goo.by Open in urlscan Pro
2606:4700:3030::6815:56e9 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://goo.by/vKFNR
Effective URL:
https://goo.by/
Submission: On October 13 via manual (October 13th 2022, 8:19:56 pm UTC) from US — Scanned from DE

Summary HTTP 159 Redirects Behaviour Indicators

Summary

This website contacted 19 IPs in 7 countries across 27 domains to perform 159 HTTP transactions. The main IP is 2606:4700:3030::6815:56e9, located in United States and belongs to CLOUDFLARENET, US. The main domain is goo.by.
TLS certificate: Issued by E1 on September 21st 2022. Valid for: 3 months.

This is the only time goo.by was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 17	2606:4700:303... 2606:4700:3030::6815:56e9	13335 (CLOUDFLAR...) (CLOUDFLARENET)
9	2606:4700::68... 2606:4700::6811:180e	13335 (CLOUDFLAR...) (CLOUDFLARENET)
16	2a00:1450:400... 2a00:1450:4001:82f::2002	15169 (GOOGLE) (GOOGLE)
3 10	2a00:1450:400... 2a00:1450:4001:830::2004	15169 (GOOGLE) (GOOGLE)
14	2a00:1450:400... 2a00:1450:4001:80b::2003	15169 (GOOGLE) (GOOGLE)
5 10	2a02:6b8::1:119 2a02:6b8::1:119	13238 (YANDEX) (YANDEX)
21	2a00:1450:400... 2a00:1450:4001:827::2002	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:829::2002	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:809::2002	15169 (GOOGLE) (GOOGLE)
8	2a00:1450:400... 2a00:1450:4001:80b::2002	15169 (GOOGLE) (GOOGLE)
7	2a00:1450:400... 2a00:1450:4001:811::2003	15169 (GOOGLE) (GOOGLE)
6	2a00:1450:400... 2a00:1450:4001:82b::200a	15169 (GOOGLE) (GOOGLE)
32	2a00:1450:400... 2a00:1450:4001:82f::2001	15169 (GOOGLE) (GOOGLE)
1 1	35.204.74.118 35.204.74.118	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
11	142.250.181.226 142.250.181.226	15169 (GOOGLE) (GOOGLE)
2 2	18.185.225.77 18.185.225.77	16509 (AMAZON-02) (AMAZON-02)
1	34.98.67.61 34.98.67.61	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
2 2	37.157.3.30 37.157.3.30	198622 (ADFORM) (ADFORM)
2	35.186.253.211 35.186.253.211	15169 (GOOGLE) (GOOGLE)
1 1	2600:9000:223... 2600:9000:223f:4a00:1b:5138:8a40:93a1	16509 (AMAZON-02) (AMAZON-02)
1 1	51.89.9.254 51.89.9.254	16276 (OVH) (OVH)
1	2a02:fa8:8806... 2a02:fa8:8806:20::2010	41041 (VCLK-EU-SE) (VCLK-EU-SE)
1 2	2606:4700:440... 2606:4700:4400::ac40:98f5	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 1	69.173.144.165 69.173.144.165	26667 (RUBICONPR...) (RUBICONPROJECT)
2 2	216.52.2.19 216.52.2.19	30282 (AS-INAPCD...) (AS-INAPCDN-OCY)
3 3	213.19.147.45 213.19.147.45	26120 (RHYTHMONE) (RHYTHMONE)
2 2	185.89.211.132 185.89.211.132	29990 (ASN-APPNEX) (ASN-APPNEX)
159	19

17 2606:4700:3030::6815:56e9 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

goo.by	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 2606:4700::6811:180e (United States)

ASN13335 (CLOUDFLARENET, US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

16 2a00:1450:4001:82f::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 2a00:1450:4001:830::2004 (Frankfurt am Main, Germany) 3 redirects

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

14 2a00:1450:4001:80b::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 2a02:6b8::1:119 (Moscow, Russian Federation) 5 redirects

ASN13238 (YANDEX, RU)

mc.yandex.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
mc.yandex.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
mc.yandex.by	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

21 2a00:1450:4001:827::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:829::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

partner.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:809::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2a00:1450:4001:80b::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2a00:1450:4001:811::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a00:1450:4001:82b::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

32 2a00:1450:4001:82f::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.204.74.118 (Groningen, Netherlands) 1 redirects

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 118.74.204.35.bc.googleusercontent.com

um.simpli.fi	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 142.250.181.226 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s56-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 18.185.225.77 (Frankfurt am Main, Germany) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-18-185-225-77.eu-central-1.compute.amazonaws.com

x.bidswitch.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.98.67.61 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 61.67.98.34.bc.googleusercontent.com

odr.mookie1.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 37.157.3.30 (Denmark) 2 redirects

ASN198622 (ADFORM, DK)

c1.adform.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.186.253.211 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 211.253.186.35.bc.googleusercontent.com

rtb.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:223f:4a00:1b:5138:8a40:93a1 (United States) 1 redirects

ASN16509 (AMAZON-02, US)

s.ad.smaato.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 51.89.9.254 (London, United Kingdom) 1 redirects

ASN16276 (OVH, FR)
PTR: ip254.ip-51-89-9.eu

onetag-sys.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:fa8:8806:20::2010 (Singapore)

ASN41041 (VCLK-EU-SE, US)

dclk-match.dotomi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700:4400::ac40:98f5 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

a.tribalfusion.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
s.tribalfusion.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 69.173.144.165 (Frankfurt am Main, Germany) 1 redirects

ASN26667 (RUBICONPROJECT, US)

pixel.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 216.52.2.19 (United States) 2 redirects

ASN30282 (AS-INAPCDN-OCY, US)

ap.lijit.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 213.19.147.45 (Amsterdam, Netherlands) 3 redirects

ASN26120 (RHYTHMONE, US)

sync.1rx.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
sync.targeting.unrulymedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.89.211.132 (Frankfurt am Main, Germany) 2 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 961.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

secure.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
48	googlesyndication.com pagead2.googlesyndication.com — Cisco Umbrella Rank: 104 tpc.googlesyndication.com — Cisco Umbrella Rank: 147	522 KB
30	doubleclick.net googleads.g.doubleclick.net — Cisco Umbrella Rank: 43 cm.g.doubleclick.net — Cisco Umbrella Rank: 215	189 KB
21	gstatic.com www.gstatic.com fonts.gstatic.com	543 KB
17	goo.by 1 redirects goo.by	203 KB
13	google.com 3 redirects www.google.com — Cisco Umbrella Rank: 2 adservice.google.com — Cisco Umbrella Rank: 78	42 KB
9	cloudflare.com cdnjs.cloudflare.com — Cisco Umbrella Rank: 216	35 KB
6	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 44	5 KB
5	googletagservices.com www.googletagservices.com — Cisco Umbrella Rank: 193	232 KB
5	yandex.com 2 redirects mc.yandex.com — Cisco Umbrella Rank: 9943	2 KB
3	google.de adservice.google.de — Cisco Umbrella Rank: 8724	1 KB
3	yandex.ru 2 redirects mc.yandex.ru — Cisco Umbrella Rank: 3510	57 KB
2	adnxs.com 2 redirects secure.adnxs.com — Cisco Umbrella Rank: 438	2 KB
2	1rx.io 2 redirects sync.1rx.io — Cisco Umbrella Rank: 543	2 KB
2	lijit.com 2 redirects ap.lijit.com — Cisco Umbrella Rank: 599	1 KB
2	tribalfusion.com 1 redirects a.tribalfusion.com — Cisco Umbrella Rank: 828 s.tribalfusion.com — Cisco Umbrella Rank: 2234	1 KB
2	openx.net rtb.openx.net — Cisco Umbrella Rank: 1521	486 B
2	adform.net 2 redirects c1.adform.net — Cisco Umbrella Rank: 627	1 KB
2	bidswitch.net 2 redirects x.bidswitch.net — Cisco Umbrella Rank: 303	2 KB
2	yandex.by 1 redirects mc.yandex.by — Cisco Umbrella Rank: 162947	325 B
1	unrulymedia.com 1 redirects sync.targeting.unrulymedia.com — Cisco Umbrella Rank: 1094	576 B
1	rubiconproject.com 1 redirects pixel.rubiconproject.com — Cisco Umbrella Rank: 347	464 B
1	dotomi.com dclk-match.dotomi.com — Cisco Umbrella Rank: 2865	104 B
1	onetag-sys.com 1 redirects onetag-sys.com — Cisco Umbrella Rank: 777	339 B
1	smaato.net 1 redirects s.ad.smaato.net — Cisco Umbrella Rank: 717	443 B
1	mookie1.com odr.mookie1.com — Cisco Umbrella Rank: 987	356 B
1	simpli.fi 1 redirects um.simpli.fi — Cisco Umbrella Rank: 841	714 B
1	googleadservices.com partner.googleadservices.com — Cisco Umbrella Rank: 888	692 B
159	27

	Domain	Requested by
32	tpc.googlesyndication.com	googleads.g.doubleclick.net goo.by tpc.googlesyndication.com pagead2.googlesyndication.com
19	googleads.g.doubleclick.net	pagead2.googlesyndication.com googleads.g.doubleclick.net
17	goo.by	1 redirects goo.by
16	pagead2.googlesyndication.com	goo.by pagead2.googlesyndication.com googleads.g.doubleclick.net tpc.googlesyndication.com www.googletagservices.com
14	www.gstatic.com	www.google.com www.gstatic.com googleads.g.doubleclick.net
11	cm.g.doubleclick.net	goo.by googleads.g.doubleclick.net
10	www.google.com	3 redirects goo.by www.gstatic.com www.google.com googleads.g.doubleclick.net tpc.googlesyndication.com
9	cdnjs.cloudflare.com	goo.by
7	fonts.gstatic.com	www.google.com fonts.googleapis.com
6	fonts.googleapis.com	googleads.g.doubleclick.net tpc.googlesyndication.com
5	www.googletagservices.com	googleads.g.doubleclick.net
5	mc.yandex.com	2 redirects goo.by
3	adservice.google.com	pagead2.googlesyndication.com
3	adservice.google.de	pagead2.googlesyndication.com
3	mc.yandex.ru	2 redirects goo.by
2	secure.adnxs.com	2 redirects
2	sync.1rx.io	2 redirects
2	ap.lijit.com	2 redirects
2	rtb.openx.net	googleads.g.doubleclick.net
2	c1.adform.net	2 redirects
2	x.bidswitch.net	2 redirects
2	mc.yandex.by	1 redirects goo.by
1	sync.targeting.unrulymedia.com	1 redirects
1	pixel.rubiconproject.com	1 redirects
1	s.tribalfusion.com
1	a.tribalfusion.com	1 redirects
1	dclk-match.dotomi.com	googleads.g.doubleclick.net
1	onetag-sys.com	1 redirects
1	s.ad.smaato.net	1 redirects
1	odr.mookie1.com	googleads.g.doubleclick.net
1	um.simpli.fi	1 redirects
1	partner.googleadservices.com	pagead2.googlesyndication.com
159	32

This site contains no links.

Subject Issuer	Validity	Valid
*.goo.by E1	`2022-09-21` - `2022-12-20`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2022-08-03` - `2023-08-02`	a year	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2022-09-12` - `2022-12-05`	3 months	crt.sh
www.google.com GTS CA 1C3	`2022-09-12` - `2022-12-05`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2022-09-12` - `2022-12-05`	3 months	crt.sh
mc.yandex.ru GlobalSign ECC OV SSL CA 2018	`2022-05-21` - `2022-10-31`	5 months	crt.sh
*.google.com GTS CA 1C3	`2022-09-12` - `2022-12-05`	3 months	crt.sh
*.googleadservices.com GTS CA 1C3	`2022-09-12` - `2022-12-05`	3 months	crt.sh
*.google.de GTS CA 1C3	`2022-09-12` - `2022-12-05`	3 months	crt.sh
upload.video.google.com GTS CA 1C3	`2022-09-12` - `2022-12-05`	3 months	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2022-09-12` - `2022-12-05`	3 months	crt.sh
*.mookie1.com DigiCert TLS RSA SHA256 2020 CA1	`2022-02-24` - `2023-03-27`	a year	crt.sh
*.openx.net GeoTrust RSA CA 2018	`2022-07-21` - `2023-08-21`	a year	crt.sh
*.dotomi.com GlobalSign RSA OV SSL CA 2018	`2022-08-09` - `2023-09-10`	a year	crt.sh

This page contains 25 frames:

Primary Page: https://goo.by/
Frame ID: C1702554F91A91F476E45C2262E28F73
Requests: 46 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20221012/r20190131/zrt_lookup.html
Frame ID: 8B8645D11185CA7B687FBA442B709C06
Requests: 1 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LcUoOQUAAAAANHj_juVSgLjxCWAABmUxJr-DhCw&co=aHR0cHM6Ly9nb28uYnk6NDQz&hl=en&v=vP4jQKq0YJFzU6e21-BGy3GP&size=invisible&cb=669dojxrnhn6
Frame ID: B77BF005E657884304257E61FC753347
Requests: 8 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8917830189100721&output=html&adk=293675617&adf=814277786&lmt=1665692389&plat=1%3A16777216%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&format=0x0&url=https%3A%2F%2Fgoo.by%2F&ea=0&pra=5&wgl=1&easpi=0&asntp=0&asntpv=0&asntpl=0&asntpm=0&asntpc=0&asna=5&asnd=5&asnp=5&asns=5&asmat=1&asptt=-1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1665692389792&bpp=7&bdt=163&idt=141&shv=r20221012&mjsv=m202210060101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=4547817296396&frm=20&pv=2&ga_vid=702951412.1665692390&ga_sid=1665692390&ga_hid=1981127989&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C44761792%2C42531705%2C44773613%2C31070256%2C31068920&oid=2&pvsid=3116651609360576&tmod=129102118&uas=0&nvt=1&eae=2&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=1&uci=a!1&fsb=1&dtd=158
Frame ID: 0B1F2EE8D97F661D44DB569006475484
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8917830189100721&output=html&h=280&adk=2348938529&adf=2605566815&pi=t.aa~a.181677489~rp.1&w=1140&fwrn=4&fwrnh=100&lmt=1665692389&rafmt=1&to=qs&pwprc=8236848451&format=1140x280&url=https%3A%2F%2Fgoo.by%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1665692389799&bpp=3&bdt=170&idt=154&shv=r20221012&mjsv=m202210060101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=2&correlator=4547817296396&frm=20&pv=1&ga_vid=702951412.1665692390&ga_sid=1665692390&ga_hid=1981127989&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=230&ady=395&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C44761792%2C42531705%2C44773613%2C31070256%2C31068920&oid=2&pvsid=3116651609360576&tmod=129102118&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=UwDins30Jb&p=https%3A//goo.by&dtd=157
Frame ID: 9984285F670FD2757A8D4E8BA0C4FAD5
Requests: 16 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8917830189100721&output=html&h=280&adk=2814367607&adf=3589342682&pi=t.aa~a.2921636334~rp.1&w=1200&fwrn=4&fwrnh=100&lmt=1665692390&rafmt=1&to=qs&pwprc=8236848451&format=1200x280&url=https%3A%2F%2Fgoo.by%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1665692390676&bpp=2&bdt=1047&idt=-M&shv=r20221012&mjsv=m202210060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D23757c34d915940f-2269111a45ce008d%3AT%3D1665692389%3ART%3D1665692389%3AS%3DALNI_MZuR-uRMLDLlo9t60KgQc5vnEZtPw&gpic=UID%3D000005765d427186%3AT%3D1665692389%3ART%3D1665692389%3AS%3DALNI_MZRhe2RxJq9B1pxF8M1w_h6jSihKQ&prev_fmts=0x0%2C1140x280&nras=3&correlator=4547817296396&frm=20&pv=1&ga_vid=702951412.1665692390&ga_sid=1665692390&ga_hid=1981127989&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=1951&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C44761792%2C42531705%2C44773613%2C31070256%2C31068920&oid=2&psts=APxP-9AxCmJy-EYb9CvFd_BjHNrrKdmAT0lnqPTQn4DyLiiIXVe19kUz1-1SUCP2vSjQI2JKF4FlaoKoneWx12k&pvsid=3116651609360576&tmod=129102118&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=3&uci=a!3&btvi=1&fsb=1&xpc=wEusK7QpMx&p=https%3A//goo.by&dtd=17
Frame ID: 66DBA0614A71F733B4894631F102B7BC
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8917830189100721&output=html&h=280&adk=1702659431&adf=3490307744&pi=t.aa~a.3858024354~rp.1&w=1200&fwrn=4&fwrnh=100&lmt=1665692390&rafmt=1&to=qs&pwprc=8236848451&format=1200x280&url=https%3A%2F%2Fgoo.by%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1665692390676&bpp=1&bdt=1048&idt=-M&shv=r20221012&mjsv=m202210060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D23757c34d915940f-2269111a45ce008d%3AT%3D1665692389%3ART%3D1665692389%3AS%3DALNI_MZuR-uRMLDLlo9t60KgQc5vnEZtPw&gpic=UID%3D000005765d427186%3AT%3D1665692389%3ART%3D1665692389%3AS%3DALNI_MZRhe2RxJq9B1pxF8M1w_h6jSihKQ&prev_fmts=0x0%2C1140x280%2C1200x280&nras=4&correlator=4547817296396&frm=20&pv=1&ga_vid=702951412.1665692390&ga_sid=1665692390&ga_hid=1981127989&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=2351&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C44761792%2C42531705%2C44773613%2C31070256%2C31068920&oid=2&psts=APxP-9AxCmJy-EYb9CvFd_BjHNrrKdmAT0lnqPTQn4DyLiiIXVe19kUz1-1SUCP2vSjQI2JKF4FlaoKoneWx12k&pvsid=3116651609360576&tmod=129102118&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=4&uci=a!4&btvi=2&fsb=1&xpc=9JoctlHcqW&p=https%3A//goo.by&dtd=21
Frame ID: F7DDA56E19EEF35CCF5E2FA126744F9D
Requests: 14 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8917830189100721&output=html&h=280&adk=2814367607&adf=1013021284&pi=t.aa~a.2921636334~rp.4&w=1200&fwrn=4&fwrnh=100&lmt=1665692390&rafmt=1&to=qs&pwprc=8236848451&format=1200x280&url=https%3A%2F%2Fgoo.by%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1665692390676&bpp=1&bdt=1047&idt=-M&shv=r20221012&mjsv=m202210060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D23757c34d915940f-2269111a45ce008d%3AT%3D1665692389%3ART%3D1665692389%3AS%3DALNI_MZuR-uRMLDLlo9t60KgQc5vnEZtPw&gpic=UID%3D000005765d427186%3AT%3D1665692389%3ART%3D1665692389%3AS%3DALNI_MZRhe2RxJq9B1pxF8M1w_h6jSihKQ&prev_fmts=0x0%2C1140x280%2C1200x280%2C1200x280&nras=5&correlator=4547817296396&frm=20&pv=1&ga_vid=702951412.1665692390&ga_sid=1665692390&ga_hid=1981127989&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=3298&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C44761792%2C42531705%2C44773613%2C31070256%2C31068920&oid=2&psts=APxP-9AxCmJy-EYb9CvFd_BjHNrrKdmAT0lnqPTQn4DyLiiIXVe19kUz1-1SUCP2vSjQI2JKF4FlaoKoneWx12k&pvsid=3116651609360576&tmod=129102118&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=5&uci=a!5&btvi=3&fsb=1&xpc=I5l428KPtj&p=https%3A//goo.by&dtd=24
Frame ID: 431DFAE4E16A9C7A6BC059AD3DC7D77E
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8917830189100721&output=html&h=280&adk=2121410139&adf=2209210727&pi=t.aa~a.914634892~rp.4&w=1140&fwrn=4&fwrnh=100&lmt=1665692390&rafmt=1&to=qs&pwprc=8236848451&format=1140x280&url=https%3A%2F%2Fgoo.by%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1665692390676&bpp=1&bdt=1048&idt=-M&shv=r20221012&mjsv=m202210060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D23757c34d915940f-2269111a45ce008d%3AT%3D1665692389%3ART%3D1665692389%3AS%3DALNI_MZuR-uRMLDLlo9t60KgQc5vnEZtPw&gpic=UID%3D000005765d427186%3AT%3D1665692389%3ART%3D1665692389%3AS%3DALNI_MZRhe2RxJq9B1pxF8M1w_h6jSihKQ&prev_fmts=0x0%2C1140x280%2C1200x280%2C1200x280%2C1200x280&nras=6&correlator=4547817296396&frm=20&pv=1&ga_vid=702951412.1665692390&ga_sid=1665692390&ga_hid=1981127989&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=230&ady=4151&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C44761792%2C42531705%2C44773613%2C31070256%2C31068920&oid=2&psts=APxP-9AxCmJy-EYb9CvFd_BjHNrrKdmAT0lnqPTQn4DyLiiIXVe19kUz1-1SUCP2vSjQI2JKF4FlaoKoneWx12k&pvsid=3116651609360576&tmod=129102118&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=6&uci=a!6&btvi=4&fsb=1&xpc=xHzBud3BhZ&p=https%3A//goo.by&dtd=28
Frame ID: 5C078581F380099E7F056BAC5CAD80C8
Requests: 14 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8917830189100721&output=html&h=280&adk=1702659431&adf=1351620921&pi=t.aa~a.3858025451~rp.1&w=1200&fwrn=4&fwrnh=100&lmt=1665692390&rafmt=1&to=qs&pwprc=8236848451&format=1200x280&url=https%3A%2F%2Fgoo.by%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1665692390676&bpp=1&bdt=1048&idt=0&shv=r20221012&mjsv=m202210060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D23757c34d915940f-2269111a45ce008d%3AT%3D1665692389%3ART%3D1665692389%3AS%3DALNI_MZuR-uRMLDLlo9t60KgQc5vnEZtPw&gpic=UID%3D000005765d427186%3AT%3D1665692389%3ART%3D1665692389%3AS%3DALNI_MZRhe2RxJq9B1pxF8M1w_h6jSihKQ&prev_fmts=0x0%2C1140x280%2C1200x280%2C1200x280%2C1200x280%2C1140x280&nras=7&correlator=4547817296396&frm=20&pv=1&ga_vid=702951412.1665692390&ga_sid=1665692390&ga_hid=1981127989&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=4741&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C44761792%2C42531705%2C44773613%2C31070256%2C31068920&oid=2&psts=APxP-9AxCmJy-EYb9CvFd_BjHNrrKdmAT0lnqPTQn4DyLiiIXVe19kUz1-1SUCP2vSjQI2JKF4FlaoKoneWx12k&pvsid=3116651609360576&tmod=129102118&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=7&uci=a!7&btvi=5&fsb=1&xpc=mFYQjVU1OY&p=https%3A//goo.by&dtd=34
Frame ID: 6A153F4D5F427B55EA2A02D225E22E9D
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/cfKUDseLxMX_VMI_uao_rq0MKOaeCrg8GZjSFxmotG8.js
Frame ID: E0D0A9443FBEE0F527A1A56322A41728
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20221012/r20110914/zrt_lookup.html?fsb=1
Frame ID: EA660E58B457E6EED6975EF9EB1E053A
Requests: 5 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20221012/r20110914/zrt_lookup.html?fsb=1
Frame ID: B986272AEB16C0A778EC4EAE51FE55E9
Requests: 5 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/4143637017896669729/index.html?v=b208246486
Frame ID: 1D46AB5A7A79ECE248A507941BF48D9C
Requests: 9 HTTP requests in this frame

