fluxteam.net Open in urlscan Pro
170.187.189.97 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://fluxteam.net/android/checkpoint/start.php?HWID=b07d3da23fd4ef181241032b70eb589ef61b6b206856cf47825d304320d376...
Submission: On November 27 via manual (November 27th 2023, 9:29:47 pm UTC) from US — Scanned from DE

Summary HTTP 141 Redirects Behaviour Indicators

Summary

This website contacted 24 IPs in 5 countries across 17 domains to perform 141 HTTP transactions. The main IP is 170.187.189.97, located in Frankfurt am Main, Germany and belongs to AKAMAI-LINODE-AP Akamai Connected Cloud, SG. The main domain is fluxteam.net. The Cisco Umbrella rank of the primary domain is 291979.
TLS certificate: Issued by R3 on October 1st 2023. Valid for: 3 months.

This is the only time fluxteam.net was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1	170.187.189.97 170.187.189.97	63949 (AKAMAI-LI...) (AKAMAI-LINODE-AP Akamai Connected Cloud)
40	2a00:1450:400... 2a00:1450:4001:829::2002	15169 (GOOGLE) (GOOGLE)
2	2606:4700::68... 2606:4700::6811:190e	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	172.98.59.28 172.98.59.28	399647 (RUMBLE) (RUMBLE)
1	2a00:1450:400... 2a00:1450:4001:82a::200a	15169 (GOOGLE) (GOOGLE)
1	162.159.133.233 162.159.133.233	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a00:1450:400... 2a00:1450:4001:828::2003	15169 (GOOGLE) (GOOGLE)
10	2a00:1450:400... 2a00:1450:4001:808::2002	15169 (GOOGLE) (GOOGLE)
3	2a02:26f0:710... 2a02:26f0:7100::213:c6a8	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
2	2a00:1450:400... 2a00:1450:4001:830::200a	15169 (GOOGLE) (GOOGLE)
33	2a00:1450:400... 2a00:1450:4001:831::2006	15169 (GOOGLE) (GOOGLE)
17	2a00:1450:400... 2a00:1450:4001:806::2001	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:811::2002	15169 (GOOGLE) (GOOGLE)
1 1	35.171.0.218 35.171.0.218	14618 (AMAZON-AES) (AMAZON-AES)
1	2600:9000:244... 2600:9000:2440:4800:8:48e:53c0:93a1	16509 (AMAZON-02) (AMAZON-02)
1	2a00:1450:400... 2a00:1450:4001:828::2004	15169 (GOOGLE) (GOOGLE)
9 12	172.217.23.98 172.217.23.98	15169 (GOOGLE) (GOOGLE)
4 10	172.64.151.101 172.64.151.101	13335 (CLOUDFLAR...) (CLOUDFLARENET)
4 7	37.252.171.149 37.252.171.149	29990 (ASN-APPNEX) (ASN-APPNEX)
2	142.250.185.102 142.250.185.102	15169 (GOOGLE) (GOOGLE)
2	213.202.235.9 213.202.235.9	24961 (MYLOC-AS ...) (MYLOC-AS IP Backbone of myLoc managed IT AG)
4	172.217.18.2 172.217.18.2	15169 (GOOGLE) (GOOGLE)
1 2	52.19.196.31 52.19.196.31	16509 (AMAZON-02) (AMAZON-02)
1	142.250.184.194 142.250.184.194	15169 (GOOGLE) (GOOGLE)
141	24

1 170.187.189.97 (Frankfurt am Main, Germany)

ASN63949 (AKAMAI-LINODE-AP Akamai Connected Cloud, SG)
PTR: 170-187-189-97.akamai-compute.nexuspipe.com

fluxteam.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

40 2a00:1450:4001:829::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6811:190e (United States)

ASN13335 (CLOUDFLARENET, US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 172.98.59.28 (Canada)

ASN399647 (RUMBLE, CA)

rumble.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82a::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 162.159.133.233 (None, )

ASN13335 (CLOUDFLARENET, US)

cdn.discordapp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:828::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 2a00:1450:4001:808::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a02:26f0:7100::213:c6a8 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

ak2.rmbl.ws	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:830::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

imasdk.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

33 2a00:1450:4001:831::2006 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

s0.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

17 2a00:1450:4001:806::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:811::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.171.0.218 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-35-171-0-218.compute-1.amazonaws.com

pixel.adsafeprotected.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:2440:4800:8:48e:53c0:93a1 (United States)

ASN16509 (AMAZON-02, US)

static.adsafeprotected.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:828::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 172.217.23.98 (United States) 9 redirects

ASN15169 (GOOGLE, US)
PTR: mil04s23-in-f98.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 172.64.151.101 (United States) 4 redirects

ASN13335 (CLOUDFLARENET, US)

dsum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 37.252.171.149 (Frankfurt am Main, Germany) 4 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 984.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.185.102 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s49-in-f6.1e100.net

ad.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 213.202.235.9 (Düsseldorf, Germany)

ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE)

m.exactag.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 172.217.18.2 (United States)

ASN15169 (GOOGLE, US)
PTR: fra02s19-in-f2.1e100.net

googleads4.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.19.196.31 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-52-19-196-31.eu-west-1.compute.amazonaws.com

skydeutschland.demdex.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.184.194 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s11-in-f2.1e100.net

ade.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
58	googlesyndication.com pagead2.googlesyndication.com — Cisco Umbrella Rank: 97 tpc.googlesyndication.com — Cisco Umbrella Rank: 149 ade.googlesyndication.com — Cisco Umbrella Rank: 301	608 KB
33	2mdn.net s0.2mdn.net — Cisco Umbrella Rank: 300	9 MB
28	doubleclick.net 9 redirects googleads.g.doubleclick.net — Cisco Umbrella Rank: 33 cm.g.doubleclick.net — Cisco Umbrella Rank: 245 ad.doubleclick.net — Cisco Umbrella Rank: 154 googleads4.g.doubleclick.net — Cisco Umbrella Rank: 439	159 KB
10	casalemedia.com 4 redirects dsum-sec.casalemedia.com — Cisco Umbrella Rank: 625	4 KB
7	adnxs.com 4 redirects ib.adnxs.com — Cisco Umbrella Rank: 246	5 KB
3	googletagservices.com www.googletagservices.com — Cisco Umbrella Rank: 212	192 KB
3	rmbl.ws ak2.rmbl.ws	41 KB
3	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 31 imasdk.googleapis.com — Cisco Umbrella Rank: 447	368 KB
3	rumble.com rumble.com — Cisco Umbrella Rank: 23870	41 KB
2	demdex.net 1 redirects skydeutschland.demdex.net — Cisco Umbrella Rank: 131194	1 KB
2	exactag.com m.exactag.com — Cisco Umbrella Rank: 11905	1 KB
2	adsafeprotected.com 1 redirects pixel.adsafeprotected.com — Cisco Umbrella Rank: 736 static.adsafeprotected.com — Cisco Umbrella Rank: 587	705 B
2	cloudflare.com cdnjs.cloudflare.com — Cisco Umbrella Rank: 223	6 KB
1	google.com www.google.com — Cisco Umbrella Rank: 2	1 KB
1	gstatic.com fonts.gstatic.com	19 KB
1	discordapp.com cdn.discordapp.com — Cisco Umbrella Rank: 2888	998 KB
1	fluxteam.net fluxteam.net — Cisco Umbrella Rank: 291979	2 KB
141	17

	Domain	Requested by
40	pagead2.googlesyndication.com	fluxteam.net pagead2.googlesyndication.com imasdk.googleapis.com tpc.googlesyndication.com googleads.g.doubleclick.net s0.2mdn.net www.googletagservices.com
33	s0.2mdn.net	imasdk.googleapis.com fluxteam.net s0.2mdn.net
17	tpc.googlesyndication.com	pagead2.googlesyndication.com fluxteam.net tpc.googlesyndication.com s0.2mdn.net
12	cm.g.doubleclick.net	9 redirects googleads.g.doubleclick.net
10	dsum-sec.casalemedia.com	4 redirects googleads.g.doubleclick.net
10	googleads.g.doubleclick.net	pagead2.googlesyndication.com fluxteam.net
7	ib.adnxs.com	4 redirects googleads.g.doubleclick.net
4	googleads4.g.doubleclick.net	fluxteam.net
3	www.googletagservices.com	fluxteam.net
3	ak2.rmbl.ws	fluxteam.net
3	rumble.com	fluxteam.net rumble.com
2	skydeutschland.demdex.net	1 redirects googleads.g.doubleclick.net
2	m.exactag.com	googleads.g.doubleclick.net
2	ad.doubleclick.net	fluxteam.net
2	imasdk.googleapis.com	rumble.com imasdk.googleapis.com
2	cdnjs.cloudflare.com	fluxteam.net
1	ade.googlesyndication.com
1	www.google.com	tpc.googlesyndication.com
1	static.adsafeprotected.com	googleads.g.doubleclick.net
1	pixel.adsafeprotected.com	1 redirects
1	fonts.gstatic.com	fonts.googleapis.com
1	cdn.discordapp.com	fluxteam.net
1	fonts.googleapis.com	client
1	fluxteam.net
141	24

This site contains no links.

Subject Issuer	Validity	Valid
fluxteam.net R3	`2023-10-01` - `2023-12-30`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2023-10-23` - `2024-01-15`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2023-07-03` - `2024-07-02`	a year	crt.sh
*.rumble.com DigiCert TLS RSA SHA256 2020 CA1	`2022-11-12` - `2023-12-09`	a year	crt.sh
upload.video.google.com GTS CA 1C3	`2023-10-23` - `2024-01-15`	3 months	crt.sh
discordapp.com Cloudflare Inc ECC CA-3	`2023-10-20` - `2024-10-19`	a year	crt.sh
*.gstatic.com GTS CA 1C3	`2023-10-23` - `2024-01-15`	3 months	crt.sh
ak2.rmbl.ws R3	`2023-11-21` - `2024-02-19`	3 months	crt.sh
*.doubleclick.net GTS CA 1C3	`2023-10-23` - `2024-01-15`	3 months	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2023-10-23` - `2024-01-15`	3 months	crt.sh
www.google.com GTS CA 1C3	`2023-10-23` - `2024-01-15`	3 months	crt.sh
*.exactag.com Sectigo RSA Organization Validation Secure Server CA	`2023-04-03` - `2024-05-03`	a year	crt.sh

This page contains 24 frames:

Primary Page: https://fluxteam.net/android/checkpoint/start.php?HWID=b07d3da23fd4ef181241032b70eb589ef61b6b206856cf47825d304320d3768440c47c152a2432ebf708a603cedd8d96
Frame ID: 9FFFD6E92585D0C450B1F654E9A8779D
Requests: 20 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20190131/zrt_lookup_fy2021.html
Frame ID: DFDF013216774D9CF4EFB5A1DDFC7BB0
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3023841355550327&output=html&adk=1812271804&adf=3025194257&lmt=1701120581&plat=9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C41%3A32%2C42%3A32&plas=500x1080_l%7C404x1080_r&format=0x0&url=https%3A%2F%2Ffluxteam.net%2Fandroid%2Fcheckpoint%2Fstart.php%3FHWID%3Db07d3da23fd4ef181241032b70eb589ef61b6b206856cf47825d304320d3768440c47c152a2432ebf708a603cedd8d96&ea=0&pra=5&wgl=1&easpi=0&asro=0&asiscm=1&aslmt=0.4&asamt=-1&asedf=0&asefa=1&aseiel=1~2~4&ascmds=1&aslcwct=1&asacwct=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1701120581472&bpp=6&bdt=123&idt=245&shv=r20231109&mjsv=m202311090101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=7161379605993&frm=20&pv=2&ga_vid=1617446700.1701120582&ga_sid=1701120582&ga_hid=244174600&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44809317%2C31078301%2C44807764%2C44808149%2C44808284%2C44809056%2C44809071&oid=2&pvsid=1279570367545863&tmod=15611446&uas=0&nvt=1&fsapi=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=33792&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=1&uci=a!1&fsb=1&dtd=254
Frame ID: E976F0ECFE6F8B4C1C6C09AA36CAD48D
Requests: 1 HTTP requests in this frame

Frame: https://imasdk.googleapis.com/js/core/bridge3.605.0_en.html
Frame ID: FFD5DA972C7EEB883F138C4E11C7BA28
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js
Frame ID: BAA91991BE5A43276EFA1DEA39821F48
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_fy2021.html?fsb=1
Frame ID: A28B2BEB31FB95F85B7643EB9957C7E2
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_fy2021.html?fsb=1
Frame ID: CD5E61A460D760E8517228E2D6375F07
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_fy2021.html?fsb=1
Frame ID: A8AE82304C68F80EE13811ACEBEDA24D
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=COGKFRCp6RsY8rvx0wEwAQ&v=APEucNWEfCe8g_lAM6NCQhsgXjNC5MCTolKVFlEPsCBpUmZiS0sKIqVL0uIQR-h2A9wWUEETJaevBTOIRQxZS0knb-adQDSQ0eIakXg9IqXnlYWnVHgNAgorgmTQ9PbyPw_eUNqkkyTlmO5AtiUMVdMKzaOwCqrkEj-V4dB_Lfh6q_72OgVqNio
Frame ID: 3C986215D4C801987E10D71496D34EC5
Requests: 5 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/js/dv3.js
Frame ID: CC3A9F78F1CDC426154B6A0AA3F796BE
Requests: 19 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CL6Q0AIQ84-rhgMYn4Lo4gEwAQ&v=APEucNUC48ASFjOD6fI1LnKWrH1tCEA1zZvVCDYW2oXAIYU-7lFTsB56WBzoKEugGrW0qcXBXdRKAIQsrclmkwnhPupLiozZViD9ROyUC3qhGod1RVHIw4PS76ZCRAQXVBSidqQwUOnMFY068cyAeJQIaFLeNBcDO7D-jwkKoW3wyDwCHXtJsbc
Frame ID: DD9AFF59A93C342E150D30FF9CB889D9
Requests: 5 HTTP requests in this frame

Frame: https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_278.js
Frame ID: 3CF2589A7CCDC63BF58A0FC23A5BD291
Requests: 13 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=COWiHhDhjN4CGJbFnv0BMAE&v=APEucNX-LIBcLbHhO8BTWbykEAmp9WmxNxFd2BdSoYKDuaBby12XUSol42dcGSAaP7esnhOBnlEvgXD4t6hkCX5VEceaU1KWywiluTKTZmS3QyxvAFvDAiKSRjC9N4i_rLbRZL2c69ywinTmPgS_5ua3bO5c6zlZt_34ZYcs5kv3m3LOh9wjHRg
Frame ID: CECE40E207DEEACC8F063A51A9176D4A
Requests: 5 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/js/dv3.js
Frame ID: 2C47900EFB9EC1D00C2DE3521C7F332B
Requests: 21 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 7C88AF7F0C371442F9C9520DC9FB3770
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 65E3967EE53264953875BC6554994258
Requests: 2 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/62bHydCX.html
Frame ID: E8D0AC3F58D2357ED1CAD8C776120667
Requests: 3 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/12943809228921786815/index.html?e=69&leftOffset=0&topOffset=0&c=Tu5FJGBaiv&t=1&renderingType=2&ev=01_250
Frame ID: C1228A14B9BD54837BF6485C3E113B23
Requests: 12 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/62bHydCX.html
Frame ID: 049313ED7B189A9BA707CD85B64DEFC2
Requests: 3 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/8317705942888151156/index.html?e=69&leftOffset=0&topOffset=0&c=POtn6sijHx&t=1&renderingType=2&ev=01_250
Frame ID: F6184B4908D10DDD563F0D8CE1C91F44
Requests: 15 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/8660697951102249597/index.html?ev=01_250
Frame ID: CA2DE6E126AE5DD0E1DC31CF1A4DC34A
Requests: 6 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/62bHydCX.html
Frame ID: AE8926C999A94141385F7F318E0FF79E
Requests: 3 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/GOa2ZK97xVqw-WOSDw2lqG4V8l_qTiI5JNj0tnI6N88.js
Frame ID: F198640082CBCA272FC8E450E6352D59
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/GOa2ZK97xVqw-WOSDw2lqG4V8l_qTiI5JNj0tnI6N88.js
Frame ID: 91325419FDAACFEAA941150CC7DAA05F
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Fluxus | Start

Detected technologies

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

\.php(?:$|\?)

AppNexus (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.(?:net|com)

DoubleClick Campaign Manager (DCM) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

2mdn\.net

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/
2mdn\.net

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

Page Statistics

141
Requests

90 %
HTTPS

50 %
IPv6

17
Domains

24
Subdomains

24
IPs

5
Countries

11739 kB
Transfer

16319 kB
Size

17
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 43

https://pixel.adsafeprotected.com/rfw/st/1676726/76430589/skeleton.gif?gdpr=&gdpr_consent=&gdpr_pd=&bundleId=&ias_dspID=3&ias_campId=1014760199&ias_pubId=pub-3023841355550327&ias_chanId=1&ias_placementId=20761493732&bidurl=https://fluxteam.net/android/checkpoint/start.php&ias_dealId=&ias_xappb=&adsafe_par&ias_impId=v4~~ABAjH0i3Q14s5ymFFHEV0WAr-irm HTTP 302
https://static.adsafeprotected.com/skeleton.gif?gdpr=&gdpr_consent=&gdpr_pd=&bundleId=&ias_xappb=

Request Chain 52

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEHGKgcSFHMAdRGxucllz37M&google_cver=1

Request Chain 53

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZWUKRsxe5aw1o2r5.sQYjgAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEP9dZogzYItTFI1P6KiBS4A&google_cver=1&google_hm=2

Request Chain 54

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESEIVrT1ofQCJYRldChYCc5mg&google_cver=1

Request Chain 55

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NjAxOTc4NjMyMTc2MTM5NTQyMQ%3D%3D

Request Chain 59

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEP9dZogzYItTFI1P6KiBS4A&google_cver=1

Request Chain 60

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZWUKRsxe5aw1o2r5.sQYjgAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEP9dZogzYItTFI1P6KiBS4A&google_cver=1&google_hm=2

Request Chain 61

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESEHzjVwjItKff-OeUUfBmEAE&google_cver=1

Request Chain 62

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NjAxOTc4NjMyMTc2MTM5NTQyMQ%3D%3D

Request Chain 63

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEP9dZogzYItTFI1P6KiBS4A&google_cver=1

Request Chain 64

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZWUKRsxe5aw1o2r5.sQYjgAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEP9dZogzYItTFI1P6KiBS4A&google_cver=1&google_hm=2

Request Chain 65

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESEHzjVwjItKff-OeUUfBmEAE&google_cver=1

Request Chain 66

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NjAxOTc4NjMyMTc2MTM5NTQyMQ%3D%3D

Request Chain 103

https://skydeutschland.demdex.net/event?d_event=imp&d_bu=9532313&d_site=5842564&d_src=158980&d_adsrc=&d_creative=205036047&d_placement=380833143&d_campaign=30999372&d_bust=3915677105&gdpr=&gdpr_consent= HTTP 302
https://skydeutschland.demdex.net/firstevent?d_event=imp&d_bu=9532313&d_site=5842564&d_src=158980&d_adsrc=&d_creative=205036047&d_placement=380833143&d_campaign=30999372&d_bust=3915677105&gdpr=&gdpr_consent=

141 HTTP transactions
3 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request start.php Show response
fluxteam.net/android/checkpoint/ 5 KB
2 KB 220ms
170ms Document
text/html 170.187.189.97
AKAMAI-LINODE-AP ...

General

Check archive.org

Show headers Download Go to

Full URL: https://fluxteam.net/android/checkpoint/start.php?HWID=b07d3da23fd4ef181241032b70eb589ef61b6b206856cf47825d304320d3768440c47c152a2432ebf708a603cedd8d96
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 170.187.189.97 Frankfurt am Main, Germany, ASN63949 (AKAMAI-LINODE-AP Akamai Connected Cloud, SG),
Reverse DNS: 170-187-189-97.akamai-compute.nexuspipe.com
Software: Nexuspipe.com | DDoS Mitigation Cluster /
Resource Hash: 3dd29541a87ff854d017f7ec139faa4a05e3e732db089226951741ec7e5b3995

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: no-store, no-cache, must-revalidate
content-encoding: gzip
content-length: 1983
content-type: text/html; charset=UTF-8
date: Mon, 27 Nov 2023 21:29:41 GMT
expires: Thu, 19 Nov 1981 08:52:00 GMT
nexus-cache: BYPASS
nexus-node: GER
pragma: no-cache
server: Nexuspipe.com | DDoS Mitigation Cluster
vary: Accept-Encoding

GET
H2 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ 150 KB
52 KB 91ms
70ms Script
text/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-3023841355550327

Requested by

Host: fluxteam.net
URL: https://fluxteam.net/android/checkpoint/start.php?HWID=b07d3da23fd4ef181241032b70eb589ef61b6b206856cf47825d304320d3768440c47c152a2432ebf708a603cedd8d96

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f505d53d3f8bc8231c6cd9c9589a77cd72bb9cd2e51769b9f4a9738c71f14fc3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fluxteam.net/
Origin: https://fluxteam.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Mon, 27 Nov 2023 21:29:41 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 52821
x-xss-protection: 0
server: cafe
etag: 11504495633100748294
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Mon, 27 Nov 2023 21:29:41 GMT

GET
H2 200 aos.css
cdnjs.cloudflare.com/ajax/libs/aos/2.3.4/ 25 KB
2 KB 32ms
16ms Stylesheet
text/css 2606:4700::6811:190e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/aos/2.3.4/aos.css

Requested by

Host: fluxteam.net
URL: https://fluxteam.net/android/checkpoint/start.php?HWID=b07d3da23fd4ef181241032b70eb589ef61b6b206856cf47825d304320d3768440c47c152a2432ebf708a603cedd8d96

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:190e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1aa8845fd06e475aefe733d4e55b36a92fcd487975049c8172341827ac9cc03e

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://fluxteam.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Mon, 27 Nov 2023 21:29:41 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
age: 523682
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 1438
last-modified: Mon, 04 May 2020 16:05:49 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03d5d-65c5"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GpE9bKcFjWwjFsqsjvCfmc1v2jd%2BS53ZVsf2RuSrgI3soLYJ3mqnFi9YqiFGEvlxuAlT0lPW%2B6PLl0fYD0tY3QQr191WMEjupHxHLY%2FbHv%2FyD3LDOuCqcMykdtRmbPzb41yMOtG2WXpxtaGB8089lNMK"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 82cd77d188e64dbd-FRA
expires: Sat, 16 Nov 2024 21:29:41 GMT

GET
H2 200 aos.js Show response
cdnjs.cloudflare.com/ajax/libs/aos/2.3.4/ 14 KB
4 KB 34ms
18ms Script
application/javascript 2606:4700::6811:190e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/aos/2.3.4/aos.js

Requested by

Host: fluxteam.net
URL: https://fluxteam.net/android/checkpoint/start.php?HWID=b07d3da23fd4ef181241032b70eb589ef61b6b206856cf47825d304320d3768440c47c152a2432ebf708a603cedd8d96

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:190e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a5005b2e414770fd5ccb40bc221a12771966d02b5c1f9c89da48bd8e3811d377

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://fluxteam.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Mon, 27 Nov 2023 21:29:41 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
age: 530472
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 4109
last-modified: Mon, 04 May 2020 16:05:49 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03d5d-3962"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QbuKyQvH5FWh6yPNDy%2BN7Uen2otRxZXa3q5HESaFDBv3oDx3wT6nzaoYaP7E74wL0%2BjwbY8ZtfX1ofzy2nVttOwyiyGFq8UgrSjlu0RqpDbA1Pd3nF9k5mPk%2BKu%2F6WPcXnnWI%2Bmn1uNvgJjkSnGFxCmq"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 82cd77d188e94dbd-FRA
expires: Sat, 16 Nov 2024 21:29:41 GMT

GET
H2 200 / Show response
rumble.com/embedJS/u1x2dsw.v2cir3m/ 19 KB
8 KB 451ms
166ms Script
application/javascript 172.98.59.28
RUMBLE

General

Check archive.org

Show headers Download Go to

Full URL

https://rumble.com/embedJS/u1x2dsw.v2cir3m/?url=https%3A%2F%2Ffluxteam.net%2Fandroid%2Fcheckpoint%2Fstart.php%3FHWID%3Db07d3da23fd4ef181241032b70eb589ef61b6b206856cf47825d304320d3768440c47c152a2432ebf708a603cedd8d96&args=%5B%22play%22%2C%7B%22video%22%3A%22v2cir3m%22%2C%22div%22%3A%22rumble_v2cir3m%22%7D%5D

Requested by

Host: fluxteam.net
URL: https://fluxteam.net/android/checkpoint/start.php?HWID=b07d3da23fd4ef181241032b70eb589ef61b6b206856cf47825d304320d3768440c47c152a2432ebf708a603cedd8d96

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.98.59.28 , Canada, ASN399647 (RUMBLE, CA),

Reverse DNS

Software

nginx /

Resource Hash

ffaf211aeac8134c5e4b6a6e70dd3f0a0a5ec070c0d679d53aaaf5b101175370

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000;includeSubDomains;preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://fluxteam.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Mon, 27 Nov 2023 21:29:41 GMT
content-encoding: br
strict-transport-security: max-age=31536000;includeSubDomains;preload
server: nginx
vary: Accept-Encoding
content-type: application/javascript;charset=utf-8
cache-control: private,max-age=1
link: <https://rumble.com/v2f46mk-fluxus-android-get-key-2023.html>; rel="canonical"

GET
H2 200 css
fonts.googleapis.com/ 3 KB
1 KB 36ms
15ms Stylesheet
text/css 2a00:1450:4001:82a::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Open%20Sans

Requested by

Host: client
URL: about:client

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

4ddf6973fa3421cc10d8946187a761c0317632b66442c3d20c736024fba1029f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://fluxteam.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Mon, 27 Nov 2023 21:29:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Mon, 27 Nov 2023 20:04:59 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Mon, 27 Nov 2023 21:29:41 GMT

GET
H2 200 daniel-leone-g30P1zcOzXo-unsplash.png
cdn.discordapp.com/attachments/848525273451200532/878394085709328425/ 996 KB
998 KB 57ms
29ms Image
image/png 162.159.133.233
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.discordapp.com/attachments/848525273451200532/878394085709328425/daniel-leone-g30P1zcOzXo-unsplash.png
Requested by: Host: fluxteam.net
URL: https://fluxteam.net/android/checkpoint/start.php?HWID=b07d3da23fd4ef181241032b70eb589ef61b6b206856cf47825d304320d3768440c47c152a2432ebf708a603cedd8d96
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 162.159.133.233 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 18c7903520efbaf8382b51b5770b928889593eeab49be19d34c059b207b2e910

