508a4c2b154dd74146183a1a0f4b364ce1c216f8c7298a
f3cd5973b970209f09e9343865eea35789c7090d1d04a3c3620c3c30a122a11f
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
f7f4b4502d3e5526f0f78ad80804e1f610bb0745118fffa77ec81974720653cd
f8238cdd1cc6032f1c34cf7e559b55a936097f78cc8839628e5cc39a6fc3f390
fbc774cb96be46cab2c4f68a761ba7f4b5cfa0bd2d7a9487e1fbed4b60e547c5
fe216212f30a471bc63cc37f60198b2eb430fd5537580467ac9343df3b677527

zobi.pw Open in urlscan Pro 2606:4700:3030::6815:2c8b Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

201 Requests

88 %HTTPS

34 %IPv6

37 Domains

49 Subdomains

38 IPs

8 Countries

2735 kBTransfer

6352 kBSize

36 Cookies

0 Outgoing links

Page URL History

Redirected requests

201 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 5 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

zobi.pw Open in urlscan Pro
2606:4700:3030::6815:2c8b Public Scan

Screenshot
Live screenshot

Full Image

201
Requests

88 %
HTTPS

34 %
IPv6

37
Domains

49
Subdomains

38
IPs

8
Countries

2735 kB
Transfer

6352 kB
Size

36
Cookies

201 HTTP transactions
5 data transactions