Frame: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500
Frame ID: C9AB3648F256E51C8A871AC8E707C50D
Requests: 7 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Frame ID: 2BC3BB68DCECDCE005F516D032B2FD91
Requests: 2 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/cfKUDseLxMX_VMI_uao_rq0MKOaeCrg8GZjSFxmotG8.js
Frame ID: 63937445DF0EFFE69A861A53B1804013
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Frame ID: 29537007B523C01C8BF2204101067CFF
Requests: 2 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: EBA4E87E5503BEDE15CC109EF54749DE
Requests: 9 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Frame ID: E581AA61DBCA7ABCA8C929DC8325A22C
Requests: 2 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: CAD05AD859E870BFAABE8212613862DE
Requests: 9 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/cfKUDseLxMX_VMI_uao_rq0MKOaeCrg8GZjSFxmotG8.js
Frame ID: DAF0369F07642DCE1C39109B3E69617E
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/cfKUDseLxMX_VMI_uao_rq0MKOaeCrg8GZjSFxmotG8.js
Frame ID: 163B2591B14F70EC5D5CA45F9A9569A4
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: CE2414105F09E94DED3FC60CC9E3BDB6
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: E8C793D8C9360FCAF79F3E99CC371C3D
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Goo.gl URL Shortener

Page URL History Show full URLs

https://goo.by/vKFNR HTTP 301
https://goo.by/ Page URL

Detected technologies

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

Clipboard.js (Miscellaneous) Expand

Overall confidence: 100%
Detected patterns

clipboard(?:-([\d.]+))?(?:\.min)?\.js

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/

OpenX (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.openx\.net

Osano (Cookie compliance) Expand

Overall confidence: 100%
Detected patterns

cookieconsent\.min\.js

Yandex.Metrika (Analytics) Expand

Overall confidence: 100%
Detected patterns

mc\.yandex\.ru/metrika/(?:tag|watch)\.js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

jQuery DevBridge Autocomplete (JavaScript libraries) Expand

Overall confidence: 100%
Detected patterns

/jquery\.devbridge-autocomplete/([0-9.]+)/jquery\.autocomplete(?:.min)?\.js

reCAPTCHA (Captchas) Expand

Overall confidence: 100%
Detected patterns

/recaptcha/api\.js

Page Statistics

159
Requests

92 %
HTTPS

59 %
IPv6

27
Domains

32
Subdomains

19
IPs

7
Countries

1831 kB
Transfer

4729 kB
Size

29
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://goo.by/vKFNR HTTP 301
https://goo.by/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 43

https://mc.yandex.com/sync_cookie_image_check HTTP 302
https://mc.yandex.ru/sync_cookie_image_start?redirect_domain=mc.yandex.com&token=9790.z5NaaEV9JHmRrRI7xxJiOlVWfGNyQ20cDsIKL3pOc8862sgMoUQ_bbuwX1gpkchg.O9PLGQuNXcKjJA4l6BSroSp1ZAM%2C HTTP 302
https://mc.yandex.com/sync_cookie_image_decide?token=9790.L7CG3MUSWvvNyvCjuKTUdNdiRSvkWXokoTv5bZiJo7ACUveHjm1z5McSvPKdaia6p73B2qABaDxAwZD-p44eDQ%2C%2C.QK-J5r5vsWMWbS7Z-DcigaQUz7A%2C

Request Chain 44

https://mc.yandex.by/sync_cookie_image_check HTTP 302
https://mc.yandex.ru/sync_cookie_image_start?redirect_domain=mc.yandex.by&token=9790.B1cbor4y7c7kmJ5fIZdCGqEQqHp0CFfGZmnIyXrLRl2IhSeJh6fnyXjLDERNvaXu.nIDOgdukuVF5zPpw_pV_6_XO1nI%2C HTTP 302
https://mc.yandex.by/sync_cookie_image_decide?token=9790.SiT6sm2JgrGDGj0ndVfhzUxQ2LOQPPN_xPvnFYTP4Vrc0VShU6dZ7W5gAsMSw9_N_iMzlzrOLQBU3IY_E8hWgQ%2C%2C.0Wf6gJyVfJyWhWkWFJVdqOjAyPY%2C

Request Chain 47

https://mc.yandex.com/watch/45619767?wmode=7&page-url=https%3A%2F%2Fgoo.by%2F&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3A8zdfc3pjszirvo7fx08h8%3Afp%3A315%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A912%3Acn%3A1%3Adp%3A0%3Als%3A446676896113%3Ahid%3A293465633%3Az%3A0%3Ai%3A20221013201950%3Aet%3A1665692390%3Ac%3A1%3Arn%3A573723845%3Arqn%3A1%3Au%3A16656923908899944%3Aw%3A1600x1200%3As%3A1600x1200x24%3Ask%3A1%3Ads%3A0%2C0%2C36%2C1%2C181%2C181%2C1%2C123%2C19%2C%2C%2C%2C342%3Acpf%3A1%3Ans%3A1665692389408%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1665692390%3At%3AGoo.gl%20URL%20Shortener&t=gdpr(14)clc(0-0-0)aw(1)rqnt(1)rqnl(1)ti(2) HTTP 302
https://mc.yandex.com/watch/45619767/1?wmode=7&page-url=https%3A%2F%2Fgoo.by%2F&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3A8zdfc3pjszirvo7fx08h8%3Afp%3A315%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A912%3Acn%3A1%3Adp%3A0%3Als%3A446676896113%3Ahid%3A293465633%3Az%3A0%3Ai%3A20221013201950%3Aet%3A1665692390%3Ac%3A1%3Arn%3A573723845%3Arqn%3A1%3Au%3A16656923908899944%3Aw%3A1600x1200%3As%3A1600x1200x24%3Ask%3A1%3Ads%3A0%2C0%2C36%2C1%2C181%2C181%2C1%2C123%2C19%2C%2C%2C%2C342%3Acpf%3A1%3Ans%3A1665692389408%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1665692390%3At%3AGoo.gl%20URL%20Shortener&t=gdpr%2814%29clc%280-0-0%29aw%281%29rqnt%281%29rqnl%281%29ti%282%29

Request Chain 99

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Request Chain 126

https://um.simpli.fi/gp_match?google_gid=CAESEJsPog6jmIclcgEKU7MMTIk&google_cver=1&google_push=AZmPxg8WGbaf5XJ_AU_54DXy80eNQ9NaYff_l6rdp7gI6kISb9uNTIwowUZW8wcVlP5awgFOQp3xpA_Adk-g5cvKAaeJy8xIg3dLZPI HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=3BED495F62C04426876779B3D9227160&google_push=AZmPxg8WGbaf5XJ_AU_54DXy80eNQ9NaYff_l6rdp7gI6kISb9uNTIwowUZW8wcVlP5awgFOQp3xpA_Adk-g5cvKAaeJy8xIg3dLZPI

Request Chain 127

https://x.bidswitch.net/sync?ssp=google&google_gid=CAESEMEhGPn4ewuyifOwkvugxIM&google_cver=1&google_push=AZmPxg8c1Hc0qVWy4wTtVWcJC0buOZ6V8VBv_tuklpWHsKj165doht6hQUMVHWghnsv0ZTw3SitllurWyu18HGIkwr-cgCWGKK8XPy0 HTTP 302
https://x.bidswitch.net/ul_cb/sync?ssp=google&google_gid=CAESEMEhGPn4ewuyifOwkvugxIM&google_cver=1&google_push=AZmPxg8c1Hc0qVWy4wTtVWcJC0buOZ6V8VBv_tuklpWHsKj165doht6hQUMVHWghnsv0ZTw3SitllurWyu18HGIkwr-cgCWGKK8XPy0 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=bdsw&google_push=AZmPxg8c1Hc0qVWy4wTtVWcJC0buOZ6V8VBv_tuklpWHsKj165doht6hQUMVHWghnsv0ZTw3SitllurWyu18HGIkwr-cgCWGKK8XPy0&google_hm=W2ZHh111Qf2lZoUm6MfnQA==

Request Chain 129

https://c1.adform.net/serving/cookie/match/?party=1&google_gid=CAESEI93Zwx8laaib3y5nUvlAMs&google_cver=1&google_push=AZmPxg-YxJG6eyKvyZWF0R1r607YRG_NfZZ6HNNehU4_Vtr6EWxQ5dLAE5E3p4Q0rY1HQQ1_drpsQp5Yk8eM1GTMHOeiNcBgXLMs2N8 HTTP 302
https://c1.adform.net/serving/cookie/match/?CC=1&party=1&google_gid=CAESEI93Zwx8laaib3y5nUvlAMs&google_cver=1&google_push=AZmPxg-YxJG6eyKvyZWF0R1r607YRG_NfZZ6HNNehU4_Vtr6EWxQ5dLAE5E3p4Q0rY1HQQ1_drpsQp5Yk8eM1GTMHOeiNcBgXLMs2N8 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=Njg0NjgxNjY1Mzg0MDI0OTM&google_push=AZmPxg-YxJG6eyKvyZWF0R1r607YRG_NfZZ6HNNehU4_Vtr6EWxQ5dLAE5E3p4Q0rY1HQQ1_drpsQp5Yk8eM1GTMHOeiNcBgXLMs2N8

Request Chain 131

https://s.ad.smaato.net/c/n///-?adNetInit=g&google_gid=CAESEPWjzTUdeJXRmXwZFW9TztA&google_cver=1&google_push=AZmPxg_AaZELtxKQyQ_t2yCG6wVmMbbN5zMHhhgGV3e8swv0cejNpM3jjiy-wePoDq8p0R6Yjd3HBXnySFRO56V1Q1N1vl8OkQiyafs HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=smaato&google_push=AZmPxg_AaZELtxKQyQ_t2yCG6wVmMbbN5zMHhhgGV3e8swv0cejNpM3jjiy-wePoDq8p0R6Yjd3HBXnySFRO56V1Q1N1vl8OkQiyafs

Request Chain 132

https://onetag-sys.com/match/?int_id=19&redir=1&google_gid=CAESELl3tu7z53n1TzLQoPwCfVU&google_cver=1&google_push=AZmPxg9fdCImR75JWJSXMWZ37tzK74mxsx7oUZ96qujf9NMcrLuoDyV_LsnhrZ25zR5bnmjeJzq6YDFOysCmAQEuREl8J3w5rw4Id0Y HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=AZmPxg9fdCImR75JWJSXMWZ37tzK74mxsx7oUZ96qujf9NMcrLuoDyV_LsnhrZ25zR5bnmjeJzq6YDFOysCmAQEuREl8J3w5rw4Id0Y

Request Chain 134

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Request Chain 141

https://a.tribalfusion.com/i.match?p=b6&u=CAESECWxPnVBWDcg6_QRVeBX9b8&google_cver=1&google_push=AZmPxg8SD6gl0NZ7NP66yJjYMhS6z3xBUdWaHI21SwUbF5UxvqyCt7kgFGG_sqKlUaivVdIksa0FqcUa-Psnhmg1o-sSqSC5uh-3zso&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DAZmPxg8SD6gl0NZ7NP66yJjYMhS6z3xBUdWaHI21SwUbF5UxvqyCt7kgFGG_sqKlUaivVdIksa0FqcUa-Psnhmg1o-sSqSC5uh-3zso%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24 HTTP 302
https://s.tribalfusion.com/z/i.match?p=b6&u=CAESECWxPnVBWDcg6_QRVeBX9b8&google_cver=1&google_push=AZmPxg8SD6gl0NZ7NP66yJjYMhS6z3xBUdWaHI21SwUbF5UxvqyCt7kgFGG_sqKlUaivVdIksa0FqcUa-Psnhmg1o-sSqSC5uh-3zso&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DAZmPxg8SD6gl0NZ7NP66yJjYMhS6z3xBUdWaHI21SwUbF5UxvqyCt7kgFGG_sqKlUaivVdIksa0FqcUa-Psnhmg1o-sSqSC5uh-3zso%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24

Request Chain 143

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEKjco14HIKrF957P1Cmw4Z0&google_cver=1&google_push=AZmPxg-72YR9A6R9Ue9S4sB5zQgL-Xmt7TM2sRuCRhXkZVVBbRXG4vQNewKXFm0Yrp1MTLWPhjQGRYnDDK1FFpPvuMTkLz-CLJBUpw8 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TDk3SThSMDQtMVYtRzNPNw==&google_push=AZmPxg-72YR9A6R9Ue9S4sB5zQgL-Xmt7TM2sRuCRhXkZVVBbRXG4vQNewKXFm0Yrp1MTLWPhjQGRYnDDK1FFpPvuMTkLz-CLJBUpw8

Request Chain 144

https://ap.lijit.com/dsp/google/pixelmatch?google_gid=CAESEG1CJzYLSZ4w4NeKmJEGuo4&google_cver=1&google_push=AZmPxg-htimAcWIVS8aOaY4DDsMvjc2zQmZ2tv1uL4VCnLAR4rlV-j4P69hk4KnX2hPrOTNw58S0h68agXruLx7Hkr5VIly2F3FZp84 HTTP 307
https://ap.lijit.com/dsp/google/pixelmatch?google_gid=CAESEG1CJzYLSZ4w4NeKmJEGuo4&google_cver=1&google_push=AZmPxg-htimAcWIVS8aOaY4DDsMvjc2zQmZ2tv1uL4VCnLAR4rlV-j4P69hk4KnX2hPrOTNw58S0h68agXruLx7Hkr5VIly2F3FZp84&sovrn_retry=true HTTP 307
https://cm.g.doubleclick.net/pixel?google_nid=sovrn&google_push=AZmPxg-htimAcWIVS8aOaY4DDsMvjc2zQmZ2tv1uL4VCnLAR4rlV-j4P69hk4KnX2hPrOTNw58S0h68agXruLx7Hkr5VIly2F3FZp84&google_hm=FedDsGZHm3uzx7XHQ6Sb30U7

Request Chain 145

https://sync.1rx.io/usersync2/rmpssp?sub=google&redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dr1%26google_push%3D%5BRX_SPD%5D%26google_hm%3D%5BRX_UUID_B64_BIN%5D&google_gid=CAESEIwlILiyg5nQiEZHeq0lUEM&google_cver=1&google_push=AZmPxg85dfz2cBncP34OA7X83e94mWLBqoc1dxQeYDXdFokYNDE5Twm1XF6Azg0JAgPMQQk7rEoFsekISf73m9Wrp9ULfUdVqYhG3g HTTP 302
https://sync.1rx.io/usersync2/rmpssp?sub=google&zcc=1&google_push=AZmPxg85dfz2cBncP34OA7X83e94mWLBqoc1dxQeYDXdFokYNDE5Twm1XF6Azg0JAgPMQQk7rEoFsekISf73m9Wrp9ULfUdVqYhG3g&redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dr1%26google_push%3D%5BRX_SPD%5D%26google_hm%3D%5BRX_UUID_B64_BIN%5D&cb=1665692391622 HTTP 302
https://sync.targeting.unrulymedia.com/csync/RX-be871aa6-1735-40c9-9edb-38dc64dc91e5-003?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dr1%26google_push%3DAZmPxg85dfz2cBncP34OA7X83e94mWLBqoc1dxQeYDXdFokYNDE5Twm1XF6Azg0JAgPMQQk7rEoFsekISf73m9Wrp9ULfUdVqYhG3g%26google_hm%3DA76HGqYXNUDJnts43GTckeU HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=r1&google_push=AZmPxg85dfz2cBncP34OA7X83e94mWLBqoc1dxQeYDXdFokYNDE5Twm1XF6Azg0JAgPMQQk7rEoFsekISf73m9Wrp9ULfUdVqYhG3g&google_hm=A76HGqYXNUDJnts43GTckeU

Request Chain 146

https://secure.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=xandr_eb&google_hm=${BASE64_UID_ENC}&google_gid=CAESEHih4icOs63Ux4BloO41kLo&google_cver=1&google_push=AZmPxg8Z5EstKob1GUYYtdTz17cDN9m0Hw7aOzL1jmzuAu2Uop4bnhdTgQEC8FBm0hmoWiCypwk7gX0y1Q8DlOtZYuH0eSGoDCKX_9uy HTTP 307
https://secure.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dxandr_eb%26google_hm%3D%24%7BBASE64_UID_ENC%7D%26google_gid%3DCAESEHih4icOs63Ux4BloO41kLo%26google_cver%3D1%26google_push%3DAZmPxg8Z5EstKob1GUYYtdTz17cDN9m0Hw7aOzL1jmzuAu2Uop4bnhdTgQEC8FBm0hmoWiCypwk7gX0y1Q8DlOtZYuH0eSGoDCKX_9uy HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=xandr_eb&google_hm=Mjg3MTU3ODgwMjYzNTI0NDQ5MA%3D%3D&google_gid=CAESEHih4icOs63Ux4BloO41kLo&google_cver=1&google_push=AZmPxg8Z5EstKob1GUYYtdTz17cDN9m0Hw7aOzL1jmzuAu2Uop4bnhdTgQEC8FBm0hmoWiCypwk7gX0y1Q8DlOtZYuH0eSGoDCKX_9uy

Request Chain 148

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

159 HTTP transactions
3 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request / Show response
goo.by/
Redirect Chain

https://goo.by/vKFNR
https://goo.by/

21 KB
6 KB

36ms
36ms

Document
text/html

2606:4700:3030::6815:56e9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://goo.by/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3030::6815:56e9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 700bd90555a9ea21d008a040b5179624af7cc6d3cbca1d63ebd7fbf48013927a

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control: no-store, no-cache, must-revalidate
cf-cache-status: DYNAMIC
cf-ray: 759ac5baf8958fef-FRA
content-encoding: br
content-type: text/html; charset=UTF-8
date: Thu, 13 Oct 2022 20:19:49 GMT
expires: Thu, 19 Nov 1981 08:52:00 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
pragma: no-cache
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zoO22Llk4v4HOKbW%2B4vF3GlLVaHeG8Iq5SxjjPA1AravR7tORnKXQDXhMITQNDoSUEN%2B%2BU4FjS1qVXjsys5xlWNSsEqKqIg%2BeZHjKqA7ZMJcfzMkKL1VP2wgwUjxJnxDJmP8Rs8%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding

Redirect headers

alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control: no-store, no-cache, must-revalidate
cf-cache-status: DYNAMIC
cf-ray: 759ac5ba1eaf8fef-FRA
content-type: text/html; charset=UTF-8
date: Thu, 13 Oct 2022 20:19:49 GMT
expires: Thu, 19 Nov 1981 08:52:00 GMT
location: /
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
pragma: no-cache
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=G2lHbBljRt0C9uQagnm86XGw%2BeyoxZjls4JCwbZGc84f9Zx4AGhMbzCzYbd7y5C6BLRuHyemuR1srPunmokvpL3tbJzuJQ9Xy0siMRSUueyrap9Sxh7dKj9MafQOATwxfa2krtM%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding

GET
H3 200 bootstrap.min.css
goo.by/static/css/ 89 KB
16 KB 37ms
36ms Stylesheet
text/css 2606:4700:3030::6815:56e9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://goo.by/static/css/bootstrap.min.css
Requested by: Host: goo.by
URL: https://goo.by/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3030::6815:56e9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1912ec9329c898b56073a8120eb94e72e0bb858b390443cbc65d18a494572215

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://goo.by/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Thu, 13 Oct 2022 20:19:49 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Fri, 29 Apr 2022 05:41:26 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 645566
etag: W/"626b7a86-1631a"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NOTLJy1HFBQqghcdVX%2B9utjEHT7bJ%2FnlrsNlo7HL9MidcozaNdPKP4ej1HKTH8cQ%2BoEJ1d7%2FM1yDwmYdSdde%2F9%2BVTOQAI16BgyayCaee%2FVa71P%2FId%2F4D2BGZcLhC9RY%2FsHhkyU0%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=315360000
cf-ray: 759ac5bb3f809b83-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 style.css
goo.by/themes/spartan/ 69 KB
13 KB 41ms
36ms Stylesheet
text/css 2606:4700:3030::6815:56e9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://goo.by/themes/spartan/style.css
Requested by: Host: goo.by
URL: https://goo.by/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3030::6815:56e9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c44313430f757e3a44c796394ad431ad413d363d4467dfbc6cf1867e560969c3

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://goo.by/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Thu, 13 Oct 2022 20:19:49 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 1760329
cf-polished: origSize=84847
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-bgj: minify
last-modified: Fri, 29 Apr 2022 05:41:48 GMT
server: cloudflare
etag: W/"626b7a9c-14b6f"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=AeZTAXmJFDOciYQN0jYXwBGVn0BZJP%2B8RGO%2BVVpRN5XPLQmWykYOwDai226OUxnkNWorWqjPDiQ%2Bfl1%2Ba0ShPWhQRgxakkC5%2BE7nUhoAERQ2VD1k7nwdZYI%2FcwpVk2lBkIf7HdQ%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=315360000
cf-ray: 759ac5bb3f949b83-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 components.min.css
goo.by/static/css/ 19 KB
3 KB 44ms
39ms Stylesheet
text/css 2606:4700:3030::6815:56e9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://goo.by/static/css/components.min.css
Requested by: Host: goo.by
URL: https://goo.by/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3030::6815:56e9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 195ffe64f7501043f3700fdf9fbf2012d0b66fa26dcad328db4d5e8430fb520b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://goo.by/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Thu, 13 Oct 2022 20:19:49 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Fri, 29 Apr 2022 05:41:27 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 1070587
etag: W/"626b7a87-4b61"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=nYsVuvIzRuX2x5GhO2h3pp93yz4VeGoxcKdk6Hz9NyDqKqtZ69Cg65dlTycnjbbR3kS8qLXk5EWIQfDGApfIR8ljVyoorurqtDpghR4fM8DW9rDtYZFbJgu8IGsHCbtizj1pT2I%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=315360000
cf-ray: 759ac5bb3f989b83-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 fa-all.min.css
goo.by/static/css/ 56 KB
13 KB 28ms
23ms Stylesheet
text/css 2606:4700:3030::6815:56e9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://goo.by/static/css/fa-all.min.css
Requested by: Host: goo.by
URL: https://goo.by/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3030::6815:56e9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c9b46437d7418e1712daaad6d73fa17c2c6afb5681770c90339c25428415b7fd