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://fluxteam.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Mon, 27 Nov 2023 21:29:41 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 1185793
alt-svc: h3=":443"; ma=86400
content-length: 1020286
last-modified: Fri, 20 Aug 2021 21:44:29 GMT
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=J0xi%2FYaxIIN5B3CXxbxWXlz9ciGGLksettEVFqWQ49%2FxfXOZyE18DwuOS986BaxmhenTQGuWJ2mEPKyu9oparAeu3zZNoRai5PwMBe3bkxCINKSttiOMuIyB8lpgoBjnnRSQxQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes, bytes
cf-ray: 82cd77d21bec383e-FRA
x-robots-tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp
expires: Tue, 26 Nov 2024 21:29:41 GMT

GET
H2 200 memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsjZ0B4gaVI.woff2
fonts.gstatic.com/s/opensans/v36/ 18 KB
19 KB 27ms
7ms Font
font/woff2 2a00:1450:4001:828::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v36/memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsjZ0B4gaVI.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Open%20Sans

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

441e23601fe7525a142857c98cbb2784997579d51a17f736d7964dceee609709

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://fluxteam.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Thu, 23 Nov 2023 18:17:36 GMT
x-content-type-options: nosniff
age: 357125
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 18664
x-xss-protection: 0
last-modified: Thu, 14 Sep 2023 01:36:18 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 22 Nov 2024 18:17:36 GMT

GET
H3 200 show_ads_impl_with_ama_fy2021.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202311090101/ 400 KB
135 KB 98ms
83ms Script
text/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202311090101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-3023841355550327&plah=fluxteam.net

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-3023841355550327

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

850497e1b99867acc781a4e5a16f8eeb2d6c24539346e55af96981a3d2e4b4bb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://fluxteam.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Mon, 27 Nov 2023 21:29:41 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 138524
x-xss-protection: 0
server: cafe
etag: 6166422544772709893
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Mon, 27 Nov 2023 21:29:41 GMT

GET
H2 200 zrt_lookup_fy2021.html Show response
googleads.g.doubleclick.net/pagead/html/r20231109/r20190131/ Frame DFDF 9 KB
4 KB 29ms
6ms Document
text/html 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20231109/r20190131/zrt_lookup_fy2021.html

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-3023841355550327

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

623c81b092a6116d4d60ff89b14803818efb0b9aebf6e4e2c50241e802f6e016

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fluxteam.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 18697
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4118
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 27 Nov 2023 16:18:04 GMT
etag: 16674218716276178799
expires: Mon, 11 Dec 2023 16:18:04 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame E976 241 KB
63 KB 825ms
824ms Document
text/html 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3023841355550327&output=html&adk=1812271804&adf=3025194257&lmt=1701120581&plat=9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C41%3A32%2C42%3A32&plas=500x1080_l%7C404x1080_r&format=0x0&url=https%3A%2F%2Ffluxteam.net%2Fandroid%2Fcheckpoint%2Fstart.php%3FHWID%3Db07d3da23fd4ef181241032b70eb589ef61b6b206856cf47825d304320d3768440c47c152a2432ebf708a603cedd8d96&ea=0&pra=5&wgl=1&easpi=0&asro=0&asiscm=1&aslmt=0.4&asamt=-1&asedf=0&asefa=1&aseiel=1~2~4&ascmds=1&aslcwct=1&asacwct=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1701120581472&bpp=6&bdt=123&idt=245&shv=r20231109&mjsv=m202311090101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=7161379605993&frm=20&pv=2&ga_vid=1617446700.1701120582&ga_sid=1701120582&ga_hid=244174600&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44809317%2C31078301%2C44807764%2C44808149%2C44808284%2C44809056%2C44809071&oid=2&pvsid=1279570367545863&tmod=15611446&uas=0&nvt=1&fsapi=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=33792&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=1&uci=a!1&fsb=1&dtd=254

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202311090101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-3023841355550327&plah=fluxteam.net

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

113dd76695ffd745ed2db133bfd22de4e9a2e924322f87fa8b8be5a9dfd2ba17

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fluxteam.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 64222
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 27 Nov 2023 21:29:42 GMT
expires: Mon, 27 Nov 2023 21:29:42 GMT
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 ui.r2.js Show response
rumble.com/j/p/ 94 KB
33 KB 155ms
155ms Script
application/javascript 172.98.59.28
RUMBLE

General

Check archive.org

Show headers Download Go to

Full URL

https://rumble.com/j/p/ui.r2.js?_v=533

Requested by

Host: rumble.com
URL: https://rumble.com/embedJS/u1x2dsw.v2cir3m/?url=https%3A%2F%2Ffluxteam.net%2Fandroid%2Fcheckpoint%2Fstart.php%3FHWID%3Db07d3da23fd4ef181241032b70eb589ef61b6b206856cf47825d304320d3768440c47c152a2432ebf708a603cedd8d96&args=%5B%22play%22%2C%7B%22video%22%3A%22v2cir3m%22%2C%22div%22%3A%22rumble_v2cir3m%22%7D%5D

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.98.59.28 , Canada, ASN399647 (RUMBLE, CA),

Reverse DNS

Software

nginx /

Resource Hash

404419307e8b5d448ba2ad4aa375f5d69cfc007c4a04610b4634d879ef3f2bd5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000;includeSubDomains;preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://fluxteam.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Mon, 27 Nov 2023 21:29:41 GMT
strict-transport-security: max-age=31536000;includeSubDomains;preload
content-encoding: br
last-modified: Wed, 22 Nov 2023 01:52:35 GMT
server: nginx
etag: W/"655d5ee3-17676"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
cache-control: public,max-age=31536000,immutable,stale-if-error=31536000,stale-while-revalidate=31536000

GET
H2 200 mglUi.qR4e.jpg
ak2.rmbl.ws/s8/6/m/g/l/U/ 41 KB
41 KB 66ms
15ms Image
image/jpeg 2a02:26f0:7100::213:c6a8
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ak2.rmbl.ws/s8/6/m/g/l/U/mglUi.qR4e.jpg

Requested by

Host: fluxteam.net
URL: https://fluxteam.net/android/checkpoint/start.php?HWID=b07d3da23fd4ef181241032b70eb589ef61b6b206856cf47825d304320d3768440c47c152a2432ebf708a603cedd8d96

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:7100::213:c6a8 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

c5d15e7e415db86a3a281c1c34b5a3f2a1c5fe4ab7654d683a44badefce285e5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000 ; includeSubDomains ; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://fluxteam.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Mon, 27 Nov 2023 21:29:41 GMT
strict-transport-security: max-age=31536000 ; includeSubDomains ; preload
last-modified: Tue, 28 Mar 2023 04:24:17 GMT
etag: "8978ffc93f677df8ffe32f37b4ea54c7"
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=5184000
accept-ranges: bytes
content-length: 42125

GET
H2 206 mglUi.caa.mp4
ak2.rmbl.ws/s8/2/m/g/l/U/ 887 KB
0 72ms
24ms Media
video/mp4 2a02:26f0:7100::213:c6a8
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://ak2.rmbl.ws/s8/2/m/g/l/U/mglUi.caa.mp4?u=0&b=0

Requested by

Host: fluxteam.net
URL: https://fluxteam.net/android/checkpoint/start.php?HWID=b07d3da23fd4ef181241032b70eb589ef61b6b206856cf47825d304320d3768440c47c152a2432ebf708a603cedd8d96

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:7100::213:c6a8 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000 ; includeSubDomains ; preload

Request headers

Referer: https://fluxteam.net/
Accept-Encoding: identity;q=1, *;q=0
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
Range: bytes=0-

Response headers

date: Mon, 27 Nov 2023 21:29:41 GMT
strict-transport-security: max-age=31536000 ; includeSubDomains ; preload
last-modified: Tue, 28 Mar 2023 04:23:53 GMT
etag: "5ddd0eedd75e2516a48e1544bcb110a8"
content-type: video/mp4
access-control-allow-origin: *
Content-Range: bytes 0-19674739/19674740
cache-control: max-age=5184000
accept-ranges: bytes
alt-svc: h3=":443"; ma=93600,h3-29=":443"; ma=93600,h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
Content-Length: 19674740

POST
H2 200 view...2cir3m.1gxyd4j
rumble.com/l/ 35 B
191 B 131ms
130ms Ping
image/gif 172.98.59.28
RUMBLE

General

Check archive.org

Show headers Download Go to

Full URL

https://rumble.com/l/view...2cir3m.1gxyd4j?p=2.3&r=122810291&ref=https%3A%2F%2Ffluxteam.net%2Fandroid%2Fcheckpoint%2Fstart.php%3FHWID%3Db07d3da23fd4ef181241032b70eb589ef61b6b206856cf47825d304320d3768440c47c152a2432ebf708a603cedd8d96&gt=2

Requested by

Host: rumble.com
URL: https://rumble.com/j/p/ui.r2.js?_v=533

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.98.59.28 , Canada, ASN399647 (RUMBLE, CA),

Reverse DNS

Software

nginx /

Resource Hash

90252ef0aa9e3d36c861bbeaa1bd57b7f855333edf2957ab9473838a52e2dd7f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000;includeSubDomains;preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://fluxteam.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

access-control-allow-origin: *
pragma: no-cache
date: Mon, 27 Nov 2023 21:29:42 GMT
strict-transport-security: max-age=31536000;includeSubDomains;preload
server: nginx
log-code: 3
content-type: image/gif

GET
H2 200 ima3.js Show response
imasdk.googleapis.com/js/sdkloader/ 365 KB
126 KB 130ms
77ms Script
text/javascript 2a00:1450:4001:830::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://imasdk.googleapis.com/js/sdkloader/ima3.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4a32283aaba0418ac1b0953af32fbe71948d43e7cdc08abeca552a9373809087

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://fluxteam.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Mon, 27 Nov 2023 21:29:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-doubleclick-instream-static"
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 128094
x-xss-protection: 0
expires: Mon, 27 Nov 2023 21:29:42 GMT

GET
H2 206 mglUi.Faa.mp4
ak2.rmbl.ws/s8/2/m/g/l/U/ 64 KB
0 28ms
28ms Media
video/mp4 2a02:26f0:7100::213:c6a8
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://ak2.rmbl.ws/s8/2/m/g/l/U/mglUi.Faa.mp4

Requested by

Host: fluxteam.net
URL: https://fluxteam.net/android/checkpoint/start.php?HWID=b07d3da23fd4ef181241032b70eb589ef61b6b206856cf47825d304320d3768440c47c152a2432ebf708a603cedd8d96

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:7100::213:c6a8 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000 ; includeSubDomains ; preload

Request headers

Referer: https://fluxteam.net/
Accept-Encoding: identity;q=1, *;q=0
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
Range: bytes=0-

Response headers

date: Mon, 27 Nov 2023 21:29:42 GMT
strict-transport-security: max-age=31536000 ; includeSubDomains ; preload
last-modified: Tue, 28 Mar 2023 04:16:56 GMT
etag: "8cd7fcc439739a6ef7413f8e5339508d"
content-type: video/mp4
access-control-allow-origin: *
Content-Range: bytes 0-365412/365413
cache-control: max-age=5184000
accept-ranges: bytes
Content-Length: 365413

GET
H2 200 bridge3.605.0_en.html Show response
imasdk.googleapis.com/js/core/ Frame FFD5 752 KB
241 KB 7ms
6ms Document
text/html 2a00:1450:4001:830::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://imasdk.googleapis.com/js/core/bridge3.605.0_en.html

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a2eacbd0a55e794d92e79a03b68c07f613a0ab710ffaffe5f1d12d67aac843a1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fluxteam.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 198985
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 246766
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="ads-doubleclick-instream-static"
cross-origin-resource-policy: cross-origin
date: Sat, 25 Nov 2023 14:13:17 GMT
expires: Sun, 24 Nov 2024 14:13:17 GMT
last-modified: Wed, 15 Nov 2023 19:11:18 GMT
report-to: {"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 client.js Show response
s0.2mdn.net/instream/video/ 44 KB
17 KB 108ms
60ms Script
text/javascript 2a00:1450:4001:831::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/instream/video/client.js

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d0bffc7261df1454c5e05475cda7d9e6647318dc6c3936767e1252bfe8849c54

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://fluxteam.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Mon, 27 Nov 2023 21:29:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
cache-control: private, max-age=900
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 16746
x-xss-protection: 0
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Mon, 27 Nov 2023 21:29:42 GMT

GET
H3 200 omweb-v1.js Show response
pagead2.googlesyndication.com/omsdk/releases/live/ Frame BAA9 40 KB
14 KB 17ms
17ms Script
text/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6300f448d738e70ac11f0140df0b3ce91a2de9e0da7fdf09d32d28031600ba51

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Mon, 27 Nov 2023 20:58:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1848
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/omsdk-team-release-policy
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13893
x-xss-protection: 0
last-modified: Wed, 09 Aug 2023 15:57:08 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="omsdk-team-release-policy"
vary: Accept-Encoding
report-to: {"group":"omsdk-team-release-policy","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/omsdk-team-release-policy"}]}
content-type: text/javascript
cache-control: public, max-age=3600
accept-ranges: bytes
expires: Mon, 27 Nov 2023 21:58:54 GMT

GET
H2 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 16 KB
12 KB 58ms
58ms XHR
application/json 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20231109&st=env

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b0d78b4059c31304138a8cc6eebd3e8c92c3c8c3cec807bbc678a1392851de2b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://fluxteam.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Mon, 27 Nov 2023 21:29:42 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 12531
x-xss-protection: 0

GET
H3 200 reactive_library_fy2021.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202311090101/ 160 KB
55 KB 66ms
66ms Script
text/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202311090101/reactive_library_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c6b461e28398566c5400381c27546e3c6d5e6ea790d53afa6ac2c64148772ac9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://fluxteam.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Mon, 27 Nov 2023 21:29:42 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 55796
x-xss-protection: 0
server: cafe
etag: 1094707591277047806
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=1209600
timing-allow-origin: *
expires: Mon, 27 Nov 2023 21:29:42 GMT

GET
H2 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
7 KB 77ms
35ms Script
text/javascript 2a00:1450:4001:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://fluxteam.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Mon, 27 Nov 2023 21:29:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Mon, 27 Nov 2023 21:29:42 GMT

GET
H3 200 zrt_lookup_fy2021.html Show response
googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/ Frame A28B 9 KB
4 KB 7ms
7ms Document
text/html 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_fy2021.html?fsb=1

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

623c81b092a6116d4d60ff89b14803818efb0b9aebf6e4e2c50241e802f6e016

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fluxteam.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 2365
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4118
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 27 Nov 2023 20:50:17 GMT
etag: 16674218716276178799
expires: Mon, 11 Dec 2023 20:50:17 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 zrt_lookup_fy2021.html Show response
googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/ Frame CD5E 9 KB
4 KB 6ms
6ms Document
text/html 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_fy2021.html?fsb=1

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

623c81b092a6116d4d60ff89b14803818efb0b9aebf6e4e2c50241e802f6e016

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fluxteam.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 2365
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4118
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 27 Nov 2023 20:50:17 GMT
etag: 16674218716276178799
expires: Mon, 11 Dec 2023 20:50:17 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 zrt_lookup_fy2021.html Show response
googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/ Frame A8AE 9 KB
4 KB 6ms
6ms Document
text/html 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_fy2021.html?fsb=1

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

623c81b092a6116d4d60ff89b14803818efb0b9aebf6e4e2c50241e802f6e016

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fluxteam.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 2365
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4118
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 27 Nov 2023 20:50:17 GMT
etag: 16674218716276178799
expires: Mon, 11 Dec 2023 20:50:17 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 3C98 624 B
246 B 49ms
48ms Document
text/html 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=COGKFRCp6RsY8rvx0wEwAQ&v=APEucNWEfCe8g_lAM6NCQhsgXjNC5MCTolKVFlEPsCBpUmZiS0sKIqVL0uIQR-h2A9wWUEETJaevBTOIRQxZS0knb-adQDSQ0eIakXg9IqXnlYWnVHgNAgorgmTQ9PbyPw_eUNqkkyTlmO5AtiUMVdMKzaOwCqrkEj-V4dB_Lfh6q_72OgVqNio

Requested by

Host: fluxteam.net
URL: https://fluxteam.net/android/checkpoint/start.php?HWID=b07d3da23fd4ef181241032b70eb589ef61b6b206856cf47825d304320d3768440c47c152a2432ebf708a603cedd8d96

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_fy2021.html?fsb=1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 222
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 27 Nov 2023 21:29:42 GMT
expires: Mon, 27 Nov 2023 21:29:42 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 dv3.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame CC3A 89 KB
31 KB 171ms
171ms Script
text/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/dv3.js

Requested by

Host: fluxteam.net
URL: https://fluxteam.net/android/checkpoint/start.php?HWID=b07d3da23fd4ef181241032b70eb589ef61b6b206856cf47825d304320d3768440c47c152a2432ebf708a603cedd8d96

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

38eb0379c855f10a0e69073af6b54582216fa37b7e2b1563a1246bbf1ef49642

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Mon, 27 Nov 2023 21:29:42 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 31485
x-xss-protection: 0
server: cafe
etag: 7119415641918660631
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=600
timing-allow-origin: *
expires: Mon, 27 Nov 2023 21:29:42 GMT

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/ Frame CC3A 3 KB
1 KB 11ms
10ms Script
text/javascript 2a00:1450:4001:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/window_focus_fy2021.js

Requested by

Host: fluxteam.net
URL: https://fluxteam.net/android/checkpoint/start.php?HWID=b07d3da23fd4ef181241032b70eb589ef61b6b206856cf47825d304320d3768440c47c152a2432ebf708a603cedd8d96

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Mon, 27 Nov 2023 09:10:13 GMT
content-encoding: br
x-content-type-options: nosniff
age: 44369
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 11 Dec 2023 09:10:13 GMT

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/ Frame CC3A 20 KB
9 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: fluxteam.net
URL: https://fluxteam.net/android/checkpoint/start.php?HWID=b07d3da23fd4ef181241032b70eb589ef61b6b206856cf47825d304320d3768440c47c152a2432ebf708a603cedd8d96

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3c30eaaa059a466037880c18c01c2fe94183d8e67eaab42061d4d2a180114658

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Sun, 26 Nov 2023 23:16:58 GMT
content-encoding: br
x-content-type-options: nosniff
age: 79964
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8541
x-xss-protection: 0
server: cafe
etag: 737174102934380276
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 10 Dec 2023 23:16:58 GMT

GET
H2 200 ufs_web_display.js Show response
www.googletagservices.com/activeview/js/current/ Frame CC3A 202 KB
64 KB 40ms
18ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Requested by

Host: fluxteam.net
URL: https://fluxteam.net/android/checkpoint/start.php?HWID=b07d3da23fd4ef181241032b70eb589ef61b6b206856cf47825d304320d3768440c47c152a2432ebf708a603cedd8d96

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d00881661ce5e766ce98430f69d6d217ab80bdfa98811e039afc92a327d57a68

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Mon, 27 Nov 2023 21:29:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 65070
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1700193896630564"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 27 Nov 2023 21:29:42 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame CC3A 42 B
63 B 52ms
52ms Image
image/gif 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-DQm3HJqfRC1JwQpVplG8aFq2fzc1HHdc0Zkaf-QVVE2RYeKOvdSpjR4vt5O4PbuouFPVFxcYmPZNAq4vel3zIiJDgpBSd8IlaPL4CUPIYsHKUp-30

Requested by

Host: fluxteam.net
URL: https://fluxteam.net/android/checkpoint/start.php?HWID=b07d3da23fd4ef181241032b70eb589ef61b6b206856cf47825d304320d3768440c47c152a2432ebf708a603cedd8d96

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 27 Nov 2023 21:29:42 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame CC3A 0
20 B 53ms
52ms Image
image/gif 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=fetch&cor=12467369455138976472&x=1&ct=76

Requested by

Host: fluxteam.net
URL: https://fluxteam.net/android/checkpoint/start.php?HWID=b07d3da23fd4ef181241032b70eb589ef61b6b206856cf47825d304320d3768440c47c152a2432ebf708a603cedd8d96

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 27 Nov 2023 21:29:42 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame DD9A 624 B
246 B 46ms
46ms Document
text/html 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CL6Q0AIQ84-rhgMYn4Lo4gEwAQ&v=APEucNUC48ASFjOD6fI1LnKWrH1tCEA1zZvVCDYW2oXAIYU-7lFTsB56WBzoKEugGrW0qcXBXdRKAIQsrclmkwnhPupLiozZViD9ROyUC3qhGod1RVHIw4PS76ZCRAQXVBSidqQwUOnMFY068cyAeJQIaFLeNBcDO7D-jwkKoW3wyDwCHXtJsbc

Requested by

Host: fluxteam.net
URL: https://fluxteam.net/android/checkpoint/start.php?HWID=b07d3da23fd4ef181241032b70eb589ef61b6b206856cf47825d304320d3768440c47c152a2432ebf708a603cedd8d96

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_fy2021.html?fsb=1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 222
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 27 Nov 2023 21:29:42 GMT
expires: Mon, 27 Nov 2023 21:29:42 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 html_inpage_rendering_lib_200_278.js Show response
s0.2mdn.net/879366/ Frame 3CF2 172 KB
60 KB 26ms
6ms Script
text/javascript 2a00:1450:4001:831::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_278.js

Requested by

Host: fluxteam.net
URL: https://fluxteam.net/android/checkpoint/start.php?HWID=b07d3da23fd4ef181241032b70eb589ef61b6b206856cf47825d304320d3768440c47c152a2432ebf708a603cedd8d96

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a6d36aa3d742ccd6f1ca3c76dcf885af72f7bebe2fcc001ea011a7aea2f55678

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Origin: https://googleads.g.doubleclick.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Mon, 27 Nov 2023 16:17:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 18740
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 61485
x-xss-protection: 0
last-modified: Tue, 14 Mar 2023 18:43:57 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 28 Nov 2023 16:17:22 GMT

GET
H3 200 omrhp_fy2021.js Show response
pagead2.googlesyndication.com/pagead/js/r20231109/r20110914/elements/html/ Frame 3CF2 7 KB
3 KB 19ms
19ms Script
text/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20231109/r20110914/elements/html/omrhp_fy2021.js

Requested by

Host: fluxteam.net
URL: https://fluxteam.net/android/checkpoint/start.php?HWID=b07d3da23fd4ef181241032b70eb589ef61b6b206856cf47825d304320d3768440c47c152a2432ebf708a603cedd8d96

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c4b813f7aa04eca20be469b259cca2779799f58e280d73488bd7386940d2d146

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Mon, 27 Nov 2023 07:40:28 GMT
content-encoding: br
x-content-type-options: nosniff
age: 49754
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 3071
x-xss-protection: 0
server: cafe
etag: 10674441169935035545
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 11 Dec 2023 07:40:28 GMT

GET
H3 200 abg_lite_fy2021.js Show response
pagead2.googlesyndication.com/pagead/js/r20231109/r20110914/ Frame 3CF2 23 KB
9 KB 19ms
19ms Script
text/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20231109/r20110914/abg_lite_fy2021.js

Requested by

Host: fluxteam.net
URL: https://fluxteam.net/android/checkpoint/start.php?HWID=b07d3da23fd4ef181241032b70eb589ef61b6b206856cf47825d304320d3768440c47c152a2432ebf708a603cedd8d96

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8f665ba5c27890ebed553836dee5572ad583c0a65374373741ec0a5309df2b5a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Mon, 27 Nov 2023 07:40:28 GMT
content-encoding: br
x-content-type-options: nosniff
age: 49754
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9282
x-xss-protection: 0
server: cafe
etag: 14645652906762492339
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 11 Dec 2023 07:40:28 GMT

GET
H2 200 Q12zgMmT.js Show response
tpc.googlesyndication.com/sodar/ Frame 3CF2 41 KB
14 KB 11ms
9ms Script
text/javascript 2a00:1450:4001:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Q12zgMmT.js

Requested by

Host: fluxteam.net
URL: https://fluxteam.net/android/checkpoint/start.php?HWID=b07d3da23fd4ef181241032b70eb589ef61b6b206856cf47825d304320d3768440c47c152a2432ebf708a603cedd8d96

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

435db380c9936c0970dcd3d9941eab6aec2fcf2a38c3e2b4e02d957e8e76bd1f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Fri, 24 Nov 2023 18:05:08 GMT
content-encoding: br
x-content-type-options: nosniff
age: 271474
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13937
x-xss-protection: 0
last-modified: Fri, 25 Aug 2023 23:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 23 Nov 2024 18:05:08 GMT

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/ Frame 3CF2 3 KB
1 KB 13ms
13ms Script
text/javascript 2a00:1450:4001:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/window_focus_fy2021.js

Requested by

Host: fluxteam.net
URL: https://fluxteam.net/android/checkpoint/start.php?HWID=b07d3da23fd4ef181241032b70eb589ef61b6b206856cf47825d304320d3768440c47c152a2432ebf708a603cedd8d96

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Mon, 27 Nov 2023 09:10:13 GMT
content-encoding: br
x-content-type-options: nosniff
age: 44369
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 11 Dec 2023 09:10:13 GMT

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/ Frame 3CF2 20 KB
8 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: fluxteam.net
URL: https://fluxteam.net/android/checkpoint/start.php?HWID=b07d3da23fd4ef181241032b70eb589ef61b6b206856cf47825d304320d3768440c47c152a2432ebf708a603cedd8d96

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3c30eaaa059a466037880c18c01c2fe94183d8e67eaab42061d4d2a180114658

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Sun, 26 Nov 2023 23:16:58 GMT
content-encoding: br
x-content-type-options: nosniff
age: 79964
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8541
x-xss-protection: 0
server: cafe
etag: 737174102934380276
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 10 Dec 2023 23:16:58 GMT

GET
H2 200 ufs_web_display.js Show response
www.googletagservices.com/activeview/js/current/ Frame 3CF2 202 KB
64 KB 29ms
28ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Requested by

Host: fluxteam.net
URL: https://fluxteam.net/android/checkpoint/start.php?HWID=b07d3da23fd4ef181241032b70eb589ef61b6b206856cf47825d304320d3768440c47c152a2432ebf708a603cedd8d96

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d00881661ce5e766ce98430f69d6d217ab80bdfa98811e039afc92a327d57a68

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Mon, 27 Nov 2023 21:29:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 65070
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1700193896630564"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 27 Nov 2023 21:29:42 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 3CF2 42 B
63 B 51ms
51ms Image
image/gif 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-C20mZkEhJbNVRbHN0G7j-7WZcyHwvC737Y9wr1E-WYRKUy4M9H_BtgYqaTLRfwmCjGHszgmNXMgUfJQysiZSO7PoStPtmTGnRghE6tXBSQQiFfDTk

Requested by

Host: fluxteam.net
URL: https://fluxteam.net/android/checkpoint/start.php?HWID=b07d3da23fd4ef181241032b70eb589ef61b6b206856cf47825d304320d3768440c47c152a2432ebf708a603cedd8d96