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://goo.by/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Thu, 13 Oct 2022 20:19:49 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Fri, 29 Apr 2022 05:41:26 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 1925808
etag: W/"626b7a86-df5c"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=TR5Vt4cJ%2Bn1x70MCrZQ437nsdE4DVtDRi7tUewq7IIIB%2B8O%2FVsZTu4jUVe%2BslRrPYTSpyP7G9CyHOQjYMDrF7cNOWtxKVJ5b9cYZW69fWzDFqNesWX5JeqLhpfFK9ECN%2BEjpB%2BA%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=315360000
cf-ray: 759ac5bb3f999b83-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 jquery.min.js Show response
goo.by/static/js/ 82 KB
30 KB 45ms
40ms Script
application/javascript 2606:4700:3030::6815:56e9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://goo.by/static/js/jquery.min.js
Requested by: Host: goo.by
URL: https://goo.by/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3030::6815:56e9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a57b5242b9a9adc4c1ef846c365147b89c472b9cd770face331efcb965346b25

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://goo.by/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Thu, 13 Oct 2022 20:19:49 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Fri, 29 Apr 2022 05:41:39 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 860392
etag: W/"626b7a93-14696"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=r%2BDoE82cA%2BdaZZRXd0gf%2FK2wT%2FvRTXD1ik7t05zCNraq0IKyyireVQrAY9smFqTkV5wpR0pcj2XSl%2B4b2Sus9At2KDxvW713fm8ur%2B3veg8tO2J9sgdMahjazPAtAxVC9G5DfMo%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=315360000
cf-ray: 759ac5bb3f9d9b83-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 bootstrap.min.js Show response
goo.by/static/ 3 KB
2 KB 49ms
44ms Script
application/javascript 2606:4700:3030::6815:56e9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://goo.by/static/bootstrap.min.js
Requested by: Host: goo.by
URL: https://goo.by/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3030::6815:56e9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6c785dee6ed2b248070e51f80868e1b938665681c17188c4e579c9c509ae05d8

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://goo.by/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Thu, 13 Oct 2022 20:19:49 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Fri, 29 Apr 2022 05:39:52 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 1925808
etag: W/"626b7a28-d5b"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=J5RpS0WZQUcRwcaYbrdB%2B6CaWv%2B5Y7O8Io8BQtgIq9Q5LqMppOh0n%2F4CeU%2FVkvGX9P50OqdFpkhvQLZPF1K8kknjRY4KkoY6CeLvYx%2FziZa61LxlSGPzWviShFkTUtSmMsfHFPg%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=315360000
cf-ray: 759ac5bb3fa19b83-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 application.fn.js Show response
goo.by/static/ 3 KB
2 KB 50ms
46ms Script
application/javascript 2606:4700:3030::6815:56e9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://goo.by/static/application.fn.js
Requested by: Host: goo.by
URL: https://goo.by/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3030::6815:56e9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 877de2ffab95719d6ff1f1048fa912e70ee31879a2a31f868eb5b1770252d8fb

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://goo.by/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Thu, 13 Oct 2022 20:19:49 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 1070587
cf-polished: origSize=4361
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-bgj: minify
last-modified: Fri, 29 Apr 2022 05:39:52 GMT
server: cloudflare
etag: W/"626b7a28-1109"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=N%2Brb8WAxqecNTXifcZnIBYasoRXx%2Boe1oTQ2S4NVd0fdZAvo7iQtFYTCNwu6Cu5y2NCEWtiUNLkUWNDPGDMeqbN3A4GvOTH5EusqHHRmQZwjiLGKa8Wrd2N2eSH4Zvavo9pJZG8%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=315360000
cf-ray: 759ac5bb3fa49b83-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 datepicker.min.js Show response
cdnjs.cloudflare.com/ajax/libs/datepicker/0.6.4/ 17 KB
6 KB 53ms
30ms Script
application/javascript 2606:4700::6811:180e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/datepicker/0.6.4/datepicker.min.js?v=0.6.4

Requested by

Host: goo.by
URL: https://goo.by/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:180e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

43df0eac8cd04fe4184d857d79cb2b72f9c636dfbc7d3bc6555ce0aacf2f2c47

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://goo.by/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Thu, 13 Oct 2022 20:19:49 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
age: 3031929
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 5100
last-modified: Mon, 04 May 2020 16:09:23 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03e33-4449"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LfCCwOkmzileIJdYHNXNP%2BhS%2BKWsOstLW7aTZZCpQqsVi7apDKtvHBvDzhUNvXN6sduCcE63vaIKb9sM8UQ57E39rWSUomOv2aT9kGwKw6ijHVqeHqbKQj%2BZ3HcFHwQHpi3I%2F6OPjlUw3FR6MZ5ysZzQ"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 759ac5bb68c99b9e-FRA
expires: Tue, 03 Oct 2023 20:19:49 GMT

GET
H2 200 datepicker.min.css
cdnjs.cloudflare.com/ajax/libs/datepicker/0.6.4/ 3 KB
1 KB 48ms
25ms Stylesheet
text/css 2606:4700::6811:180e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/datepicker/0.6.4/datepicker.min.css?v=0.6.4

Requested by

Host: goo.by
URL: https://goo.by/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:180e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

68decb9b04351770373306a7d4eef2a677b9f2541d790a42fc6f72e8cdcc7bd0

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://goo.by/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Thu, 13 Oct 2022 20:19:49 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
age: 862141
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 720
last-modified: Mon, 04 May 2020 16:09:23 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03e33-d76"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fPSQnBlg3s8nfATwbErpmUsBYB%2FVqOm02eCpldOCoCTVFD0%2BpAUNDzDWoMiQBx%2BuY39ceVci2qH%2Bmdv2dcAEPH5uBwNkhHogNNUWBBDOPgMLNAqVRpDVu6hSLsASo84bX2fM%2FBpO49Ot%2B0he6UeXqfib"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 759ac5bb58c39b9e-FRA
expires: Tue, 03 Oct 2023 20:19:49 GMT

GET
H2 200 chosen.jquery.min.js Show response
cdnjs.cloudflare.com/ajax/libs/chosen/1.1.0/ 26 KB
6 KB 54ms
31ms Script
application/javascript 2606:4700::6811:180e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/chosen/1.1.0/chosen.jquery.min.js?v=1.1.0

Requested by

Host: goo.by
URL: https://goo.by/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:180e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5c7e07dfb2d7437793e8b1ed577739a8bd55558df14aa7234714675ba53f71ee

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://goo.by/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Thu, 13 Oct 2022 20:19:49 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
age: 756147
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 5483
last-modified: Mon, 04 May 2020 16:09:07 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03e23-6956"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rMgsLQm6JM2LBX7I89RdopNd9aQWUDgxMaaOlqfE3q%2B%2F41oc4PZg14mxd6NMbK7pYMobAAa2cI%2BmXqerLOXS%2FHY57Sog5DTn4CMm5Iyl%2B1iZ%2BMZysMHbzXYzNV%2Fq9gZSIk4n7B8pwTMjjZAnSI9tAgBL"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 759ac5bb68ca9b9e-FRA
expires: Tue, 03 Oct 2023 20:19:49 GMT

GET
H2 200 icheck.min.js Show response
cdnjs.cloudflare.com/ajax/libs/iCheck/1.0.1/ 4 KB
3 KB 44ms
21ms Script
application/javascript 2606:4700::6811:180e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/iCheck/1.0.1/icheck.min.js?v=1.0.1

Requested by

Host: goo.by
URL: https://goo.by/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:180e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6102d725c22f9bf27ef542ceae070843153f3e0926b89820a75f29b107e33cb2

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://goo.by/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Thu, 13 Oct 2022 20:19:49 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
age: 861212
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 1911
last-modified: Mon, 04 May 2020 16:11:10 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03e9e-11a4"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ad9ufd58jKnVhtkk%2BqpIqeSkBZNDrQLS6ky3ld9LpAQuGhZMFTpix4UvcZGH163frmTtmvx6gUMyjszu3bQ11Lm78Fv2wNDSmbT4FqQIOEwfivcyTv5dmG%2FVsFRJoTj3XUckwGxeAaJQ7xQFA7jO6McH"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 759ac5bb68ce9b9e-FRA
expires: Tue, 03 Oct 2023 20:19:49 GMT

GET
H2 200 clipboard.min.js Show response
cdnjs.cloudflare.com/ajax/libs/clipboard.js/1.5.15/ 10 KB
3 KB 48ms
26ms Script
application/javascript 2606:4700::6811:180e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/clipboard.js/1.5.15/clipboard.min.js?v=1.5.15

Requested by

Host: goo.by
URL: https://goo.by/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:180e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

08e5970dcee7ecf02ab04df2d6be02568a71594f4923491e9f3e8ae3306a853f

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://goo.by/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Thu, 13 Oct 2022 20:19:49 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
age: 843253
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 2906
last-modified: Mon, 04 May 2020 16:09:13 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03e29-2824"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hFNJEl3S1SIQBSogFUqjAV5pO3agWAvlnmAxAHO%2BeMnnsduFg6GlekjR%2F%2BPxbimvlYsgfpoUxzcgxZE0M6lTZM4nUydqiAQXim%2FgZEzmCukCPGLDCcb00BJASYmtSWEZKGlkv97BRabvvr7W3wAU4Nt5"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 759ac5bb68cb9b9e-FRA
expires: Tue, 03 Oct 2023 20:19:49 GMT

GET
H2 200 cookieconsent.min.js Show response
cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.0.3/ 19 KB
6 KB 50ms
28ms Script
application/javascript 2606:4700::6811:180e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.0.3/cookieconsent.min.js?v=3.0.3

Requested by

Host: goo.by
URL: https://goo.by/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:180e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

af4c6683814aa527caf53bde3d021e6aafe00833b45f2dead043c87ed7864674

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://goo.by/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Thu, 13 Oct 2022 20:19:49 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
age: 758105
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 5676
last-modified: Mon, 04 May 2020 16:09:17 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03e2d-4d5a"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=TCu3S%2BdxPIfN%2BVbjbPndYMSyfNs9ncxfILCnkD963RSGTlMh9rg%2BRWWK5R7TYSE%2B%2FoyUr8wuwP8E0Ocdak4kQcm4T6jXVVocweSbfc1HliwiDxzwhR1T%2Ft271EEgk79cBmGo%2FiyViZXhRCLVNE24z8f9"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 759ac5bb68d09b9e-FRA
expires: Tue, 03 Oct 2023 20:19:49 GMT

GET
H2 200 cookieconsent.min.css
cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.0.3/ 4 KB
1 KB 65ms
43ms Stylesheet
text/css 2606:4700::6811:180e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.0.3/cookieconsent.min.css?v=3.0.3

Requested by

Host: goo.by
URL: https://goo.by/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:180e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

456ab1a71507ed91abae14c9d08faffb373a7bc711a66e44341b7b8b7bb72ab4

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://goo.by/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Thu, 13 Oct 2022 20:19:49 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
age: 688860
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 948
last-modified: Mon, 04 May 2020 16:09:17 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03e2d-f62"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XCT8Xiy7Nb65gK15McIZf4mQ%2BZZVkk4cAfW%2BLHkYuq66CuLxNn%2F6u7XzA5LU%2FwVBDdwyuTJowgL0iv681EvoqlEf9FcAvL0My9uate7N7D7kdaXTg7iEk%2F3FLr3PgpBGuHAfRE7dBmWzALM03cGymtP8"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 759ac5bb68c89b9e-FRA
expires: Tue, 03 Oct 2023 20:19:49 GMT

GET
H2 200 jquery.autocomplete.min.js Show response
cdnjs.cloudflare.com/ajax/libs/jquery.devbridge-autocomplete/1.4.10/ 13 KB
4 KB 44ms
22ms Script
application/javascript 2606:4700::6811:180e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/jquery.devbridge-autocomplete/1.4.10/jquery.autocomplete.min.js?v=1.1.5

Requested by

Host: goo.by
URL: https://goo.by/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:180e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c6ff6d4624a5c8140cbc19107aa372a233907f8e6e4d55d002d20cae682a575f

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://goo.by/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Thu, 13 Oct 2022 20:19:49 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
age: 2988249
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 3860
last-modified: Mon, 04 May 2020 16:11:46 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03ec2-331b"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mBZZ6MwfVWApDHg9njRF1d4%2BfpRDw%2Bmb3tc9AY1HfbT7%2FNfpF5Ky%2FbZKKll3kIFkO7hw%2FMRvRwZmXe7mhygeew0BNpR7Km%2BnYsl4VHCC8uWvtroA4jsE%2FpEiEpIj%2FPVwRGh%2BNgytcYrt9%2BZyJ4XDcEv6"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 759ac5bb68db9b9e-FRA
expires: Tue, 03 Oct 2023 20:19:49 GMT

GET
H2 200 pace.js Show response
cdnjs.cloudflare.com/ajax/libs/pace/0.4.17/ 25 KB
5 KB 45ms
24ms Script
application/javascript 2606:4700::6811:180e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/pace/0.4.17/pace.js?v=0.4.17

Requested by

Host: goo.by
URL: https://goo.by/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:180e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a898f00aabf0e5632b47a59e092c4662c8cbda0c33ea6d0d424cbced57e3ee72

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://goo.by/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Thu, 13 Oct 2022 20:19:49 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
age: 686314
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 5158
last-modified: Mon, 04 May 2020 16:13:52 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03f40-621b"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=J%2Bn73EL0mxw81fK5ZbDXvX8H01gIHQTYN%2BahnCcAI6V%2FAsfynQY60oHxnIpoD2N5HdzUWikTYBjZT7ScnW9xNlzBC6Qo2WCWRBTXlm7zZ4y6beu4zhBIIlyrrn7p4eMcG9%2F8v3e0bRHJKQOgz6uEYk%2FM"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 759ac5bb68d39b9e-FRA
expires: Tue, 03 Oct 2023 20:19:49 GMT

GET
H3 200 application.js Show response
goo.by/static/ 15 KB
5 KB 48ms
46ms Script
application/javascript 2606:4700:3030::6815:56e9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://goo.by/static/application.js
Requested by: Host: goo.by
URL: https://goo.by/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3030::6815:56e9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 171ca22825d9d3284a7e20e85120854bc2bf6fb15b821ce6bed382f14ff51c29

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://goo.by/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Thu, 13 Oct 2022 20:19:49 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 1070587
cf-polished: origSize=19442
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-bgj: minify
last-modified: Fri, 29 Apr 2022 05:39:51 GMT
server: cloudflare
etag: W/"626b7a27-4bf2"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NTKIdQAirRWD0xlHduCWTSmv8KVyDJxr3EFT1g6QrUPM1u%2FPEur5oTSee4%2BiWcfJoIllNTNFA7q78GKk%2BZfPwXTEkCyKFBlUjGnkTyfTmC5JMKH1oK%2F%2FI%2Be3%2BesNRPZe7Bjf7vY%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=315360000
cf-ray: 759ac5bb3fa59b83-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 server.js Show response
goo.by/static/ 8 KB
3 KB 60ms
58ms Script
application/javascript 2606:4700:3030::6815:56e9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://goo.by/static/server.js
Requested by: Host: goo.by
URL: https://goo.by/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3030::6815:56e9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a7c3e55eaa9ecaa4ca4a2ebffc199b1d3b5c4c568e832a107811ca61db66bcbb

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://goo.by/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Thu, 13 Oct 2022 20:19:49 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 1070587
cf-polished: origSize=12112
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-bgj: minify
last-modified: Fri, 29 Apr 2022 05:39:52 GMT
server: cloudflare
etag: W/"626b7a28-2f50"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rRmK013wEDn58UmH06sM70yY5TFUwhAPO%2BHnx1MJhtAZ07KHbxlVIcJ4acxbfP7R%2BRBmIXMcEVOkmhTx4VRLf%2FNtdjjccdwcgB5Q0xxZRKQx0qNWQ08lD7UomLNh251FEf%2FBakA%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=315360000
cf-ray: 759ac5bb3fa89b83-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ 164 KB
54 KB 59ms
36ms Script
text/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Requested by

Host: goo.by
URL: https://goo.by/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

205c46f1fb8423ef2a7c970ed7539d5cfd08267541e32e126ececdea08adfd2d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://goo.by/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Thu, 13 Oct 2022 20:19:49 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 54859
x-xss-protection: 0
server: cafe
etag: 9258648821776041190
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Thu, 13 Oct 2022 20:19:49 GMT

GET
H3 200 auto_site_logo.png
goo.by/content/ 3 KB
4 KB 18ms
17ms Image
image/png 2606:4700:3030::6815:56e9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://goo.by/content/auto_site_logo.png
Requested by: Host: goo.by
URL: https://goo.by/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3030::6815:56e9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6461e3d621bb44222b85c04e787c3a1bc2c296316d77bc175e682c177557fa76

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://goo.by/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Thu, 13 Oct 2022 20:19:49 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 1070587
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 3400
last-modified: Sun, 08 May 2022 12:53:50 GMT
server: cloudflare
etag: "6277bd5e-d48"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=l2LpQeQSwR6YrZrFtfqRn3zJMii8zfcCJ%2FrvhmKpTzBnUofOAuZD8YIdMORSewpbl4MqKkYXxNClblECC7BdhtcgASJlxA%2F73Kf6qdlGtciGBUQNg6hhR0f6ocJ2tLDC0C8Ibx4%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 759ac5bba89b9b83-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 api.js Show response
www.google.com/recaptcha/ 884 B
998 B 49ms
24ms Script
text/javascript 2a00:1450:4001:830::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api.js?hl=en&render=6LcUoOQUAAAAANHj_juVSgLjxCWAABmUxJr-DhCw

Requested by

Host: goo.by
URL: https://goo.by/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

399c2d0825b648973425959b19238ce03385a8bec33cdea50e76011dbb30dde0

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://goo.by/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Thu, 13 Oct 2022 20:19:49 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy: frame-ancestors 'self'
server: GSE
x-frame-options: SAMEORIGIN
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=300
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 585
x-xss-protection: 1; mode=block
expires: Thu, 13 Oct 2022 20:19:49 GMT

GET
H3 200 landing.png
goo.by/themes/cleanex/assets/images/ 17 KB
17 KB 31ms
30ms Image
image/png 2606:4700:3030::6815:56e9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://goo.by/themes/cleanex/assets/images/landing.png
Requested by: Host: goo.by
URL: https://goo.by/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3030::6815:56e9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e337c98d5ed7ed7e852c87ee65bf108bd1cf6377d585c9f7b595a9e54ad41fa5

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://goo.by/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Thu, 13 Oct 2022 20:19:49 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 713808
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 17186
last-modified: Fri, 29 Apr 2022 05:44:07 GMT
server: cloudflare
etag: "626b7b27-4322"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1hN770N6M4B5OFQNNGDEVEqDIU6DVqMruXCBxkygrmPfX2kmpPsTpymsgWhsGtJsT3YOlp8VbdUxPdI1uUAfpkfaY4FOn%2B4GiUVtmlpqzhpRfrc5hT8jkbQ4E8PAreIPks%2B5Od0%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 759ac5bba8a09b83-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 profiles.png
goo.by/static/img/ 62 KB
63 KB 24ms
23ms Image
image/png 2606:4700:3030::6815:56e9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://goo.by/static/img/profiles.png
Requested by: Host: goo.by
URL: https://goo.by/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3030::6815:56e9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d69ba2a3cb603ff3aba5f081ad98b683d0b0788524d62f5b4df4f240658b4c90

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://goo.by/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Thu, 13 Oct 2022 20:19:49 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 713808
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 63985
last-modified: Fri, 29 Apr 2022 05:41:34 GMT
server: cloudflare
etag: "626b7a8e-f9f1"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vgBPODAiL%2BDvtkt3tB%2FsKBHP0YGmv2seGK%2FPsxQ5wzt1hja82WAPjuGWIAdA2RjW%2Fl%2Fc4s3of%2Bs7lpyv3Cksz%2BzR48geICVTYdI%2BXMAHr1E%2B%2BUFy5gYJJMlo7VHMV7dukom%2FXSA%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 759ac5bba8a29b83-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 main.js Show response
goo.by/themes/spartan/assets/js/ 794 B
721 B 19ms
18ms Script
application/javascript 2606:4700:3030::6815:56e9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://goo.by/themes/spartan/assets/js/main.js
Requested by: Host: goo.by
URL: https://goo.by/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3030::6815:56e9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 08ec63812b5c543fbc24b98cf05328d849347f0dc0b2cbdf9bc463435b5ad1f6

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://goo.by/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Thu, 13 Oct 2022 20:19:49 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 1070587
cf-polished: origSize=869
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-bgj: minify
last-modified: Fri, 29 Apr 2022 05:44:04 GMT
server: cloudflare
etag: W/"626b7b24-365"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2Fqbq1NNQ6udwI3mA0AItJvlxaAam5pbTOqocyZK8Wcu%2BdMOv6I7UZ6nI01EBF5a3yXBnEXLhYw2Vrni12W8R2AWQvuDRi4%2FIvVfdW%2BedkJHXFKKfXmrqA0lhm8ODdklmRgnYGJs%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=315360000
cf-ray: 759ac5bba88b9b83-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 server.js Show response
goo.by/static/ 8 KB
3 KB 19ms
18ms Script
application/javascript 2606:4700:3030::6815:56e9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://goo.by/static/server.js?v=1.0
Requested by: Host: goo.by
URL: https://goo.by/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3030::6815:56e9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a7c3e55eaa9ecaa4ca4a2ebffc199b1d3b5c4c568e832a107811ca61db66bcbb

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://goo.by/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Thu, 13 Oct 2022 20:19:49 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 1070587
cf-polished: origSize=12112
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-bgj: minify
last-modified: Fri, 29 Apr 2022 05:39:52 GMT
server: cloudflare
etag: W/"626b7a28-2f50"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=sPvLFTlkSn7%2FOa4FBZKTlY2dSHIoG50wiqJIBztxXyHawteb4x5UtqRuRVIPxuvldsowXpFzZ22IHI%2BAiB47QLCa6k5GeFusiZ0BGZPXCSDHN9cJxmlXLkB6tc7GqWM8ZQO8hpE%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=315360000
cf-ray: 759ac5bba8999b83-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 glyphicons-halflings-regular.woff
goo.by/static/fonts/ 23 KB
23 KB 29ms
28ms Font
font/woff 2606:4700:3030::6815:56e9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://goo.by/static/fonts/glyphicons-halflings-regular.woff
Requested by: Host: goo.by
URL: https://goo.by/static/css/bootstrap.min.css
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3030::6815:56e9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: fc969dc1c6ff531abcf368089dcbaf5775133b0626ff56b52301a059fc0f9e1e

Request headers

Referer: https://goo.by/static/css/bootstrap.min.css
Origin: https://goo.by
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Thu, 13 Oct 2022 20:19:49 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 675644
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 23320
last-modified: Fri, 29 Apr 2022 05:41:25 GMT
server: cloudflare
etag: "626b7a85-5b18"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kAb9inWUfU0ECvUio8IgzLMkAnRVOOVzLbziJQIHcQjXYQhsFYIPXK9NLB%2FqRa342xJzqg1faW2h4vLVqNXQ4BP8djAfS0K%2Fk7tQjs95h2YAo4eoZPz8Q%2BRizXBZZ51dCgXBOU4%3D"}],"group":"cf-nel","max_age":604800}
content-type: font/woff
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 759ac5bba8ab9b83-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 recaptcha__en.js Show response
www.gstatic.com/recaptcha/releases/vP4jQKq0YJFzU6e21-BGy3GP/ 392 KB
157 KB 31ms
9ms Script
text/javascript 2a00:1450:4001:80b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/vP4jQKq0YJFzU6e21-BGy3GP/recaptcha__en.js

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/api.js?hl=en&render=6LcUoOQUAAAAANHj_juVSgLjxCWAABmUxJr-DhCw

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

396c964c85a9b2e9a380bb18b1f6d51960f2bc7f7d4fd2bcf4754fc0ac443cd0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://goo.by/
Origin: https://goo.by
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Thu, 13 Oct 2022 18:44:40 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 5709
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 159789
x-xss-protection: 0
last-modified: Sun, 02 Oct 2022 20:02:07 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
vary: Accept-Encoding
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 13 Oct 2023 18:44:40 GMT

GET
H2 200 watch.js Show response
mc.yandex.ru/metrika/ 160 KB
57 KB 296ms
120ms Script
application/javascript 2a02:6b8::1:119
YANDEX

General

Check archive.org

Show headers Download Go to

Full URL

https://mc.yandex.ru/metrika/watch.js

Requested by

Host: goo.by
URL: https://goo.by/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:6b8::1:119 Moscow, Russian Federation, ASN13238 (YANDEX, RU),

Reverse DNS

Software

Resource Hash

6d0f9faf185c1f43001f2508f80abf686cfb1c00f58c6bf0fa807791b5fc65e2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://goo.by/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Thu, 13 Oct 2022 20:19:49 GMT
content-encoding: br
strict-transport-security: max-age=31536000
last-modified: Fri, 07 Oct 2022 07:30:00 GMT
etag: "633fab48-e0cd"
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=3600
content-length: 57549
expires: Thu, 13 Oct 2022 21:19:49 GMT

GET
H3 200 show_ads_impl_with_ama_fy2021.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202210060101/ 353 KB
116 KB 65ms
47ms Script
text/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202210060101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-8917830189100721&plah=goo.by&bust=31070256

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7b651349384f4c5552c83fcaf3eeef5161f117bce771f003b2303c92353a219f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://goo.by/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Thu, 13 Oct 2022 20:19:49 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 118737
x-xss-protection: 0
server: cafe
etag: 9673850515465318614
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Thu, 13 Oct 2022 20:19:49 GMT

GET
H2 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20221012/r20190131/ Frame 8B86 10 KB
5 KB 30ms
7ms Document
text/html 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20221012/r20190131/zrt_lookup.html

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f7408c25067cd0a9d9fe835cb4c05e394a50751d3fcde0c461db19a309abb02a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://goo.by/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 62380
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=1209600
content-encoding: gzip
content-length: 4420
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 13 Oct 2022 03:00:09 GMT
etag: 9671129459699598864
expires: Thu, 27 Oct 2022 03:00:09 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 anchor Show response
www.google.com/recaptcha/api2/ Frame B77B 42 KB
22 KB 72ms
53ms Document
text/html 2a00:1450:4001:830::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LcUoOQUAAAAANHj_juVSgLjxCWAABmUxJr-DhCw&co=aHR0cHM6Ly9nb28uYnk6NDQz&hl=en&v=vP4jQKq0YJFzU6e21-BGy3GP&size=invisible&cb=669dojxrnhn6

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/vP4jQKq0YJFzU6e21-BGy3GP/recaptcha__en.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

70f6708e30e1bb5340b9f9b95ce1e81f4decf4d4229e06a39a2d54bd8d345419

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-LtlKLMR1EL_Qm6OZRIN4aQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://goo.by/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: no-cache, no-store, max-age=0, must-revalidate
content-encoding: gzip
content-length: 22121
content-security-policy: script-src 'report-sample' 'nonce-LtlKLMR1EL_Qm6OZRIN4aQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Thu, 13 Oct 2022 20:19:49 GMT
expires: Mon, 01 Jan 1990 00:00:00 GMT
pragma: no-cache
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H2 200 cookie.js Show response
partner.googleadservices.com/gampad/ 379 B
692 B 39ms
15ms Script
text/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://partner.googleadservices.com/gampad/cookie.js?domain=goo.by&callback=_gfp_s_&client=ca-pub-8917830189100721&gpid_exp=1

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202210060101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-8917830189100721&plah=goo.by&bust=31070256

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

1a79fc5174eb45401f75aea52e27876fb16ce72615826c2844ef3bf209c9751f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://goo.by/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Thu, 13 Oct 2022 20:19:49 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: text/javascript; charset=UTF-8
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 247
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
792 B 61ms
23ms Script
application/javascript 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=goo.by

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://goo.by/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Thu, 13 Oct 2022 20:19:49 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
549 B 40ms
16ms Script
application/javascript 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=goo.by

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://goo.by/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Thu, 13 Oct 2022 20:19:49 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
20 B 41ms
41ms Image
image/gif 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=ach_evt&url=https%3A%2F%2Fgoo.by%2F&tn=DIV&cls=cc-window%20cc-floating%20cc-type-info%20cc-theme-classic%20cc-bottom%20cc-right%20cc-color-override-1971232268%20&ign=false&pw=1600&ph=1200&x=1575&y=1175

Requested by

Host: goo.by
URL: https://goo.by/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://goo.by/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 13 Oct 2022 20:19:49 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 0B1F 295 KB
76 KB 625ms
607ms Document
text/html 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8917830189100721&output=html&adk=293675617&adf=814277786&lmt=1665692389&plat=1%3A16777216%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&format=0x0&url=https%3A%2F%2Fgoo.by%2F&ea=0&pra=5&wgl=1&easpi=0&asntp=0&asntpv=0&asntpl=0&asntpm=0&asntpc=0&asna=5&asnd=5&asnp=5&asns=5&asmat=1&asptt=-1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1665692389792&bpp=7&bdt=163&idt=141&shv=r20221012&mjsv=m202210060101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=4547817296396&frm=20&pv=2&ga_vid=702951412.1665692390&ga_sid=1665692390&ga_hid=1981127989&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C44761792%2C42531705%2C44773613%2C31070256%2C31068920&oid=2&pvsid=3116651609360576&tmod=129102118&uas=0&nvt=1&eae=2&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=1&uci=a!1&fsb=1&dtd=158

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

5e52411b1c6792f37cea7b7b89d8cb415a5c1984aa8adfd1f9f96b2a8cb03e07

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://goo.by/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-encoding: br
content-length: 77953
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 13 Oct 2022 20:19:50 GMT
expires: Thu, 13 Oct 2022 20:19:50 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 9984 85 KB
30 KB 515ms
504ms Document
text/html 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8917830189100721&output=html&h=280&adk=2348938529&adf=2605566815&pi=t.aa~a.181677489~rp.1&w=1140&fwrn=4&fwrnh=100&lmt=1665692389&rafmt=1&to=qs&pwprc=8236848451&format=1140x280&url=https%3A%2F%2Fgoo.by%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1665692389799&bpp=3&bdt=170&idt=154&shv=r20221012&mjsv=m202210060101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=2&correlator=4547817296396&frm=20&pv=1&ga_vid=702951412.1665692390&ga_sid=1665692390&ga_hid=1981127989&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=230&ady=395&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C44761792%2C42531705%2C44773613%2C31070256%2C31068920&oid=2&pvsid=3116651609360576&tmod=129102118&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=UwDins30Jb&p=https%3A//goo.by&dtd=157

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

760e58dce6e635d971f0dff16948bc6d9c6a4cca266f93e629259a1b468eb74b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://goo.by/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-encoding: br
content-length: 30457
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 13 Oct 2022 20:19:50 GMT
expires: Thu, 13 Oct 2022 20:19:50 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 styles__ltr.css
www.gstatic.com/recaptcha/releases/vP4jQKq0YJFzU6e21-BGy3GP/ Frame B77B 52 KB
24 KB 25ms
8ms Stylesheet
text/css 2a00:1450:4001:80b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/vP4jQKq0YJFzU6e21-BGy3GP/styles__ltr.css

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LcUoOQUAAAAANHj_juVSgLjxCWAABmUxJr-DhCw&co=aHR0cHM6Ly9nb28uYnk6NDQz&hl=en&v=vP4jQKq0YJFzU6e21-BGy3GP&size=invisible&cb=669dojxrnhn6

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4a59bb42cb945084820cd1eb370a22a68fa9451b9e57abb1daada408d2ff64e1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Thu, 13 Oct 2022 16:56:51 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 12178
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 24262
x-xss-protection: 0
last-modified: Sun, 02 Oct 2022 20:02:07 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
vary: Accept-Encoding
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/css
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 13 Oct 2023 16:56:51 GMT

GET
H3 200 recaptcha__en.js Show response
www.gstatic.com/recaptcha/releases/vP4jQKq0YJFzU6e21-BGy3GP/ Frame B77B 392 KB
156 KB 23ms
7ms Script
text/javascript 2a00:1450:4001:80b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/vP4jQKq0YJFzU6e21-BGy3GP/recaptcha__en.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

396c964c85a9b2e9a380bb18b1f6d51960f2bc7f7d4fd2bcf4754fc0ac443cd0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Thu, 13 Oct 2022 18:44:40 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 5709
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 159789
x-xss-protection: 0
last-modified: Sun, 02 Oct 2022 20:02:07 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
vary: Accept-Encoding
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 13 Oct 2023 18:44:40 GMT

GET
H3 200 logo_48.png
www.gstatic.com/recaptcha/api2/ Frame B77B 2 KB
2 KB 8ms
7ms Image
image/png 2a00:1450:4001:80b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/recaptcha/api2/logo_48.png

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/vP4jQKq0YJFzU6e21-BGy3GP/styles__ltr.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1b9efb22c938500971aac2b2130a475fa23684dd69e43103894968df83145b8a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.gstatic.com/recaptcha/releases/vP4jQKq0YJFzU6e21-BGy3GP/styles__ltr.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Thu, 13 Oct 2022 19:40:09 GMT
x-content-type-options: nosniff
age: 2381
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2228
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: image/png
cache-control: public, max-age=604800
accept-ranges: bytes
expires: Thu, 20 Oct 2022 19:40:09 GMT

GET
H2 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v18/ Frame B77B 15 KB
16 KB 39ms
7ms Font
font/woff2 2a00:1450:4001:811::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.google.com/
Origin: https://www.google.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Tue, 11 Oct 2022 11:18:05 GMT
x-content-type-options: nosniff
age: 205305
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15344
x-xss-protection: 0
last-modified: Mon, 16 Oct 2017 17:32:55 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Wed, 11 Oct 2023 11:18:05 GMT

GET
H2 200 KFOlCnqEu92Fr1MmEU9fBBc4.woff2
fonts.gstatic.com/s/roboto/v18/ Frame B77B 15 KB
15 KB 41ms
9ms Font
font/woff2 2a00:1450:4001:811::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5a8c1e7681318caa29e9f44e8a6e271f6a4067a2703e9916dfd4fe9099241db7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.google.com/
Origin: https://www.google.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Tue, 11 Oct 2022 18:59:48 GMT
x-content-type-options: nosniff
age: 177602
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15552
x-xss-protection: 0
last-modified: Mon, 16 Oct 2017 17:33:02 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Wed, 11 Oct 2023 18:59:48 GMT

GET
H3 200 webworker.js
www.google.com/recaptcha/api2/ Frame B77B 102 B
134 B 18ms
17ms Other
text/javascript 2a00:1450:4001:830::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/webworker.js?hl=en&v=vP4jQKq0YJFzU6e21-BGy3GP

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

3e86250780a5aa52bcbceec8988230c96440f6f61d0681a0cdd72446bcc0d96e

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LcUoOQUAAAAANHj_juVSgLjxCWAABmUxJr-DhCw&co=aHR0cHM6Ly9nb28uYnk6NDQz&hl=en&v=vP4jQKq0YJFzU6e21-BGy3GP&size=invisible&cb=669dojxrnhn6
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Thu, 13 Oct 2022 20:19:50 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy: frame-ancestors 'self'
server: GSE
cross-origin-embedder-policy: require-corp
x-frame-options: SAMEORIGIN
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=300
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 112
x-xss-protection: 1; mode=block
expires: Thu, 13 Oct 2022 20:19:50 GMT

GET
H2

400

sync_cookie_image_decide
mc.yandex.com/
Redirect Chain

https://mc.yandex.com/sync_cookie_image_check
https://mc.yandex.ru/sync_cookie_image_start?redirect_domain=mc.yandex.com&token=9790.z5NaaEV9JHmRrRI7xxJiOlVWfGNyQ20cDsIKL3pOc8862sgMoUQ_bbuwX1gpkchg.O9PLGQuNXcKjJA4l6BSroSp1ZAM%2C
https://mc.yandex.com/sync_cookie_image_decide?token=9790.L7CG3MUSWvvNyvCjuKTUdNdiRSvkWXokoTv5bZiJo7ACUveHjm1z5McSvPKdaia6p73B2qABaDxAwZD-p44eDQ%2C%2C.QK-J5r5vsWMWbS7Z-DcigaQUz7A%2C

75 B
75 B

67ms
67ms

Image
text/html

2a02:6b8::1:119
YANDEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://mc.yandex.com/sync_cookie_image_decide?token=9790.L7CG3MUSWvvNyvCjuKTUdNdiRSvkWXokoTv5bZiJo7ACUveHjm1z5McSvPKdaia6p73B2qABaDxAwZD-p44eDQ%2C%2C.QK-J5r5vsWMWbS7Z-DcigaQUz7A%2C

Requested by

Host: goo.by
URL: https://goo.by/

Protocol

Server

2a02:6b8::1:119 Moscow, Russian Federation, ASN13238 (YANDEX, RU),

Reverse DNS

Software

Resource Hash

8398a026313c016324f186d1c9b24a46813109d4bc5477d910a683079cbf1434

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://goo.by/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Thu, 13 Oct 2022 20:19:50 GMT
strict-transport-security: max-age=31536000
content-length: 75
x-xss-protection: 1; mode=block
content-type: text/html; charset=utf-8

Redirect headers

location: https://mc.yandex.com/sync_cookie_image_decide?token=9790.L7CG3MUSWvvNyvCjuKTUdNdiRSvkWXokoTv5bZiJo7ACUveHjm1z5McSvPKdaia6p73B2qABaDxAwZD-p44eDQ%2C%2C.QK-J5r5vsWMWbS7Z-DcigaQUz7A%2C
date: Thu, 13 Oct 2022 20:19:50 GMT
strict-transport-security: max-age=31536000
x-xss-protection: 1; mode=block

GET
H2

400

sync_cookie_image_decide
mc.yandex.by/
Redirect Chain

https://mc.yandex.by/sync_cookie_image_check
https://mc.yandex.ru/sync_cookie_image_start?redirect_domain=mc.yandex.by&token=9790.B1cbor4y7c7kmJ5fIZdCGqEQqHp0CFfGZmnIyXrLRl2IhSeJh6fnyXjLDERNvaXu.nIDOgdukuVF5zPpw_pV_6_XO1nI%2C
https://mc.yandex.by/sync_cookie_image_decide?token=9790.SiT6sm2JgrGDGj0ndVfhzUxQ2LOQPPN_xPvnFYTP4Vrc0VShU6dZ7W5gAsMSw9_N_iMzlzrOLQBU3IY_E8hWgQ%2C%2C.0Wf6gJyVfJyWhWkWFJVdqOjAyPY%2C

75 B
75 B

63ms
62ms

Image
text/html

2a02:6b8::1:119
YANDEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://mc.yandex.by/sync_cookie_image_decide?token=9790.SiT6sm2JgrGDGj0ndVfhzUxQ2LOQPPN_xPvnFYTP4Vrc0VShU6dZ7W5gAsMSw9_N_iMzlzrOLQBU3IY_E8hWgQ%2C%2C.0Wf6gJyVfJyWhWkWFJVdqOjAyPY%2C

Requested by

Host: goo.by
URL: https://goo.by/

Protocol

Server

2a02:6b8::1:119 Moscow, Russian Federation, ASN13238 (YANDEX, RU),

Reverse DNS

Software

Resource Hash

8398a026313c016324f186d1c9b24a46813109d4bc5477d910a683079cbf1434

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://goo.by/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Thu, 13 Oct 2022 20:19:50 GMT
strict-transport-security: max-age=31536000
content-length: 75
x-xss-protection: 1; mode=block
content-type: text/html; charset=utf-8

Redirect headers

location: https://mc.yandex.by/sync_cookie_image_decide?token=9790.SiT6sm2JgrGDGj0ndVfhzUxQ2LOQPPN_xPvnFYTP4Vrc0VShU6dZ7W5gAsMSw9_N_iMzlzrOLQBU3IY_E8hWgQ%2C%2C.0Wf6gJyVfJyWhWkWFJVdqOjAyPY%2C
date: Thu, 13 Oct 2022 20:19:50 GMT
strict-transport-security: max-age=31536000
x-xss-protection: 1; mode=block

GET
H2 200 advert.gif
mc.yandex.com/metrika/ 43 B
136 B 67ms
66ms Image
image/gif 2a02:6b8::1:119
YANDEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://mc.yandex.com/metrika/advert.gif

Requested by

Host: goo.by
URL: https://goo.by/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:6b8::1:119 Moscow, Russian Federation, ASN13238 (YANDEX, RU),

Reverse DNS

Software

Resource Hash

548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://goo.by/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Thu, 13 Oct 2022 20:19:50 GMT
strict-transport-security: max-age=31536000
last-modified: Fri, 07 Oct 2022 07:30:00 GMT
etag: "633fab48-2b"
content-type: image/gif
access-control-allow-origin: *
cache-control: max-age=3600
accept-ranges: bytes
content-length: 43
expires: Thu, 13 Oct 2022 21:19:50 GMT

POST
H3 200 reload Show response
www.google.com/recaptcha/api2/ Frame B77B 32 KB
18 KB 91ms
91ms XHR
application/json 2a00:1450:4001:830::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/reload?k=6LcUoOQUAAAAANHj_juVSgLjxCWAABmUxJr-DhCw

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/vP4jQKq0YJFzU6e21-BGy3GP/recaptcha__en.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

2a8cc1e0c19d3037aa6965782325e206417c6849ddd456cb743abf82f7542446

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LcUoOQUAAAAANHj_juVSgLjxCWAABmUxJr-DhCw&co=aHR0cHM6Ly9nb28uYnk6NDQz&hl=en&v=vP4jQKq0YJFzU6e21-BGy3GP&size=invisible&cb=669dojxrnhn6
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
Content-Type: application/x-protobuffer

Response headers

date: Thu, 13 Oct 2022 20:19:50 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy: frame-ancestors 'self'
server: GSE
x-frame-options: SAMEORIGIN
content-type: application/json; charset=utf-8
cache-control: private, max-age=0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 18560
x-xss-protection: 1; mode=block
expires: Thu, 13 Oct 2022 20:19:50 GMT

GET
H2

200

1 Show response
mc.yandex.com/watch/45619767/
Redirect Chain

https://mc.yandex.com/watch/45619767?wmode=7&page-url=https%3A%2F%2Fgoo.by%2F&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3A8zdfc3pjszirvo7fx08h8%3Afp%3A315%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-U...
https://mc.yandex.com/watch/45619767/1?wmode=7&page-url=https%3A%2F%2Fgoo.by%2F&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3A8zdfc3pjszirvo7fx08h8%3Afp%3A315%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen...