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 27 Nov 2023 21:29:42 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame CECE 624 B
246 B 52ms
48ms Document
text/html 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=COWiHhDhjN4CGJbFnv0BMAE&v=APEucNX-LIBcLbHhO8BTWbykEAmp9WmxNxFd2BdSoYKDuaBby12XUSol42dcGSAaP7esnhOBnlEvgXD4t6hkCX5VEceaU1KWywiluTKTZmS3QyxvAFvDAiKSRjC9N4i_rLbRZL2c69ywinTmPgS_5ua3bO5c6zlZt_34ZYcs5kv3m3LOh9wjHRg

Requested by

Host: fluxteam.net
URL: https://fluxteam.net/android/checkpoint/start.php?HWID=b07d3da23fd4ef181241032b70eb589ef61b6b206856cf47825d304320d3768440c47c152a2432ebf708a603cedd8d96

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_fy2021.html?fsb=1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 222
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 27 Nov 2023 21:29:42 GMT
expires: Mon, 27 Nov 2023 21:29:42 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 dv3.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame 2C47 89 KB
31 KB 226ms
222ms Script
text/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/dv3.js

Requested by

Host: fluxteam.net
URL: https://fluxteam.net/android/checkpoint/start.php?HWID=b07d3da23fd4ef181241032b70eb589ef61b6b206856cf47825d304320d3768440c47c152a2432ebf708a603cedd8d96

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

38eb0379c855f10a0e69073af6b54582216fa37b7e2b1563a1246bbf1ef49642

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Mon, 27 Nov 2023 21:29:42 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 31485
x-xss-protection: 0
server: cafe
etag: 7119415641918660631
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=600
timing-allow-origin: *
expires: Mon, 27 Nov 2023 21:29:42 GMT

GET
H2

200

skeleton.gif
static.adsafeprotected.com/ Frame 2C47
Redirect Chain

https://pixel.adsafeprotected.com/rfw/st/1676726/76430589/skeleton.gif?gdpr=&gdpr_consent=&gdpr_pd=&bundleId=&ias_dspID=3&ias_campId=1014760199&ias_pubId=pub-3023841355550327&ias_chanId=1&ias_place...
https://static.adsafeprotected.com/skeleton.gif?gdpr=&gdpr_consent=&gdpr_pd=&bundleId=&ias_xappb=

43 B
482 B

43ms
8ms

Image
image/gif

2600:9000:2440:4800:8:48e:53c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.adsafeprotected.com/skeleton.gif?gdpr=&gdpr_consent=&gdpr_pd=&bundleId=&ias_xappb=
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_fy2021.html?fsb=1
Protocol: H2
Server: 2600:9000:2440:4800:8:48e:53c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 42b976597a2d977d0e300f6d06bc903db389e5c112d33c1c8c249690a522d9f2

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Sun, 15 Jan 2023 02:16:03 GMT
x-amz-version-id: iiN8XkcmZQdDIQeKkzAiegPwcD.5WPja
via: 1.1 a7922bb75420f6c3485eed5adcb99ce2.cloudfront.net (CloudFront)
x-amz-cf-pop: DUS51-P3
age: 27371621
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
content-length: 43
last-modified: Mon, 17 Aug 2020 23:55:15 GMT
server: AmazonS3
etag: "45cf913e5d9d3c9b2058033056d3dd23"
content-type: image/gif
cache-control: max-age=315360000
accept-ranges: bytes
x-amz-cf-id: pMrYaKYacMxlhaL3wHc9wOfFLeB1tnn5Tuybd5SQmJbKG9-ZteFOuw==

Redirect headers

pragma: no-cache
date: Mon, 27 Nov 2023 21:29:43 GMT
server: nginx
x-server-name: app22.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
location: https://static.adsafeprotected.com/skeleton.gif?gdpr=&gdpr_consent=&gdpr_pd=&bundleId=&ias_xappb=
cache-control: no-cache
content-length: 0

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/ Frame 2C47 3 KB
1 KB 15ms
5ms Script
text/javascript 2a00:1450:4001:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/window_focus_fy2021.js

Requested by

Host: fluxteam.net
URL: https://fluxteam.net/android/checkpoint/start.php?HWID=b07d3da23fd4ef181241032b70eb589ef61b6b206856cf47825d304320d3768440c47c152a2432ebf708a603cedd8d96

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Mon, 27 Nov 2023 09:10:13 GMT
content-encoding: br
x-content-type-options: nosniff
age: 44369
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 11 Dec 2023 09:10:13 GMT

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/ Frame 2C47 20 KB
8 KB 13ms
4ms Script
text/javascript 2a00:1450:4001:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: fluxteam.net
URL: https://fluxteam.net/android/checkpoint/start.php?HWID=b07d3da23fd4ef181241032b70eb589ef61b6b206856cf47825d304320d3768440c47c152a2432ebf708a603cedd8d96

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3c30eaaa059a466037880c18c01c2fe94183d8e67eaab42061d4d2a180114658

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Sun, 26 Nov 2023 23:16:58 GMT
content-encoding: br
x-content-type-options: nosniff
age: 79964
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8541
x-xss-protection: 0
server: cafe
etag: 737174102934380276
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 10 Dec 2023 23:16:58 GMT

GET
H2 200 ufs_web_display.js Show response
www.googletagservices.com/activeview/js/current/ Frame 2C47 202 KB
64 KB 25ms
16ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Requested by

Host: fluxteam.net
URL: https://fluxteam.net/android/checkpoint/start.php?HWID=b07d3da23fd4ef181241032b70eb589ef61b6b206856cf47825d304320d3768440c47c152a2432ebf708a603cedd8d96

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d00881661ce5e766ce98430f69d6d217ab80bdfa98811e039afc92a327d57a68

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Mon, 27 Nov 2023 21:29:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 65070
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1700193896630564"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 27 Nov 2023 21:29:42 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 2C47 42 B
63 B 54ms
50ms Image
image/gif 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-APj9hQDIoTNssjDjYWgRzycqQ_5E2Zamfk34LAdgVvgbq6gsJCnLrUKu0qhbut7wzlGB13giEUyWen6N2RSu_-PYeIEzgr-6jNnrWICeiz8jFqUeE

Requested by

Host: fluxteam.net
URL: https://fluxteam.net/android/checkpoint/start.php?HWID=b07d3da23fd4ef181241032b70eb589ef61b6b206856cf47825d304320d3768440c47c152a2432ebf708a603cedd8d96

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 27 Nov 2023 21:29:42 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 2C47 0
20 B 54ms
51ms Image
image/gif 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=fetch&cor=4618034791997708831&x=1&ct=76

Requested by

Host: fluxteam.net
URL: https://fluxteam.net/android/checkpoint/start.php?HWID=b07d3da23fd4ef181241032b70eb589ef61b6b206856cf47825d304320d3768440c47c152a2432ebf708a603cedd8d96

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 27 Nov 2023 21:29:42 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 7C88 13 KB
5 KB 10ms
6ms Document
text/html 2a00:1450:4001:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fluxteam.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 18629
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Mon, 27 Nov 2023 16:19:13 GMT
expires: Tue, 26 Nov 2024 16:19:13 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 65E3 829 B
1 KB 74ms
30ms Document
text/html 2a00:1450:4001:828::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

f52bcfd4c995637f3be1f111702110d9bd622b6c00195e88b740944db1bbdbce

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-iQIpBOsT3LDloFCl3PpheQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://fluxteam.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=300
content-encoding: gzip
content-security-policy: script-src 'report-sample' 'nonce-iQIpBOsT3LDloFCl3PpheQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Mon, 27 Nov 2023 21:29:42 GMT
expires: Mon, 27 Nov 2023 21:29:42 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H3 200 62bHydCX.html Show response
tpc.googlesyndication.com/sodar/ Frame E8D0 38 KB
13 KB 8ms
8ms Document
text/html 2a00:1450:4001:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/62bHydCX.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Q12zgMmT.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

eb66c7c9d097d5ba414230f422484c17fa6f37157d30e1ded2cc5f65a9667987

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 151862
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: br
content-length: 13045
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Sun, 26 Nov 2023 03:18:40 GMT
expires: Mon, 25 Nov 2024 03:18:40 GMT
last-modified: Fri, 25 Aug 2023 23:48:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2

200

rum
dsum-sec.casalemedia.com/ Frame 3C98
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEHGKgcSFHMAdRGxucllz37M&google_cver=1

43 B
337 B

32ms
31ms

Image
image/gif

172.64.151.101
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEHGKgcSFHMAdRGxucllz37M&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=COGKFRCp6RsY8rvx0wEwAQ&v=APEucNWEfCe8g_lAM6NCQhsgXjNC5MCTolKVFlEPsCBpUmZiS0sKIqVL0uIQR-h2A9wWUEETJaevBTOIRQxZS0knb-adQDSQ0eIakXg9IqXnlYWnVHgNAgorgmTQ9PbyPw_eUNqkkyTlmO5AtiUMVdMKzaOwCqrkEj-V4dB_Lfh6q_72OgVqNio
Protocol: H2
Server: 172.64.151.101 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 27 Nov 2023 21:29:42 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=m47UWZnG6UtaVSnYksw9y%2FZbJU4%2BLtoyEaU0FHsF6IDZ6TjMmmKratgkVptn6Xp5NapPb0Uzb6quc5JaA7R%2B814wwOCieD0%2BXlCba3aXhYCCPfD2lYtk9LOXPFH9pivRO0khuaKDqpNASA%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type: image/gif
cache-control: no-cache
cf-ray: 82cd77daafb3694b-FRA
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Mon, 27 Nov 2023 21:29:42 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEHGKgcSFHMAdRGxucllz37M&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

rum
dsum-sec.casalemedia.com/ Frame 3C98
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZWUKRsxe5aw1o2r5.sQYjgAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEP9dZogzYItTFI1P6KiBS4A&google_cver=1&google_hm=2

43 B
348 B

23ms
21ms

Image
image/gif

172.64.151.101
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEP9dZogzYItTFI1P6KiBS4A&google_cver=1&google_hm=2
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=COGKFRCp6RsY8rvx0wEwAQ&v=APEucNWEfCe8g_lAM6NCQhsgXjNC5MCTolKVFlEPsCBpUmZiS0sKIqVL0uIQR-h2A9wWUEETJaevBTOIRQxZS0knb-adQDSQ0eIakXg9IqXnlYWnVHgNAgorgmTQ9PbyPw_eUNqkkyTlmO5AtiUMVdMKzaOwCqrkEj-V4dB_Lfh6q_72OgVqNio
Protocol: H2
Server: 172.64.151.101 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 27 Nov 2023 21:29:42 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0%2BspFE5k3oUToKof8VnrE2O91Gm9W%2BwbmJaAEmYGXHV8lc1hTDWTSv0ErUH7nxk%2Fp3DdsCAFaBIk41T5aFSwv9gAlqeIoAWhbC9PPfWr5A3tLbm7Bn0rEZiHg9KXnylNNmbYblBQNSQxLQ%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type: image/gif
cache-control: no-cache
cf-ray: 82cd77daf804694b-FRA
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Mon, 27 Nov 2023 21:29:42 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEP9dZogzYItTFI1P6KiBS4A&google_cver=1&google_hm=2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 329
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

setuid
ib.adnxs.com/ Frame 3C98
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEIVrT1ofQCJYRldChYCc5mg&google_cver=1

43 B
848 B

7ms
6ms

Image
image/gif

37.252.171.149
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=101&code=CAESEIVrT1ofQCJYRldChYCc5mg&google_cver=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=COGKFRCp6RsY8rvx0wEwAQ&v=APEucNWEfCe8g_lAM6NCQhsgXjNC5MCTolKVFlEPsCBpUmZiS0sKIqVL0uIQR-h2A9wWUEETJaevBTOIRQxZS0knb-adQDSQ0eIakXg9IqXnlYWnVHgNAgorgmTQ9PbyPw_eUNqkkyTlmO5AtiUMVdMKzaOwCqrkEj-V4dB_Lfh6q_72OgVqNio

Protocol

Server

37.252.171.149 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

984.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.23.4 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 27 Nov 2023 21:29:42 GMT
an-x-request-uuid: e820981f-82e5-4b7f-b400-f35a2339cba9
server: nginx/1.23.4
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: image/gif
cache-control: no-store, no-cache, private
x-proxy-origin: 138.199.38.132; 138.199.38.132; 984.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
content-length: 43
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 27 Nov 2023 21:29:42 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://ib.adnxs.com/setuid?entity=101&code=CAESEIVrT1ofQCJYRldChYCc5mg&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 290
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

pixel
cm.g.doubleclick.net/ Frame 3C98
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NjAxOTc4NjMyMTc2MTM5NTQyMQ%3D%3D

170 B
243 B

17ms
17ms

Image
image/png

172.217.23.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NjAxOTc4NjMyMTc2MTM5NTQyMQ%3D%3D

Requested by

Protocol

Server

172.217.23.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

mil04s23-in-f98.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 27 Nov 2023 21:29:42 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 27 Nov 2023 21:29:42 GMT
an-x-request-uuid: 33484816-de9b-4fbc-ba12-576ded6743f3
server: nginx/1.23.4
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: text/html; charset=utf-8
access-control-allow-origin: *
cache-control: no-store, no-cache, private
access-control-allow-credentials: true
location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NjAxOTc4NjMyMTc2MTM5NTQyMQ%3D%3D
x-proxy-origin: 138.199.38.132; 138.199.38.132; 984.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
content-length: 0
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 index.html Show response
s0.2mdn.net/sadbundle/12943809228921786815/ Frame C122 1 KB
927 B 143ms
41ms Document
text/html 2a00:1450:4001:831::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/12943809228921786815/index.html?e=69&leftOffset=0&topOffset=0&c=Tu5FJGBaiv&t=1&renderingType=2&ev=01_250

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_278.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

68b34a28617137221b76b93546359bf577aea1d6b3aadbd65b40e8bbdae7dd0f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 739
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
cross-origin-resource-policy: cross-origin
date: Mon, 27 Nov 2023 21:29:42 GMT
expires: Tue, 26 Nov 2024 21:29:42 GMT
last-modified: Thu, 27 Apr 2023 13:46:02 GMT
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-xss-protection: 0

GET
H2 200 view
ad.doubleclick.net/pcs/ Frame 3CF2 0
0 149ms
51ms Fetch
image/gif 142.250.185.102
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ad.doubleclick.net/pcs/view?xai=AKAOjsvIQAsfbGt3_jmvRwEe3YrrQw4yBKOccckV7t7pzK1pKWRnETWPnVl9CORrwOIYVesTD8SmDAcyukrpJDbnrn_f3RRSuysqurLPSh2V9_sR8odrVPvHDDHHR1se-jichzG3X-I18WyUkJvHLtX0qTE98Y9n_mqqjsyhCwoaVKvICL_CzhYXL40ztIKOxIoq3_3NUqN7oTcUpn1vhEWYghSocBXlSB9kbmOlYtx4A6YquE063-lf70JzRaANQwLwWofkTYh73ycz4AO4Te8MuomzqkQto2s7KitUm2Ts9f6KOhJm7g4gziwNKDUdwXo4dXtgNX4wtYpoliKUJJD_6_EFg-nBgUi3px_B6SZQIOs5lOLCdMYkvTGbbaBWib8GffX6vtbDxmFMo0oc6KI_t76Ub9vLpymhNkxZmEUAsVPWF0WysXitKs040gAyCrfVN4b8NBaduaYlvreuQdC8rnY0GKTgi1rGVxm2LmZPdpOPCXOBZjBpS2-8MPExkE9K8bywidau_k27lOoQGG1YUI4vmONdIxX-BvXzHX5UKrIKgF6v5v7TqeEO80U1uf6d3w14FSrIHf-BF8ylS6sK-JmPh-FD3nC6riXizxzpaHrNK3uutFciMI18_UGVj_zDiUWAGPkljhKw3qihqr49QciWMcLDtV86uKqbam_YLzQPVTeIjC6Wbj71OXymY6qkn3W48IZlRxSHwsmzN_Sh8CEQB3K2V4HKxcCU_1dKhBZJvIx7ZFAAntpzZBkx68b3WBGhh4rZvEalk0uS3heLQD0fmSDc3beTSA8g2azyxBhwHEzm9h3S0Pqe3ir2Ts8nrBb9hK9yv0mh6sMchHjq9UDBIROqDxdQSofhV8SkdheBstcgaisiAijsTxwyqpimRKDZaF5UGyEfcZAaChNZOwphlw1lWicmzxJAPhf6uR0fOB7xWRC6sTqgkb0T7D8h-CZVNhypqYut5J-YJ1tO_lFlW6cnxQt0Vx3c0RyMgLyu4t84E9Tzu9B3mYn6xPy9oC_Z6_W00eFYTKNzx33lEa1Jih7qE_uddMvPklzO_-srCQypw9udCOyKDaAOApAeOyw8iC4ImmRuTwx5FXATsEWB2_L7WGVxHq8Hsif2ef-2KdY14kjrd7upsgunVhilPhbDTSmnNA0HNJuX_IgI_X051OEUFyqcdIWD5aORT0pL_Cj7l9tcQOBhYlMrkeLpPni92xBU4GjbrrIE6Q7r5V2HWlRRvzKpHflR3y-vBKGuwHLHuYhPUqTFzbae9TfSAf13mcpn-iQ3uBSChFY9bl-CdGmuEImELMfCISFod5nljvcpdddROFiEcmuWB0ZaeZDMYKZ-A63GDMLkmTiZZ3-D&sai=AMfl-YT8yGy1AC5t4gGuMNgKGsFHimbntp_RQr6pV4LxvQLJ0LF9-zNb5ivQvm3HnWrwgzhAQ5g_l6rsEe-rKdyF2btzYrqvOSSjg0T0uPogbvYdox2CaCSf9bwZ4GvKHa0v8CmusmkxIEd3A0VQD_Uq32jkxTP3i9YRKTOu_YtPJf3ZStvM8iBnQL_YRySXCc1GVooKxa91w-U5LdRlKeeJavcdm9RLnLxIxPbJMl9u5D5XhnTscvKGKJSxb5iqwc_yc7guxwX46go9kntH2TElzA1rl2K0WKnIl-3lvPnpNpnstfJ19KHK1uPgZ8swVi1oGEAvdr9SXGDWoQOwct2LMAYM63jecbQjJksaLmleYWBJuB66oZuMnirhAWpWVXoffUXOxe3C2BKFf1jLfVhXnA4njmsGXH5ZR9KGf345N1NpqoTvKL5WLYP5XJDxse9D-J9sLrin6GL8d3md9USS49bH9XdTznSZ7tiRz4ZIzVvjRd5ILb02rHn0T_ryirQeQ98QAPC2X7ebpQ&sig=Cg0ArKJSzJi4e1z7k7YHEAE&uach_m=%5BUACH%5D&pr=missingexchangepricemacro&crd=aHR0cHM6Ly9sdWZ0aGFuc2EuY29tLGh0dHBzOi8vZXhhY3RhZy5jb20&fbs_aeid=%5Bgw_fbsaeid%5D&urlfix=1&omid=0&rm=1&ctpt=87&cbvp=1&cstd=39&cisv=r20231109.80714&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&arae=0&ftch=1&adurl=

Requested by

Host: fluxteam.net
URL: https://fluxteam.net/android/checkpoint/start.php?HWID=b07d3da23fd4ef181241032b70eb589ef61b6b206856cf47825d304320d3768440c47c152a2432ebf708a603cedd8d96

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.102 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f6.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Mon, 27 Nov 2023 21:29:42 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
content-type: image/gif
cache-control: private
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H/1.1 200
OK ai.aspx
m.exactag.com/ Frame 3CF2 43 B
1 KB 134ms
22ms Image
image/gif 213.202.235.9
MYLOC-AS IP Backb...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://m.exactag.com/ai.aspx?extProvId=63&extPu=lh-mindshare&extProvApi=lh_de&extLi=26915561&extCr=180662177&extPm=361577769&gdpr_consent=&gdpr=

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

213.202.235.9 Düsseldorf, Germany, ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE),

Reverse DNS

Software

Resource Hash

afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Strict-Transport-Security: max-age=31536000
Date: Mon, 27 Nov 2023 21:29:42 GMT
X-Content-Type-Options: nosniff
P3P: policyref="https://m.exactag.com/w3c/p3p.xml", CP="NOI NID STP STA CUR OUR"
cross-origin-resource-policy: cross-origin
Connection: close
X-ET-Monitoring: 1
Content-Length: 43
X-Xss-Protection: 0
Pragma: no-cache
Last-Modified: Mo, 27 Nov 2023 09:29:42 GMT
X-ET-Code: 0
Accept-CH: sec-ch-ua-platform-version,sec-ch-ua-full-version,sec-ch-ua-full-version-list,sec-ch-ua-model,sec-ch-ua-arch,sec-ch-ua-bitness,sec-ch-ua-wow64
Access-Control-Max-Age: 1000
Access-Control-Allow-Methods: POST, GET, OPTIONS
Content-Type: image/gif
Access-Control-Allow-Origin: https://googleads.g.doubleclick.net
Cache-Control: private
Access-Control-Allow-Credentials: true
X-ET-Camp: 1119
Access-Control-Allow-Headers: *
Expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H2

200

rum
dsum-sec.casalemedia.com/ Frame DD9A
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEP9dZogzYItTFI1P6KiBS4A&google_cver=1

43 B
326 B

26ms
25ms

Image
image/gif

172.64.151.101
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEP9dZogzYItTFI1P6KiBS4A&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CL6Q0AIQ84-rhgMYn4Lo4gEwAQ&v=APEucNUC48ASFjOD6fI1LnKWrH1tCEA1zZvVCDYW2oXAIYU-7lFTsB56WBzoKEugGrW0qcXBXdRKAIQsrclmkwnhPupLiozZViD9ROyUC3qhGod1RVHIw4PS76ZCRAQXVBSidqQwUOnMFY068cyAeJQIaFLeNBcDO7D-jwkKoW3wyDwCHXtJsbc
Protocol: H2
Server: 172.64.151.101 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 27 Nov 2023 21:29:42 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ytxv9tLalaz2WZOUSy98xWqJHosSBAEZVXUlj441G3pLZ%2BsftzPv3DuLpugCHeJgYbO0tHyrmTNU0V37aD%2Brkx2kYOhsoSvd2nz4MfPlY1vtYl%2FFNhYwfyhUTbndpy26RlzFRGCvi7ZBRA%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type: image/gif
cache-control: no-cache
cf-ray: 82cd77dadfe7694b-FRA
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Mon, 27 Nov 2023 21:29:42 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEP9dZogzYItTFI1P6KiBS4A&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

rum
dsum-sec.casalemedia.com/ Frame DD9A
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZWUKRsxe5aw1o2r5.sQYjgAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEP9dZogzYItTFI1P6KiBS4A&google_cver=1&google_hm=2

43 B
515 B

30ms
29ms

Image
image/gif

172.64.151.101
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEP9dZogzYItTFI1P6KiBS4A&google_cver=1&google_hm=2
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CL6Q0AIQ84-rhgMYn4Lo4gEwAQ&v=APEucNUC48ASFjOD6fI1LnKWrH1tCEA1zZvVCDYW2oXAIYU-7lFTsB56WBzoKEugGrW0qcXBXdRKAIQsrclmkwnhPupLiozZViD9ROyUC3qhGod1RVHIw4PS76ZCRAQXVBSidqQwUOnMFY068cyAeJQIaFLeNBcDO7D-jwkKoW3wyDwCHXtJsbc
Protocol: H2
Server: 172.64.151.101 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 27 Nov 2023 21:29:42 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dBrIV7KgwK93TRI9QrNV00ClkWXTYPhwuNZeslQb5e31Xw9Yz8T7IDEMgnKUzjmUPctp5ElCYi1v1hLaMjlNgckN27TPN3%2BfSQUU9mdr4RZ4hsFNV%2BewU0eE0XLxZVOn1Kh7KW19RhjiGg%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type: image/gif
cache-control: no-cache
cf-ray: 82cd77daf806694b-FRA
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Mon, 27 Nov 2023 21:29:42 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEP9dZogzYItTFI1P6KiBS4A&google_cver=1&google_hm=2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 329
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

setuid
ib.adnxs.com/ Frame DD9A
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEHzjVwjItKff-OeUUfBmEAE&google_cver=1

43 B
843 B

7ms
6ms

Image
image/gif

37.252.171.149
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=101&code=CAESEHzjVwjItKff-OeUUfBmEAE&google_cver=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CL6Q0AIQ84-rhgMYn4Lo4gEwAQ&v=APEucNUC48ASFjOD6fI1LnKWrH1tCEA1zZvVCDYW2oXAIYU-7lFTsB56WBzoKEugGrW0qcXBXdRKAIQsrclmkwnhPupLiozZViD9ROyUC3qhGod1RVHIw4PS76ZCRAQXVBSidqQwUOnMFY068cyAeJQIaFLeNBcDO7D-jwkKoW3wyDwCHXtJsbc

Protocol

Server

37.252.171.149 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

984.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.23.4 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 27 Nov 2023 21:29:42 GMT
an-x-request-uuid: 9e500dad-c00b-491d-a393-bb6e9b38adaa
server: nginx/1.23.4
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: image/gif
cache-control: no-store, no-cache, private
x-proxy-origin: 138.199.38.132; 138.199.38.132; 984.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
content-length: 43
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 27 Nov 2023 21:29:42 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://ib.adnxs.com/setuid?entity=101&code=CAESEHzjVwjItKff-OeUUfBmEAE&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 290
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame DD9A
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NjAxOTc4NjMyMTc2MTM5NTQyMQ%3D%3D

170 B
188 B

17ms
16ms

Image
image/png

172.217.23.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NjAxOTc4NjMyMTc2MTM5NTQyMQ%3D%3D

Requested by

Protocol

Server

172.217.23.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

mil04s23-in-f98.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 27 Nov 2023 21:29:42 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 27 Nov 2023 21:29:42 GMT
an-x-request-uuid: 05933a24-0bd5-4253-a234-c0e90f52810f
server: nginx/1.23.4
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: text/html; charset=utf-8
access-control-allow-origin: *
cache-control: no-store, no-cache, private
access-control-allow-credentials: true
location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NjAxOTc4NjMyMTc2MTM5NTQyMQ%3D%3D
x-proxy-origin: 138.199.38.132; 138.199.38.132; 984.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
content-length: 0
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2

200

rum
dsum-sec.casalemedia.com/ Frame CECE
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEP9dZogzYItTFI1P6KiBS4A&google_cver=1