427 B
540 B

66ms
63ms

XHR
application/json

2a02:6b8::1:119
YANDEX

General

Check archive.org

Show headers Download Go to

Full URL

https://mc.yandex.com/watch/45619767/1?wmode=7&page-url=https%3A%2F%2Fgoo.by%2F&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3A8zdfc3pjszirvo7fx08h8%3Afp%3A315%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A912%3Acn%3A1%3Adp%3A0%3Als%3A446676896113%3Ahid%3A293465633%3Az%3A0%3Ai%3A20221013201950%3Aet%3A1665692390%3Ac%3A1%3Arn%3A573723845%3Arqn%3A1%3Au%3A16656923908899944%3Aw%3A1600x1200%3As%3A1600x1200x24%3Ask%3A1%3Ads%3A0%2C0%2C36%2C1%2C181%2C181%2C1%2C123%2C19%2C%2C%2C%2C342%3Acpf%3A1%3Ans%3A1665692389408%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1665692390%3At%3AGoo.gl%20URL%20Shortener&t=gdpr%2814%29clc%280-0-0%29aw%281%29rqnt%281%29rqnl%281%29ti%282%29

Requested by

Host: goo.by
URL: https://goo.by/

Protocol

Server

2a02:6b8::1:119 Moscow, Russian Federation, ASN13238 (YANDEX, RU),

Reverse DNS

Software

Resource Hash

d16af2c2522b621bff5b557b00bb78a179d375d7c2fad2bdf051592da7356c99

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://goo.by/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 13 Oct 2022 20:19:50 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
last-modified: Thu, 13-Oct-2022 20:19:50 GMT
content-type: application/json; charset=utf-8
access-control-allow-origin: https://goo.by
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
access-control-allow-credentials: true
content-length: 427
x-xss-protection: 1; mode=block
expires: Thu, 13-Oct-2022 20:19:50 GMT

Redirect headers

pragma: no-cache
date: Thu, 13 Oct 2022 20:19:50 GMT
strict-transport-security: max-age=31536000
last-modified: Thu, 13-Oct-2022 20:19:50 GMT
location: /watch/45619767/1?wmode=7&page-url=https%3A%2F%2Fgoo.by%2F&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3A8zdfc3pjszirvo7fx08h8%3Afp%3A315%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A912%3Acn%3A1%3Adp%3A0%3Als%3A446676896113%3Ahid%3A293465633%3Az%3A0%3Ai%3A20221013201950%3Aet%3A1665692390%3Ac%3A1%3Arn%3A573723845%3Arqn%3A1%3Au%3A16656923908899944%3Aw%3A1600x1200%3As%3A1600x1200x24%3Ask%3A1%3Ads%3A0%2C0%2C36%2C1%2C181%2C181%2C1%2C123%2C19%2C%2C%2C%2C342%3Acpf%3A1%3Ans%3A1665692389408%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1665692390%3At%3AGoo.gl%20URL%20Shortener&t=gdpr%2814%29clc%280-0-0%29aw%281%29rqnt%281%29rqnl%281%29ti%282%29
access-control-allow-origin: https://goo.by
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
access-control-allow-credentials: true
x-xss-protection: 1; mode=block
expires: Thu, 13-Oct-2022 20:19:50 GMT

GET
H2 200 css
fonts.googleapis.com/ Frame 9984 6 KB
1 KB 45ms
18ms Stylesheet
text/css 2a00:1450:4001:82b::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto%3A300%2C400%2C700

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8917830189100721&output=html&h=280&adk=2348938529&adf=2605566815&pi=t.aa~a.181677489~rp.1&w=1140&fwrn=4&fwrnh=100&lmt=1665692389&rafmt=1&to=qs&pwprc=8236848451&format=1140x280&url=https%3A%2F%2Fgoo.by%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1665692389799&bpp=3&bdt=170&idt=154&shv=r20221012&mjsv=m202210060101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=2&correlator=4547817296396&frm=20&pv=1&ga_vid=702951412.1665692390&ga_sid=1665692390&ga_hid=1981127989&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=230&ady=395&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C44761792%2C42531705%2C44773613%2C31070256%2C31068920&oid=2&pvsid=3116651609360576&tmod=129102118&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=UwDins30Jb&p=https%3A//goo.by&dtd=157

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

e0be1d222e2e367ac5106f4aee4830c3de18af1d266f8cde53915e11e8b01bfd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Thu, 13 Oct 2022 20:19:50 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Thu, 13 Oct 2022 19:55:58 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 13 Oct 2022 20:19:50 GMT

GET
H2 200 load_preloaded_resource_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20221012/r20110914/client/ Frame 9984 2 KB
956 B 42ms
17ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20221012/r20110914/client/load_preloaded_resource_fy2021.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

981c0bff12cb03203363a70e8ffe9b7fdf4af3b0b10c7a02a639eb13327574c0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Thu, 13 Oct 2022 18:57:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 4934
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 875
x-xss-protection: 0
server: cafe
etag: 16974406330603315520
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 27 Oct 2022 18:57:36 GMT

GET
H2 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20221012/r20110914/ Frame 9984 23 KB
10 KB 32ms
8ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20221012/r20110914/abg_lite_fy2021.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

733b81ca611521c0c5664701f060df9d5486014c1dba79acb22269bfc9e06d0a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Thu, 13 Oct 2022 18:57:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 4934
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9578
x-xss-protection: 0
server: cafe
etag: 2674910403068493586
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 27 Oct 2022 18:57:36 GMT

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20221012/r20110914/client/ Frame 9984 3 KB
1 KB 38ms
18ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20221012/r20110914/client/window_focus_fy2021.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8aa048082094d36080fc028ab1584264596c64fb5b362038c4761ac9838d6b14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Thu, 13 Oct 2022 18:55:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 5079
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1359
x-xss-protection: 0
server: cafe
etag: 1484984001845508991
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 27 Oct 2022 18:55:11 GMT

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20221012/r20110914/client/ Frame 9984 17 KB
7 KB 40ms
16ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20221012/r20110914/client/qs_click_protection_fy2021.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b7e54c08be2d3028420666e9aca9074537fb351e2ece4e32b925ffca1840ce12

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Thu, 13 Oct 2022 18:55:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 5079
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7570
x-xss-protection: 0
server: cafe
etag: 17992891929817281641
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 27 Oct 2022 18:55:11 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 9984 152 KB
47 KB 46ms
17ms Script
text/javascript 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

18ffb82a05bcd7e430f57b9428d2a6990f127948e7ff14d66c3784a84f4330ee

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Thu, 13 Oct 2022 20:19:50 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 47415
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1665574756386403"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Thu, 13 Oct 2022 20:19:50 GMT

GET
H3 200 1d54d8cacad5994e062108e03542c880.js Show response
www.gstatic.com/mysidia/ Frame 9984 33 KB
13 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:80b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/1d54d8cacad5994e062108e03542c880.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

39ea310e86ee5d4b745f48121268b8848ebbc92d2b9a1a791c36c7a03512b101

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Fri, 07 Oct 2022 06:21:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 568685
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13786
x-xss-protection: 0
last-modified: Fri, 07 Oct 2022 06:02:48 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Thu, 05 Jan 2023 06:21:45 GMT

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame 9984 0
0 77ms
76ms Fetch
text/html 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=CWeem5XJIY6HgPPqR1fAPqIa9qAaDw5PgbO2txvSWEPq7pc-ZDhABIIva-xxglQKgAcXqmbkCyAEJqQKeLXkZgUywPqgDAcgDywSqBMMBT9C0lTtLG_ByOA1LU0rN7XGblB7T1EyniJWGzj2K6Uzf_UaRl7aydf_VKJ6UPZ--c0VVsvILH9ejhk3XKkNLKIvZJEhxlVwoyvRjdLh9wIuxRPPQOEsQGCDHpkksmScJb5xOlxIHmdllY6xgmTKPclzgCZSFFZaXRuxf5fDTZ09qPnd77CpzPgHnKDYOb0mmelD0wFL0FsZAZztNyycTgC5m6SVMoE7gxle8j2nsHn8aJPektwBy4bfnR-8rlC3E7PRpwATEl-mx3AOSBQQIBBgBkgUECAUYBJIFBAgFGBiSBQUIBRioAaAGLoAHo5XmxgGoB47OG6gHk9gbqAfulrECqAf-nrECqAeko7ECqAfVyRuoB6a-G9gHAPIHBBD-oTDSCBEIgOGAEBABGB8yAqoCOgKAQIAKAcgLAbgT5APYEwvQFQGYFgGAFwGyFxwKGggAEhRwdWItODkxNzgzMDE4OTEwMDcyMRgA&sigh=9IDaaDrruKI&uach_m=[UACH]&template_id=484

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8917830189100721&output=html&h=280&adk=2348938529&adf=2605566815&pi=t.aa~a.181677489~rp.1&w=1140&fwrn=4&fwrnh=100&lmt=1665692389&rafmt=1&to=qs&pwprc=8236848451&format=1140x280&url=https%3A%2F%2Fgoo.by%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1665692389799&bpp=3&bdt=170&idt=154&shv=r20221012&mjsv=m202210060101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=2&correlator=4547817296396&frm=20&pv=1&ga_vid=702951412.1665692390&ga_sid=1665692390&ga_hid=1981127989&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=230&ady=395&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C44761792%2C42531705%2C44773613%2C31070256%2C31068920&oid=2&pvsid=3116651609360576&tmod=129102118&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=UwDins30Jb&p=https%3A//goo.by&dtd=157
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Thu, 13 Oct 2022 20:19:50 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Thu, 13 Oct 2022 20:19:50 GMT

GET
H2 200 downsize_200k_v1
tpc.googlesyndication.com/simgad/15163947645182679548/ Frame 9984 15 KB
15 KB 34ms
18ms Image
image/jpeg 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/15163947645182679548/downsize_200k_v1?w=400&h=209

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a7f11eeb407fa3a042ce0ea82bb3523d7a425cb693099175c3b6ab103cc4f28f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Fri, 07 Oct 2022 00:01:11 GMT
x-content-type-options: nosniff
age: 591519
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15095
x-xss-protection: 0
last-modified: Tue, 06 Oct 2020 07:51:35 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Sat, 07 Oct 2023 00:01:11 GMT

GET
H2 200 downsize_200k_v1
tpc.googlesyndication.com/simgad/2885783126999908289/ Frame 9984 2 KB
3 KB 34ms
19ms Image
image/jpeg 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/2885783126999908289/downsize_200k_v1?w=100&h=100

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e266631265f177732c5baea8ec8a83536e21326117163fd1dc275554d732cad2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Mon, 10 Oct 2022 07:25:14 GMT
x-content-type-options: nosniff
age: 305676
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2524
x-xss-protection: 0
last-modified: Tue, 06 Oct 2020 07:51:36 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Tue, 10 Oct 2023 07:25:14 GMT

GET
DATA 200
OK truncated
/ Frame 9984 214 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: dd6b65900e1f3d1fbee576ac727ffe264631ad8eddd272479ba72304a7d68660

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 KFOlCnqEu92Fr1MmSU5fBBc4.woff2
fonts.gstatic.com/s/roboto/v30/ Frame 9984 15 KB
15 KB 28ms
12ms Font
font/woff2 2a00:1450:4001:811::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmSU5fBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto%3A300%2C400%2C700

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f75911313e1c7802c23345ab57e754d87801581706780c993fb23ff4e0fe62ef

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://googleads.g.doubleclick.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Fri, 07 Oct 2022 20:22:20 GMT
x-content-type-options: nosniff
age: 518250
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15740
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:56 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 07 Oct 2023 20:22:20 GMT

GET
H3 200 KFOlCnqEu92Fr1MmWUlfBBc4.woff2
fonts.gstatic.com/s/roboto/v30/ Frame 9984 15 KB
16 KB 22ms
8ms Font
font/woff2 2a00:1450:4001:811::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto%3A300%2C400%2C700

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://googleads.g.doubleclick.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Fri, 07 Oct 2022 05:09:29 GMT
x-content-type-options: nosniff
age: 573021
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15860
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:42 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 07 Oct 2023 05:09:29 GMT

GET
H3 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v30/ Frame 9984 15 KB
15 KB 25ms
11ms Font
font/woff2 2a00:1450:4001:811::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto%3A300%2C400%2C700

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://googleads.g.doubleclick.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Fri, 07 Oct 2022 13:14:53 GMT
x-content-type-options: nosniff
age: 543897
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15744
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:48 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 07 Oct 2023 13:14:53 GMT

GET
H3 200 reactive_library_fy2021.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202210060101/ 151 KB
54 KB 24ms
24ms Script
text/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202210060101/reactive_library_fy2021.js?bust=31070256

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

08832c05cbaf935f4b7dc84fb285261ac6b1ece4964ccb7cf49d980408b3d2f2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://goo.by/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Thu, 13 Oct 2022 20:19:50 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 55077
x-xss-protection: 0
server: cafe
etag: 2169386837745550276
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=1209600
timing-allow-origin: *
expires: Thu, 13 Oct 2022 20:19:50 GMT

GET
H3 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
122 B 33ms
17ms Script
application/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=goo.by

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://goo.by/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Thu, 13 Oct 2022 20:19:50 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
122 B 35ms
18ms Script
application/javascript 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=goo.by

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://goo.by/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Thu, 13 Oct 2022 20:19:50 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 66DB 436 B
233 B 982ms
981ms Document
text/html 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8917830189100721&output=html&h=280&adk=2814367607&adf=3589342682&pi=t.aa~a.2921636334~rp.1&w=1200&fwrn=4&fwrnh=100&lmt=1665692390&rafmt=1&to=qs&pwprc=8236848451&format=1200x280&url=https%3A%2F%2Fgoo.by%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1665692390676&bpp=2&bdt=1047&idt=-M&shv=r20221012&mjsv=m202210060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D23757c34d915940f-2269111a45ce008d%3AT%3D1665692389%3ART%3D1665692389%3AS%3DALNI_MZuR-uRMLDLlo9t60KgQc5vnEZtPw&gpic=UID%3D000005765d427186%3AT%3D1665692389%3ART%3D1665692389%3AS%3DALNI_MZRhe2RxJq9B1pxF8M1w_h6jSihKQ&prev_fmts=0x0%2C1140x280&nras=3&correlator=4547817296396&frm=20&pv=1&ga_vid=702951412.1665692390&ga_sid=1665692390&ga_hid=1981127989&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=1951&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C44761792%2C42531705%2C44773613%2C31070256%2C31068920&oid=2&psts=APxP-9AxCmJy-EYb9CvFd_BjHNrrKdmAT0lnqPTQn4DyLiiIXVe19kUz1-1SUCP2vSjQI2JKF4FlaoKoneWx12k&pvsid=3116651609360576&tmod=129102118&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=3&uci=a!3&btvi=1&fsb=1&xpc=wEusK7QpMx&p=https%3A//goo.by&dtd=17

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ee982094d7f02c20981d08d8613c54aaeeac2f11b375c6f20da71dd919e1b54

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://goo.by/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-encoding: br
content-length: 213
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 13 Oct 2022 20:19:51 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame F7DD 91 KB
33 KB 683ms
682ms Document
text/html 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8917830189100721&output=html&h=280&adk=1702659431&adf=3490307744&pi=t.aa~a.3858024354~rp.1&w=1200&fwrn=4&fwrnh=100&lmt=1665692390&rafmt=1&to=qs&pwprc=8236848451&format=1200x280&url=https%3A%2F%2Fgoo.by%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1665692390676&bpp=1&bdt=1048&idt=-M&shv=r20221012&mjsv=m202210060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D23757c34d915940f-2269111a45ce008d%3AT%3D1665692389%3ART%3D1665692389%3AS%3DALNI_MZuR-uRMLDLlo9t60KgQc5vnEZtPw&gpic=UID%3D000005765d427186%3AT%3D1665692389%3ART%3D1665692389%3AS%3DALNI_MZRhe2RxJq9B1pxF8M1w_h6jSihKQ&prev_fmts=0x0%2C1140x280%2C1200x280&nras=4&correlator=4547817296396&frm=20&pv=1&ga_vid=702951412.1665692390&ga_sid=1665692390&ga_hid=1981127989&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=2351&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C44761792%2C42531705%2C44773613%2C31070256%2C31068920&oid=2&psts=APxP-9AxCmJy-EYb9CvFd_BjHNrrKdmAT0lnqPTQn4DyLiiIXVe19kUz1-1SUCP2vSjQI2JKF4FlaoKoneWx12k&pvsid=3116651609360576&tmod=129102118&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=4&uci=a!4&btvi=2&fsb=1&xpc=9JoctlHcqW&p=https%3A//goo.by&dtd=21

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8031bbadabdcef3a5e41801f6d92e2c9af17871bc84e95ea658fc3ae3f03a7ec

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://goo.by/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-encoding: br
content-length: 33730
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 13 Oct 2022 20:19:51 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 431D 436 B
231 B 406ms
406ms Document
text/html 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8917830189100721&output=html&h=280&adk=2814367607&adf=1013021284&pi=t.aa~a.2921636334~rp.4&w=1200&fwrn=4&fwrnh=100&lmt=1665692390&rafmt=1&to=qs&pwprc=8236848451&format=1200x280&url=https%3A%2F%2Fgoo.by%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1665692390676&bpp=1&bdt=1047&idt=-M&shv=r20221012&mjsv=m202210060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D23757c34d915940f-2269111a45ce008d%3AT%3D1665692389%3ART%3D1665692389%3AS%3DALNI_MZuR-uRMLDLlo9t60KgQc5vnEZtPw&gpic=UID%3D000005765d427186%3AT%3D1665692389%3ART%3D1665692389%3AS%3DALNI_MZRhe2RxJq9B1pxF8M1w_h6jSihKQ&prev_fmts=0x0%2C1140x280%2C1200x280%2C1200x280&nras=5&correlator=4547817296396&frm=20&pv=1&ga_vid=702951412.1665692390&ga_sid=1665692390&ga_hid=1981127989&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=3298&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C44761792%2C42531705%2C44773613%2C31070256%2C31068920&oid=2&psts=APxP-9AxCmJy-EYb9CvFd_BjHNrrKdmAT0lnqPTQn4DyLiiIXVe19kUz1-1SUCP2vSjQI2JKF4FlaoKoneWx12k&pvsid=3116651609360576&tmod=129102118&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=5&uci=a!5&btvi=3&fsb=1&xpc=I5l428KPtj&p=https%3A//goo.by&dtd=24

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ad29bf1ba40a0d91f2fc0b2a0f6775e96e87c67cf0f64790825d05e9770de9bc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://goo.by/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-encoding: br
content-length: 211
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 13 Oct 2022 20:19:51 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 5C07 91 KB
33 KB 754ms
753ms Document
text/html 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8917830189100721&output=html&h=280&adk=2121410139&adf=2209210727&pi=t.aa~a.914634892~rp.4&w=1140&fwrn=4&fwrnh=100&lmt=1665692390&rafmt=1&to=qs&pwprc=8236848451&format=1140x280&url=https%3A%2F%2Fgoo.by%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1665692390676&bpp=1&bdt=1048&idt=-M&shv=r20221012&mjsv=m202210060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D23757c34d915940f-2269111a45ce008d%3AT%3D1665692389%3ART%3D1665692389%3AS%3DALNI_MZuR-uRMLDLlo9t60KgQc5vnEZtPw&gpic=UID%3D000005765d427186%3AT%3D1665692389%3ART%3D1665692389%3AS%3DALNI_MZRhe2RxJq9B1pxF8M1w_h6jSihKQ&prev_fmts=0x0%2C1140x280%2C1200x280%2C1200x280%2C1200x280&nras=6&correlator=4547817296396&frm=20&pv=1&ga_vid=702951412.1665692390&ga_sid=1665692390&ga_hid=1981127989&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=230&ady=4151&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C44761792%2C42531705%2C44773613%2C31070256%2C31068920&oid=2&psts=APxP-9AxCmJy-EYb9CvFd_BjHNrrKdmAT0lnqPTQn4DyLiiIXVe19kUz1-1SUCP2vSjQI2JKF4FlaoKoneWx12k&pvsid=3116651609360576&tmod=129102118&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=6&uci=a!6&btvi=4&fsb=1&xpc=xHzBud3BhZ&p=https%3A//goo.by&dtd=28

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

4f609f77dd82a1c5e6882d3328fb76e95988fb3162a39af8122a7ca2da2420c2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://goo.by/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-encoding: br
content-length: 34090
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 13 Oct 2022 20:19:51 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 6A15 436 B
233 B 789ms
788ms Document
text/html 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8917830189100721&output=html&h=280&adk=1702659431&adf=1351620921&pi=t.aa~a.3858025451~rp.1&w=1200&fwrn=4&fwrnh=100&lmt=1665692390&rafmt=1&to=qs&pwprc=8236848451&format=1200x280&url=https%3A%2F%2Fgoo.by%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1665692390676&bpp=1&bdt=1048&idt=0&shv=r20221012&mjsv=m202210060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D23757c34d915940f-2269111a45ce008d%3AT%3D1665692389%3ART%3D1665692389%3AS%3DALNI_MZuR-uRMLDLlo9t60KgQc5vnEZtPw&gpic=UID%3D000005765d427186%3AT%3D1665692389%3ART%3D1665692389%3AS%3DALNI_MZRhe2RxJq9B1pxF8M1w_h6jSihKQ&prev_fmts=0x0%2C1140x280%2C1200x280%2C1200x280%2C1200x280%2C1140x280&nras=7&correlator=4547817296396&frm=20&pv=1&ga_vid=702951412.1665692390&ga_sid=1665692390&ga_hid=1981127989&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=4741&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C44761792%2C42531705%2C44773613%2C31070256%2C31068920&oid=2&psts=APxP-9AxCmJy-EYb9CvFd_BjHNrrKdmAT0lnqPTQn4DyLiiIXVe19kUz1-1SUCP2vSjQI2JKF4FlaoKoneWx12k&pvsid=3116651609360576&tmod=129102118&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=7&uci=a!7&btvi=5&fsb=1&xpc=mFYQjVU1OY&p=https%3A//goo.by&dtd=34

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

57ac8c2732a2627d8f7ab7c6e6118f4be010969eab1ec86d1208f336b6efed65

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://goo.by/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-encoding: br
content-length: 213
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 13 Oct 2022 20:19:51 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 cfKUDseLxMX_VMI_uao_rq0MKOaeCrg8GZjSFxmotG8.js Show response
pagead2.googlesyndication.com/bg/ Frame E0D0 36 KB
16 KB 8ms
8ms Script
text/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/cfKUDseLxMX_VMI_uao_rq0MKOaeCrg8GZjSFxmotG8.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

71f2940ec78bc4c5ff54c23fb9aa3faead0c28e69e0ab83c1998d21719a8b46f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Wed, 12 Oct 2022 19:21:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 89874
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 16112
x-xss-protection: 0
last-modified: Tue, 11 Oct 2022 09:38:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 12 Oct 2023 19:21:56 GMT

GET
H3 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
122 B 20ms
19ms Script
application/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=goo.by

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://goo.by/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Thu, 13 Oct 2022 20:19:50 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
122 B 17ms
17ms Script
application/javascript 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=goo.by

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://goo.by/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Thu, 13 Oct 2022 20:19:50 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20221012/r20110914/ Frame EA66 10 KB
4 KB 8ms
7ms Document
text/html 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20221012/r20110914/zrt_lookup.html?fsb=1

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f7408c25067cd0a9d9fe835cb4c05e394a50751d3fcde0c461db19a309abb02a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://goo.by/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 61470
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=1209600
content-encoding: gzip
content-length: 4420
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 13 Oct 2022 03:15:20 GMT
etag: 9671129459699598864
expires: Thu, 27 Oct 2022 03:15:20 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20221012/r20110914/ Frame B986 10 KB
4 KB 7ms
7ms Document
text/html 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20221012/r20110914/zrt_lookup.html?fsb=1

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f7408c25067cd0a9d9fe835cb4c05e394a50751d3fcde0c461db19a309abb02a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://goo.by/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 61470
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=1209600
content-encoding: gzip
content-length: 4420
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 13 Oct 2022 03:15:20 GMT
etag: 9671129459699598864
expires: Thu, 27 Oct 2022 03:15:20 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 css2
fonts.googleapis.com/ Frame EA66 4 KB
636 B 33ms
17ms Stylesheet
text/css 2a00:1450:4001:82b::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Roboto:wght@400;700&display=swap

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20221012/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

c2777526a216d9692dd29697ebee7836fe8ae65f3a290faa20b75b64c0625205

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Thu, 13 Oct 2022 20:19:50 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Thu, 13 Oct 2022 19:04:30 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 13 Oct 2022 20:19:50 GMT

GET
H3 200 feedback_grey600_24dp.png
www.gstatic.com/images/icons/material/system/2x/ Frame EA66 205 B
229 B 7ms
7ms Image
image/png 2a00:1450:4001:80b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/images/icons/material/system/2x/feedback_grey600_24dp.png

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20221012/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4d45982f2dc34f36c9045ee46a75a1943666bb7fd64e103cac8c7429e7012840

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Thu, 13 Oct 2022 19:11:24 GMT
x-content-type-options: nosniff
age: 4106
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 205
x-xss-protection: 0
last-modified: Tue, 22 Oct 2019 18:15:00 GMT
server: sffe
vary: Origin
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
expires: Fri, 13 Oct 2023 19:11:24 GMT

GET
H3 200 settings_grey600_24dp.png
www.gstatic.com/images/icons/material/system/2x/ Frame EA66 604 B
628 B 8ms
7ms Image
image/png 2a00:1450:4001:80b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/images/icons/material/system/2x/settings_grey600_24dp.png

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20221012/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5c4a713ee4250851232be9f9f68d41586be39b299528cfc7266e0b0e7e582e1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Thu, 13 Oct 2022 19:15:34 GMT
x-content-type-options: nosniff
age: 3856
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 604
x-xss-protection: 0
last-modified: Tue, 22 Oct 2019 18:15:00 GMT
server: sffe
vary: Origin
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
expires: Fri, 13 Oct 2023 19:15:34 GMT

GET
H3 200 interstitial_ad_frame_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20221012/r20110914/elements/html/ Frame EA66 19 KB
8 KB 26ms
7ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20221012/r20110914/elements/html/interstitial_ad_frame_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20221012/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c9232affad46b9ddd1239711acc6ff257591d759fd4197035f3fbc7bf511d036

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Thu, 13 Oct 2022 19:00:16 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 4774
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8227
x-xss-protection: 0
server: cafe
etag: 5516984893510486959
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 27 Oct 2022 19:00:16 GMT

GET
H3 200 index.html Show response
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/4143637017896669729/ Frame 1D46 16 KB
4 KB 9ms
8ms Document
text/html 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/4143637017896669729/index.html?v=b208246486

Requested by

Host: goo.by
URL: https://goo.by/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7bebe6dd8ae38880eac7a58f78af8d67c1cc62cb760f85a90d7ba8452fcd0084

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
age: 742
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=0
content-encoding: gzip
content-length: 4218
content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
cross-origin-resource-policy: cross-origin
date: Thu, 13 Oct 2022 20:07:28 GMT
expires: Thu, 13 Oct 2022 20:07:28 GMT
last-modified: Fri, 30 Sep 2022 14:05:56 GMT
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-xss-protection: 0

GET
H3 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20221012/r20110914/ Frame B986 23 KB
9 KB 8ms
8ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20221012/r20110914/abg_lite_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20221012/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

733b81ca611521c0c5664701f060df9d5486014c1dba79acb22269bfc9e06d0a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Thu, 13 Oct 2022 18:57:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 4934
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9578
x-xss-protection: 0
server: cafe
etag: 2674910403068493586
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 27 Oct 2022 18:57:36 GMT

GET
H3 200 css
fonts.googleapis.com/ Frame C9AB 8 KB
895 B 20ms
19ms Stylesheet
text/css 2a00:1450:4001:82b::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20221012/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

a84fb0803620acdf77c0f41d652eb5538002ed610424bd0be051203ee50cf940

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Thu, 13 Oct 2022 20:19:50 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Thu, 13 Oct 2022 19:15:51 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 13 Oct 2022 20:19:50 GMT

GET
H3 200 load_preloaded_resource_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20221012/r20110914/client/ Frame C9AB 2 KB
902 B 7ms
6ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20221012/r20110914/client/load_preloaded_resource_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20221012/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

981c0bff12cb03203363a70e8ffe9b7fdf4af3b0b10c7a02a639eb13327574c0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Thu, 13 Oct 2022 18:57:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 4934
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 875
x-xss-protection: 0
server: cafe
etag: 16974406330603315520
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 27 Oct 2022 18:57:36 GMT

GET
H3 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20221012/r20110914/ Frame C9AB 23 KB
9 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20221012/r20110914/abg_lite_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20221012/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

733b81ca611521c0c5664701f060df9d5486014c1dba79acb22269bfc9e06d0a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Thu, 13 Oct 2022 18:57:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 4934
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9578
x-xss-protection: 0
server: cafe
etag: 2674910403068493586
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 27 Oct 2022 18:57:36 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20221012/r20110914/client/ Frame C9AB 3 KB
1 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20221012/r20110914/client/window_focus_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20221012/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8aa048082094d36080fc028ab1584264596c64fb5b362038c4761ac9838d6b14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Thu, 13 Oct 2022 18:55:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 5079
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1359
x-xss-protection: 0
server: cafe
etag: 1484984001845508991
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 27 Oct 2022 18:55:11 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20221012/r20110914/client/ Frame C9AB 17 KB
7 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20221012/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20221012/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b7e54c08be2d3028420666e9aca9074537fb351e2ece4e32b925ffca1840ce12

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Thu, 13 Oct 2022 18:55:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 5079
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7570
x-xss-protection: 0
server: cafe
etag: 17992891929817281641
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 27 Oct 2022 18:55:11 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame C9AB 152 KB
46 KB 35ms
19ms Script
text/javascript 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20221012/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

18ffb82a05bcd7e430f57b9428d2a6990f127948e7ff14d66c3784a84f4330ee

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Thu, 13 Oct 2022 20:19:50 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 47415
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1665574756386403"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Thu, 13 Oct 2022 20:19:50 GMT

GET
H3 200 1d54d8cacad5994e062108e03542c880.js Show response
www.gstatic.com/mysidia/ Frame C9AB 33 KB
13 KB 8ms
8ms Script
text/javascript 2a00:1450:4001:80b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/1d54d8cacad5994e062108e03542c880.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20221012/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

39ea310e86ee5d4b745f48121268b8848ebbc92d2b9a1a791c36c7a03512b101

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Fri, 07 Oct 2022 06:21:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 568685
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13786
x-xss-protection: 0
last-modified: Fri, 07 Oct 2022 06:02:48 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Thu, 05 Jan 2023 06:21:45 GMT

GET
H3 200 exitapi-impl.js Show response
tpc.googlesyndication.com/pagead/gadgets/~b208246486/html5/api/ Frame 1D46 6 KB
3 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/gadgets/~b208246486/html5/api/exitapi-impl.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/4143637017896669729/index.html?v=b208246486

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

02ebc319500d29d704855de3d846bbb2479434953bb7b34f533122f432ce33bf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Thu, 13 Oct 2022 17:40:23 GMT
content-encoding: br
x-content-type-options: nosniff
age: 9567
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2568
x-xss-protection: 0
server: cafe
etag: 6734328975651772599
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=86400
timing-allow-origin: *
expires: Fri, 14 Oct 2022 17:40:23 GMT

GET
H3 200 addata.js Show response
tpc.googlesyndication.com/pagead/gadgets/~b208246486/html5/ Frame 1D46 34 KB
13 KB 9ms
8ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/gadgets/~b208246486/html5/addata.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/4143637017896669729/index.html?v=b208246486

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

fee86fd46a67912ffd9ae2997c583f59abe6e11c532496c52759e94136837d48

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Thu, 13 Oct 2022 17:40:23 GMT
content-encoding: br
x-content-type-options: nosniff
age: 9567
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13035
x-xss-protection: 0
server: cafe
etag: 2319883687766034370
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=86400
timing-allow-origin: *
expires: Fri, 14 Oct 2022 17:40:23 GMT

GET
H3 200 c652681c625a2ec74960131ebe0d38c5.js Show response
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/4143637017896669729/ Frame 1D46 101 KB
29 KB 11ms
9ms Script
application/x-javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/4143637017896669729/c652681c625a2ec74960131ebe0d38c5.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/4143637017896669729/index.html?v=b208246486

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

fbe4f2f2b2f382a97524e4b3c2346605f89b47e98ef8a95fe6de1cac8fbe8f68

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
content-encoding: gzip
x-content-type-options: nosniff
date: Fri, 07 Oct 2022 13:12:50 GMT
age: 544020
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 29367
x-xss-protection: 0
last-modified: Fri, 30 Sep 2022 14:05:56 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Sat, 07 Oct 2023 13:12:50 GMT

GET
H3 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 2BC3 143 B
166 B 10ms
8ms Document
text/html 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20221012/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/html/r20221012/r20110914/zrt_lookup.html?fsb=1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 268
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=3600
content-encoding: gzip
content-length: 145
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 13 Oct 2022 20:15:22 GMT
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20221012/r20110914/client/ Frame B986 3 KB
1 KB 9ms
7ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20221012/r20110914/client/window_focus_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20221012/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8aa048082094d36080fc028ab1584264596c64fb5b362038c4761ac9838d6b14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Thu, 13 Oct 2022 18:55:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 5079
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1359
x-xss-protection: 0
server: cafe
etag: 1484984001845508991
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 27 Oct 2022 18:55:11 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20221012/r20110914/client/ Frame B986 17 KB
7 KB 9ms
7ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20221012/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20221012/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b7e54c08be2d3028420666e9aca9074537fb351e2ece4e32b925ffca1840ce12

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Thu, 13 Oct 2022 18:55:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 5079
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7570
x-xss-protection: 0
server: cafe
etag: 17992891929817281641
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 27 Oct 2022 18:55:11 GMT

GET
H3 200 css
fonts.googleapis.com/ Frame 1D46 6 KB
707 B 17ms
17ms Stylesheet
text/css 2a00:1450:4001:82b::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto:700|Raleway:600|Rambla:400|Raleway:700

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/4143637017896669729/c652681c625a2ec74960131ebe0d38c5.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

c052364ed865136f66ec36de2a0d240a6585634ea4031e7e35f0d17735552090

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Thu, 13 Oct 2022 20:19:50 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Thu, 13 Oct 2022 18:32:57 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 13 Oct 2022 20:19:50 GMT

GET
H3 200 3fc2620d53116761eb468cc23f47a6b6.jpg
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/4143637017896669729/media/ Frame 1D46 8 KB
8 KB 11ms
10ms Image
image/jpeg 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/4143637017896669729/media/3fc2620d53116761eb468cc23f47a6b6.jpg

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/4143637017896669729/index.html?v=b208246486

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9f51730811a340f97e64bb16ca0ed08cd2fad7f65d0ac9e46615cdc1e51a51e3

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
date: Fri, 07 Oct 2022 07:03:40 GMT
x-content-type-options: nosniff
age: 566170
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8256
x-xss-protection: 0
last-modified: Fri, 30 Sep 2022 14:05:56 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Sat, 07 Oct 2023 07:03:40 GMT

GET
H3 200 b742e3253ae5c8aa2a6b2dd07d44509c.svg
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/4143637017896669729/media/ Frame 1D46 349 B
285 B 10ms
9ms Image
image/svg+xml 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/4143637017896669729/media/b742e3253ae5c8aa2a6b2dd07d44509c.svg

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/4143637017896669729/index.html?v=b208246486

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

93a1bbc4047eee67ad987ded9d6f4fbd54947e4630bd18198de6d5f1e899a3db

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
content-encoding: gzip
x-content-type-options: nosniff
date: Thu, 06 Oct 2022 23:31:10 GMT
age: 593320
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 255
x-xss-protection: 0
last-modified: Fri, 30 Sep 2022 14:05:56 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Fri, 06 Oct 2023 23:31:10 GMT

GET
H3 200 26dbffe601705652ed15c0387c75ede8.png
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/4143637017896669729/media/ Frame 1D46 3 KB
3 KB 11ms
10ms Image
image/png 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/4143637017896669729/media/26dbffe601705652ed15c0387c75ede8.png

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/4143637017896669729/index.html?v=b208246486

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1402b02d5c31a5b0237379e4359dec18c29a3376a8ce09b0bec89bdc069ade70

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
date: Fri, 07 Oct 2022 07:03:40 GMT
x-content-type-options: nosniff
age: 566170
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2684
x-xss-protection: 0
last-modified: Fri, 30 Sep 2022 14:05:56 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Sat, 07 Oct 2023 07:03:40 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame B986 152 KB
46 KB 28ms
27ms Script
text/javascript 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20221012/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

18ffb82a05bcd7e430f57b9428d2a6990f127948e7ff14d66c3784a84f4330ee

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Thu, 13 Oct 2022 20:19:50 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 47415
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1665574756386403"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Thu, 13 Oct 2022 20:19:50 GMT

GET
H3

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 2BC3
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

0
18 B

23ms
23ms

Document
text/html

2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20221012/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 13 Oct 2022 20:19:51 GMT
expires: Thu, 13 Oct 2022 20:19:51 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
x-content-type-options: nosniff
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 13 Oct 2022 20:19:50 GMT
location: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 cfKUDseLxMX_VMI_uao_rq0MKOaeCrg8GZjSFxmotG8.js Show response
pagead2.googlesyndication.com/bg/ Frame 6393 36 KB
16 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/cfKUDseLxMX_VMI_uao_rq0MKOaeCrg8GZjSFxmotG8.js

Requested by

Host: goo.by
URL: https://goo.by/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

71f2940ec78bc4c5ff54c23fb9aa3faead0c28e69e0ab83c1998d21719a8b46f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Wed, 12 Oct 2022 19:21:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 89875
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 16112
x-xss-protection: 0
last-modified: Tue, 11 Oct 2022 09:38:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 12 Oct 2023 19:21:56 GMT

GET
H3 200 cfKUDseLxMX_VMI_uao_rq0MKOaeCrg8GZjSFxmotG8.js Show response
pagead2.googlesyndication.com/bg/ Frame 1D46 36 KB
16 KB 8ms
8ms Script
text/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/cfKUDseLxMX_VMI_uao_rq0MKOaeCrg8GZjSFxmotG8.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/pagead/gadgets/~b208246486/html5/addata.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

71f2940ec78bc4c5ff54c23fb9aa3faead0c28e69e0ab83c1998d21719a8b46f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Wed, 12 Oct 2022 19:21:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 89875
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 16112
x-xss-protection: 0
last-modified: Tue, 11 Oct 2022 09:38:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 12 Oct 2023 19:21:56 GMT

GET
H3 200 cc2fa6f05f6b7ab36f626f2501931c3a.js Show response
www.gstatic.com/mysidia/ Frame F7DD 10 KB
4 KB 9ms
8ms Script
text/javascript 2a00:1450:4001:80b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/cc2fa6f05f6b7ab36f626f2501931c3a.js?tag=client_fast_engine_2019

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8917830189100721&output=html&h=280&adk=1702659431&adf=3490307744&pi=t.aa~a.3858024354~rp.1&w=1200&fwrn=4&fwrnh=100&lmt=1665692390&rafmt=1&to=qs&pwprc=8236848451&format=1200x280&url=https%3A%2F%2Fgoo.by%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1665692390676&bpp=1&bdt=1048&idt=-M&shv=r20221012&mjsv=m202210060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D23757c34d915940f-2269111a45ce008d%3AT%3D1665692389%3ART%3D1665692389%3AS%3DALNI_MZuR-uRMLDLlo9t60KgQc5vnEZtPw&gpic=UID%3D000005765d427186%3AT%3D1665692389%3ART%3D1665692389%3AS%3DALNI_MZRhe2RxJq9B1pxF8M1w_h6jSihKQ&prev_fmts=0x0%2C1140x280%2C1200x280&nras=4&correlator=4547817296396&frm=20&pv=1&ga_vid=702951412.1665692390&ga_sid=1665692390&ga_hid=1981127989&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=2351&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C44761792%2C42531705%2C44773613%2C31070256%2C31068920&oid=2&psts=APxP-9AxCmJy-EYb9CvFd_BjHNrrKdmAT0lnqPTQn4DyLiiIXVe19kUz1-1SUCP2vSjQI2JKF4FlaoKoneWx12k&pvsid=3116651609360576&tmod=129102118&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=4&uci=a!4&btvi=2&fsb=1&xpc=9JoctlHcqW&p=https%3A//goo.by&dtd=21

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b5b7440eb01b4db530c8b12650e39b4a3bfb1b49b7518c76b08bb6e8b8434a2f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Fri, 07 Oct 2022 06:21:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 568686
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4312
x-xss-protection: 0
last-modified: Fri, 07 Oct 2022 06:02:48 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Thu, 05 Jan 2023 06:21:45 GMT

GET
H3 200 9a8178d18d321307744a4c8ce46adea2.js Show response
www.gstatic.com/mysidia/ Frame F7DD 10 KB
4 KB 12ms
11ms Script
text/javascript 2a00:1450:4001:80b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/9a8178d18d321307744a4c8ce46adea2.js?tag=text/vanilla_highlight

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

311d6e0a623475d73c35b2a61232ef0621db876a120cf7069721cb04f06ad003

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Fri, 07 Oct 2022 07:10:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 565782
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4293
x-xss-protection: 0
last-modified: Fri, 07 Oct 2022 06:02:48 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Thu, 05 Jan 2023 07:10:09 GMT

GET
H3 200 css
fonts.googleapis.com/ Frame F7DD 8 KB
895 B 22ms
21ms Stylesheet
text/css 2a00:1450:4001:82b::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

a84fb0803620acdf77c0f41d652eb5538002ed610424bd0be051203ee50cf940

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Thu, 13 Oct 2022 20:19:51 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Thu, 13 Oct 2022 18:59:31 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 13 Oct 2022 20:19:51 GMT

GET
H3 200 load_preloaded_resource_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20221012/r20110914/client/ Frame F7DD 2 KB
903 B 8ms
7ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20221012/r20110914/client/load_preloaded_resource_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

981c0bff12cb03203363a70e8ffe9b7fdf4af3b0b10c7a02a639eb13327574c0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Thu, 13 Oct 2022 18:57:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 4935
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 875
x-xss-protection: 0
server: cafe
etag: 16974406330603315520
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 27 Oct 2022 18:57:36 GMT

GET
H3 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20221012/r20110914/ Frame F7DD 23 KB
9 KB 9ms
8ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20221012/r20110914/abg_lite_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

733b81ca611521c0c5664701f060df9d5486014c1dba79acb22269bfc9e06d0a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Thu, 13 Oct 2022 18:57:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 4935
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9578
x-xss-protection: 0
server: cafe
etag: 2674910403068493586
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 27 Oct 2022 18:57:36 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20221012/r20110914/client/ Frame F7DD 3 KB
1 KB 9ms
8ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20221012/r20110914/client/window_focus_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8aa048082094d36080fc028ab1584264596c64fb5b362038c4761ac9838d6b14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Thu, 13 Oct 2022 18:55:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 5080
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1359
x-xss-protection: 0
server: cafe
etag: 1484984001845508991
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 27 Oct 2022 18:55:11 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20221012/r20110914/client/ Frame F7DD 17 KB
7 KB 9ms
9ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20221012/r20110914/client/qs_click_protection_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b7e54c08be2d3028420666e9aca9074537fb351e2ece4e32b925ffca1840ce12

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Thu, 13 Oct 2022 18:55:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 5080
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7570
x-xss-protection: 0
server: cafe
etag: 17992891929817281641
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 27 Oct 2022 18:55:11 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame F7DD 0
0 16ms
15ms Image
text/html 2a00:1450:4001:830::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaTi6fl_xOeJTjc3nsGlPEqjo5vWRR_ggw7YqJ37xtGBxIV7_nEM-xXn-0mPCS_j8iWdUZEXe76axYOBJaIsWCRx6CZF1A
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8917830189100721&output=html&h=280&adk=1702659431&adf=3490307744&pi=t.aa~a.3858024354~rp.1&w=1200&fwrn=4&fwrnh=100&lmt=1665692390&rafmt=1&to=qs&pwprc=8236848451&format=1200x280&url=https%3A%2F%2Fgoo.by%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1665692390676&bpp=1&bdt=1048&idt=-M&shv=r20221012&mjsv=m202210060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D23757c34d915940f-2269111a45ce008d%3AT%3D1665692389%3ART%3D1665692389%3AS%3DALNI_MZuR-uRMLDLlo9t60KgQc5vnEZtPw&gpic=UID%3D000005765d427186%3AT%3D1665692389%3ART%3D1665692389%3AS%3DALNI_MZRhe2RxJq9B1pxF8M1w_h6jSihKQ&prev_fmts=0x0%2C1140x280%2C1200x280&nras=4&correlator=4547817296396&frm=20&pv=1&ga_vid=702951412.1665692390&ga_sid=1665692390&ga_hid=1981127989&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=2351&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C44761792%2C42531705%2C44773613%2C31070256%2C31068920&oid=2&psts=APxP-9AxCmJy-EYb9CvFd_BjHNrrKdmAT0lnqPTQn4DyLiiIXVe19kUz1-1SUCP2vSjQI2JKF4FlaoKoneWx12k&pvsid=3116651609360576&tmod=129102118&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=4&uci=a!4&btvi=2&fsb=1&xpc=9JoctlHcqW&p=https%3A//goo.by&dtd=21
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:830::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame F7DD 152 KB
46 KB 23ms
22ms Script
text/javascript 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

18ffb82a05bcd7e430f57b9428d2a6990f127948e7ff14d66c3784a84f4330ee

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Thu, 13 Oct 2022 20:19:51 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 47415
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1665574756386403"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Thu, 13 Oct 2022 20:19:51 GMT

GET
H3 200 fed584b8ce81e04d8838584f2ea59ee6.js Show response
www.gstatic.com/mysidia/ Frame F7DD 33 KB
13 KB 9ms
8ms Script
text/javascript 2a00:1450:4001:80b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/fed584b8ce81e04d8838584f2ea59ee6.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2d52560a0b97222a18a95c89256d89765d3d821699eebc14213d531c2a93adb5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Thu, 13 Oct 2022 00:06:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 72805
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13787
x-xss-protection: 0
last-modified: Wed, 12 Oct 2022 23:46:29 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Wed, 11 Jan 2023 00:06:26 GMT

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame F7DD 0
0 84ms
84ms Fetch
text/html 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=C2Hrv5nJIY9_1LKbI1fAP9eyn6AuKppzhbKz0x4G1D5v08NzTLxABIIva-xxglQKgAaTdmosDyAEBqAMByAPLBKoEuAFP0JMtrWFjJ5P9hmEaSYXJA-1RuumIWViYR0uj8lus8FfpROscyfj3GsB349hp0pH5xXO-yEKRwxYurR0ZcsNhlli0elFCksjvU9TBXvvOFYiUYZi9h4O8Mx7iI6QXQfqVEuvPWFauDebT7fLXTgjhzZbm0olZe-iXs1lmTBoOocVGIzVIi-jzV9r4CWMIIl1hhvlC0Q_yH9myEFYxoij7nJLEz-PzmCDgVNSwCI2kXT3oa4pGYanXwATOhbXPwQOSBQQIBBgBkgUECAUYBIAHxKLldKgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4b2AcB8gcDEJA10ggRCIDhgBAQARgfMgKqAjoCgECACgHICwHYEwyIFAHQFQGAFwGyFxwKGggAEhRwdWItODkxNzgzMDE4OTEwMDcyMRgA&sigh=YHQmR_HwVyc&uach_m=[UACH]