43 B
325 B

33ms
32ms

Image
image/gif

172.64.151.101
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEP9dZogzYItTFI1P6KiBS4A&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=COWiHhDhjN4CGJbFnv0BMAE&v=APEucNX-LIBcLbHhO8BTWbykEAmp9WmxNxFd2BdSoYKDuaBby12XUSol42dcGSAaP7esnhOBnlEvgXD4t6hkCX5VEceaU1KWywiluTKTZmS3QyxvAFvDAiKSRjC9N4i_rLbRZL2c69ywinTmPgS_5ua3bO5c6zlZt_34ZYcs5kv3m3LOh9wjHRg
Protocol: H2
Server: 172.64.151.101 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 27 Nov 2023 21:29:42 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=SnPyGcIYNbdCopvLA4hHdYg2a12wXD2fcy%2F4WRlPR4oQMEB1q8jHzlOudNIbOd0YOJToSQlP5MoBD3mQUpaLNw%2BvWY%2F9JwI0Nogms5BxmiHRm8DJcKZfFptNkx70hjIQ5dexiffvEZBpug%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type: image/gif
cache-control: no-cache
cf-ray: 82cd77dadfe6694b-FRA
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Mon, 27 Nov 2023 21:29:42 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEP9dZogzYItTFI1P6KiBS4A&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

rum
dsum-sec.casalemedia.com/ Frame CECE
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZWUKRsxe5aw1o2r5.sQYjgAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEP9dZogzYItTFI1P6KiBS4A&google_cver=1&google_hm=2

43 B
530 B

26ms
26ms

Image
image/gif

172.64.151.101
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEP9dZogzYItTFI1P6KiBS4A&google_cver=1&google_hm=2
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=COWiHhDhjN4CGJbFnv0BMAE&v=APEucNX-LIBcLbHhO8BTWbykEAmp9WmxNxFd2BdSoYKDuaBby12XUSol42dcGSAaP7esnhOBnlEvgXD4t6hkCX5VEceaU1KWywiluTKTZmS3QyxvAFvDAiKSRjC9N4i_rLbRZL2c69ywinTmPgS_5ua3bO5c6zlZt_34ZYcs5kv3m3LOh9wjHRg
Protocol: H2
Server: 172.64.151.101 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 27 Nov 2023 21:29:42 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6WmEEqD%2FVwFBSUPpB3RYITg7FRnwBRW21dUm8gh2m6PsG7SGhXDZd0lyIfNAkmQoa3UGC1kiR1PHAvuymz3OvR51byYqs%2FcojRZKCkesB5lxYIekBxwyjW18MoRLjyJ0RM10T6XJbmxe7w%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type: image/gif
cache-control: no-cache
cf-ray: 82cd77daf807694b-FRA
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Mon, 27 Nov 2023 21:29:42 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEP9dZogzYItTFI1P6KiBS4A&google_cver=1&google_hm=2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 329
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

setuid
ib.adnxs.com/ Frame CECE
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEHzjVwjItKff-OeUUfBmEAE&google_cver=1

43 B
843 B

19ms
18ms

Image
image/gif

37.252.171.149
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=101&code=CAESEHzjVwjItKff-OeUUfBmEAE&google_cver=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=COWiHhDhjN4CGJbFnv0BMAE&v=APEucNX-LIBcLbHhO8BTWbykEAmp9WmxNxFd2BdSoYKDuaBby12XUSol42dcGSAaP7esnhOBnlEvgXD4t6hkCX5VEceaU1KWywiluTKTZmS3QyxvAFvDAiKSRjC9N4i_rLbRZL2c69ywinTmPgS_5ua3bO5c6zlZt_34ZYcs5kv3m3LOh9wjHRg

Protocol

Server

37.252.171.149 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

984.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.23.4 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 27 Nov 2023 21:29:42 GMT
an-x-request-uuid: 55762d2e-c339-4b9d-9725-6033823c4811
server: nginx/1.23.4
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: image/gif
cache-control: no-store, no-cache, private
x-proxy-origin: 138.199.38.132; 138.199.38.132; 984.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
content-length: 43
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 27 Nov 2023 21:29:42 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://ib.adnxs.com/setuid?entity=101&code=CAESEHzjVwjItKff-OeUUfBmEAE&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 290
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame CECE
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NjAxOTc4NjMyMTc2MTM5NTQyMQ%3D%3D

170 B
188 B

19ms
18ms

Image
image/png

172.217.23.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NjAxOTc4NjMyMTc2MTM5NTQyMQ%3D%3D

Requested by

Protocol

Server

172.217.23.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

mil04s23-in-f98.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 27 Nov 2023 21:29:42 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 27 Nov 2023 21:29:42 GMT
an-x-request-uuid: 7b5bd783-0ee9-4617-bc68-a48cf09fa4a8
server: nginx/1.23.4
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: text/html; charset=utf-8
access-control-allow-origin: *
cache-control: no-store, no-cache, private
access-control-allow-credentials: true
location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NjAxOTc4NjMyMTc2MTM5NTQyMQ%3D%3D
x-proxy-origin: 138.199.38.132; 138.199.38.132; 984.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
content-length: 0
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3 200 GOa2ZK97xVqw-WOSDw2lqG4V8l_qTiI5JNj0tnI6N88.js Show response
pagead2.googlesyndication.com/bg/ Frame 7C88 39 KB
15 KB 17ms
17ms Script
text/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/GOa2ZK97xVqw-WOSDw2lqG4V8l_qTiI5JNj0tnI6N88.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

18e6b664af7bc55ab0f963920f0da5a86e15f25fea4e223924d8f4b6723a37cf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Mon, 27 Nov 2023 20:37:13 GMT
content-encoding: br
x-content-type-options: nosniff
age: 3149
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15296
x-xss-protection: 0
last-modified: Mon, 06 Nov 2023 16:38:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 26 Nov 2024 20:37:13 GMT

GET
H3 200 GOa2ZK97xVqw-WOSDw2lqG4V8l_qTiI5JNj0tnI6N88.js Show response
pagead2.googlesyndication.com/bg/ Frame E8D0 39 KB
15 KB 19ms
18ms Script
text/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/GOa2ZK97xVqw-WOSDw2lqG4V8l_qTiI5JNj0tnI6N88.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/62bHydCX.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

18e6b664af7bc55ab0f963920f0da5a86e15f25fea4e223924d8f4b6723a37cf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Mon, 27 Nov 2023 20:37:13 GMT
content-encoding: br
x-content-type-options: nosniff
age: 3149
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15296
x-xss-protection: 0
last-modified: Mon, 06 Nov 2023 16:38:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 26 Nov 2024 20:37:13 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame CC3A 0
20 B 51ms
51ms Ping
image/gif 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=running&ord=3699060429716&version=m202309260101

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 27 Nov 2023 21:29:42 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame CC3A 0
20 B 51ms
51ms Ping
image/gif 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tlbr&ord=3699060429716&version=m202309260101&ct=76&x=1&cor=12467369455138976000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 27 Nov 2023 21:29:42 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame CC3A 104 KB
39 KB 65ms
65ms Script
text/javascript 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-AHQUpWEj1-ZUNVxhLMo9iRVN3JBYrKt7wrdZZgd99wB1PO7--dWZ54ZIeFoOXDE1QA61DMQQLyLjrx7jEpTeOF8tJUdPYjNxJLVKqzgadeW7iulIASksfTVgNXYrhTo-x4YeSiq0-0cZpKpT41gp7KT7LI90B15n2AKApeb0RCqmCAQW4&dbm_d=AKAmf-BhRUPg6CARhUZlAdmvJqJejmM8OBPmBHaGVYWvD1pIZMw21AHGPeeXNSUlLlif3olSE1sdfHLq-ssJjC7uI8WWED12-kREq1kJ7r8KCGJZjkPNXVTlQpBnRT7TPm4PEr7YCMJeYcU5zT6eMViuHRD-207NtSC8GT54l5Qu6IO9FzY0w7YgGsIvbaM7OXWrbeLfHoW5byZBlNPTDmeWW61dZMOLYReV_BA4YRWNzanWiOucjE3YlFRu4f1NK4Ctc74i6C1w3Ufe_bh-ZuOAbwdoIj04asKuFiqIaMhSropy2lZvNUwSHXm3ocbETl-38Z1PMspAYJbOClJzeIRl5b5SPAExCs9BsKghhUFwDtuTbpHZnjlANMxxSoTRby8sN510nWog8rtNZGotB1aVJRuP6krkD0GGMnRUQNKaB2I0JF7NcVjB9kSjF2enzPSh6RW4OVcA9j41yWNVUqHyYYcXVmcAZfcjKUiY_3lz3e_LdqTvQH8SqleDEhvWmrFh3yaU6mh2_sFxSgf0-69f2NBbIQgfhVcJnEX-Z1Q2nhfptiLu0gsJPD4upm5-0MHgY3sjuhsYOgnmvmWO6gt3gxJ-X0ne3QLNR_-HtvPaKWwiKsAWMbFL73gzUGuYyJ47nnoGIKEcu052NC9_gVvWMZN9Cl0id8qD4znztM-wdaX74qTxO7VvsakHbuu-hSqabzYUS3KZwPu6achDyQHf4EDIkwSX0a14S3hMMOGmAlUYXpVNkfJnN59Om019iYDLinryndgrmJCia1DtSBdkTe_E5SrZEdD2YQwklCvdU4tLc5DN1dM5FjlnAuQHwv4lX_xZ4Rqv3TmIKXsE4FSonEzmPKaNiEC78NrnCw77mnNJMS-0owhmf8Qo6RDNZBaCHpnDC6VHTmbDOfsW9KkZ7B__ZuuSwS5vjdua42rp1ktTcyZmiYfR9tfrJmC-I55JK0c8GIZ2-dhV-sKTzBccPwaEI2HS-5vozZ1BBEahAB9j2UI_QoshQ6lxWCpkqW8qiop9kDiI25jKj_Z_R_VoQkue7YgOSwcpcDcI_VUDNEAQFCSP9DYE-H-V1DzbIQFFCfcD_hjjOBvfIGyIitnrnvyPYt8Sls8Q5gzdXe0xeA5ZyQgmmbrBWMgVCKaTzjddQc6wG3Iso91WqMissxcNAMwqlCZPehNHmHc7qo7KBNcqdmUtbeN5V7SBSq7iYXC29RPCgiBXtL3T2B13ueHt2vpH1tibZJZqHcHQgIgbkG9iEx7MeB9kF23LB3DNrNONwnpB7z-9h31UA0Mof_PDZHkRD4fHiuL6GIqVT9gWq1j7TlzHgkE5S0sXNavfPqZfjQf9KzrBidlLwWumQ62FR1rSsbfFiQE1lnp9JUbEO6CzqVRGf5AKCTu9W9feq1pBSbcHMQt29sVCYoVFUEDsA5OQeEvrtQ1z-hWP8E4AEA2vfW9gVUJkP5eRC84Cd6ginWNhCBZbe2JWZrnYZRR1wGH7NeO4pusmCiJX1qNafwgmt21NmySkEp7yCgfSI0DRI207jEfHksFlmt7K-mnLcuMAH7iUnltfWHd5MNOBAoCIyrFRYthOaCp7j0OuMu9zZPpDOPlx42f-aJXR35u5Pl5SAdNdJLY-wMWzC5OXlZVj6bIZXgSwARS66MoU6e3vMonF8sSeUiZQ2vY3rvKmM-A-OzwG_wWwM3W-HoTvqi2hP28DfgvF92TqZu5-t4aovJXbnQzml-t0bvk4Jnd5D39ZO6xwS-26vZnuoD_gz-z2KUiJ5cAEkXsop9gA2mzGh_KUvnTJXvngt3w48fEIEhh1w1g-PtVd6zvOeQM0rqYzDGYHnKHzFBFBD0W59_lh7FpJJYrxoKByowlVevxRIByPnMb4lG3OAgeQuK-kz9jy8-yuklPFdhSlDjB9a8JKyVQFJrRhoQYxrfEuXnCTjxtHC8QUEwyOgFrG9e7f6QzxzPRXrWUUPmnu8krt2UWfYyr3fzMigdtjKeFOv3mARqUk_7ae-oCY9s2J8CwhBWLUtF8MpZbsUVa5x1h4EJJxVDMSzESCMaDPlJ4NiVdbEq-gTkMKDbhhzfqyi6kc5ZCu_11HPsongMXMP69lGkZeHe9omlet2Uhy48gIvbJzQzT_CSjzPKDSY-e_GnbotWNM56W1Wu6-1jlnqmXzc5GfR7pwfJujy5Vc0vGGjP-EnIxdfd3Snl7EQFy9Yl3LMR_FRYbSTC0rEjFILe1P9e6Y1hXzr8ihLpS3F_aebTLaRCd3QEEWJgZ2ubfTW9vfOuvpOUD1d8imKs2aTlYg7qm7y72eo6nrTJKBCajWnTv2-sFk_yvBeYpXAjwuriZfZ3T4b0q9KIyS6Tvm2K5NfyGMpZmuWbJPpnybC00w1Ak_OwEp4344Sun9X4E6r0bKckMEaGnMp1OaILd8KkP4WH2LQm0TKycmndMNEoxbimI6vhuKI70Qd1OdAVdq9gXkqfkiYGnwJ--rKnrkTMLF0GLYZgsYXEpoFCDTJ-osUNreZAwiQ7YP0Q4l-PVsA5M6MQI5fiM3v8XB3c_B2MUe8BHhrNBxkHcRLCn40a1-WJIXP-8pUhLnmsvit8xsrUItjJhKvMwS9FIlDy-6rph8oxfYaohHXfqkKRvAb72aVI3mo4vy4R3lqC1LAmKZs-XYw9DcPNMYFflHN1v3qAtKfcBg19YuIfq66YLWkYCKlpIadBfCcpN6h4FEDcuKa3N0wjiyYwQspz5X1lDKgWja5HYxJs2JSLjVQ4UtWiRPT5PFj9bCI-NIuPQTkhA9P4J_3iKB2t7g42bccDG0G3ZCaZivZ1_NKKzLGF1IPypCq2GJXZHHIX05JyQEY9tTe3alcuU1oYjJ7RgU4gq1QCIaumafYJgy43Ndq71Nog6QdYsOc7HD1LvlqVT9AiL9_5mWt8zdCIQu6TEtunwAzURWicniKtAxnzM621JZbe1mhxbguUPXpc0l_hHtq-OM2wM3Jotc9glEIFOi3F-2gmTvDRWFtfMEiXakKLEh4npcL95hE5wV8V6CQOSFaG-n0UrIiV0HmktYohcFRYrFo1qI-JfvSu_gdXOP86FksL10VgLd5oaOgx1K7_G_qxHPzNEl5R7e1QSy8Ed7Y5i303-ruDRMxKV-HG-yGysyGfGNSCiBK3G5Yp2qMJLCrLVk0OV0lNb5NWCdb8Zw3EZgrZjFCPhN0zQxICraxjkeSH7jBs1hEsUZQ0uXrKy1oBpQLzd01OJlDFFUQElMkZ4qsyS_fj6reiKft7NuU-elDooz0iR6L6Yd-I6J4aumTjRPEj1FM64X-vKF8nblhNteCKkAs1r7gM6DFJj0AYSTFeCtQd8ckdwthJgX7QSzEHo5vOP8kXQS8yPxTcB6hCgOXOKmfBUDOPyoN7bqo3hGN3P62UIpSiFCkjUG9WVSaQP31IryUl7lSbQwVCWvotKyh0afGSgAW0qYPrxIdLli-984f-pI7cm4RHuQdy-FRmexDtufJz3dI71HiBXhLUgKa4h3kByyCyPdL195S-6lHsiIohxndz2rnfW84imX62n0-Cu8srmesVCFCpoRBcPtx82tJPw7if8Mv8lI2zLqRLE221ReIajLMQvCIWlfHVa3XWWUBHVOrNYCJRRlkTLlbFUXL6TFCjsGWX5IX92rnH8j5dj6KVF6PByo73DhtX9Cytlg_tfJJyYaKzqz2-sOsWKbyJX-WrWjv6vycdo-jd7e0Yh51qGtVA0s1QDRdB9G5b7nLI_ars5lqtz-093v4F1o9sbWNC0aggmCzO93HKhecu6Zd93rQUnJQQ&cid=CAQSTwDICaaNq-bqI040App5Zym3b9GmrbK-BLhigLprPsf5ESORbzqfc-YKjaMsVoA7J0KcZ1IXiJgFxNWeU-QyAJpUU6M3B94P-jXspdK7nrwYAQ&dv3_ver=m202309260101&rfl=https%3A%2F%2Ffluxteam.net%2F&ds=l&xdt=1&iif=1&cor=12467369455138976000&adk=1761367587&idt=198&cac=0&dtd=9

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8c15b2dce6c1bf74c7fe445c68f09b6f8ae28a9d8aafbfe6df7617050b7250b8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_fy2021.html?fsb=1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 27 Nov 2023 21:29:42 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 40033
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 65E3 0
0 51ms
51ms Image
text/html 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gda_r20231109&jk=1279570367545863&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

GET
H3 200 tweenmax_2.0.1_min.js Show response
s0.2mdn.net/ads/studio/cached_libs/ Frame C122 113 KB
38 KB 52ms
52ms Script
text/javascript 2a00:1450:4001:831::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/ads/studio/cached_libs/tweenmax_2.0.1_min.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/12943809228921786815/index.html?e=69&leftOffset=0&topOffset=0&c=Tu5FJGBaiv&t=1&renderingType=2&ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

62afec092c21b138eeb1fc55859f60c19dd12ca3c02bdfeb336a820b016a547b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/12943809228921786815/index.html?e=69&leftOffset=0&topOffset=0&c=Tu5FJGBaiv&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Mon, 27 Nov 2023 21:29:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 38915
x-xss-protection: 0
last-modified: Tue, 19 Jun 2018 18:02:41 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=0
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Mon, 27 Nov 2023 21:29:42 GMT

GET
H3 200 Enabler_01_247.js Show response
s0.2mdn.net/879366/ Frame C122 118 KB
40 KB 8ms
8ms Script
text/javascript 2a00:1450:4001:831::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/Enabler_01_247.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/12943809228921786815/index.html?e=69&leftOffset=0&topOffset=0&c=Tu5FJGBaiv&t=1&renderingType=2&ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e2ec81b19233fd4cd6ef5adcb45c0cbec6bd5673716ba0454ce56b67486ece46

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/12943809228921786815/index.html?e=69&leftOffset=0&topOffset=0&c=Tu5FJGBaiv&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Mon, 27 Nov 2023 04:12:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 62229
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 41099
x-xss-protection: 0
last-modified: Mon, 27 Sep 2021 18:45:07 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 28 Nov 2023 04:12:33 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 2C47 0
20 B 51ms
51ms Ping
image/gif 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=running&ord=5131809877629&version=m202309260101

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 27 Nov 2023 21:29:42 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 2C47 0
20 B 51ms
51ms Ping
image/gif 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tlbr&ord=5131809877629&version=m202309260101&ct=76&x=1&cor=4618034791997709000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 27 Nov 2023 21:29:42 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 2C47 91 KB
38 KB 53ms
53ms Script
text/javascript 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-CYMxDCNERiOWutIIgkTFY989f3fEHC_kCmMvEl6WURxBRmFhPyAHy3ZH7Ppn0tZcKey9lXqE2Mo1ye3XFOu-L8iAMuWj3Ig3L_J_CjI1VWnVCqOqYJO2mGyis0eqU5AU8xlF_UmPJXXErB078LOvOugMTWu6mA5J3i9Nx7kLeA-OOEq4I&dbm_d=AKAmf-Bliyj2aEKLxSmVL1T3XxIegtwArf_REbi5u4hPKpqxe-GyGi_jUV36YO4_I_OoSHsiVIjStXZCMFffmpmikDJpRLU1EzAqcHQ-z9NvfoiWrsG4zfuG6Ms-6YYP1tUgYHI4X6i5UYkSJgle3nBCEY1_y8HzNar10yt5VF5nBfu-1bgjjfI6eFWahrRZdmrf6Fk98y2RhAIZq-4PPTehYUYt0crYt6v2xAPKgGmuTh4OPyhqqTlh1ppRDqeOYzjyoUVPfEsrcxVoB1Cy7jDQ4BVaCUL_nQaa-axB0jodzgny4UtsT8l-Xg9XdoM9nmqtlljfWqF36GsMe4yelWl926rCeVK6LX3YPRjgr2sD-RJ1KhFrUOIJh3FqsWM81cMdCiRdJ5mlpBpU_B-m6-Ql8x8xi4EysIBwUY0Ce43irxt63wJAEwxSVb1NzMwo8ScJcBJDmMDexiTFWaLJBQCPNcVFggwcao4mkgiE5NVy8wvdau4QLjXE3aPAI1mOl4-bPHb-lqDeU04TYqjcEVcnfMLvrGfWrU15f6a63r0lGesDxTrr1Q2o84jk4p2vCJABg3wjssBEeViS_uphHJIXRslt1XOWkqgRyW-bbzwO7iHgk-BdJHuBQY875ZuBmYyo2_jWCWAr5YhkXcofxFe0dy4gLgUbPk2ZuRrdn6l4CsbwBPzBIuxdXpdwCNvXo89SzvI06PLKLDFP0U-CobMh1V1RnvRaPqYW1rcYJuuc7X8kyjKvVrmTTjrn_oAGSCFJgV5eBEfHlgHMz26H5XEVAHS2_3bpftMVmqEZAnI1fzJXt_bs_zMokPrHGv4lMyWEZMtUmkviVyluYDi3ztNpEmUT4gjcB9SGt-CU2tBxenf4a9iywD-w9cy5S_sQ5eIdHhCoe-6lwjxjeyBNnzMHF6sXQIkpyYwqnFv8voWb9j3lYabBptUtKsurn1Hg7FSmch0DFM_6spP01RZeW4SGRNl5aeIujQgy9rGGXsF_C6xeJx8A1AmAI9JGTctZ-9uWRQaYRs8Bv1VMP3fY2ipy1UAjfBk5O_ouchOxFTqCy0CCxDbE2MHBls387Y1q-xpe_8W3ymzlqtVPve8PNABsMBO43XwDwnyueAO9t-g6T1Q7eHIiL0OZi5ZLyX2kC-aNfuoZ8mmeNAknQbQWaccoFfhjBY7qiNS5PrRA51duBUSTErMTNMftssjtAK9r9BWH1ibnNd2GtJ_M6uD7ilboVTyxsKte7rHppjrghAep0HuDrrFSvmpaXWOyOXfxMZ5E-uhcuGvHYHQr0VL75Mva8AvtlaKKLVAvdhjjHyfjKrjEXw-u7vH_aexKFT2Dbb3gmkDsxanDVTjCBYuACBT_eB4CVtwwnvLJ6FIvpo3KlSF-YYfnSz2kcYYDS-JlJUPoBSfiSzoA63yjJRw38vm00WXWfN80wizqlpQ2AZoT1OlqIj6Q8gvuQBPqTiYNovQvkV5LBGZXdZWHOQly3DJ-FQIZjArbOz_3WluI-DcFaINOIXALz__aIX21AqhHvtFNyTcWqt7bXLZIO9rKkTHKHDhWsBjBtVOfKDsuZcRyRVQSIip7D7UyaZPtGzw5dh9PoU4YI9EH-fws6fnaHQg7k2LrooAgyZuYu0TiPcQ-tJXZC6cE-XUrIuXwzVxIpFafTEH5lh8YqLDtLcNnIdlaXYFEkPDlLHIQBW5HNVzJ5-T8IjtJtBaL_0DRp8wOeo8cG7m0t4WsIBkrEypx8X5_OCsJr1KyhnqtuL56-EhE8cQ9De4BimVCzbgqU2vJFT1aNLFyLowiyqYpfK6kpe5KkfTbs9imdF3JCovhki_-MZbTyWyrReZogcONI2oCwMnEwOOKTIRHrbP0nhAiGLWGc2ryGhJBIhUWJENcl9TVBGRDQ6ITFTkwUnHFy2lkez8b3A2g-NMwnkOXLJSNCu8eyn7oXwqQgtYzvu3_0mAZQcRLbrHGY7jR6ruIerFnVFBGgtOvUkAck2aYMIdX5bDcA0qo6zBTKo5yMU6c0JaB-QU0Naa__9B4xhEFvOXSMsn25HfqIqF34-QGF0lq3h0nqGy6QR7Bjwa2uLTHnWXW_h9ihtyxrrp_LULai1YT3VGrzgAPzpKmVEoTu8kTij3PSkRiADHCCeXzgISg7nhzjeTPTS7y_QxIxvp9tl7BOr5Z2zkAk2ql7J4pUCtQF50Hr-B7YPk8xGJFsyxFuVCJZ-wysKqubJTJE-yBJpfapyZPGAnbarZPAXUsvbllAB8Z87PRgjJehaEfQMqZBfJmP4iXt4p9-pN4ALmlvEkx1ECOfOdrHJ4RUBOiqEMmuVgwWejgvuBZ_boeFPWwVV-ndPZKkHy963mkgnHMfsCWeVPV1yxj37nci4JnMUeONe03ln43w6XBlU5yc5guWnF1DpD4eZBaoJJAY6R_tmTZrmdUxApZITdfa2WUB3cYJngBQSMGIPTGt91QShi_rTcokfeipvYpollgd3XF5M_tjn4ndBRjDbR9bholeg4pjpa05Mxmwo6o5Wd01wE--F26mcWls6TZ8VXOSwCy7wSQMq96XUlY9hu2uV7CiXrq9xnOyhqbAa8tA6ler5q6kqe9aPzgWsKJT87jO7kUAKmDu0_xBMMvqZ7LLtmIYl2OAlIdYUkHk9o6LGqZOXPpzspSObZsPcyM0rG7VTXHHZC1cBjAh_x_ciBSlS40sNP4YHa-weRVnFutUuDN0orF8HK5lYL95PVdGjEvx8LWXs03927Wz_gGDrZMJ6zlXUDiJ0IxvCFCc2lI3wlx5MWyKg7HtIzEGwmya321_7smvOjmj2-2JkHAimXcMZSgS-wTJ_0I2hW6QrIK37haJXqyJR4uAhkj7iLfG0KOjnelKRCGqwmh6qRllvZQ_AFbeAUAKNk52DzJvLmsZqj5oX4xiKS8XVFP7_FGvEMv9ViShFhv-dGC82eTPRlztn2zHJ3SEfk45lo8CvHY7A8RKpU9Zu8JJRxD28Y8yw3ToXrFDGde4ZBEU4NvOkD7E_W36f4_oFoHhIP_sLziGJBW4dqMU9A4LUgfq6uxD7hJzsbhoCQ7FX1Mi74MXRhFxMmoK4og11udeiz9wUjzt7XvnsIcJnXGTMCe-bjl7_p5nroavIHJBt6q-i28t1zGL71iZRlkjo-KsKo6VeDAM12vxrxrGELbD5rGJUJtNokWfq67oGaBEyFqfcLap4Gq8akIlJWxdWg_Y7P6Cg9D6bSGILDuwZMg7JA20ZlEfeg94ILvhUigYikJ5ViZLj6jsyli6miOgDrEbpOlRED_SNgRAfgRVx26vbgsf83BeI-s3eIt-07-1Y4ksAxlmrm6UrxQXlY7Ib6w9FldeOXAr6i75w3dLmshDkUAFCsdmnbPi8mJDj30RsNRBdKca3nT1jtE81ALDxTxS0JQmSNOVGskMqGfEw5AgfMDhTEV5N-VGHU54f6PYty5MiCzrZ5WT1RAM-Z_RecP2VPnTtr2gQ_YJpSgqqLdQ-VClQE3ktEumXt5XW8nW1BDVn0GaONdWKOPZ38ttVi6FxpzTErmLLH2JcDRZhJ6BgMKf5AcfZWaugKuYB2d4A4u6nqB9HSwIp0BEismupFaiUbcU47hDH8_nq4nnzvlAowqKAnkY8RnxTLpkksJT0qcyCexboK3iNSgbnI6Gpr2BmdjDIcLzFShfasj6tit523O9ehhfOxeccwe1kx7KF9uJ9A1U1grRihMww0B1d8PQKb-HGPGNg&cid=CAQSTwDICaaNq-bqI040App5Zym3b9GmrbK-BLhigLprPsf5ESORbzqfc-YKjaMsVoA7J0KcZ1IXiJgFxNWeU-QyAJpUU6M3B94P-jXspdK7nrwYAQ&dv3_ver=m202309260101&rfl=https%3A%2F%2Ffluxteam.net%2F&ds=l&xdt=1&iif=1&cor=4618034791997709000&adk=521587874&idt=233&cac=0&dtd=2

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

2d83037ce2ffc22730c16d836bc274d26dbe75e95b3a3ca15924102e837b2e8b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_fy2021.html?fsb=1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 27 Nov 2023 21:29:42 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 39024
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 html_inpage_rendering_lib_200_278.js Show response
s0.2mdn.net/879366/ Frame CC3A 172 KB
60 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:831::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_278.js

Requested by

Host: fluxteam.net
URL: https://fluxteam.net/android/checkpoint/start.php?HWID=b07d3da23fd4ef181241032b70eb589ef61b6b206856cf47825d304320d3768440c47c152a2432ebf708a603cedd8d96

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a6d36aa3d742ccd6f1ca3c76dcf885af72f7bebe2fcc001ea011a7aea2f55678

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Origin: https://googleads.g.doubleclick.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Mon, 27 Nov 2023 16:17:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 18740
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 61485
x-xss-protection: 0
last-modified: Tue, 14 Mar 2023 18:43:57 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 28 Nov 2023 16:17:22 GMT

GET
H3 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20231109/r20110914/elements/html/ Frame CC3A 11 KB
4 KB 17ms
17ms Script
text/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20231109/r20110914/elements/html/omrhp.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-AHQUpWEj1-ZUNVxhLMo9iRVN3JBYrKt7wrdZZgd99wB1PO7--dWZ54ZIeFoOXDE1QA61DMQQLyLjrx7jEpTeOF8tJUdPYjNxJLVKqzgadeW7iulIASksfTVgNXYrhTo-x4YeSiq0-0cZpKpT41gp7KT7LI90B15n2AKApeb0RCqmCAQW4&dbm_d=AKAmf-BhRUPg6CARhUZlAdmvJqJejmM8OBPmBHaGVYWvD1pIZMw21AHGPeeXNSUlLlif3olSE1sdfHLq-ssJjC7uI8WWED12-kREq1kJ7r8KCGJZjkPNXVTlQpBnRT7TPm4PEr7YCMJeYcU5zT6eMViuHRD-207NtSC8GT54l5Qu6IO9FzY0w7YgGsIvbaM7OXWrbeLfHoW5byZBlNPTDmeWW61dZMOLYReV_BA4YRWNzanWiOucjE3YlFRu4f1NK4Ctc74i6C1w3Ufe_bh-ZuOAbwdoIj04asKuFiqIaMhSropy2lZvNUwSHXm3ocbETl-38Z1PMspAYJbOClJzeIRl5b5SPAExCs9BsKghhUFwDtuTbpHZnjlANMxxSoTRby8sN510nWog8rtNZGotB1aVJRuP6krkD0GGMnRUQNKaB2I0JF7NcVjB9kSjF2enzPSh6RW4OVcA9j41yWNVUqHyYYcXVmcAZfcjKUiY_3lz3e_LdqTvQH8SqleDEhvWmrFh3yaU6mh2_sFxSgf0-69f2NBbIQgfhVcJnEX-Z1Q2nhfptiLu0gsJPD4upm5-0MHgY3sjuhsYOgnmvmWO6gt3gxJ-X0ne3QLNR_-HtvPaKWwiKsAWMbFL73gzUGuYyJ47nnoGIKEcu052NC9_gVvWMZN9Cl0id8qD4znztM-wdaX74qTxO7VvsakHbuu-hSqabzYUS3KZwPu6achDyQHf4EDIkwSX0a14S3hMMOGmAlUYXpVNkfJnN59Om019iYDLinryndgrmJCia1DtSBdkTe_E5SrZEdD2YQwklCvdU4tLc5DN1dM5FjlnAuQHwv4lX_xZ4Rqv3TmIKXsE4FSonEzmPKaNiEC78NrnCw77mnNJMS-0owhmf8Qo6RDNZBaCHpnDC6VHTmbDOfsW9KkZ7B__ZuuSwS5vjdua42rp1ktTcyZmiYfR9tfrJmC-I55JK0c8GIZ2-dhV-sKTzBccPwaEI2HS-5vozZ1BBEahAB9j2UI_QoshQ6lxWCpkqW8qiop9kDiI25jKj_Z_R_VoQkue7YgOSwcpcDcI_VUDNEAQFCSP9DYE-H-V1DzbIQFFCfcD_hjjOBvfIGyIitnrnvyPYt8Sls8Q5gzdXe0xeA5ZyQgmmbrBWMgVCKaTzjddQc6wG3Iso91WqMissxcNAMwqlCZPehNHmHc7qo7KBNcqdmUtbeN5V7SBSq7iYXC29RPCgiBXtL3T2B13ueHt2vpH1tibZJZqHcHQgIgbkG9iEx7MeB9kF23LB3DNrNONwnpB7z-9h31UA0Mof_PDZHkRD4fHiuL6GIqVT9gWq1j7TlzHgkE5S0sXNavfPqZfjQf9KzrBidlLwWumQ62FR1rSsbfFiQE1lnp9JUbEO6CzqVRGf5AKCTu9W9feq1pBSbcHMQt29sVCYoVFUEDsA5OQeEvrtQ1z-hWP8E4AEA2vfW9gVUJkP5eRC84Cd6ginWNhCBZbe2JWZrnYZRR1wGH7NeO4pusmCiJX1qNafwgmt21NmySkEp7yCgfSI0DRI207jEfHksFlmt7K-mnLcuMAH7iUnltfWHd5MNOBAoCIyrFRYthOaCp7j0OuMu9zZPpDOPlx42f-aJXR35u5Pl5SAdNdJLY-wMWzC5OXlZVj6bIZXgSwARS66MoU6e3vMonF8sSeUiZQ2vY3rvKmM-A-OzwG_wWwM3W-HoTvqi2hP28DfgvF92TqZu5-t4aovJXbnQzml-t0bvk4Jnd5D39ZO6xwS-26vZnuoD_gz-z2KUiJ5cAEkXsop9gA2mzGh_KUvnTJXvngt3w48fEIEhh1w1g-PtVd6zvOeQM0rqYzDGYHnKHzFBFBD0W59_lh7FpJJYrxoKByowlVevxRIByPnMb4lG3OAgeQuK-kz9jy8-yuklPFdhSlDjB9a8JKyVQFJrRhoQYxrfEuXnCTjxtHC8QUEwyOgFrG9e7f6QzxzPRXrWUUPmnu8krt2UWfYyr3fzMigdtjKeFOv3mARqUk_7ae-oCY9s2J8CwhBWLUtF8MpZbsUVa5x1h4EJJxVDMSzESCMaDPlJ4NiVdbEq-gTkMKDbhhzfqyi6kc5ZCu_11HPsongMXMP69lGkZeHe9omlet2Uhy48gIvbJzQzT_CSjzPKDSY-e_GnbotWNM56W1Wu6-1jlnqmXzc5GfR7pwfJujy5Vc0vGGjP-EnIxdfd3Snl7EQFy9Yl3LMR_FRYbSTC0rEjFILe1P9e6Y1hXzr8ihLpS3F_aebTLaRCd3QEEWJgZ2ubfTW9vfOuvpOUD1d8imKs2aTlYg7qm7y72eo6nrTJKBCajWnTv2-sFk_yvBeYpXAjwuriZfZ3T4b0q9KIyS6Tvm2K5NfyGMpZmuWbJPpnybC00w1Ak_OwEp4344Sun9X4E6r0bKckMEaGnMp1OaILd8KkP4WH2LQm0TKycmndMNEoxbimI6vhuKI70Qd1OdAVdq9gXkqfkiYGnwJ--rKnrkTMLF0GLYZgsYXEpoFCDTJ-osUNreZAwiQ7YP0Q4l-PVsA5M6MQI5fiM3v8XB3c_B2MUe8BHhrNBxkHcRLCn40a1-WJIXP-8pUhLnmsvit8xsrUItjJhKvMwS9FIlDy-6rph8oxfYaohHXfqkKRvAb72aVI3mo4vy4R3lqC1LAmKZs-XYw9DcPNMYFflHN1v3qAtKfcBg19YuIfq66YLWkYCKlpIadBfCcpN6h4FEDcuKa3N0wjiyYwQspz5X1lDKgWja5HYxJs2JSLjVQ4UtWiRPT5PFj9bCI-NIuPQTkhA9P4J_3iKB2t7g42bccDG0G3ZCaZivZ1_NKKzLGF1IPypCq2GJXZHHIX05JyQEY9tTe3alcuU1oYjJ7RgU4gq1QCIaumafYJgy43Ndq71Nog6QdYsOc7HD1LvlqVT9AiL9_5mWt8zdCIQu6TEtunwAzURWicniKtAxnzM621JZbe1mhxbguUPXpc0l_hHtq-OM2wM3Jotc9glEIFOi3F-2gmTvDRWFtfMEiXakKLEh4npcL95hE5wV8V6CQOSFaG-n0UrIiV0HmktYohcFRYrFo1qI-JfvSu_gdXOP86FksL10VgLd5oaOgx1K7_G_qxHPzNEl5R7e1QSy8Ed7Y5i303-ruDRMxKV-HG-yGysyGfGNSCiBK3G5Yp2qMJLCrLVk0OV0lNb5NWCdb8Zw3EZgrZjFCPhN0zQxICraxjkeSH7jBs1hEsUZQ0uXrKy1oBpQLzd01OJlDFFUQElMkZ4qsyS_fj6reiKft7NuU-elDooz0iR6L6Yd-I6J4aumTjRPEj1FM64X-vKF8nblhNteCKkAs1r7gM6DFJj0AYSTFeCtQd8ckdwthJgX7QSzEHo5vOP8kXQS8yPxTcB6hCgOXOKmfBUDOPyoN7bqo3hGN3P62UIpSiFCkjUG9WVSaQP31IryUl7lSbQwVCWvotKyh0afGSgAW0qYPrxIdLli-984f-pI7cm4RHuQdy-FRmexDtufJz3dI71HiBXhLUgKa4h3kByyCyPdL195S-6lHsiIohxndz2rnfW84imX62n0-Cu8srmesVCFCpoRBcPtx82tJPw7if8Mv8lI2zLqRLE221ReIajLMQvCIWlfHVa3XWWUBHVOrNYCJRRlkTLlbFUXL6TFCjsGWX5IX92rnH8j5dj6KVF6PByo73DhtX9Cytlg_tfJJyYaKzqz2-sOsWKbyJX-WrWjv6vycdo-jd7e0Yh51qGtVA0s1QDRdB9G5b7nLI_ars5lqtz-093v4F1o9sbWNC0aggmCzO93HKhecu6Zd93rQUnJQQ&cid=CAQSTwDICaaNq-bqI040App5Zym3b9GmrbK-BLhigLprPsf5ESORbzqfc-YKjaMsVoA7J0KcZ1IXiJgFxNWeU-QyAJpUU6M3B94P-jXspdK7nrwYAQ&dv3_ver=m202309260101&rfl=https%3A%2F%2Ffluxteam.net%2F&ds=l&xdt=1&iif=1&cor=12467369455138976000&adk=1761367587&idt=198&cac=0&dtd=9

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

47a0342d90a877ec7125c3a38706b2faefa9b867661ebcef4a98ec6cf3e60b40

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Mon, 27 Nov 2023 16:17:22 GMT
content-encoding: br
x-content-type-options: nosniff
age: 18740
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4206
x-xss-protection: 0
server: cafe
etag: 17947678125179771625
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 11 Dec 2023 16:17:22 GMT

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20231109/r20110914/ Frame CC3A 31 KB
12 KB 18ms
18ms Script
text/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20231109/r20110914/abg_lite.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

610d24f5996131b3ab98f18e05441cc246aa8674c3842df0df2b40b57ac9fd0c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Mon, 27 Nov 2023 16:17:22 GMT
content-encoding: br
x-content-type-options: nosniff
age: 18740
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11874
x-xss-protection: 0
server: cafe
etag: 3876053170955424897
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 11 Dec 2023 16:17:22 GMT

GET
H3 200 Q12zgMmT.js Show response
tpc.googlesyndication.com/sodar/ Frame CC3A 41 KB
14 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Q12zgMmT.js

Requested by

Host: fluxteam.net
URL: https://fluxteam.net/android/checkpoint/start.php?HWID=b07d3da23fd4ef181241032b70eb589ef61b6b206856cf47825d304320d3768440c47c152a2432ebf708a603cedd8d96

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

435db380c9936c0970dcd3d9941eab6aec2fcf2a38c3e2b4e02d957e8e76bd1f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Fri, 24 Nov 2023 18:05:08 GMT
content-encoding: br
x-content-type-options: nosniff
age: 271474
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13937
x-xss-protection: 0
last-modified: Fri, 25 Aug 2023 23:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 23 Nov 2024 18:05:08 GMT

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame 7C88 0
10 B 8ms
6ms Image
text/plain 2a00:1450:4001:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?bCi9xA
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:806::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Mon, 27 Nov 2023 21:29:43 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H3 200 62bHydCX.html Show response
tpc.googlesyndication.com/sodar/ Frame 0493 38 KB
13 KB 7ms
6ms Document
text/html 2a00:1450:4001:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/62bHydCX.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Q12zgMmT.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

eb66c7c9d097d5ba414230f422484c17fa6f37157d30e1ded2cc5f65a9667987

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 151863
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: br
content-length: 13045
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Sun, 26 Nov 2023 03:18:40 GMT
expires: Mon, 25 Nov 2024 03:18:40 GMT
last-modified: Fri, 25 Aug 2023 23:48:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 index.html Show response
s0.2mdn.net/sadbundle/8317705942888151156/ Frame F618 673 B
437 B 43ms
43ms Document
text/html 2a00:1450:4001:831::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/8317705942888151156/index.html?e=69&leftOffset=0&topOffset=0&c=POtn6sijHx&t=1&renderingType=2&ev=01_250

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_278.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e8578b8b75718eea5c893f802369281a62f86c6cf6c4fe9d8ea124315cf13f4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 409
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
cross-origin-resource-policy: cross-origin
date: Mon, 27 Nov 2023 21:29:43 GMT
expires: Tue, 26 Nov 2024 21:29:43 GMT
last-modified: Fri, 01 Sep 2023 16:31:17 GMT
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-xss-protection: 0

GET
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame CC3A 0
0 98ms
52ms Fetch
image/gif 172.217.18.2
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsscl2J6Y0tR57xzcteyQpvA7LLX7n9NmcldgE7_J_ye7WQH4yXd7rzuTKgV_ePJsEOZcwkgIbqazjMHSNXE16u-1PWISjVlrgowBtkTh16nAlly9trlURMWJKBi4Oku06kbd7WtvywNRmrl2uXh6YI-34lZfCw-LnErwn6rK4epCACbcgEN-1CvMII0DBgC5kg5f8wuc6mBz5B949NOuSRBH6M3DkObWpj0ZIhOVPHBd7l-cgmESYkXcKOikfz4VVNi2SVMb-_c4REk6C3_N3QfUFWuzyKzLPiCE8Kzw_8FBPgCDSgk83lSVkoqDtp4BbkUYEoS5E8uo4aSX3qJfWgmOGlZ63w-i6sD_E0bszEyIZ60LbcaJi3A9NO9N5jdn1bTysot_s1O4ihvnYufx-LFdiaudmiShEI8XrpqbPuTViZE-txLn19yARXsisDzmyy-Jljka0VDIP9NLaQvq5KjYMBhIvBaxXFwUSHC2s2J0FPrgTITjVmwBxJx7ZUw2WbThL17hdzJuU8P6et-bV80ePeg9GotlfezPmZQxnb63LNAZUnLdqh0zYR7pcS7VSQrQAGg_6UzRavuSxyrIuTlsqHTOGcqencgYJRKp8mymWaPE4p1BAY4v3QDjyCCzB4zQj0-2FI6_FY4Ojk2Q1pc6bFjGefGxO2ekUYOgE5URE36tKIOWkbZrI0NUwH5UwFx6SGVOv_CnseG1rAQezWgE_F3p-S1IzjG4klnHJ-n2r8xNVuhw_QGzvSGuvv00e4Cbdfrj6Lu2bZF6-WeUCqew6H8BqDsHMS76nEQ4SMsO2M1Gpz37XeEGGKuWfFZNF7bsZ9LVX2_P8ZhQgz4APEORMVn4Jw0BT9xthtO7nR8J3pMX5AMTOYaqqp9Ph70k3ANBQVNrGfPZrM6G-W_3DwXGDrHUYdOGo4DUqQeO6NE8bliyEO1wT_oNu6qmLFS-fndgOdJmcZnVKmioyNynL5x5K0Ty9a6a5XHyapFY0Mt6nhEhiin2g3xix1avlMjdNT-o_YSDzk0I-5LrwOJoqiQSPk94mmkvVRN6iXasx3VUT0WafKtDVF2InsF1Ain8X6fmWjJI8p3q21oElzzPkPxRN2hGqyOOkQnW78Zs4vrZXgKPPTzs26OCFbHvRl_fA1cwtlQk_10q5zgzbnog2LNVtqdbLNb1v9FpdOEyCWGeVAKpDABKBovdxLVUq5MV-Zd6j06eHV1jC0pA5PAjkamp7C15Il_VUT88I2S3tK9ZvjTwF11HEdJmlPJR12Zvtf_FiiWyHVZ-LfKNKdZHMsFjLZgw8c1tWWzdDoMxw&sai=AMfl-YQHyYlfCKx6XFrX3QtzIWELfOavF7HEX7e0PPl1TZnrFDTWUQpCmEesDee3bnFqP3kJgVaN1MvE5BAog5zGM3wwxmbenj5zsVc6xE1D69ITvK9PKbkFp8vXXadsWFXQEBgx8jaVIWzZpp2DFr_o5GYgZL_gzoLP_cQQQQH9i--9h0L8w9TtrCLWqhl7fCgTNMMMgYfKxh362vWFe5No-_xlQYikOyKCn8RhC9dZP61BX8HzSAQgrok-ToBqQD-vhPbAdnIx5tbevU3LA-bkqmM9noLvVqyVrS-yxb2DXQ&sig=Cg0ArKJSzHVpM5gqmLnWEAE&uach_m=%5BUACH%5D&cry=1&fbs_aeid=%5Bgw_fbsaeid%5D&urlfix=1&omid=0&rm=1&ctpt=63&cbvp=1&cstd=59&cisv=r20231109.86338&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&arae=0&ftch=1&adurl=

Requested by

Host: fluxteam.net
URL: https://fluxteam.net/android/checkpoint/start.php?HWID=b07d3da23fd4ef181241032b70eb589ef61b6b206856cf47825d304320d3768440c47c152a2432ebf708a603cedd8d96

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.18.2 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra02s19-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Mon, 27 Nov 2023 21:29:43 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
content-type: image/gif
cache-control: private
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H2 200 view
ad.doubleclick.net/pcs/ Frame 3CF2 0
0 44ms
44ms Fetch
image/gif 142.250.185.102
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ad.doubleclick.net/pcs/view?xai=AKAOjsvIQAsfbGt3_jmvRwEe3YrrQw4yBKOccckV7t7pzK1pKWRnETWPnVl9CORrwOIYVesTD8SmDAcyukrpJDbnrn_f3RRSuysqurLPSh2V9_sR8odrVPvHDDHHR1se-jichzG3X-I18WyUkJvHLtX0qTE98Y9n_mqqjsyhCwoaVKvICL_CzhYXL40ztIKOxIoq3_3NUqN7oTcUpn1vhEWYghSocBXlSB9kbmOlYtx4A6YquE063-lf70JzRaANQwLwWofkTYh73ycz4AO4Te8MuomzqkQto2s7KitUm2Ts9f6KOhJm7g4gziwNKDUdwXo4dXtgNX4wtYpoliKUJJD_6_EFg-nBgUi3px_B6SZQIOs5lOLCdMYkvTGbbaBWib8GffX6vtbDxmFMo0oc6KI_t76Ub9vLpymhNkxZmEUAsVPWF0WysXitKs040gAyCrfVN4b8NBaduaYlvreuQdC8rnY0GKTgi1rGVxm2LmZPdpOPCXOBZjBpS2-8MPExkE9K8bywidau_k27lOoQGG1YUI4vmONdIxX-BvXzHX5UKrIKgF6v5v7TqeEO80U1uf6d3w14FSrIHf-BF8ylS6sK-JmPh-FD3nC6riXizxzpaHrNK3uutFciMI18_UGVj_zDiUWAGPkljhKw3qihqr49QciWMcLDtV86uKqbam_YLzQPVTeIjC6Wbj71OXymY6qkn3W48IZlRxSHwsmzN_Sh8CEQB3K2V4HKxcCU_1dKhBZJvIx7ZFAAntpzZBkx68b3WBGhh4rZvEalk0uS3heLQD0fmSDc3beTSA8g2azyxBhwHEzm9h3S0Pqe3ir2Ts8nrBb9hK9yv0mh6sMchHjq9UDBIROqDxdQSofhV8SkdheBstcgaisiAijsTxwyqpimRKDZaF5UGyEfcZAaChNZOwphlw1lWicmzxJAPhf6uR0fOB7xWRC6sTqgkb0T7D8h-CZVNhypqYut5J-YJ1tO_lFlW6cnxQt0Vx3c0RyMgLyu4t84E9Tzu9B3mYn6xPy9oC_Z6_W00eFYTKNzx33lEa1Jih7qE_uddMvPklzO_-srCQypw9udCOyKDaAOApAeOyw8iC4ImmRuTwx5FXATsEWB2_L7WGVxHq8Hsif2ef-2KdY14kjrd7upsgunVhilPhbDTSmnNA0HNJuX_IgI_X051OEUFyqcdIWD5aORT0pL_Cj7l9tcQOBhYlMrkeLpPni92xBU4GjbrrIE6Q7r5V2HWlRRvzKpHflR3y-vBKGuwHLHuYhPUqTFzbae9TfSAf13mcpn-iQ3uBSChFY9bl-CdGmuEImELMfCISFod5nljvcpdddROFiEcmuWB0ZaeZDMYKZ-A63GDMLkmTiZZ3-D&sai=AMfl-YT8yGy1AC5t4gGuMNgKGsFHimbntp_RQr6pV4LxvQLJ0LF9-zNb5ivQvm3HnWrwgzhAQ5g_l6rsEe-rKdyF2btzYrqvOSSjg0T0uPogbvYdox2CaCSf9bwZ4GvKHa0v8CmusmkxIEd3A0VQD_Uq32jkxTP3i9YRKTOu_YtPJf3ZStvM8iBnQL_YRySXCc1GVooKxa91w-U5LdRlKeeJavcdm9RLnLxIxPbJMl9u5D5XhnTscvKGKJSxb5iqwc_yc7guxwX46go9kntH2TElzA1rl2K0WKnIl-3lvPnpNpnstfJ19KHK1uPgZ8swVi1oGEAvdr9SXGDWoQOwct2LMAYM63jecbQjJksaLmleYWBJuB66oZuMnirhAWpWVXoffUXOxe3C2BKFf1jLfVhXnA4njmsGXH5ZR9KGf345N1NpqoTvKL5WLYP5XJDxse9D-J9sLrin6GL8d3md9USS49bH9XdTznSZ7tiRz4ZIzVvjRd5ILb02rHn0T_ryirQeQ98QAPC2X7ebpQ&sig=Cg0ArKJSzJi4e1z7k7YHEAE&uach_m=%5BUACH%5D&pr=missingexchangepricemacro&crd=aHR0cHM6Ly9sdWZ0aGFuc2EuY29tLGh0dHBzOi8vZXhhY3RhZy5jb20&fbs_aeid=%5Bgw_fbsaeid%5D&urlfix=1&omid=0&rm=1&ctpt=331&vt=11&dtpt=244&dett=3&cstd=39&cisv=r20231109.80714&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&arae=0&ftch=1&adurl=

Requested by

Host: fluxteam.net
URL: https://fluxteam.net/android/checkpoint/start.php?HWID=b07d3da23fd4ef181241032b70eb589ef61b6b206856cf47825d304320d3768440c47c152a2432ebf708a603cedd8d96

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.102 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f6.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Mon, 27 Nov 2023 21:29:43 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame 3CF2 213 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 0dea96581061736d154b6cbd279b0389c4c32072b24f2ea5b63659f4520ad24d

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 express_html_inpage_rendering_lib_200_278.js Show response
s0.2mdn.net/879366/ Frame 2C47 111 KB
39 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:831::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_278.js

Requested by

Host: fluxteam.net
URL: https://fluxteam.net/android/checkpoint/start.php?HWID=b07d3da23fd4ef181241032b70eb589ef61b6b206856cf47825d304320d3768440c47c152a2432ebf708a603cedd8d96

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1642dd5dc126df4feff2255cba0988528507973d842d0a73331a5873f6b9d4e5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Origin: https://googleads.g.doubleclick.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Mon, 27 Nov 2023 07:40:28 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 49755
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 39806
x-xss-protection: 0
last-modified: Tue, 14 Mar 2023 18:44:05 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 28 Nov 2023 07:40:28 GMT