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8917830189100721&output=html&h=280&adk=1702659431&adf=3490307744&pi=t.aa~a.3858024354~rp.1&w=1200&fwrn=4&fwrnh=100&lmt=1665692390&rafmt=1&to=qs&pwprc=8236848451&format=1200x280&url=https%3A%2F%2Fgoo.by%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1665692390676&bpp=1&bdt=1048&idt=-M&shv=r20221012&mjsv=m202210060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D23757c34d915940f-2269111a45ce008d%3AT%3D1665692389%3ART%3D1665692389%3AS%3DALNI_MZuR-uRMLDLlo9t60KgQc5vnEZtPw&gpic=UID%3D000005765d427186%3AT%3D1665692389%3ART%3D1665692389%3AS%3DALNI_MZRhe2RxJq9B1pxF8M1w_h6jSihKQ&prev_fmts=0x0%2C1140x280%2C1200x280&nras=4&correlator=4547817296396&frm=20&pv=1&ga_vid=702951412.1665692390&ga_sid=1665692390&ga_hid=1981127989&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=2351&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C44761792%2C42531705%2C44773613%2C31070256%2C31068920&oid=2&psts=APxP-9AxCmJy-EYb9CvFd_BjHNrrKdmAT0lnqPTQn4DyLiiIXVe19kUz1-1SUCP2vSjQI2JKF4FlaoKoneWx12k&pvsid=3116651609360576&tmod=129102118&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=4&uci=a!4&btvi=2&fsb=1&xpc=9JoctlHcqW&p=https%3A//goo.by&dtd=21
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Thu, 13 Oct 2022 20:19:51 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
H3 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 2953 143 B
166 B 8ms
7ms Document
text/html 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8917830189100721&output=html&h=280&adk=1702659431&adf=3490307744&pi=t.aa~a.3858024354~rp.1&w=1200&fwrn=4&fwrnh=100&lmt=1665692390&rafmt=1&to=qs&pwprc=8236848451&format=1200x280&url=https%3A%2F%2Fgoo.by%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1665692390676&bpp=1&bdt=1048&idt=-M&shv=r20221012&mjsv=m202210060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D23757c34d915940f-2269111a45ce008d%3AT%3D1665692389%3ART%3D1665692389%3AS%3DALNI_MZuR-uRMLDLlo9t60KgQc5vnEZtPw&gpic=UID%3D000005765d427186%3AT%3D1665692389%3ART%3D1665692389%3AS%3DALNI_MZRhe2RxJq9B1pxF8M1w_h6jSihKQ&prev_fmts=0x0%2C1140x280%2C1200x280&nras=4&correlator=4547817296396&frm=20&pv=1&ga_vid=702951412.1665692390&ga_sid=1665692390&ga_hid=1981127989&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=2351&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C44761792%2C42531705%2C44773613%2C31070256%2C31068920&oid=2&psts=APxP-9AxCmJy-EYb9CvFd_BjHNrrKdmAT0lnqPTQn4DyLiiIXVe19kUz1-1SUCP2vSjQI2JKF4FlaoKoneWx12k&pvsid=3116651609360576&tmod=129102118&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=4&uci=a!4&btvi=2&fsb=1&xpc=9JoctlHcqW&p=https%3A//goo.by&dtd=21
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 269
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=3600
content-encoding: gzip
content-length: 145
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 13 Oct 2022 20:15:22 GMT
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame EBA4 1 KB
643 B 9ms
8ms Document
text/html 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 10481
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=86400
content-encoding: br
content-length: 618
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 13 Oct 2022 17:25:10 GMT
etag: 48472445140208031
expires: Fri, 14 Oct 2022 17:25:10 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame F7DD 211 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 577560a51a44836c637574cdcf5e6cacd9c7a856c7b13703c7da1421593f4949

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 cc2fa6f05f6b7ab36f626f2501931c3a.js Show response
www.gstatic.com/mysidia/ Frame 5C07 10 KB
4 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:80b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/cc2fa6f05f6b7ab36f626f2501931c3a.js?tag=client_fast_engine_2019

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8917830189100721&output=html&h=280&adk=2121410139&adf=2209210727&pi=t.aa~a.914634892~rp.4&w=1140&fwrn=4&fwrnh=100&lmt=1665692390&rafmt=1&to=qs&pwprc=8236848451&format=1140x280&url=https%3A%2F%2Fgoo.by%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1665692390676&bpp=1&bdt=1048&idt=-M&shv=r20221012&mjsv=m202210060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D23757c34d915940f-2269111a45ce008d%3AT%3D1665692389%3ART%3D1665692389%3AS%3DALNI_MZuR-uRMLDLlo9t60KgQc5vnEZtPw&gpic=UID%3D000005765d427186%3AT%3D1665692389%3ART%3D1665692389%3AS%3DALNI_MZRhe2RxJq9B1pxF8M1w_h6jSihKQ&prev_fmts=0x0%2C1140x280%2C1200x280%2C1200x280%2C1200x280&nras=6&correlator=4547817296396&frm=20&pv=1&ga_vid=702951412.1665692390&ga_sid=1665692390&ga_hid=1981127989&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=230&ady=4151&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C44761792%2C42531705%2C44773613%2C31070256%2C31068920&oid=2&psts=APxP-9AxCmJy-EYb9CvFd_BjHNrrKdmAT0lnqPTQn4DyLiiIXVe19kUz1-1SUCP2vSjQI2JKF4FlaoKoneWx12k&pvsid=3116651609360576&tmod=129102118&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=6&uci=a!6&btvi=4&fsb=1&xpc=xHzBud3BhZ&p=https%3A//goo.by&dtd=28

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b5b7440eb01b4db530c8b12650e39b4a3bfb1b49b7518c76b08bb6e8b8434a2f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Fri, 07 Oct 2022 06:21:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 568686
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4312
x-xss-protection: 0
last-modified: Fri, 07 Oct 2022 06:02:48 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Thu, 05 Jan 2023 06:21:45 GMT

GET
H3 200 9a8178d18d321307744a4c8ce46adea2.js Show response
www.gstatic.com/mysidia/ Frame 5C07 10 KB
4 KB 10ms
9ms Script
text/javascript 2a00:1450:4001:80b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/9a8178d18d321307744a4c8ce46adea2.js?tag=text/vanilla_highlight

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

311d6e0a623475d73c35b2a61232ef0621db876a120cf7069721cb04f06ad003

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Fri, 07 Oct 2022 07:10:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 565782
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4293
x-xss-protection: 0
last-modified: Fri, 07 Oct 2022 06:02:48 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Thu, 05 Jan 2023 07:10:09 GMT

GET
H3 200 css
fonts.googleapis.com/ Frame 5C07 8 KB
895 B 19ms
19ms Stylesheet
text/css 2a00:1450:4001:82b::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

a84fb0803620acdf77c0f41d652eb5538002ed610424bd0be051203ee50cf940

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Thu, 13 Oct 2022 20:19:51 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Thu, 13 Oct 2022 20:03:05 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 13 Oct 2022 20:19:51 GMT

GET
H3 200 load_preloaded_resource_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20221012/r20110914/client/ Frame 5C07 2 KB
903 B 8ms
6ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20221012/r20110914/client/load_preloaded_resource_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

981c0bff12cb03203363a70e8ffe9b7fdf4af3b0b10c7a02a639eb13327574c0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Thu, 13 Oct 2022 18:57:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 4935
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 875
x-xss-protection: 0
server: cafe
etag: 16974406330603315520
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 27 Oct 2022 18:57:36 GMT

GET
H3 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20221012/r20110914/ Frame 5C07 23 KB
9 KB 8ms
8ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20221012/r20110914/abg_lite_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

733b81ca611521c0c5664701f060df9d5486014c1dba79acb22269bfc9e06d0a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Thu, 13 Oct 2022 18:57:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 4935
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9578
x-xss-protection: 0
server: cafe
etag: 2674910403068493586
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 27 Oct 2022 18:57:36 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20221012/r20110914/client/ Frame 5C07 3 KB
1 KB 9ms
8ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20221012/r20110914/client/window_focus_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8aa048082094d36080fc028ab1584264596c64fb5b362038c4761ac9838d6b14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Thu, 13 Oct 2022 18:55:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 5080
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1359
x-xss-protection: 0
server: cafe
etag: 1484984001845508991
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 27 Oct 2022 18:55:11 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20221012/r20110914/client/ Frame 5C07 17 KB
7 KB 9ms
8ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20221012/r20110914/client/qs_click_protection_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b7e54c08be2d3028420666e9aca9074537fb351e2ece4e32b925ffca1840ce12

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Thu, 13 Oct 2022 18:55:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 5080
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7570
x-xss-protection: 0
server: cafe
etag: 17992891929817281641
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 27 Oct 2022 18:55:11 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame 5C07 0
0 22ms
21ms Image
text/html 2a00:1450:4001:830::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaQNLINcs6hNM9esnRHL46aFl2PvMDSbmaPKCsIiO0pJkIooQjquf9w5C0VmN9HMEeUWfMk3O5cSbu7carQyOhwZI8dzcQ
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8917830189100721&output=html&h=280&adk=2121410139&adf=2209210727&pi=t.aa~a.914634892~rp.4&w=1140&fwrn=4&fwrnh=100&lmt=1665692390&rafmt=1&to=qs&pwprc=8236848451&format=1140x280&url=https%3A%2F%2Fgoo.by%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1665692390676&bpp=1&bdt=1048&idt=-M&shv=r20221012&mjsv=m202210060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D23757c34d915940f-2269111a45ce008d%3AT%3D1665692389%3ART%3D1665692389%3AS%3DALNI_MZuR-uRMLDLlo9t60KgQc5vnEZtPw&gpic=UID%3D000005765d427186%3AT%3D1665692389%3ART%3D1665692389%3AS%3DALNI_MZRhe2RxJq9B1pxF8M1w_h6jSihKQ&prev_fmts=0x0%2C1140x280%2C1200x280%2C1200x280%2C1200x280&nras=6&correlator=4547817296396&frm=20&pv=1&ga_vid=702951412.1665692390&ga_sid=1665692390&ga_hid=1981127989&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=230&ady=4151&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C44761792%2C42531705%2C44773613%2C31070256%2C31068920&oid=2&psts=APxP-9AxCmJy-EYb9CvFd_BjHNrrKdmAT0lnqPTQn4DyLiiIXVe19kUz1-1SUCP2vSjQI2JKF4FlaoKoneWx12k&pvsid=3116651609360576&tmod=129102118&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=6&uci=a!6&btvi=4&fsb=1&xpc=xHzBud3BhZ&p=https%3A//goo.by&dtd=28
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:830::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 5C07 152 KB
46 KB 24ms
24ms Script
text/javascript 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

18ffb82a05bcd7e430f57b9428d2a6990f127948e7ff14d66c3784a84f4330ee

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Thu, 13 Oct 2022 20:19:51 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 47415
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1665574756386403"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Thu, 13 Oct 2022 20:19:51 GMT

GET
H3 200 fed584b8ce81e04d8838584f2ea59ee6.js Show response
www.gstatic.com/mysidia/ Frame 5C07 33 KB
13 KB 10ms
9ms Script
text/javascript 2a00:1450:4001:80b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/fed584b8ce81e04d8838584f2ea59ee6.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2d52560a0b97222a18a95c89256d89765d3d821699eebc14213d531c2a93adb5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Thu, 13 Oct 2022 00:06:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 72805
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13787
x-xss-protection: 0
last-modified: Wed, 12 Oct 2022 23:46:29 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Wed, 11 Jan 2023 00:06:26 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame EBA4
Redirect Chain

https://um.simpli.fi/gp_match?google_gid=CAESEJsPog6jmIclcgEKU7MMTIk&google_cver=1&google_push=AZmPxg8WGbaf5XJ_AU_54DXy80eNQ9NaYff_l6rdp7gI6kISb9uNTIwowUZW8wcVlP5awgFOQp3xpA_Adk-g5cvKAaeJy8xIg3dLZPI
https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=3BED495F62C04426876779B3D9227160&google_push=AZmPxg8WGbaf5XJ_AU_54DXy80eNQ9NaYff_l6rdp7gI6kISb9uNTIwowUZW8wcVlP5awgFOQp3xpA_Adk-g5cv...

170 B
188 B

19ms
18ms

Image
image/png

142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=3BED495F62C04426876779B3D9227160&google_push=AZmPxg8WGbaf5XJ_AU_54DXy80eNQ9NaYff_l6rdp7gI6kISb9uNTIwowUZW8wcVlP5awgFOQp3xpA_Adk-g5cvKAaeJy8xIg3dLZPI

Requested by

Host: goo.by
URL: https://goo.by/

Protocol

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 13 Oct 2022 20:19:51 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Thu, 13 Oct 2022 20:19:51 GMT
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-content-type-options: nosniff
server: openresty
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/html
location: https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=3BED495F62C04426876779B3D9227160&google_push=AZmPxg8WGbaf5XJ_AU_54DXy80eNQ9NaYff_l6rdp7gI6kISb9uNTIwowUZW8wcVlP5awgFOQp3xpA_Adk-g5cvKAaeJy8xIg3dLZPI
access-control-allow-origin: *
cache-control: no-cache
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length: 142
expires: Wed, 12 Oct 2022 20:19:51 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame EBA4
Redirect Chain

https://x.bidswitch.net/sync?ssp=google&google_gid=CAESEMEhGPn4ewuyifOwkvugxIM&google_cver=1&google_push=AZmPxg8c1Hc0qVWy4wTtVWcJC0buOZ6V8VBv_tuklpWHsKj165doht6hQUMVHWghnsv0ZTw3SitllurWyu18HGIkwr-c...
https://x.bidswitch.net/ul_cb/sync?ssp=google&google_gid=CAESEMEhGPn4ewuyifOwkvugxIM&google_cver=1&google_push=AZmPxg8c1Hc0qVWy4wTtVWcJC0buOZ6V8VBv_tuklpWHsKj165doht6hQUMVHWghnsv0ZTw3SitllurWyu18HG...
https://cm.g.doubleclick.net/pixel?google_nid=bdsw&google_push=AZmPxg8c1Hc0qVWy4wTtVWcJC0buOZ6V8VBv_tuklpWHsKj165doht6hQUMVHWghnsv0ZTw3SitllurWyu18HGIkwr-cgCWGKK8XPy0&google_hm=W2ZHh111Qf2lZoUm6Mfn...

170 B
188 B

18ms
17ms

Image
image/png

142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=bdsw&google_push=AZmPxg8c1Hc0qVWy4wTtVWcJC0buOZ6V8VBv_tuklpWHsKj165doht6hQUMVHWghnsv0ZTw3SitllurWyu18HGIkwr-cgCWGKK8XPy0&google_hm=W2ZHh111Qf2lZoUm6MfnQA==

Requested by

Host: goo.by
URL: https://goo.by/

Protocol

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 13 Oct 2022 20:19:51 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: //cm.g.doubleclick.net/pixel?google_nid=bdsw&google_push=AZmPxg8c1Hc0qVWy4wTtVWcJC0buOZ6V8VBv_tuklpWHsKj165doht6hQUMVHWghnsv0ZTw3SitllurWyu18HGIkwr-cgCWGKK8XPy0&google_hm=W2ZHh111Qf2lZoUm6MfnQA==
Date: Thu, 13 Oct 2022 20:19:51 GMT
Cache-Control: no-cache, no-store, must-revalidate
Connection: keep-alive
Content-Length: 0

GET
H2 200 sync
odr.mookie1.com/t/v2/ Frame EBA4 43 B
356 B 77ms
30ms Image
image/gif 34.98.67.61
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://odr.mookie1.com/t/v2/sync?tagid=V2_4531&src.visitorid=CAESEDbwX_dEpMs7FzSg-KYEB30&google_push=AZmPxg8JEm4y3DVF4uqJj1CxJOORfOncNt-GtZo7zqlQ4LNV9qD1cPnyZ8Xg1qJiNaH9IQA7v5E7pjdcXJuwma4mNyMhJNNo4of2Upo&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8917830189100721&output=html&h=280&adk=1702659431&adf=3490307744&pi=t.aa~a.3858024354~rp.1&w=1200&fwrn=4&fwrnh=100&lmt=1665692390&rafmt=1&to=qs&pwprc=8236848451&format=1200x280&url=https%3A%2F%2Fgoo.by%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1665692390676&bpp=1&bdt=1048&idt=-M&shv=r20221012&mjsv=m202210060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D23757c34d915940f-2269111a45ce008d%3AT%3D1665692389%3ART%3D1665692389%3AS%3DALNI_MZuR-uRMLDLlo9t60KgQc5vnEZtPw&gpic=UID%3D000005765d427186%3AT%3D1665692389%3ART%3D1665692389%3AS%3DALNI_MZRhe2RxJq9B1pxF8M1w_h6jSihKQ&prev_fmts=0x0%2C1140x280%2C1200x280&nras=4&correlator=4547817296396&frm=20&pv=1&ga_vid=702951412.1665692390&ga_sid=1665692390&ga_hid=1981127989&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=2351&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C44761792%2C42531705%2C44773613%2C31070256%2C31068920&oid=2&psts=APxP-9AxCmJy-EYb9CvFd_BjHNrrKdmAT0lnqPTQn4DyLiiIXVe19kUz1-1SUCP2vSjQI2JKF4FlaoKoneWx12k&pvsid=3116651609360576&tmod=129102118&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=4&uci=a!4&btvi=2&fsb=1&xpc=9JoctlHcqW&p=https%3A//goo.by&dtd=21
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.98.67.61 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 61.67.98.34.bc.googleusercontent.com
Software: Apache /
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 13 Oct 2022 20:19:51 GMT
via: 1.1 google
server: Apache
content-type: image/gif;charset=UTF-8
p3p: CP="NON DSP COR NID CURa PSAa PSDa OUR STP UNI COM NAV STA LOC OTC",policyref="/w3c/p3p.xml"
cache-control: no-cache, no-store, must-revalidate
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
x-application-context: application
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame EBA4
Redirect Chain

https://c1.adform.net/serving/cookie/match/?party=1&google_gid=CAESEI93Zwx8laaib3y5nUvlAMs&google_cver=1&google_push=AZmPxg-YxJG6eyKvyZWF0R1r607YRG_NfZZ6HNNehU4_Vtr6EWxQ5dLAE5E3p4Q0rY1HQQ1_drpsQp5Y...
https://c1.adform.net/serving/cookie/match/?CC=1&party=1&google_gid=CAESEI93Zwx8laaib3y5nUvlAMs&google_cver=1&google_push=AZmPxg-YxJG6eyKvyZWF0R1r607YRG_NfZZ6HNNehU4_Vtr6EWxQ5dLAE5E3p4Q0rY1HQQ1_drp...
https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=Njg0NjgxNjY1Mzg0MDI0OTM&google_push=AZmPxg-YxJG6eyKvyZWF0R1r607YRG_NfZZ6HNNehU4_Vtr6EWxQ5dLAE5E3p4Q0rY1HQQ1_drpsQp5Yk...

170 B
188 B

21ms
21ms

Image
image/png

142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=Njg0NjgxNjY1Mzg0MDI0OTM&google_push=AZmPxg-YxJG6eyKvyZWF0R1r607YRG_NfZZ6HNNehU4_Vtr6EWxQ5dLAE5E3p4Q0rY1HQQ1_drpsQp5Yk8eM1GTMHOeiNcBgXLMs2N8

Requested by

Host: goo.by
URL: https://goo.by/

Protocol

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 13 Oct 2022 20:19:51 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 13 Oct 2022 20:19:51 GMT
strict-transport-security: max-age=31536000; includeSubDomains
server: nginx
access-control-max-age: 86400
access-control-allow-methods: GET
location: https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=Njg0NjgxNjY1Mzg0MDI0OTM&google_push=AZmPxg-YxJG6eyKvyZWF0R1r607YRG_NfZZ6HNNehU4_Vtr6EWxQ5dLAE5E3p4Q0rY1HQQ1_drpsQp5Yk8eM1GTMHOeiNcBgXLMs2N8
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
content-length: 0
expires: -1

GET
H2 200 dds
rtb.openx.net/sync/ Frame EBA4 43 B
351 B 63ms
16ms Image
image/gif 35.186.253.211
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb.openx.net/sync/dds?google_gid=CAESEPCMX5S6RHb1Oczz7HdNis4&google_cver=1&google_push=AZmPxg9K4kSF66Hn-or3h27tDsSWd0NfDCBoFD-i7xeRyZre064IMVzrUaar_3HMc9sF4Wr5o8-v_7c3V_z3gz6cgIu7pFU0JGDhZg
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8917830189100721&output=html&h=280&adk=1702659431&adf=3490307744&pi=t.aa~a.3858024354~rp.1&w=1200&fwrn=4&fwrnh=100&lmt=1665692390&rafmt=1&to=qs&pwprc=8236848451&format=1200x280&url=https%3A%2F%2Fgoo.by%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1665692390676&bpp=1&bdt=1048&idt=-M&shv=r20221012&mjsv=m202210060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D23757c34d915940f-2269111a45ce008d%3AT%3D1665692389%3ART%3D1665692389%3AS%3DALNI_MZuR-uRMLDLlo9t60KgQc5vnEZtPw&gpic=UID%3D000005765d427186%3AT%3D1665692389%3ART%3D1665692389%3AS%3DALNI_MZRhe2RxJq9B1pxF8M1w_h6jSihKQ&prev_fmts=0x0%2C1140x280%2C1200x280&nras=4&correlator=4547817296396&frm=20&pv=1&ga_vid=702951412.1665692390&ga_sid=1665692390&ga_hid=1981127989&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=2351&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C44761792%2C42531705%2C44773613%2C31070256%2C31068920&oid=2&psts=APxP-9AxCmJy-EYb9CvFd_BjHNrrKdmAT0lnqPTQn4DyLiiIXVe19kUz1-1SUCP2vSjQI2JKF4FlaoKoneWx12k&pvsid=3116651609360576&tmod=129102118&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=4&uci=a!4&btvi=2&fsb=1&xpc=9JoctlHcqW&p=https%3A//goo.by&dtd=21
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.186.253.211 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 211.253.186.35.bc.googleusercontent.com
Software: Cowboy /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 13 Oct 2022 20:19:51 GMT
via: 1.1 google
server: Cowboy
vary: Origin
p3p: CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin: null
access-control-expose-headers
cache-control: private, max-age=0, no-cache, must-revalidate
access-control-allow-credentials: true
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
x-request-id: hc7pk7d1m32ba7v72v3slhkkm8vaso0f

GET
H2

200

pixel
cm.g.doubleclick.net/ Frame EBA4
Redirect Chain

https://s.ad.smaato.net/c/n///-?adNetInit=g&google_gid=CAESEPWjzTUdeJXRmXwZFW9TztA&google_cver=1&google_push=AZmPxg_AaZELtxKQyQ_t2yCG6wVmMbbN5zMHhhgGV3e8swv0cejNpM3jjiy-wePoDq8p0R6Yjd3HBXnySFRO56V1...
https://cm.g.doubleclick.net/pixel?google_nid=smaato&google_push=AZmPxg_AaZELtxKQyQ_t2yCG6wVmMbbN5zMHhhgGV3e8swv0cejNpM3jjiy-wePoDq8p0R6Yjd3HBXnySFRO56V1Q1N1vl8OkQiyafs