GET
H3 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20231109/r20110914/elements/html/ Frame 2C47 11 KB
4 KB 17ms
17ms Script
text/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20231109/r20110914/elements/html/omrhp.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-CYMxDCNERiOWutIIgkTFY989f3fEHC_kCmMvEl6WURxBRmFhPyAHy3ZH7Ppn0tZcKey9lXqE2Mo1ye3XFOu-L8iAMuWj3Ig3L_J_CjI1VWnVCqOqYJO2mGyis0eqU5AU8xlF_UmPJXXErB078LOvOugMTWu6mA5J3i9Nx7kLeA-OOEq4I&dbm_d=AKAmf-Bliyj2aEKLxSmVL1T3XxIegtwArf_REbi5u4hPKpqxe-GyGi_jUV36YO4_I_OoSHsiVIjStXZCMFffmpmikDJpRLU1EzAqcHQ-z9NvfoiWrsG4zfuG6Ms-6YYP1tUgYHI4X6i5UYkSJgle3nBCEY1_y8HzNar10yt5VF5nBfu-1bgjjfI6eFWahrRZdmrf6Fk98y2RhAIZq-4PPTehYUYt0crYt6v2xAPKgGmuTh4OPyhqqTlh1ppRDqeOYzjyoUVPfEsrcxVoB1Cy7jDQ4BVaCUL_nQaa-axB0jodzgny4UtsT8l-Xg9XdoM9nmqtlljfWqF36GsMe4yelWl926rCeVK6LX3YPRjgr2sD-RJ1KhFrUOIJh3FqsWM81cMdCiRdJ5mlpBpU_B-m6-Ql8x8xi4EysIBwUY0Ce43irxt63wJAEwxSVb1NzMwo8ScJcBJDmMDexiTFWaLJBQCPNcVFggwcao4mkgiE5NVy8wvdau4QLjXE3aPAI1mOl4-bPHb-lqDeU04TYqjcEVcnfMLvrGfWrU15f6a63r0lGesDxTrr1Q2o84jk4p2vCJABg3wjssBEeViS_uphHJIXRslt1XOWkqgRyW-bbzwO7iHgk-BdJHuBQY875ZuBmYyo2_jWCWAr5YhkXcofxFe0dy4gLgUbPk2ZuRrdn6l4CsbwBPzBIuxdXpdwCNvXo89SzvI06PLKLDFP0U-CobMh1V1RnvRaPqYW1rcYJuuc7X8kyjKvVrmTTjrn_oAGSCFJgV5eBEfHlgHMz26H5XEVAHS2_3bpftMVmqEZAnI1fzJXt_bs_zMokPrHGv4lMyWEZMtUmkviVyluYDi3ztNpEmUT4gjcB9SGt-CU2tBxenf4a9iywD-w9cy5S_sQ5eIdHhCoe-6lwjxjeyBNnzMHF6sXQIkpyYwqnFv8voWb9j3lYabBptUtKsurn1Hg7FSmch0DFM_6spP01RZeW4SGRNl5aeIujQgy9rGGXsF_C6xeJx8A1AmAI9JGTctZ-9uWRQaYRs8Bv1VMP3fY2ipy1UAjfBk5O_ouchOxFTqCy0CCxDbE2MHBls387Y1q-xpe_8W3ymzlqtVPve8PNABsMBO43XwDwnyueAO9t-g6T1Q7eHIiL0OZi5ZLyX2kC-aNfuoZ8mmeNAknQbQWaccoFfhjBY7qiNS5PrRA51duBUSTErMTNMftssjtAK9r9BWH1ibnNd2GtJ_M6uD7ilboVTyxsKte7rHppjrghAep0HuDrrFSvmpaXWOyOXfxMZ5E-uhcuGvHYHQr0VL75Mva8AvtlaKKLVAvdhjjHyfjKrjEXw-u7vH_aexKFT2Dbb3gmkDsxanDVTjCBYuACBT_eB4CVtwwnvLJ6FIvpo3KlSF-YYfnSz2kcYYDS-JlJUPoBSfiSzoA63yjJRw38vm00WXWfN80wizqlpQ2AZoT1OlqIj6Q8gvuQBPqTiYNovQvkV5LBGZXdZWHOQly3DJ-FQIZjArbOz_3WluI-DcFaINOIXALz__aIX21AqhHvtFNyTcWqt7bXLZIO9rKkTHKHDhWsBjBtVOfKDsuZcRyRVQSIip7D7UyaZPtGzw5dh9PoU4YI9EH-fws6fnaHQg7k2LrooAgyZuYu0TiPcQ-tJXZC6cE-XUrIuXwzVxIpFafTEH5lh8YqLDtLcNnIdlaXYFEkPDlLHIQBW5HNVzJ5-T8IjtJtBaL_0DRp8wOeo8cG7m0t4WsIBkrEypx8X5_OCsJr1KyhnqtuL56-EhE8cQ9De4BimVCzbgqU2vJFT1aNLFyLowiyqYpfK6kpe5KkfTbs9imdF3JCovhki_-MZbTyWyrReZogcONI2oCwMnEwOOKTIRHrbP0nhAiGLWGc2ryGhJBIhUWJENcl9TVBGRDQ6ITFTkwUnHFy2lkez8b3A2g-NMwnkOXLJSNCu8eyn7oXwqQgtYzvu3_0mAZQcRLbrHGY7jR6ruIerFnVFBGgtOvUkAck2aYMIdX5bDcA0qo6zBTKo5yMU6c0JaB-QU0Naa__9B4xhEFvOXSMsn25HfqIqF34-QGF0lq3h0nqGy6QR7Bjwa2uLTHnWXW_h9ihtyxrrp_LULai1YT3VGrzgAPzpKmVEoTu8kTij3PSkRiADHCCeXzgISg7nhzjeTPTS7y_QxIxvp9tl7BOr5Z2zkAk2ql7J4pUCtQF50Hr-B7YPk8xGJFsyxFuVCJZ-wysKqubJTJE-yBJpfapyZPGAnbarZPAXUsvbllAB8Z87PRgjJehaEfQMqZBfJmP4iXt4p9-pN4ALmlvEkx1ECOfOdrHJ4RUBOiqEMmuVgwWejgvuBZ_boeFPWwVV-ndPZKkHy963mkgnHMfsCWeVPV1yxj37nci4JnMUeONe03ln43w6XBlU5yc5guWnF1DpD4eZBaoJJAY6R_tmTZrmdUxApZITdfa2WUB3cYJngBQSMGIPTGt91QShi_rTcokfeipvYpollgd3XF5M_tjn4ndBRjDbR9bholeg4pjpa05Mxmwo6o5Wd01wE--F26mcWls6TZ8VXOSwCy7wSQMq96XUlY9hu2uV7CiXrq9xnOyhqbAa8tA6ler5q6kqe9aPzgWsKJT87jO7kUAKmDu0_xBMMvqZ7LLtmIYl2OAlIdYUkHk9o6LGqZOXPpzspSObZsPcyM0rG7VTXHHZC1cBjAh_x_ciBSlS40sNP4YHa-weRVnFutUuDN0orF8HK5lYL95PVdGjEvx8LWXs03927Wz_gGDrZMJ6zlXUDiJ0IxvCFCc2lI3wlx5MWyKg7HtIzEGwmya321_7smvOjmj2-2JkHAimXcMZSgS-wTJ_0I2hW6QrIK37haJXqyJR4uAhkj7iLfG0KOjnelKRCGqwmh6qRllvZQ_AFbeAUAKNk52DzJvLmsZqj5oX4xiKS8XVFP7_FGvEMv9ViShFhv-dGC82eTPRlztn2zHJ3SEfk45lo8CvHY7A8RKpU9Zu8JJRxD28Y8yw3ToXrFDGde4ZBEU4NvOkD7E_W36f4_oFoHhIP_sLziGJBW4dqMU9A4LUgfq6uxD7hJzsbhoCQ7FX1Mi74MXRhFxMmoK4og11udeiz9wUjzt7XvnsIcJnXGTMCe-bjl7_p5nroavIHJBt6q-i28t1zGL71iZRlkjo-KsKo6VeDAM12vxrxrGELbD5rGJUJtNokWfq67oGaBEyFqfcLap4Gq8akIlJWxdWg_Y7P6Cg9D6bSGILDuwZMg7JA20ZlEfeg94ILvhUigYikJ5ViZLj6jsyli6miOgDrEbpOlRED_SNgRAfgRVx26vbgsf83BeI-s3eIt-07-1Y4ksAxlmrm6UrxQXlY7Ib6w9FldeOXAr6i75w3dLmshDkUAFCsdmnbPi8mJDj30RsNRBdKca3nT1jtE81ALDxTxS0JQmSNOVGskMqGfEw5AgfMDhTEV5N-VGHU54f6PYty5MiCzrZ5WT1RAM-Z_RecP2VPnTtr2gQ_YJpSgqqLdQ-VClQE3ktEumXt5XW8nW1BDVn0GaONdWKOPZ38ttVi6FxpzTErmLLH2JcDRZhJ6BgMKf5AcfZWaugKuYB2d4A4u6nqB9HSwIp0BEismupFaiUbcU47hDH8_nq4nnzvlAowqKAnkY8RnxTLpkksJT0qcyCexboK3iNSgbnI6Gpr2BmdjDIcLzFShfasj6tit523O9ehhfOxeccwe1kx7KF9uJ9A1U1grRihMww0B1d8PQKb-HGPGNg&cid=CAQSTwDICaaNq-bqI040App5Zym3b9GmrbK-BLhigLprPsf5ESORbzqfc-YKjaMsVoA7J0KcZ1IXiJgFxNWeU-QyAJpUU6M3B94P-jXspdK7nrwYAQ&dv3_ver=m202309260101&rfl=https%3A%2F%2Ffluxteam.net%2F&ds=l&xdt=1&iif=1&cor=4618034791997709000&adk=521587874&idt=233&cac=0&dtd=2

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

47a0342d90a877ec7125c3a38706b2faefa9b867661ebcef4a98ec6cf3e60b40

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Mon, 27 Nov 2023 16:17:22 GMT
content-encoding: br
x-content-type-options: nosniff
age: 18741
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4206
x-xss-protection: 0
server: cafe
etag: 17947678125179771625
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 11 Dec 2023 16:17:22 GMT

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20231109/r20110914/ Frame 2C47 31 KB
12 KB 17ms
17ms Script
text/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20231109/r20110914/abg_lite.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

610d24f5996131b3ab98f18e05441cc246aa8674c3842df0df2b40b57ac9fd0c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Mon, 27 Nov 2023 16:17:22 GMT
content-encoding: br
x-content-type-options: nosniff
age: 18741
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11874
x-xss-protection: 0
server: cafe
etag: 3876053170955424897
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 11 Dec 2023 16:17:22 GMT

GET
H3 200 Q12zgMmT.js Show response
tpc.googlesyndication.com/sodar/ Frame 2C47 41 KB
14 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Q12zgMmT.js

Requested by

Host: fluxteam.net
URL: https://fluxteam.net/android/checkpoint/start.php?HWID=b07d3da23fd4ef181241032b70eb589ef61b6b206856cf47825d304320d3768440c47c152a2432ebf708a603cedd8d96

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

435db380c9936c0970dcd3d9941eab6aec2fcf2a38c3e2b4e02d957e8e76bd1f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Fri, 24 Nov 2023 18:05:08 GMT
content-encoding: br
x-content-type-options: nosniff
age: 271475
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13937
x-xss-protection: 0
last-modified: Fri, 25 Aug 2023 23:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 23 Nov 2024 18:05:08 GMT

GET
DATA 200
OK truncated
/ Frame 2C47 215 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 27f2562f4ad6774b9a6707d5ab13117088c1120c2252f2c1ff5451a31e1978d4

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame E8D0 0
20 B 55ms
55ms Image
image/gif 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=44&t=2&bgai=B4albRQplZfDUNuKVpt8P_o-54AUAAAAAOAHgBAI&bg=!XF-lXxDNAAZxrfrxUa07ADQBe5WfONjSrhT3oJPvLrk9xJjEI4WJgLKVc0K9LwCOVZR0uVxjvfUgJ7BZqFLDHT7djAL6AgAAAGJSAAAAAWgBBwoADuxLjv1gc3GrUXuJg0W2mQL5FZ83ws7IhBRQdVOaTIbtcncnmQ3DjYsqJQYJxj9kmKiwFGQgW6XM9ZAitaHKiC0pGtjJGAQFbXR2mVSp32QzN9dsY_Y8f_Q9m8QptZ7mjuGHYVA24WJi42hVBcgbdeWvrkAETvI_P2-pOCrTC_n15mrnOghOgRqp-XHpAxzLxVhaxOnBXYuyvTTLhr_Rvv2AH07NhjThyw1NrJiHjOzufZrGZUZaFOY0HOlXmmgU5-cVh_8Zb4dRKAzp35uNEEqQyU9oEzcOpU_8sE7973IHLhN2J8QxfXYnDRZzdL6DP5NNyfGKYELqguGzhOd_bKi0Qmzm08bmXpHKcY89qSuL7KpIE5ZSjgeXt6V4tzPhtNRIjNx-P8e5MAs8JI1YIBWSei_cHwj3jFS8u22c6LGmqmY3EXk3Q0lGlb_eWPaWHIXkjxq_GgGpMZgoo5e4YGtQnWPWjuAj_5j4WKpf4N7puZsTZdGB_VTkhoEdsEEzBkqxC043gFz15rPhACQ0FpaBWJjkgqnd1Hn4ACatzDmz74LwH8Fy0agWWXXj6y1vtBiMpcE-ERBviWa8mKNLfoOyQrxd0Ava3dxjYJ5zu4wpOU12Os0gz6pBb_niXdV5sh-Mm8DdcuVdexXGZfkGDXpQSSI5KwpQXdlWrpdTA8HII5fXWl2DJtm6isuvD98Mu765G_C85b5bUmkhiMqkaCaaOu9ktWyUg8HB9YjQZ8JhpMf1Q7UEbswAbyf68Fn9G8wKC_iGNnzxpjDLqzhouU_-G5ZSVncWr8QDj4NcuzFduxXHPgsC07zWdXpAGt8G2BKPz_Yjyy8hz3Hho50wBDBLbv2WzL-JUV7mF0i2QLT65-F1hPQb9itx4SDPeQ4mVtNDKwbyw3XBP-V8kLXUVeqGY3S3zHibo8r2PFQfvsz8NaOkEmNAO3nT8Ge0mOvKB_caehZcaZ37Z5p90zTHltuwEIAZ0OvFTm1dYscn1_7mDg2GPEAr8oq1w2HJf8CKBOFga3YXnD4DPFA

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 27 Nov 2023 21:29:43 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 GOa2ZK97xVqw-WOSDw2lqG4V8l_qTiI5JNj0tnI6N88.js Show response
pagead2.googlesyndication.com/bg/ Frame 0493 39 KB
15 KB 18ms
18ms Script
text/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/GOa2ZK97xVqw-WOSDw2lqG4V8l_qTiI5JNj0tnI6N88.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/62bHydCX.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

18e6b664af7bc55ab0f963920f0da5a86e15f25fea4e223924d8f4b6723a37cf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Mon, 27 Nov 2023 20:37:13 GMT
content-encoding: br
x-content-type-options: nosniff
age: 3150
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15296
x-xss-protection: 0
last-modified: Mon, 06 Nov 2023 16:38:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 26 Nov 2024 20:37:13 GMT

GET
H3 200 main.js Show response
s0.2mdn.net/creatives/assets/4703545/ Frame C122 3 KB
1 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:831::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/creatives/assets/4703545/main.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/12943809228921786815/index.html?e=69&leftOffset=0&topOffset=0&c=Tu5FJGBaiv&t=1&renderingType=2&ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c1b2da575466eb30982e08c1020f55bcf2d9565f53bd64c3da87a1d774d75588

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/12943809228921786815/index.html?e=69&leftOffset=0&topOffset=0&c=Tu5FJGBaiv&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Mon, 27 Nov 2023 21:17:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 731
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1100
x-xss-protection: 0
last-modified: Fri, 05 May 2023 10:07:31 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Mon, 27 Nov 2023 21:32:32 GMT

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame C122 7 KB
6 KB 48ms
48ms XHR
application/json 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=xfad&tv=01_247&st=int

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_247.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

00f9993d985ffa755ba921961ce70bc6854f84916a4cbabcf8489177251876d1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Mon, 27 Nov 2023 21:29:43 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 5668
x-xss-protection: 0

GET
H3 200 Enabler_01_250.js Show response
s0.2mdn.net/879366/ Frame F618 120 KB
41 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:831::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/Enabler_01_250.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/8317705942888151156/index.html?e=69&leftOffset=0&topOffset=0&c=POtn6sijHx&t=1&renderingType=2&ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

31d02f43dd0c7fc5c0d95db087a23f1c2d729c93f10450884c8da6b415f7839b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/8317705942888151156/index.html?e=69&leftOffset=0&topOffset=0&c=POtn6sijHx&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Mon, 27 Nov 2023 16:17:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 18738
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42247
x-xss-protection: 0
last-modified: Tue, 14 Mar 2023 21:28:42 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 28 Nov 2023 16:17:25 GMT

GET
H3 200 template-489be870.js Show response
s0.2mdn.net/sadbundle/8317705942888151156/ Frame F618 40 KB
14 KB 11ms
11ms Script
application/x-javascript 2a00:1450:4001:831::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/8317705942888151156/template-489be870.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/8317705942888151156/index.html?e=69&leftOffset=0&topOffset=0&c=POtn6sijHx&t=1&renderingType=2&ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cfcce6fbc676bcdc4c9f2e2cbdd40cee40a4b9066f829f4e9e400cbe142183f2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/sadbundle/8317705942888151156/index.html?e=69&leftOffset=0&topOffset=0&c=POtn6sijHx&t=1&renderingType=2&ev=01_250
Origin: https://s0.2mdn.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Fri, 24 Nov 2023 03:53:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 322548
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14187
x-xss-protection: 0
last-modified: Fri, 01 Sep 2023 16:31:17 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 23 Nov 2024 03:53:55 GMT

GET
H3 200 index-be1f7599.css
s0.2mdn.net/sadbundle/8317705942888151156/ Frame F618 4 KB
1 KB 10ms
10ms Stylesheet
text/css 2a00:1450:4001:831::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/8317705942888151156/index-be1f7599.css

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/8317705942888151156/index.html?e=69&leftOffset=0&topOffset=0&c=POtn6sijHx&t=1&renderingType=2&ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

be1f75994e53be710e621d9552d7cc796a347e85622acc435325d94e076b6996

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/8317705942888151156/index.html?e=69&leftOffset=0&topOffset=0&c=POtn6sijHx&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Fri, 24 Nov 2023 16:32:06 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 277057
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1385
x-xss-protection: 0
last-modified: Fri, 01 Sep 2023 16:31:17 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 23 Nov 2024 16:32:06 GMT

GET
H3 200 index.html Show response
s0.2mdn.net/sadbundle/8660697951102249597/ Frame CA2D 15 KB
5 KB 8ms
8ms Document
text/html 2a00:1450:4001:831::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/8660697951102249597/index.html?ev=01_250

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_278.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5ffa36b4310d6935fab68e6d90dd0acaeb07db7b7928a3f1416099529a4fbdad

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
age: 47624
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 4933
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
cross-origin-resource-policy: cross-origin
date: Mon, 27 Nov 2023 08:15:59 GMT
expires: Tue, 26 Nov 2024 08:15:59 GMT
last-modified: Wed, 08 Nov 2023 13:36:29 GMT
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-xss-protection: 0

GET
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame 2C47 0
0 52ms
48ms Fetch
image/gif 172.217.18.2
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsuQSNoeIr0U0TashX_7GGsn_lqqTYDEuhWU0VHuqg-I2asfwSsl2p36cd6F8sXE-oaRyT0Q6mhUjOBMQ_hbSyxQBOF_3QBSTTgANw57B9NnRwD3Fsx-sfNmaJIRAVtyVo1G_c3MGb74x1MZ_yCDCZPK2vC6X8ngYujnvecexC6IEwtcakwpfUTV3gdAecWGPcp8Z1a6HzCAqTFL4u4IC-HySkDLRRc0EY-XC0EyimSEbxW9a99IeJnZhIjvtfresGsfYy6htxK-LSpqe5vzUIAv6OjQmeYAH4TA2ngBTeGbLQl3_Ze2bimnYMOpBgz_61e6Wlqbj_U3_rix6y1rEivf5nHARM5znTNFl-QaMME5Kh2aa_NtlX5HpvhjqQkocYDoyhflhZBXWcHlTkspW-Aualq-C4T5UmNiw76CFMM8xtiUs4eVTQB3wyQSBYHx88XIfWg8_22rC4QXw2DAbAN2-55A90MFyHRt2omBqaiNU7yiGsBm_zMD-XovU-BurueD2TORgx7AJbx0UyoYBm3gIDBtpD6S9NvT-Iqlb1xQAqg5J4SA8qPXiBJWPJ6Jbq7_vxbdnzBRtaCnfY0foLjMCIbvs4LDOUXCXHFMzhMx3vS1zdJ6FU_Vw8-WEJ9Dh1seRM6flher_trQA-Os7m3sAJj2RM0yQpryifjOeTb5ziLmBS3JStUbNIhFYEXwpbgxq6JB49Pdht-TyJ5Ofzdze4Hr-1VAWLQzfnOXbasd6Hd8Z-v4skA_voUyNxVJqNuXN8bRB2y9ga-SBZPwS2DmiV_zoYAAyKwpyeYnHYqZBkwbKYVzBXParZEPIMTfWVCslAUAhrkhBu5JWgte3L-0yOTYN1rQAyegS3hrcdY9g9mqZA4V-JnK5SSq1q8ahACf2-tOfWLVTK21HmFX8szVEbM67kXFnvgXZ6GsZF9jdr-5GDNZio1Un8JlA9SjhyZZbn3UhQXbnj1JBZ0eL_rz-SUKZv27AyQ7zrChUVEkEU4gau1c90HJKdwC4iol0vXPNXAdq6hbBTv-RvHEL1gfPLPtfhUbFMIrlW6ZDmi5zFGZid_flFyifh0LNHqtXvsWH_eL3FoGQtYMHTbk15HSov6coU3QEk7gY9EqMBD95h9CVjJEjW6D1yjLl-rb3UEzPVwoNjKrKMGirpdN93WXsbGXGtcRGpZfbBxC2CPrVJg0F5dabRmf9buHp207lAGE7Vx0LdXrpHd0kefPqWZYxD1ZtrpLksXSAuFdhnO0ssYsjNG9xmmTjsKPYtdpEJVEdhcICGIMI0sjVuoDbA&sai=AMfl-YSal3hwDKuTQlRIeOmFXbpuSh8Qoa1rw-7Lr5dfkyhFpQbPaXdgkbKxBL-ygpLKljs4XjLqhUOgCXSaPz2SQyX6PS-iHu-VGbJFxYnhKXU9XA0QeHIZ-yGoyQs2IRCqgM5F1DcjnJb0dBwkZ_6yyDME5JxaXZPHKlmYMiPVqTWZsqoM5aIk63qt3koOkBYD7CpU8BF1U58x7bpnrLhfGj8zZ-f2PEDTGS6JlNB5Krx8RzJtYsDVudXE7Ukq8wJcYt5AAOMkKORVVDeXseCKhEIgkCv7tFVKqgwGPCziYQ&sig=Cg0ArKJSzCfsHJJcX2nKEAE&uach_m=%5BUACH%5D&cry=1&fbs_aeid=%5Bgw_fbsaeid%5D&urlfix=1&omid=0&rm=1&ctpt=38&cbvp=1&cstd=37&cisv=r20231109.48474&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&arae=0&ftch=1&adurl=

Requested by

Host: fluxteam.net
URL: https://fluxteam.net/android/checkpoint/start.php?HWID=b07d3da23fd4ef181241032b70eb589ef61b6b206856cf47825d304320d3768440c47c152a2432ebf708a603cedd8d96

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.18.2 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra02s19-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Mon, 27 Nov 2023 21:29:43 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
content-type: image/gif
cache-control: private
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H/1.1 200
OK ai.aspx
m.exactag.com/ Frame 2C47 60 B
60 B 65ms
21ms Image
image/gif 213.202.235.9
MYLOC-AS IP Backb...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://m.exactag.com/ai.aspx?extProvApi=sky-dv360&extProvId=300&extPu=sky-dv360&extLi=1014760199&extPm=531079830&extCr=20761493732&gdpr=&gdpr_consent=&rnd=3915677105

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

213.202.235.9 Düsseldorf, Germany, ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date: Mon, 27 Nov 2023 21:29:42 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Transfer-Encoding: chunked
P3P: policyref="https://m.exactag.com/w3c/p3p.xml", CP="NOI NID STP STA CUR OUR"
cross-origin-resource-policy: cross-origin
Connection: close
X-ET-Monitoring: 1
X-Xss-Protection: 0
Pragma: no-cache
Last-Modified: Mo, 27 Nov 2023 09:29:43 GMT
X-ET-Code: 0
Content-Type: image/gif
Cache-Control: max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
X-ET-Camp: 923
Expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H2

200

firstevent
skydeutschland.demdex.net/ Frame 2C47
Redirect Chain

https://skydeutschland.demdex.net/event?d_event=imp&d_bu=9532313&d_site=5842564&d_src=158980&d_adsrc=&d_creative=205036047&d_placement=380833143&d_campaign=30999372&d_bust=3915677105&gdpr=&gdpr_con...
https://skydeutschland.demdex.net/firstevent?d_event=imp&d_bu=9532313&d_site=5842564&d_src=158980&d_adsrc=&d_creative=205036047&d_placement=380833143&d_campaign=30999372&d_bust=3915677105&gdpr=&gdp...

42 B
733 B

36ms
35ms

Image
image/gif

52.19.196.31
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://skydeutschland.demdex.net/firstevent?d_event=imp&d_bu=9532313&d_site=5842564&d_src=158980&d_adsrc=&d_creative=205036047&d_placement=380833143&d_campaign=30999372&d_bust=3915677105&gdpr=&gdpr_consent=

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Server

52.19.196.31 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-19-196-31.eu-west-1.compute.amazonaws.com

Software

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

dcs: dcs-prod-irl1-1-v054-058f218c7.edge-irl1.demdex.com 5 ms
pragma: no-cache
date: Mon, 27 Nov 2023 21:29:43 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
content-encoding: gzip
x-tid: 6RkqnIKvR74=
content-type: image/gif
p3p: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
cache-control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-length: 59
expires: Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

dcs: dcs-prod-irl1-2-v054-05aea7a9b.edge-irl1.demdex.com 0 ms
pragma: no-cache
date: Mon, 27 Nov 2023 21:29:43 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-tid: LlLPQGSJRgY=
p3p: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
location: https://skydeutschland.demdex.net/firstevent?d_event=imp&d_bu=9532313&d_site=5842564&d_src=158980&d_adsrc=&d_creative=205036047&d_placement=380833143&d_campaign=30999372&d_bust=3915677105&gdpr=&gdpr_consent=
cache-control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-length: 0
expires: Thu, 01 Jan 1970 00:00:00 UTC

GET
H3 200 62bHydCX.html Show response
tpc.googlesyndication.com/sodar/ Frame AE89 38 KB
13 KB 8ms
6ms Document
text/html 2a00:1450:4001:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/62bHydCX.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Q12zgMmT.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

eb66c7c9d097d5ba414230f422484c17fa6f37157d30e1ded2cc5f65a9667987

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 151863
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: br
content-length: 13045
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Sun, 26 Nov 2023 03:18:40 GMT
expires: Mon, 25 Nov 2024 03:18:40 GMT
last-modified: Fri, 25 Aug 2023 23:48:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 160x600_de-de_performance.js Show response
s0.2mdn.net/creatives/assets/4703545/ Frame C122 79 KB
19 KB 10ms
8ms Script
text/javascript 2a00:1450:4001:831::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/creatives/assets/4703545/160x600_de-de_performance.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/creatives/assets/4703545/main.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

dc938f914a45d9704b821d83ed0ac1360240d3ac62d7c60878288c3c67279bc3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/12943809228921786815/index.html?e=69&leftOffset=0&topOffset=0&c=Tu5FJGBaiv&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Mon, 27 Nov 2023 21:27:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 153
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 19231
x-xss-protection: 0
last-modified: Wed, 15 Nov 2023 12:31:41 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Mon, 27 Nov 2023 21:42:10 GMT

GET
H3 200 createjs_2019.11.15_min.js Show response
s0.2mdn.net/ads/studio/cached_libs/ Frame CA2D 236 KB
63 KB 43ms
42ms Script
text/javascript 2a00:1450:4001:831::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/ads/studio/cached_libs/createjs_2019.11.15_min.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/8660697951102249597/index.html?ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

bc12347103da4da2ac30f8b4defd567679284e0bad691a54fad78ad804fc9c27

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/8660697951102249597/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Mon, 27 Nov 2023 21:29:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 0
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 64275
x-xss-protection: 0
last-modified: Fri, 15 Nov 2019 19:16:20 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=0
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Mon, 27 Nov 2023 21:29:43 GMT

GET
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame CC3A 0
0 44ms
44ms Fetch
image/gif 172.217.18.2
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsscl2J6Y0tR57xzcteyQpvA7LLX7n9NmcldgE7_J_ye7WQH4yXd7rzuTKgV_ePJsEOZcwkgIbqazjMHSNXE16u-1PWISjVlrgowBtkTh16nAlly9trlURMWJKBi4Oku06kbd7WtvywNRmrl2uXh6YI-34lZfCw-LnErwn6rK4epCACbcgEN-1CvMII0DBgC5kg5f8wuc6mBz5B949NOuSRBH6M3DkObWpj0ZIhOVPHBd7l-cgmESYkXcKOikfz4VVNi2SVMb-_c4REk6C3_N3QfUFWuzyKzLPiCE8Kzw_8FBPgCDSgk83lSVkoqDtp4BbkUYEoS5E8uo4aSX3qJfWgmOGlZ63w-i6sD_E0bszEyIZ60LbcaJi3A9NO9N5jdn1bTysot_s1O4ihvnYufx-LFdiaudmiShEI8XrpqbPuTViZE-txLn19yARXsisDzmyy-Jljka0VDIP9NLaQvq5KjYMBhIvBaxXFwUSHC2s2J0FPrgTITjVmwBxJx7ZUw2WbThL17hdzJuU8P6et-bV80ePeg9GotlfezPmZQxnb63LNAZUnLdqh0zYR7pcS7VSQrQAGg_6UzRavuSxyrIuTlsqHTOGcqencgYJRKp8mymWaPE4p1BAY4v3QDjyCCzB4zQj0-2FI6_FY4Ojk2Q1pc6bFjGefGxO2ekUYOgE5URE36tKIOWkbZrI0NUwH5UwFx6SGVOv_CnseG1rAQezWgE_F3p-S1IzjG4klnHJ-n2r8xNVuhw_QGzvSGuvv00e4Cbdfrj6Lu2bZF6-WeUCqew6H8BqDsHMS76nEQ4SMsO2M1Gpz37XeEGGKuWfFZNF7bsZ9LVX2_P8ZhQgz4APEORMVn4Jw0BT9xthtO7nR8J3pMX5AMTOYaqqp9Ph70k3ANBQVNrGfPZrM6G-W_3DwXGDrHUYdOGo4DUqQeO6NE8bliyEO1wT_oNu6qmLFS-fndgOdJmcZnVKmioyNynL5x5K0Ty9a6a5XHyapFY0Mt6nhEhiin2g3xix1avlMjdNT-o_YSDzk0I-5LrwOJoqiQSPk94mmkvVRN6iXasx3VUT0WafKtDVF2InsF1Ain8X6fmWjJI8p3q21oElzzPkPxRN2hGqyOOkQnW78Zs4vrZXgKPPTzs26OCFbHvRl_fA1cwtlQk_10q5zgzbnog2LNVtqdbLNb1v9FpdOEyCWGeVAKpDABKBovdxLVUq5MV-Zd6j06eHV1jC0pA5PAjkamp7C15Il_VUT88I2S3tK9ZvjTwF11HEdJmlPJR12Zvtf_FiiWyHVZ-LfKNKdZHMsFjLZgw8c1tWWzdDoMxw&sai=AMfl-YQHyYlfCKx6XFrX3QtzIWELfOavF7HEX7e0PPl1TZnrFDTWUQpCmEesDee3bnFqP3kJgVaN1MvE5BAog5zGM3wwxmbenj5zsVc6xE1D69ITvK9PKbkFp8vXXadsWFXQEBgx8jaVIWzZpp2DFr_o5GYgZL_gzoLP_cQQQQH9i--9h0L8w9TtrCLWqhl7fCgTNMMMgYfKxh362vWFe5No-_xlQYikOyKCn8RhC9dZP61BX8HzSAQgrok-ToBqQD-vhPbAdnIx5tbevU3LA-bkqmM9noLvVqyVrS-yxb2DXQ&sig=Cg0ArKJSzHVpM5gqmLnWEAE&uach_m=%5BUACH%5D&cry=1&fbs_aeid=%5Bgw_fbsaeid%5D&urlfix=1&omid=0&rm=1&ctpt=152&vt=11&dtpt=89&dett=3&cstd=59&cisv=r20231109.86338&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&arae=0&ftch=1&adurl=

Requested by

Host: fluxteam.net
URL: https://fluxteam.net/android/checkpoint/start.php?HWID=b07d3da23fd4ef181241032b70eb589ef61b6b206856cf47825d304320d3768440c47c152a2432ebf708a603cedd8d96

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.18.2 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra02s19-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Mon, 27 Nov 2023 21:29:43 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H3 200 GOa2ZK97xVqw-WOSDw2lqG4V8l_qTiI5JNj0tnI6N88.js Show response
pagead2.googlesyndication.com/bg/ Frame AE89 39 KB
15 KB 17ms
17ms Script
text/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/GOa2ZK97xVqw-WOSDw2lqG4V8l_qTiI5JNj0tnI6N88.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/62bHydCX.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

18e6b664af7bc55ab0f963920f0da5a86e15f25fea4e223924d8f4b6723a37cf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Mon, 27 Nov 2023 20:37:13 GMT
content-encoding: br
x-content-type-options: nosniff
age: 3150
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15296
x-xss-protection: 0
last-modified: Mon, 06 Nov 2023 16:38:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 26 Nov 2024 20:37:13 GMT

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame C122 17 KB
6 KB 26ms
26ms Script
text/javascript 2a00:1450:4001:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_247.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Mon, 27 Nov 2023 21:29:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Mon, 27 Nov 2023 21:29:43 GMT

GET
DATA 200
OK truncated
/ Frame CC3A 213 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 5dcd25d13d67e40b21bad318e54e3144cbdac00400496219a2ed98f1b8470547

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 star_alliance.svg Show response
s0.2mdn.net/creatives/assets/4689654/ Frame C122 6 KB
2 KB 11ms
11ms Fetch
image/svg+xml 2a00:1450:4001:831::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/creatives/assets/4689654/star_alliance.svg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/creatives/assets/4703545/160x600_de-de_performance.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

563d8b655debf02dc76ee9cad7e2114692c770d009bfc9ed1f9153eb384593d1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/12943809228921786815/index.html?e=69&leftOffset=0&topOffset=0&c=Tu5FJGBaiv&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Mon, 27 Nov 2023 21:19:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 600
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2334
x-xss-protection: 0
last-modified: Thu, 29 Jun 2023 11:06:07 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Mon, 27 Nov 2023 21:34:43 GMT

GET
H3 200 lh_logotype_single.svg Show response
s0.2mdn.net/creatives/assets/4689654/ Frame C122 5 KB
2 KB 13ms
13ms Fetch
image/svg+xml 2a00:1450:4001:831::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/creatives/assets/4689654/lh_logotype_single.svg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/creatives/assets/4703545/160x600_de-de_performance.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d7502e785bdc8f7184cab7e278053c49be4458393085eb2fbddabf35b895c310

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/12943809228921786815/index.html?e=69&leftOffset=0&topOffset=0&c=Tu5FJGBaiv&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Mon, 27 Nov 2023 21:21:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 487
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2151
x-xss-protection: 0
last-modified: Tue, 18 Oct 2022 09:41:58 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Mon, 27 Nov 2023 21:36:36 GMT

GET
H3 200 lh_crane.svg Show response
s0.2mdn.net/creatives/assets/4689654/ Frame C122 2 KB
1 KB 12ms
12ms Fetch
image/svg+xml 2a00:1450:4001:831::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/creatives/assets/4689654/lh_crane.svg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/creatives/assets/4703545/160x600_de-de_performance.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3d2067d4b9b5b9d3003ffa4dc17b44616dc00a543f59eea17df555e959f20b53

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/12943809228921786815/index.html?e=69&leftOffset=0&topOffset=0&c=Tu5FJGBaiv&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Mon, 27 Nov 2023 21:24:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 295
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1311
x-xss-protection: 0
last-modified: Tue, 18 Oct 2022 09:41:55 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Mon, 27 Nov 2023 21:39:48 GMT

GET
H3 200 NH_G_WD_Airport-Network_160x600.jpg
s0.2mdn.net/creatives/assets/4703548/ Frame C122 45 KB
45 KB 13ms
13ms Image
image/jpeg 2a00:1450:4001:831::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/creatives/assets/4703548/NH_G_WD_Airport-Network_160x600.jpg

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

28581a9c3e927973d978984f3d463644abae1650c1128105cc603629666e67e4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/12943809228921786815/index.html?e=69&leftOffset=0&topOffset=0&c=Tu5FJGBaiv&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Mon, 27 Nov 2023 21:25:28 GMT
x-content-type-options: nosniff
age: 255
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 46462
x-xss-protection: 0
last-modified: Mon, 07 Nov 2022 16:48:19 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Mon, 27 Nov 2023 21:40:28 GMT

GET
H3 200 LufthansaHeadWeb-Bold.woff2
s0.2mdn.net/creatives/assets/4714589/ Frame C122 50 KB
50 KB 11ms
11ms Font
font/woff2 2a00:1450:4001:831::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/creatives/assets/4714589/LufthansaHeadWeb-Bold.woff2

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0a43c20863b324fe2bec355b5ebdc6566861742f92018f12be1b38fa2c8b7767

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/sadbundle/12943809228921786815/index.html?e=69&leftOffset=0&topOffset=0&c=Tu5FJGBaiv&t=1&renderingType=2&ev=01_250
Origin: https://s0.2mdn.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Mon, 27 Nov 2023 21:27:26 GMT
x-content-type-options: nosniff
age: 137
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 51548
x-xss-protection: 0
last-modified: Fri, 18 Nov 2022 11:46:13 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Mon, 27 Nov 2023 21:42:26 GMT

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame F618 8 KB
6 KB 53ms
53ms XHR
application/json 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=xfad&tv=01_250&st=int

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_250.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

540e23530265873cdaaebfed4ad60d1e1271ab5921c39a2c548cac2029f9a273

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Mon, 27 Nov 2023 21:29:43 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 5854
x-xss-protection: 0

GET
H3 200 10302023-073017145-agata-voice-message.png
s0.2mdn.net/4528404/ Frame F618 4 MB
4 MB 11ms
11ms Image
image/png 2a00:1450:4001:831::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/4528404/10302023-073017145-agata-voice-message.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

90b795fe522fa435ad881eb36c42d675116cd5b62fa829cf2ab92af0ec2083ba

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/sadbundle/8317705942888151156/index.html?e=69&leftOffset=0&topOffset=0&c=POtn6sijHx&t=1&renderingType=2&ev=01_250
Origin: https://s0.2mdn.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Mon, 27 Nov 2023 02:50:02 GMT
x-content-type-options: nosniff
age: 67181
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4385778
x-xss-protection: 0
last-modified: Mon, 30 Oct 2023 14:30:17 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 28 Nov 2023 02:50:02 GMT

GET
H3 200 stoerer-oben-links-orange_15gb-15euro-01.svg
s0.2mdn.net/4528404/1699029002376/ Frame F618 18 KB
9 KB 10ms
9ms Image
image/svg+xml 2a00:1450:4001:831::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/4528404/1699029002376/stoerer-oben-links-orange_15gb-15euro-01.svg

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

986655c82a18a789a248d1f452af04b2c9fbcebbeb3fba9735f0badeee8e5a70

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/sadbundle/8317705942888151156/index.html?e=69&leftOffset=0&topOffset=0&c=POtn6sijHx&t=1&renderingType=2&ev=01_250
Origin: https://s0.2mdn.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Mon, 27 Nov 2023 06:07:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 55307
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8858
x-xss-protection: 0
last-modified: Fri, 03 Nov 2023 16:30:02 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 28 Nov 2023 06:07:56 GMT

GET
H3 200 logo.svg
s0.2mdn.net/4528404/1687521602712/ Frame F618 5 KB
2 KB 7ms
7ms Image
image/svg+xml 2a00:1450:4001:831::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/4528404/1687521602712/logo.svg

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d0d80991c6e4b62d5c77985c1e293aad44cc120e03aee7ae6936c79d25a0e467

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/sadbundle/8317705942888151156/index.html?e=69&leftOffset=0&topOffset=0&c=POtn6sijHx&t=1&renderingType=2&ev=01_250
Origin: https://s0.2mdn.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Mon, 27 Nov 2023 12:28:27 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 32476
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1913
x-xss-protection: 0
last-modified: Fri, 23 Jun 2023 12:00:03 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 28 Nov 2023 12:28:27 GMT

GET
H3 200 cta_mit-pfeil_01.svg
s0.2mdn.net/4528404/1687937402098/ Frame F618 2 KB
1 KB 9ms
8ms Image
image/svg+xml 2a00:1450:4001:831::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/4528404/1687937402098/cta_mit-pfeil_01.svg

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1a9cba16c5a30dc7cc3bdcbba2a45e9e2e28ec4437894302c6676369ed0ec732

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/sadbundle/8317705942888151156/index.html?e=69&leftOffset=0&topOffset=0&c=POtn6sijHx&t=1&renderingType=2&ev=01_250
Origin: https://s0.2mdn.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Mon, 27 Nov 2023 12:28:27 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 32476
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1134
x-xss-protection: 0
last-modified: Wed, 28 Jun 2023 07:30:02 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 28 Nov 2023 12:28:27 GMT

GET
H3 200 logo-d0d80991.svg
s0.2mdn.net/sadbundle/8317705942888151156/ Frame F618 5 KB
2 KB 10ms
10ms Image
image/svg+xml 2a00:1450:4001:831::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/8317705942888151156/logo-d0d80991.svg

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d0d80991c6e4b62d5c77985c1e293aad44cc120e03aee7ae6936c79d25a0e467

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/8317705942888151156/index.html?e=69&leftOffset=0&topOffset=0&c=POtn6sijHx&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Fri, 24 Nov 2023 08:48:53 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 304850
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1913
x-xss-protection: 0
last-modified: Fri, 01 Sep 2023 16:31:17 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 23 Nov 2024 08:48:53 GMT

GET
H3 200 GOa2ZK97xVqw-WOSDw2lqG4V8l_qTiI5JNj0tnI6N88.js Show response
pagead2.googlesyndication.com/bg/ Frame F198 39 KB
15 KB 17ms
17ms Script
text/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/GOa2ZK97xVqw-WOSDw2lqG4V8l_qTiI5JNj0tnI6N88.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

18e6b664af7bc55ab0f963920f0da5a86e15f25fea4e223924d8f4b6723a37cf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Mon, 27 Nov 2023 20:37:13 GMT
content-encoding: br
x-content-type-options: nosniff
age: 3150
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15296
x-xss-protection: 0
last-modified: Mon, 06 Nov 2023 16:38:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 26 Nov 2024 20:37:13 GMT

GET
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame 2C47 0
0 48ms
47ms Fetch
image/gif 172.217.18.2
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsuQSNoeIr0U0TashX_7GGsn_lqqTYDEuhWU0VHuqg-I2asfwSsl2p36cd6F8sXE-oaRyT0Q6mhUjOBMQ_hbSyxQBOF_3QBSTTgANw57B9NnRwD3Fsx-sfNmaJIRAVtyVo1G_c3MGb74x1MZ_yCDCZPK2vC6X8ngYujnvecexC6IEwtcakwpfUTV3gdAecWGPcp8Z1a6HzCAqTFL4u4IC-HySkDLRRc0EY-XC0EyimSEbxW9a99IeJnZhIjvtfresGsfYy6htxK-LSpqe5vzUIAv6OjQmeYAH4TA2ngBTeGbLQl3_Ze2bimnYMOpBgz_61e6Wlqbj_U3_rix6y1rEivf5nHARM5znTNFl-QaMME5Kh2aa_NtlX5HpvhjqQkocYDoyhflhZBXWcHlTkspW-Aualq-C4T5UmNiw76CFMM8xtiUs4eVTQB3wyQSBYHx88XIfWg8_22rC4QXw2DAbAN2-55A90MFyHRt2omBqaiNU7yiGsBm_zMD-XovU-BurueD2TORgx7AJbx0UyoYBm3gIDBtpD6S9NvT-Iqlb1xQAqg5J4SA8qPXiBJWPJ6Jbq7_vxbdnzBRtaCnfY0foLjMCIbvs4LDOUXCXHFMzhMx3vS1zdJ6FU_Vw8-WEJ9Dh1seRM6flher_trQA-Os7m3sAJj2RM0yQpryifjOeTb5ziLmBS3JStUbNIhFYEXwpbgxq6JB49Pdht-TyJ5Ofzdze4Hr-1VAWLQzfnOXbasd6Hd8Z-v4skA_voUyNxVJqNuXN8bRB2y9ga-SBZPwS2DmiV_zoYAAyKwpyeYnHYqZBkwbKYVzBXParZEPIMTfWVCslAUAhrkhBu5JWgte3L-0yOTYN1rQAyegS3hrcdY9g9mqZA4V-JnK5SSq1q8ahACf2-tOfWLVTK21HmFX8szVEbM67kXFnvgXZ6GsZF9jdr-5GDNZio1Un8JlA9SjhyZZbn3UhQXbnj1JBZ0eL_rz-SUKZv27AyQ7zrChUVEkEU4gau1c90HJKdwC4iol0vXPNXAdq6hbBTv-RvHEL1gfPLPtfhUbFMIrlW6ZDmi5zFGZid_flFyifh0LNHqtXvsWH_eL3FoGQtYMHTbk15HSov6coU3QEk7gY9EqMBD95h9CVjJEjW6D1yjLl-rb3UEzPVwoNjKrKMGirpdN93WXsbGXGtcRGpZfbBxC2CPrVJg0F5dabRmf9buHp207lAGE7Vx0LdXrpHd0kefPqWZYxD1ZtrpLksXSAuFdhnO0ssYsjNG9xmmTjsKPYtdpEJVEdhcICGIMI0sjVuoDbA&sai=AMfl-YSal3hwDKuTQlRIeOmFXbpuSh8Qoa1rw-7Lr5dfkyhFpQbPaXdgkbKxBL-ygpLKljs4XjLqhUOgCXSaPz2SQyX6PS-iHu-VGbJFxYnhKXU9XA0QeHIZ-yGoyQs2IRCqgM5F1DcjnJb0dBwkZ_6yyDME5JxaXZPHKlmYMiPVqTWZsqoM5aIk63qt3koOkBYD7CpU8BF1U58x7bpnrLhfGj8zZ-f2PEDTGS6JlNB5Krx8RzJtYsDVudXE7Ukq8wJcYt5AAOMkKORVVDeXseCKhEIgkCv7tFVKqgwGPCziYQ&sig=Cg0ArKJSzCfsHJJcX2nKEAE&uach_m=%5BUACH%5D&cry=1&fbs_aeid=%5Bgw_fbsaeid%5D&urlfix=1&omid=0&rm=1&ctpt=186&vt=11&dtpt=148&dett=3&cstd=37&cisv=r20231109.48474&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&arae=0&ftch=1&adurl=

Requested by

Host: fluxteam.net
URL: https://fluxteam.net/android/checkpoint/start.php?HWID=b07d3da23fd4ef181241032b70eb589ef61b6b206856cf47825d304320d3768440c47c152a2432ebf708a603cedd8d96

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.18.2 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra02s19-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Mon, 27 Nov 2023 21:29:43 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame F618 17 KB
6 KB 37ms
37ms Script
text/javascript 2a00:1450:4001:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_250.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Mon, 27 Nov 2023 21:29:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Mon, 27 Nov 2023 21:29:43 GMT

GET
H3 200 InterstateCondensedBlack.woff2
s0.2mdn.net/creatives/assets/4925812/ Frame F618 14 KB
14 KB 7ms
6ms Font
font/woff2 2a00:1450:4001:831::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/creatives/assets/4925812/InterstateCondensedBlack.woff2

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/8317705942888151156/index-be1f7599.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c3b7bf416424abed17314649bb71a1de7a3afc6af66840d04b730e69652e27ac

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/sadbundle/8317705942888151156/index-be1f7599.css
Origin: https://s0.2mdn.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Mon, 27 Nov 2023 21:28:43 GMT
x-content-type-options: nosniff
age: 60
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14644
x-xss-protection: 0
last-modified: Mon, 26 Jun 2023 09:13:06 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Mon, 27 Nov 2023 21:43:43 GMT

GET
H3 200 InterstateCondensed.woff2
s0.2mdn.net/creatives/assets/4925812/ Frame F618 28 KB
28 KB 6ms
6ms Font
font/woff2 2a00:1450:4001:831::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/creatives/assets/4925812/InterstateCondensed.woff2

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/8317705942888151156/index-be1f7599.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

241bb801b29748e542884f7b902c02f12f6a318ba97f70224986634926dbc433

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/sadbundle/8317705942888151156/index-be1f7599.css
Origin: https://s0.2mdn.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Mon, 27 Nov 2023 21:26:57 GMT
x-content-type-options: nosniff
age: 166
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 28596
x-xss-protection: 0
last-modified: Mon, 26 Jun 2023 09:13:02 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Mon, 27 Nov 2023 21:41:57 GMT

GET
H3 200 10302023-073017145-agata-voice-message.png
s0.2mdn.net/4528404/ Frame F618 4 MB
4 MB 7ms
6ms Image
image/png 2a00:1450:4001:831::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/4528404/10302023-073017145-agata-voice-message.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

90b795fe522fa435ad881eb36c42d675116cd5b62fa829cf2ab92af0ec2083ba

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/8317705942888151156/index.html?e=69&leftOffset=0&topOffset=0&c=POtn6sijHx&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Mon, 27 Nov 2023 02:50:02 GMT
x-content-type-options: nosniff
age: 67181
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4385778
x-xss-protection: 0
last-modified: Mon, 30 Oct 2023 14:30:17 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 28 Nov 2023 02:50:02 GMT

GET
H3 200 stoerer-oben-links-orange_15gb-15euro-01.svg
s0.2mdn.net/4528404/1699029002376/ Frame F618 18 KB
9 KB 7ms
7ms Image
image/svg+xml 2a00:1450:4001:831::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/4528404/1699029002376/stoerer-oben-links-orange_15gb-15euro-01.svg

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

986655c82a18a789a248d1f452af04b2c9fbcebbeb3fba9735f0badeee8e5a70

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/8317705942888151156/index.html?e=69&leftOffset=0&topOffset=0&c=POtn6sijHx&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Mon, 27 Nov 2023 06:07:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 55307
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8858
x-xss-protection: 0
last-modified: Fri, 03 Nov 2023 16:30:02 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 28 Nov 2023 06:07:56 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 0493 0
20 B 55ms
54ms Image
image/gif 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=44&t=2&bgai=BnX76RgplZbePOZadjuwP2sO92A4AAAAAOAHgBAI&bg=!yMuly4TNAAZxrfrxUa07ADQBe5WfOC8YNCENAkFJvX3G9atIGN2bgkLSyDDkhbRJlR_1scESCTo841cNFLIOnR5aIihJAgAAAIdSAAAAAWgBB5kC-yAM7uCBNh4L8fmokG3aMg7Yc-ZjuWKTHsKsQsL9bPuyKOX4s0dpvSjg0cZvPrIFDXCLbEv0hIdT2k5GVLVFFKt1nReTpvk1eSh4Sz1BqQHoRw1iZ3jM7dbQ7PqfqyeQzTQ7ePUpF_hpkVARew5nr0cg56hYpo7-rz4UEJTNB4Oh3sjViNH0lU0j2TwsL-ula0h8beF3dNf_fjMPDpmeZHyJKBNBxitE1OmIE0kCBLqoCEZ4_5-Bc18PTwHAQFL0QsEMVPmH_AutGuLw1JCqNDjrTeqhtWROxQ3CSxbq-0XO69hbeOX_YwyxeP17uOBtBVOpXlMorRWrjsvtdNYyzWOMHXKIulV59476_uNp6YsX3P6Nd0YeRXAM_OuA4KERCJuCGpx59QOZLOzVYA7wGFFU7THEDqSK6DyAulLW6wZD94chLsHCXGGQe1EzzUTyBt_kqjhc6KiTWJ1XGu-UXtD984caOmbhYZierjMJCj8a-xP5OamqHJoom6utuWyfqvmMMtTj0MCmOsRJST5-Fe0jfSwKthk0_A3xlbks7Qe2b_58FL-uyoxA5s9QXQlC_wS1DtutuFnuEkzsWH62Iguvd2-OPbRWungr20nldbguyOv9UVIod1nDmhV6KLocKJGNIOU9TOln5EE_V185B2gDdMm95XtdBiN1SIC7kgVf-KHdiY4d017oRdE3IQ4E_qBXjt8PofL-dqfWhaURzUXtSJ0LTe6HyeP_xF0IrBW2yHhdg5VUUAXdlzGg5s8RvbfbHm_7apJSTMpsJJk_HAais2423ht3RpMcCwRcSdA84UBOXVmSyTGvAcnl0bm9PNYymun9EZ4QB0U1CFXd1787KqW5mooEHWVDfgWFOSCyaeZ-dMv_2_RHfXLtAu1rCF2CW1WYTg_R3W2zFzqlwue8OEBGAQUzYqyj4Xs3WEbRZj30gn1AqJu7tLJ1WmWVD-PgbPZ8EQFOJKRuTbRxlPJ4ro-X6jj-ePflWVBcqlESBScbVZBTqrhPITk

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 27 Nov 2023 21:29:43 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 dc_oe=ChMIt8rDgJDlggMVlo6DBx3aYQ_rEAAYACCe44NdQhMIr4uEgJDlggMV4orpBR3-Rw5c;stragg=1;&timestamp=1701120583320;str=nextSlide;strtype=1
ade.googlesyndication.com/ddm/activity/ Frame CC3A 42 B
401 B 92ms
55ms Image
image/gif 142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ade.googlesyndication.com/ddm/activity/dc_oe=ChMIt8rDgJDlggMVlo6DBx3aYQ_rEAAYACCe44NdQhMIr4uEgJDlggMV4orpBR3-Rw5c;stragg=1;&timestamp=1701120583320;str=nextSlide;strtype=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 27 Nov 2023 21:29:43 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 GOa2ZK97xVqw-WOSDw2lqG4V8l_qTiI5JNj0tnI6N88.js Show response
pagead2.googlesyndication.com/bg/ Frame 9132 39 KB
15 KB 17ms
17ms Script
text/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/GOa2ZK97xVqw-WOSDw2lqG4V8l_qTiI5JNj0tnI6N88.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

18e6b664af7bc55ab0f963920f0da5a86e15f25fea4e223924d8f4b6723a37cf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Mon, 27 Nov 2023 20:37:13 GMT
content-encoding: br
x-content-type-options: nosniff
age: 3150
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15296
x-xss-protection: 0
last-modified: Mon, 06 Nov 2023 16:38:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 26 Nov 2024 20:37:13 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame AE89 0
20 B 54ms
54ms Image
image/gif 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=44&t=2&bgai=B_ZmYRgplZfbkPOftx_AP_I-gwAMAAAAAOAHgBAI&bg=!JiWlJWrNAAZxrfrxUa07ADQBe5WfOFAGEZVPTu0iYJ7r28OFbtx3RpdrzhVwThFPYhqjFAaa21vyE-Lt_M4XM-oPoFN8AgAAANlSAAAAAWgBB5kDBP62jzZ0qpS6i9Vg-mmMDYY9Bw0nes3oaM3GO-OkDiY8hIuE4LJ3UbBUZJz_qxlI2-g-YG1N7U75L8lKwPkMHiF9W9sf34nQxQ2EDwKuHhn62UUIA77sPxKPNgC4t1LQrpZIU6Ef3lZXvZCHaxn9k5hvB-IN8Wy6Lqfijv84UCxMpq50RJW9FQbs6JGXZhDWx0HOtgcIgQV7EG5tDpE72LClHBaR5UzHmwKuNALSRGLn7PXkyw9JBkerzuWOSRNcyrM_SL2p_6tevBH1o0_Bo_36ycJksCh8NX2guGra_5rVnAOiF0V0DgdwN2ASzpigLOh6tEz4qtdfQ6SUrnzZvMvnuAsJ09mlQThft0h2unKgNKtrTGgERticOnN7HIvXgImDVt_K23yEs7kLnuOlHvI1LKWEvY42EQ15k6AK7H2_VqMHOydDfdQZFxnaB2wCdl3WewhGvjM-ARHvPfb7h_A2CS6Ou9_Na478o8ha831N_UDX3wiAyeTq6g1jkIfBAI-2eNMOwgRxQ6cWF555wGp9TpRbXNcKkIwSwtsMF46l7fmBvLdRkox1SJgYlm--7tvpQyddVLfTduOO_s8TNytJ83fz773BrVyupoxqKe3eOikSvMg7TWIEsQYgmj6hvR6CAdpBsTNR68PAGKOn3JDLMAfiOrsgh7NLzKhATQu5WOah2SVrRos3Nw9Cn6E2gdpwTE-vIgs7-4w1k6paHjMGNfATgcCIv1eowOhZg6kY0uj433DMHZWlv4jrzRJ4wbJvRvDenMwMTJ1BFMMP87oa4LDB2aDVXFtc6AFOfeZhdr8Pm41QdZWrn280rhui9FUErIL1F5_oAgRdI783NnqsiwiG0yTyq0aa2Ie03Cgf7nXhukVoM0pRx7yHfECCXv1mr1vt2s9OtJS8II0jNLYCgY4Rp32fyxt6l-vEkI7Jp6HSCDPrbOWmyk2C1dai1VcHs4H-P50BGSTmVsZH6dUzXKxEUZqecMNAEsQXDk7bxWQCULopMBYErAw-9eMvVXOy-v4

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 27 Nov 2023 21:29:43 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ 0
0 55ms
55ms Image
text/html 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gda_r20231109&jk=1279570367545863&bg=!ra6lruHNAAZxrfrxUa07ADQBe5WfOHu9YtMcGXM8RNXvi6xI8OZyeksWxQil0BAm9y2XX2eXpYFflWABdF6SqdBIFMOQAgAAAGVSAAAAAmgBBwoAjGZB6QjDvTrCDqil98LxsMpPjRRkw_7It6vIQ6RGj7IVbazF1MxOopIqtuK_jj6DimfNjJV1jQxAJSNUrF29o7AwfNaCpBrC3LrC1DO_edgSNGonmMJjAakJT0qM_lSqC9H7nnTmOREeHttSsb4yzWKqARVOfG6KReGTfl6ThxFO5LlboTdqbYJLfbeQmQKw5nCjY6abjyO94hclNn7VPUALUHBhwfRb6pYIGVeMx-GnpeBs33bQkVeEd5eCDVgva81_Nbqfi7ypPJAZ_P4zybTZMgrjzWMm13LqmZ_wBpbl2eOVpEH8LxSt0KUNArQ9GI2Vv5FBCiWOw3K2YKmfvygSRvgO0h8SkxEvok2kywOhqNZxehNDorpCAz2rRIGcgRh98Y9YRBdeWAIEkaCxJtBIcda8Hf_6saSxWd-JMYm-_QSyPWQW9ZgUkur19Vq51L7e1tiDc0ziWgDORIYrwapmgjcYLeuuqViBJOfTwaIfSby5uY-vhdeFuQM-N-pqFv0R4ncFHawHwYuaeEKuvit6oZ0Hi8DffujNAyxH_rGZ9aonxaXalJ0NHM78a81Nbbq4IjON1F40p8IllKMIkHyDHAacgIBUxWgxPcXjuAlZjArDQXfCRqX2EBmzlUOl2bEr9j80svBjLy0YR7cVucP2qTfY0axJUxLdU0zqXxdAAxgnQg8qzVljOkFhdSGa6-fB7oNy7wmSW_gR89U-sWExt6cAa6VewYifyoftuhOKRvJ5W7wUTs-KnIhJYtAeUHm572mP5mzBMuDmX9j6nJvgHeCqYg22I9lXAzpbT71GBTJAmPrYhC2nBwNjMbUw8pEj4bJiKOqstUVChXlzv8VYHK6gJU4JnvoAS-tHoTQitgj0nlUqTvv_c-TUAsueGzNMRCqhwKzttWIAgKRAXWm9SprAAKzMLxOLElzjjSF-DwSXZwcelclstq4Wk4xysqtnNQkM4pSevrE_TMDjJG2ONcBZAJ7LMNPhVpXuTki4PzS9v0cT1XyH0cgKwc67PkUduupL4LEMO2AiyAhdXX9Ph8k1MAuipw5ms87OAq9gOpZGBncJXLMgVD6wwPyITUtfyX00zqKoEWdzsDwfdA
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://fluxteam.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 3CF2 42 B
64 B 46ms
45ms Fetch
image/gif 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsuryFraGoqwTptrzGrwRS934PvxCNq6NXQsEQouA4uX5On_ZidOdjhse2EhSkzSsm0X7le6OAjKmUVR9kmObKrQnm1OzUFdMk4qsBog-yckAfi8l5GmZLYAPRzBKfHlt1-PgrqkI4_z87YN&sai=AMfl-YQXli8QQCC8ZSoBx3BMwc6BY6geuApDI5kOEOOhBZxt_kK4_ek9a3GwFn1QvoukNugh21eAQyT9TerpX5TzdFQeLK5FAdAG-SJP0k9FcMjI1FQYNBIBWA1StD5S9CtKvtyBTQOhQJAuHjbyaU7IgQ&sig=Cg0ArKJSzN6NMWWXbiIIEAE&cid=CAQSTwDICaaNq-bqI040App5Zym3b9GmrbK-BLhigLprPsf5ESORbzqfc-YKjaMsVoA7J0KcZ1IXiJgFxNWeU-QyAJpUU6M3B94P-jXspdK7nrwYAQ&id=lidar2&mcvt=1000&p=0,0,600,160&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20231116&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=20&adk=1812271804&rs=2&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0%3D&vs=4&r=v&rst=1701120582714&rpt=188&met=ie&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 27 Nov 2023 21:29:44 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 2C47 42 B
64 B 43ms
43ms Fetch
image/gif 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsulMIxMQBlMem4gDb-swsEmefwMjuKKVbCoubZKZxXrvhLmWmDLm5uUhhosH75P6YD8sPqgIIgGxhWd8U4_mhS53KaaWvl_vpZ8MuPmZxutJPuUp0c1KHt5uBM9z9fX7Z4whkBg95xAiY6D&sai=AMfl-YS90FwV_uZZqcXSU5KSnQ_sPOOR1CLglAhWCDx0r6SJGf8niZyzaedQek1GXFD2Di7TY3p1GXHLhDGx2JUw3eyjJM43lW6zwge4d1iOvh9485xjKhi9ZA6TZkmbLauq8VUH-jeEFhfLwTFk6rbhhA&sig=Cg0ArKJSzPaXcjSECx3LEAE&cid=CAQSTwDICaaNq-bqI040App5Zym3b9GmrbK-BLhigLprPsf5ESORbzqfc-YKjaMsVoA7J0KcZ1IXiJgFxNWeU-QyAJpUU6M3B94P-jXspdK7nrwYAQ&id=lidar2&mcvt=1003&p=0,0,90,728&mtos=393,859,1003,1003,1003&tos=393,466,144,0,0&v=20231116&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=20&adk=1812271801&rs=2&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0%3D&vs=4&r=v&rst=1701120582733&rpt=349&met=ce&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 27 Nov 2023 21:29:44 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame CC3A 0
21 B 51ms
51ms Ping
image/gif 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tler&ord=3699060429716&version=m202309260101&ct=76&x=1&cor=12467369455138976000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 27 Nov 2023 21:29:44 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame CC3A 42 B
64 B 43ms
43ms Fetch
image/gif 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjstqsxjXCE_JyuAK2T2tIEqtFIp7kEJlWdYeQ6lAKnAgjzrJbhz_Gy8PhgS_YmWFRdSJ-C8KtGdPRTH96YpbGNVE_m6LO_nsbSI20WVFps7n7sXFZP4lFElbcVmkz_rbNnnvyM6N5MkM_opQ&sai=AMfl-YQEjiFLJ9oHiVdlv1HacU27KGR1sSYAqQFG9sEC0L8JTSyB1heTaftMUk_CI4dMZFXrtSi-ZNCXHnQ5dAgMLfxAYB6VfbpDnpQ6A2E_8Dm2jv7DhTp5VaI0FcAKMQJ4hWzjmVS2M5WWtwedL_4tkA&sig=Cg0ArKJSzHAneZaegfgsEAE&cid=CAQSTwDICaaNq-bqI040App5Zym3b9GmrbK-BLhigLprPsf5ESORbzqfc-YKjaMsVoA7J0KcZ1IXiJgFxNWeU-QyAJpUU6M3B94P-jXspdK7nrwYAQ&id=lidar2&mcvt=1000&p=0,0,600,160&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20231116&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=20&adk=1812271803&rs=2&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0%3D&vs=4&r=v&rst=1701120582702&rpt=303&met=ie&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 27 Nov 2023 21:29:44 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 index.js Show response
s0.2mdn.net/sadbundle/8660697951102249597/ Frame CA2D 135 KB
22 KB 7ms
7ms Script
application/x-javascript 2a00:1450:4001:831::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/8660697951102249597/index.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/8660697951102249597/index.html?ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

bc608f4a24b2d6423c4743821986af7d7f3fef1e2b3bf8dc4cf0864eb3c1d5d6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/8660697951102249597/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Mon, 27 Nov 2023 08:16:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 47623
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 22997
x-xss-protection: 0
last-modified: Wed, 08 Nov 2023 13:36:29 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 26 Nov 2024 08:16:01 GMT

GET
H3 200 script.js Show response
s0.2mdn.net/sadbundle/8660697951102249597/ Frame CA2D 8 KB
2 KB 7ms
7ms Script
application/x-javascript 2a00:1450:4001:831::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/8660697951102249597/script.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/8660697951102249597/index.html?ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b774a4be3b45ab7c1cbba8d6a4b19bcbcb4e9ebae699b125b05e6f17b6bd57d7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/8660697951102249597/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Mon, 27 Nov 2023 08:16:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 47623
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1993
x-xss-protection: 0
last-modified: Wed, 08 Nov 2023 13:36:29 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 26 Nov 2024 08:16:01 GMT

GET
H3 200 index_atlas_P_1.png
s0.2mdn.net/sadbundle/8660697951102249597/images/ Frame CA2D 137 KB
137 KB 8ms
7ms Image
image/png 2a00:1450:4001:831::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/8660697951102249597/images/index_atlas_P_1.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

442403f662802cc840ca7cec818685d4b1588509978e8eb2fc98cc195c72acd0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/8660697951102249597/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Mon, 27 Nov 2023 08:16:01 GMT
x-content-type-options: nosniff
age: 47623
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 139942
x-xss-protection: 0
last-modified: Wed, 08 Nov 2023 13:36:29 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 26 Nov 2024 08:16:01 GMT

GET
H3 200 index_atlas_NP_1.jpg
s0.2mdn.net/sadbundle/8660697951102249597/images/ Frame CA2D 2 KB
2 KB 7ms
7ms Image
image/jpeg 2a00:1450:4001:831::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/8660697951102249597/images/index_atlas_NP_1.jpg

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e229474f67daf83c68c465db8dc8451b46eda59b26ec1e36ffd0f746225c6fd6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/8660697951102249597/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Mon, 27 Nov 2023 08:16:03 GMT
x-content-type-options: nosniff
age: 47621
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2116
x-xss-protection: 0
last-modified: Wed, 08 Nov 2023 13:36:29 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 26 Nov 2024 08:16:03 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 2C47 0
21 B 51ms
51ms Ping
image/gif 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tler&ord=5131809877629&version=m202309260101&ct=76&x=1&cor=4618034791997709000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 27 Nov 2023 21:29:44 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Verdicts & Comments Add Verdict or Comment

60 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

17 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
fluxteam.net/	1969-12-31 23:59:59	Name: PHPSESSID Value: 892ffj2m0p92hua3esar933n2u
.discordapp.com/	1970-01-20 16:32:02	Name: __cf_bm Value: 3173II90EW2_o72oEiG4xUvOuwStB.xLMb9D.PFNhXc-1701120581-0-AQIcluHCkg5ZSVsVvWbJQvIQ+KHfU1HxT3jxquv4UdaRB77gsa9dKDXxgnBbJQkNT0bxvWdDxPYC6LCPJbY8SHQ=
.discordapp.com/	1969-12-31 23:59:59	Name: _cfuvid Value: CUd95exClhlBNnq2XWKKG1SejmlS1NOzUKwANi4Cegs-1701120581479-0-604800000
.fluxteam.net/	1970-01-21 01:53:36	Name: __gads Value: ID=fec932280467b071:T=1701120581:RT=1701120581:S=ALNI_MbU4LnaY2dyTlVUwj6khFc2mqlVXg
.fluxteam.net/	1970-01-21 01:53:36	Name: __gpi Value: UID=00000ce81a8a22c6:T=1701120581:RT=1701120581:S=ALNI_Mb0Y8l4-d8pERoj8ArR5dm10eaz8Q
.adnxs.com/	1970-01-20 18:41:36	Name: uuid2 Value: 6019786321761395421
.doubleclick.net/	1970-01-21 01:53:36	Name: IDE Value: AHWqTUkxl4Sc521_wLsrNtoVm8FBRw4_YzGUkbkBQWDePPMlskVzLMaBpiqM2hAT
.casalemedia.com/	1970-01-21 01:17:36	Name: CMID Value: ZWUKRsxe5aw1o2r5.sQYjgAA
.casalemedia.com/	1970-01-20 18:41:36	Name: CMPS Value: 2198
.casalemedia.com/	1970-01-20 18:41:36	Name: CMPRO Value: 2198
.adnxs.com/	1970-01-20 18:41:36	Name: anj Value: dTM7k!M41.D>6NRF']wIg2Hb9IqFr[!@wnfH8K6pQK`!5=E<L5?%LW1T'WdgLt/O2T]mb5+M2:1K-.y@X+Qt1FH/MbpRzqF1`b_$6)z)dO
m.exactag.com/	1970-01-20 18:41:36	Name: exactag_new_gk Value: 4328792e96c64511b4d64ca16da56e3e%7C26.01.2024%2021%3A29%3A42
m.exactag.com/	1969-12-31 23:59:59	Name: session_session Value: c0dea4f3506049f1802643ec
.doubleclick.net/	1970-01-20 20:51:12	Name: APC Value: AfxxVi5napBT9AN9b5gkDUYOPv3Hj9xWbPXUKOnVK1l4B2H2iQLrXQ
m.exactag.com/	1970-01-20 20:51:12	Name: exactag_new_uk Value: 4a866b5de00644b5a51174ede44cbbe5%7C
.demdex.net/	1970-01-20 20:51:12	Name: demdex Value: 65550483984114829973491082210648036197
.skydeutschland.demdex.net/	1970-01-20 20:51:12	Name: skydeutschland Value: 65550483984114829973491082210648036197

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
security	warning	URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js(Line 500) Message: An iframe which has both allow-scripts and allow-same-origin for its sandbox attribute can escape its sandboxing.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ad.doubleclick.net
ade.googlesyndication.com
ak2.rmbl.ws
cdn.discordapp.com
cdnjs.cloudflare.com
cm.g.doubleclick.net
dsum-sec.casalemedia.com
fluxteam.net
fonts.googleapis.com
fonts.gstatic.com
googleads.g.doubleclick.net
googleads4.g.doubleclick.net
ib.adnxs.com
imasdk.googleapis.com
m.exactag.com
pagead2.googlesyndication.com
pixel.adsafeprotected.com
rumble.com
s0.2mdn.net
skydeutschland.demdex.net
static.adsafeprotected.com
tpc.googlesyndication.com
www.google.com
www.googletagservices.com
142.250.184.194
142.250.185.102
162.159.133.233
170.187.189.97
172.217.18.2
172.217.23.98
172.64.151.101
172.98.59.28
213.202.235.9
2600:9000:2440:4800:8:48e:53c0:93a1
2606:4700::6811:190e
2a00:1450:4001:806::2001
2a00:1450:4001:808::2002
2a00:1450:4001:811::2002
2a00:1450:4001:828::2003
2a00:1450:4001:828::2004
2a00:1450:4001:829::2002
2a00:1450:4001:82a::200a
2a00:1450:4001:830::200a
2a00:1450:4001:831::2006
2a02:26f0:7100::213:c6a8
35.171.0.218
37.252.171.149
52.19.196.31
00f9993d985ffa755ba921961ce70bc6854f84916a4cbabcf8489177251876d1
0a43c20863b324fe2bec355b5ebdc6566861742f92018f12be1b38fa2c8b7767
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0dea96581061736d154b6cbd279b0389c4c32072b24f2ea5b63659f4520ad24d
113dd76695ffd745ed2db133bfd22de4e9a2e924322f87fa8b8be5a9dfd2ba17
1642dd5dc126df4feff2255cba0988528507973d842d0a73331a5873f6b9d4e5
18c7903520efbaf8382b51b5770b928889593eeab49be19d34c059b207b2e910
18e6b664af7bc55ab0f963920f0da5a86e15f25fea4e223924d8f4b6723a37cf
1a9cba16c5a30dc7cc3bdcbba2a45e9e2e28ec4437894302c6676369ed0ec732
1aa8845fd06e475aefe733d4e55b36a92fcd487975049c8172341827ac9cc03e
241bb801b29748e542884f7b902c02f12f6a318ba97f70224986634926dbc433
27f2562f4ad6774b9a6707d5ab13117088c1120c2252f2c1ff5451a31e1978d4
28581a9c3e927973d978984f3d463644abae1650c1128105cc603629666e67e4
2d83037ce2ffc22730c16d836bc274d26dbe75e95b3a3ca15924102e837b2e8b
3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5
31d02f43dd0c7fc5c0d95db087a23f1c2d729c93f10450884c8da6b415f7839b
38eb0379c855f10a0e69073af6b54582216fa37b7e2b1563a1246bbf1ef49642
3c30eaaa059a466037880c18c01c2fe94183d8e67eaab42061d4d2a180114658
3d2067d4b9b5b9d3003ffa4dc17b44616dc00a543f59eea17df555e959f20b53
3dd29541a87ff854d017f7ec139faa4a05e3e732db089226951741ec7e5b3995
404419307e8b5d448ba2ad4aa375f5d69cfc007c4a04610b4634d879ef3f2bd5
42b976597a2d977d0e300f6d06bc903db389e5c112d33c1c8c249690a522d9f2
435db380c9936c0970dcd3d9941eab6aec2fcf2a38c3e2b4e02d957e8e76bd1f
441e23601fe7525a142857c98cbb2784997579d51a17f736d7964dceee609709
442403f662802cc840ca7cec818685d4b1588509978e8eb2fc98cc195c72acd0
47a0342d90a877ec7125c3a38706b2faefa9b867661ebcef4a98ec6cf3e60b40
4a32283aaba0418ac1b0953af32fbe71948d43e7cdc08abeca552a9373809087
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4ddf6973fa3421cc10d8946187a761c0317632b66442c3d20c736024fba1029f
540e23530265873cdaaebfed4ad60d1e1271ab5921c39a2c548cac2029f9a273
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
563d8b655debf02dc76ee9cad7e2114692c770d009bfc9ed1f9153eb384593d1
5dcd25d13d67e40b21bad318e54e3144cbdac00400496219a2ed98f1b8470547
5ffa36b4310d6935fab68e6d90dd0acaeb07db7b7928a3f1416099529a4fbdad
610d24f5996131b3ab98f18e05441cc246aa8674c3842df0df2b40b57ac9fd0c
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
623c81b092a6116d4d60ff89b14803818efb0b9aebf6e4e2c50241e802f6e016
62afec092c21b138eeb1fc55859f60c19dd12ca3c02bdfeb336a820b016a547b
6300f448d738e70ac11f0140df0b3ce91a2de9e0da7fdf09d32d28031600ba51
68b34a28617137221b76b93546359bf577aea1d6b3aadbd65b40e8bbdae7dd0f
850497e1b99867acc781a4e5a16f8eeb2d6c24539346e55af96981a3d2e4b4bb
8c15b2dce6c1bf74c7fe445c68f09b6f8ae28a9d8aafbfe6df7617050b7250b8
8f665ba5c27890ebed553836dee5572ad583c0a65374373741ec0a5309df2b5a
90252ef0aa9e3d36c861bbeaa1bd57b7f855333edf2957ab9473838a52e2dd7f
90b795fe522fa435ad881eb36c42d675116cd5b62fa829cf2ab92af0ec2083ba
986655c82a18a789a248d1f452af04b2c9fbcebbeb3fba9735f0badeee8e5a70
9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120
a2eacbd0a55e794d92e79a03b68c07f613a0ab710ffaffe5f1d12d67aac843a1
a5005b2e414770fd5ccb40bc221a12771966d02b5c1f9c89da48bd8e3811d377
a6d36aa3d742ccd6f1ca3c76dcf885af72f7bebe2fcc001ea011a7aea2f55678
afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277
b0d78b4059c31304138a8cc6eebd3e8c92c3c8c3cec807bbc678a1392851de2b
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b774a4be3b45ab7c1cbba8d6a4b19bcbcb4e9ebae699b125b05e6f17b6bd57d7
bc12347103da4da2ac30f8b4defd567679284e0bad691a54fad78ad804fc9c27
bc608f4a24b2d6423c4743821986af7d7f3fef1e2b3bf8dc4cf0864eb3c1d5d6
be1f75994e53be710e621d9552d7cc796a347e85622acc435325d94e076b6996
c1b2da575466eb30982e08c1020f55bcf2d9565f53bd64c3da87a1d774d75588
c3b7bf416424abed17314649bb71a1de7a3afc6af66840d04b730e69652e27ac
c4b813f7aa04eca20be469b259cca2779799f58e280d73488bd7386940d2d146
c5d15e7e415db86a3a281c1c34b5a3f2a1c5fe4ab7654d683a44badefce285e5
c6b461e28398566c5400381c27546e3c6d5e6ea790d53afa6ac2c64148772ac9
cfcce6fbc676bcdc4c9f2e2cbdd40cee40a4b9066f829f4e9e400cbe142183f2
d00881661ce5e766ce98430f69d6d217ab80bdfa98811e039afc92a327d57a68
d0bffc7261df1454c5e05475cda7d9e6647318dc6c3936767e1252bfe8849c54
d0d80991c6e4b62d5c77985c1e293aad44cc120e03aee7ae6936c79d25a0e467
d7502e785bdc8f7184cab7e278053c49be4458393085eb2fbddabf35b895c310
dc938f914a45d9704b821d83ed0ac1360240d3ac62d7c60878288c3c67279bc3
e229474f67daf83c68c465db8dc8451b46eda59b26ec1e36ffd0f746225c6fd6
e2ec81b19233fd4cd6ef5adcb45c0cbec6bd5673716ba0454ce56b67486ece46
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e8578b8b75718eea5c893f802369281a62f86c6cf6c4fe9d8ea124315cf13f4a
eb66c7c9d097d5ba414230f422484c17fa6f37157d30e1ded2cc5f65a9667987
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f505d53d3f8bc8231c6cd9c9589a77cd72bb9cd2e51769b9f4a9738c71f14fc3
f52bcfd4c995637f3be1f111702110d9bd622b6c00195e88b740944db1bbdbce
ffaf211aeac8134c5e4b6a6e70dd3f0a0a5ec070c0d679d53aaaf5b101175370

fluxteam.net Open in urlscan Pro 170.187.189.97 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

141 Requests

90 %HTTPS

50 %IPv6

17 Domains

24 Subdomains

24 IPs

5 Countries

11739 kBTransfer

16319 kBSize

17 Cookies

0 Outgoing links

Redirected requests

141 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 3 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

fluxteam.net Open in urlscan Pro
170.187.189.97 Public Scan

Screenshot
Live screenshot

Full Image

141
Requests

90 %
HTTPS

50 %
IPv6

17
Domains

24
Subdomains

24
IPs

5
Countries

11739 kB
Transfer

16319 kB
Size

17
Cookies

141 HTTP transactions
3 data transactions