170 B
329 B

24ms
19ms

Image
image/png

142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=smaato&google_push=AZmPxg_AaZELtxKQyQ_t2yCG6wVmMbbN5zMHhhgGV3e8swv0cejNpM3jjiy-wePoDq8p0R6Yjd3HBXnySFRO56V1Q1N1vl8OkQiyafs

Requested by

Protocol

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 13 Oct 2022 20:19:51 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Thu, 13 Oct 2022 20:19:51 GMT
via: 1.1 3a21078459f955a33f79dacf082781c4.cloudfront.net (CloudFront)
server: CloudFront
x-amz-cf-pop: FRA56-P5
x-cache: FunctionGeneratedResponse from cloudfront
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location: https://cm.g.doubleclick.net/pixel?google_nid=smaato&google_push=AZmPxg_AaZELtxKQyQ_t2yCG6wVmMbbN5zMHhhgGV3e8swv0cejNpM3jjiy-wePoDq8p0R6Yjd3HBXnySFRO56V1Q1N1vl8OkQiyafs
cache-control: no-cache, must-revalidate
content-length: 0
x-amz-cf-id: 5ADVq3EZ-MroFvU0417atlGulJ3G2YvqTdY37j5IMGiy1fPdw_po8A==

GET
H2

200

pixel
cm.g.doubleclick.net/ Frame EBA4
Redirect Chain

https://onetag-sys.com/match/?int_id=19&redir=1&google_gid=CAESELl3tu7z53n1TzLQoPwCfVU&google_cver=1&google_push=AZmPxg9fdCImR75JWJSXMWZ37tzK74mxsx7oUZ96qujf9NMcrLuoDyV_LsnhrZ25zR5bnmjeJzq6YDFOysCm...
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=AZmPxg9fdCImR75JWJSXMWZ37tzK74mxsx7oUZ96qujf9NMcrLuoDyV_LsnhrZ25zR5bnmjeJzq6YDFOysCmAQEuREl8J3w5rw4Id0Y

170 B
232 B

24ms
19ms

Image
image/png

142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=AZmPxg9fdCImR75JWJSXMWZ37tzK74mxsx7oUZ96qujf9NMcrLuoDyV_LsnhrZ25zR5bnmjeJzq6YDFOysCmAQEuREl8J3w5rw4Id0Y

Requested by

Protocol

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 13 Oct 2022 20:19:51 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=AZmPxg9fdCImR75JWJSXMWZ37tzK74mxsx7oUZ96qujf9NMcrLuoDyV_LsnhrZ25zR5bnmjeJzq6YDFOysCmAQEuREl8J3w5rw4Id0Y
strict-transport-security: max-age=15552000
cache-control: no-transform, no-cache
content-length: 0
p3p: CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'

GET
H2 204 attr
cm.g.doubleclick.net/pixel/ Frame EBA4 0
232 B 50ms
15ms Image
text/html 142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13KY4XFaPm1Qr7NjfH5zfuCBgciymeuANHOt4YltrAQ-Q_O3XP5jvsqV44xUeZ58KtaBRycO

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Thu, 13 Oct 2022 20:19:51 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 2953
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

0
17 B

23ms
23ms

Document
text/html

2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 13 Oct 2022 20:19:51 GMT
expires: Thu, 13 Oct 2022 20:19:51 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
x-content-type-options: nosniff
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 13 Oct 2022 20:19:51 GMT
location: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 4UasrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RPjIUvQ.woff2
fonts.gstatic.com/s/googlesans/v45/ Frame F7DD 28 KB
28 KB 9ms
8ms Font
font/woff2 2a00:1450:4001:811::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/googlesans/v45/4UasrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RPjIUvQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4a6fab14bfe7b33fe5dc5349a2bb3720037e0ed7ebe621b352340f9514d83c08

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://googleads.g.doubleclick.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Wed, 12 Oct 2022 08:44:44 GMT
x-content-type-options: nosniff
age: 128107
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 28288
x-xss-protection: 0
last-modified: Wed, 01 Jun 2022 19:05:56 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 12 Oct 2023 08:44:44 GMT

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame 5C07 0
0 83ms
82ms Fetch
text/html 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=CdE1G5nJIY9PnLKvI1fAPzaSvmA6KppzhbKz0x4G1D5v08NzTLxABIIva-xxglfKqgrQHoAGk3ZqLA8gBAagDAcgDywSqBLgBT9CeR2584TknMcIyCuQZQGRxtaN81LhSz069b_EMHWQ07nZvqcci7IIYQbB_aeLolHUHCP6BHTmXBtRqbiJQRubtCi8dAGuc6sS7zqnMPLLBRyNAG3mW4DZgbwboSPfI41nxkTu-051FQ5e2fPp3SSAU4U2bASSiBJilZSg7gxEi0mQDa1sg_khcdyQPg_7jLolYA03oNq46iwINx69pW7gWBSIMW9g-yiqzVbLS5ogTGjZhixJ-WMAEzoW1z8EDkgUECAQYAZIFBAgFGASAB8Si5XSoB47OG6gHk9gbqAfulrECqAf-nrECqAeko7ECqAfVyRuoB6a-G9gHAfIHAxDiWNIIEQiA4YAQEAEYHzICqgI6AoBAgAoByAsB2BMMiBQB0BUBgBcBshccChoIABIUcHViLTg5MTc4MzAxODkxMDA3MjEYAA&sigh=9lVfTuU6M9I&uach_m=[UACH]

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8917830189100721&output=html&h=280&adk=2121410139&adf=2209210727&pi=t.aa~a.914634892~rp.4&w=1140&fwrn=4&fwrnh=100&lmt=1665692390&rafmt=1&to=qs&pwprc=8236848451&format=1140x280&url=https%3A%2F%2Fgoo.by%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1665692390676&bpp=1&bdt=1048&idt=-M&shv=r20221012&mjsv=m202210060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D23757c34d915940f-2269111a45ce008d%3AT%3D1665692389%3ART%3D1665692389%3AS%3DALNI_MZuR-uRMLDLlo9t60KgQc5vnEZtPw&gpic=UID%3D000005765d427186%3AT%3D1665692389%3ART%3D1665692389%3AS%3DALNI_MZRhe2RxJq9B1pxF8M1w_h6jSihKQ&prev_fmts=0x0%2C1140x280%2C1200x280%2C1200x280%2C1200x280&nras=6&correlator=4547817296396&frm=20&pv=1&ga_vid=702951412.1665692390&ga_sid=1665692390&ga_hid=1981127989&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=230&ady=4151&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C44761792%2C42531705%2C44773613%2C31070256%2C31068920&oid=2&psts=APxP-9AxCmJy-EYb9CvFd_BjHNrrKdmAT0lnqPTQn4DyLiiIXVe19kUz1-1SUCP2vSjQI2JKF4FlaoKoneWx12k&pvsid=3116651609360576&tmod=129102118&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=6&uci=a!6&btvi=4&fsb=1&xpc=xHzBud3BhZ&p=https%3A//goo.by&dtd=28
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Thu, 13 Oct 2022 20:19:51 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
H3 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame E581 143 B
166 B 11ms
8ms Document
text/html 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8917830189100721&output=html&h=280&adk=2121410139&adf=2209210727&pi=t.aa~a.914634892~rp.4&w=1140&fwrn=4&fwrnh=100&lmt=1665692390&rafmt=1&to=qs&pwprc=8236848451&format=1140x280&url=https%3A%2F%2Fgoo.by%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1665692390676&bpp=1&bdt=1048&idt=-M&shv=r20221012&mjsv=m202210060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D23757c34d915940f-2269111a45ce008d%3AT%3D1665692389%3ART%3D1665692389%3AS%3DALNI_MZuR-uRMLDLlo9t60KgQc5vnEZtPw&gpic=UID%3D000005765d427186%3AT%3D1665692389%3ART%3D1665692389%3AS%3DALNI_MZRhe2RxJq9B1pxF8M1w_h6jSihKQ&prev_fmts=0x0%2C1140x280%2C1200x280%2C1200x280%2C1200x280&nras=6&correlator=4547817296396&frm=20&pv=1&ga_vid=702951412.1665692390&ga_sid=1665692390&ga_hid=1981127989&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=230&ady=4151&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C44761792%2C42531705%2C44773613%2C31070256%2C31068920&oid=2&psts=APxP-9AxCmJy-EYb9CvFd_BjHNrrKdmAT0lnqPTQn4DyLiiIXVe19kUz1-1SUCP2vSjQI2JKF4FlaoKoneWx12k&pvsid=3116651609360576&tmod=129102118&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=6&uci=a!6&btvi=4&fsb=1&xpc=xHzBud3BhZ&p=https%3A//goo.by&dtd=28
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 269
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=3600
content-encoding: gzip
content-length: 145
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 13 Oct 2022 20:15:22 GMT
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame CAD0 1 KB
643 B 9ms
7ms Document
text/html 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 10481
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=86400
content-encoding: br
content-length: 618
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 13 Oct 2022 17:25:10 GMT
etag: 48472445140208031
expires: Fri, 14 Oct 2022 17:25:10 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame 5C07 216 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 32bb949f43d67ad140c8fd2c13d9adf6bb9a9d6783f2d9b43d55e58b2579e81c

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 204 current
dclk-match.dotomi.com/match/bounce/ Frame CAD0 0
104 B 99ms
24ms Image
text/plain 2a02:fa8:8806:20::2010
VCLK-EU-SE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dclk-match.dotomi.com/match/bounce/current?networkId=14000&version=1&google_gid=CAESENKdDMZv8SOtbwKScidSkEo&google_cver=1&google_push=AZmPxg-eEx46AULvVLp4leWcg4tszDHHOk6qkzgT236Vvjlw13aEMtf36gKek6dpUGv1GaGySaF8osOAC02VblTUSm_lJwrGnY3-InI
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8917830189100721&output=html&h=280&adk=2121410139&adf=2209210727&pi=t.aa~a.914634892~rp.4&w=1140&fwrn=4&fwrnh=100&lmt=1665692390&rafmt=1&to=qs&pwprc=8236848451&format=1140x280&url=https%3A%2F%2Fgoo.by%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1665692390676&bpp=1&bdt=1048&idt=-M&shv=r20221012&mjsv=m202210060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D23757c34d915940f-2269111a45ce008d%3AT%3D1665692389%3ART%3D1665692389%3AS%3DALNI_MZuR-uRMLDLlo9t60KgQc5vnEZtPw&gpic=UID%3D000005765d427186%3AT%3D1665692389%3ART%3D1665692389%3AS%3DALNI_MZRhe2RxJq9B1pxF8M1w_h6jSihKQ&prev_fmts=0x0%2C1140x280%2C1200x280%2C1200x280%2C1200x280&nras=6&correlator=4547817296396&frm=20&pv=1&ga_vid=702951412.1665692390&ga_sid=1665692390&ga_hid=1981127989&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=230&ady=4151&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C44761792%2C42531705%2C44773613%2C31070256%2C31068920&oid=2&psts=APxP-9AxCmJy-EYb9CvFd_BjHNrrKdmAT0lnqPTQn4DyLiiIXVe19kUz1-1SUCP2vSjQI2JKF4FlaoKoneWx12k&pvsid=3116651609360576&tmod=129102118&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=6&uci=a!6&btvi=4&fsb=1&xpc=xHzBud3BhZ&p=https%3A//goo.by&dtd=28
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2a02:fa8:8806:20::2010 , Singapore, ASN41041 (VCLK-EU-SE, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 13 Oct 2022 20:19:51 GMT
cache-control: no-cache, private, max-age=0, no-store
server: nginx
expires: 0

GET
H2

200

i.match
s.tribalfusion.com/z/ Frame CAD0
Redirect Chain

https://a.tribalfusion.com/i.match?p=b6&u=CAESECWxPnVBWDcg6_QRVeBX9b8&google_cver=1&google_push=AZmPxg8SD6gl0NZ7NP66yJjYMhS6z3xBUdWaHI21SwUbF5UxvqyCt7kgFGG_sqKlUaivVdIksa0FqcUa-Psnhmg1o-sSqSC5uh-3z...
https://s.tribalfusion.com/z/i.match?p=b6&u=CAESECWxPnVBWDcg6_QRVeBX9b8&google_cver=1&google_push=AZmPxg8SD6gl0NZ7NP66yJjYMhS6z3xBUdWaHI21SwUbF5UxvqyCt7kgFGG_sqKlUaivVdIksa0FqcUa-Psnhmg1o-sSqSC5uh-...

43 B
437 B

204ms
193ms

Image
image/gif

2606:4700:4400::ac40:98f5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s.tribalfusion.com/z/i.match?p=b6&u=CAESECWxPnVBWDcg6_QRVeBX9b8&google_cver=1&google_push=AZmPxg8SD6gl0NZ7NP66yJjYMhS6z3xBUdWaHI21SwUbF5UxvqyCt7kgFGG_sqKlUaivVdIksa0FqcUa-Psnhmg1o-sSqSC5uh-3zso&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DAZmPxg8SD6gl0NZ7NP66yJjYMhS6z3xBUdWaHI21SwUbF5UxvqyCt7kgFGG_sqKlUaivVdIksa0FqcUa-Psnhmg1o-sSqSC5uh-3zso%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24
Protocol: H2
Server: 2606:4700:4400::ac40:98f5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 13 Oct 2022 20:19:52 GMT
cf-cache-status: DYNAMIC
x-function: 302
server: cloudflare
content-type: image/gif; charset=utf-8
p3p: CP="NOI DEVo TAIa OUR BUS"
cache-control: no-cache, private
cf-ray: 759ac5c92fe99b33-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 43
expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 13 Oct 2022 20:19:51 GMT
cf-cache-status: DYNAMIC
x-function: 206
server: cloudflare
x-reuse-index: 238
content-type: text/html
location: https://s.tribalfusion.com/z/i.match?p=b6&u=CAESECWxPnVBWDcg6_QRVeBX9b8&google_cver=1&google_push=AZmPxg8SD6gl0NZ7NP66yJjYMhS6z3xBUdWaHI21SwUbF5UxvqyCt7kgFGG_sqKlUaivVdIksa0FqcUa-Psnhmg1o-sSqSC5uh-3zso&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DAZmPxg8SD6gl0NZ7NP66yJjYMhS6z3xBUdWaHI21SwUbF5UxvqyCt7kgFGG_sqKlUaivVdIksa0FqcUa-Psnhmg1o-sSqSC5uh-3zso%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24
p3p: CP="NOI DEVo TAIa OUR BUS"
cache-control: no-cache, private
cf-ray: 759ac5c77c649b33-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 dds
rtb.openx.net/sync/ Frame CAD0 43 B
135 B 20ms
17ms Image
image/gif 35.186.253.211
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb.openx.net/sync/dds?google_gid=CAESEPCMX5S6RHb1Oczz7HdNis4&google_cver=1&google_push=AZmPxg_5-bhfJoWUDCcspZyoQJPbvPwOv5arG_M-qoK5eQ0T3ysoCL2VPhunW_wrbBvhPNlEagJzmAYQb7ZJgCCyN5i__28CPXxJZWw
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8917830189100721&output=html&h=280&adk=2121410139&adf=2209210727&pi=t.aa~a.914634892~rp.4&w=1140&fwrn=4&fwrnh=100&lmt=1665692390&rafmt=1&to=qs&pwprc=8236848451&format=1140x280&url=https%3A%2F%2Fgoo.by%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1665692390676&bpp=1&bdt=1048&idt=-M&shv=r20221012&mjsv=m202210060101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D23757c34d915940f-2269111a45ce008d%3AT%3D1665692389%3ART%3D1665692389%3AS%3DALNI_MZuR-uRMLDLlo9t60KgQc5vnEZtPw&gpic=UID%3D000005765d427186%3AT%3D1665692389%3ART%3D1665692389%3AS%3DALNI_MZRhe2RxJq9B1pxF8M1w_h6jSihKQ&prev_fmts=0x0%2C1140x280%2C1200x280%2C1200x280%2C1200x280&nras=6&correlator=4547817296396&frm=20&pv=1&ga_vid=702951412.1665692390&ga_sid=1665692390&ga_hid=1981127989&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=230&ady=4151&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C44761792%2C42531705%2C44773613%2C31070256%2C31068920&oid=2&psts=APxP-9AxCmJy-EYb9CvFd_BjHNrrKdmAT0lnqPTQn4DyLiiIXVe19kUz1-1SUCP2vSjQI2JKF4FlaoKoneWx12k&pvsid=3116651609360576&tmod=129102118&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=6&uci=a!6&btvi=4&fsb=1&xpc=xHzBud3BhZ&p=https%3A//goo.by&dtd=28
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.186.253.211 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 211.253.186.35.bc.googleusercontent.com
Software: Cowboy /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 13 Oct 2022 20:19:51 GMT
via: 1.1 google
server: Cowboy
vary: Origin
p3p: CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin: null
access-control-expose-headers
cache-control: private, max-age=0, no-cache, must-revalidate
access-control-allow-credentials: true
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
x-request-id: ed9ku9u5q20mvp74c29tm49q7tlan2af

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame CAD0
Redirect Chain

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEKjco14HIKrF957P1Cmw4Z0&google_cver=1&google_push=AZmPxg-72YR9A6R9Ue9S4sB5zQgL-Xmt7TM2sRuCRhXkZVVBbRXG4vQNewKXFm0Yrp1MTLWPhjQ...
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TDk3SThSMDQtMVYtRzNPNw==&google_push=AZmPxg-72YR9A6R9Ue9S4sB5zQgL-Xmt7TM2sRuCRhXkZVVBbRXG4vQNewKXFm0Yrp1MTLWPhjQGRYnDDK1FFpPvuMTkLz-CLJBUpw8

170 B
188 B

17ms
16ms

Image
image/png

142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TDk3SThSMDQtMVYtRzNPNw==&google_push=AZmPxg-72YR9A6R9Ue9S4sB5zQgL-Xmt7TM2sRuCRhXkZVVBbRXG4vQNewKXFm0Yrp1MTLWPhjQGRYnDDK1FFpPvuMTkLz-CLJBUpw8

Requested by

Protocol

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 13 Oct 2022 20:19:51 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Content-Type: text/html
Location: https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TDk3SThSMDQtMVYtRzNPNw==&google_push=AZmPxg-72YR9A6R9Ue9S4sB5zQgL-Xmt7TM2sRuCRhXkZVVBbRXG4vQNewKXFm0Yrp1MTLWPhjQGRYnDDK1FFpPvuMTkLz-CLJBUpw8
Cache-Control: no-cache,no-store,must-revalidate
content-length: 0
X-RPHost: 3bafef7aa4e37890defcd73f0a080481
Expires: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame CAD0
Redirect Chain

https://ap.lijit.com/dsp/google/pixelmatch?google_gid=CAESEG1CJzYLSZ4w4NeKmJEGuo4&google_cver=1&google_push=AZmPxg-htimAcWIVS8aOaY4DDsMvjc2zQmZ2tv1uL4VCnLAR4rlV-j4P69hk4KnX2hPrOTNw58S0h68agXruLx7Hk...
https://ap.lijit.com/dsp/google/pixelmatch?google_gid=CAESEG1CJzYLSZ4w4NeKmJEGuo4&google_cver=1&google_push=AZmPxg-htimAcWIVS8aOaY4DDsMvjc2zQmZ2tv1uL4VCnLAR4rlV-j4P69hk4KnX2hPrOTNw58S0h68agXruLx7Hk...
https://cm.g.doubleclick.net/pixel?google_nid=sovrn&google_push=AZmPxg-htimAcWIVS8aOaY4DDsMvjc2zQmZ2tv1uL4VCnLAR4rlV-j4P69hk4KnX2hPrOTNw58S0h68agXruLx7Hkr5VIly2F3FZp84&google_hm=FedDsGZHm3uzx7XHQ6S...

170 B
188 B

18ms
17ms

Image
image/png

142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=sovrn&google_push=AZmPxg-htimAcWIVS8aOaY4DDsMvjc2zQmZ2tv1uL4VCnLAR4rlV-j4P69hk4KnX2hPrOTNw58S0h68agXruLx7Hkr5VIly2F3FZp84&google_hm=FedDsGZHm3uzx7XHQ6Sb30U7

Requested by

Host: goo.by
URL: https://goo.by/

Protocol

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 13 Oct 2022 20:19:51 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date: Thu, 13 Oct 2022 20:19:51 GMT
Access-Control-Allow-Methods: GET, POST, DELETE, PUT
Location: https://cm.g.doubleclick.net/pixel?google_nid=sovrn&google_push=AZmPxg-htimAcWIVS8aOaY4DDsMvjc2zQmZ2tv1uL4VCnLAR4rlV-j4P69hk4KnX2hPrOTNw58S0h68agXruLx7Hkr5VIly2F3FZp84&google_hm=FedDsGZHm3uzx7XHQ6Sb30U7
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Connection: close
X-Sovrn-Pod: ad_ap4ams1
Access-Control-Allow-Headers: X-Requested-With, Content-Type

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame CAD0
Redirect Chain

https://sync.1rx.io/usersync2/rmpssp?sub=google&redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dr1%26google_push%3D%5BRX_SPD%5D%26google_hm%3D%5BRX_UUID_B64_BIN%5D&google_gid=CAESEI...
https://sync.1rx.io/usersync2/rmpssp?sub=google&zcc=1&google_push=AZmPxg85dfz2cBncP34OA7X83e94mWLBqoc1dxQeYDXdFokYNDE5Twm1XF6Azg0JAgPMQQk7rEoFsekISf73m9Wrp9ULfUdVqYhG3g&redir=https%3A%2F%2Fcm.g.dou...
https://sync.targeting.unrulymedia.com/csync/RX-be871aa6-1735-40c9-9edb-38dc64dc91e5-003?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dr1%26google_push%3DAZmPxg85dfz2cBncP34OA7X83...
https://cm.g.doubleclick.net/pixel?google_nid=r1&google_push=AZmPxg85dfz2cBncP34OA7X83e94mWLBqoc1dxQeYDXdFokYNDE5Twm1XF6Azg0JAgPMQQk7rEoFsekISf73m9Wrp9ULfUdVqYhG3g&google_hm=A76HGqYXNUDJnts43GTckeU

170 B
188 B

17ms
16ms

Image
image/png

142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=r1&google_push=AZmPxg85dfz2cBncP34OA7X83e94mWLBqoc1dxQeYDXdFokYNDE5Twm1XF6Azg0JAgPMQQk7rEoFsekISf73m9Wrp9ULfUdVqYhG3g&google_hm=A76HGqYXNUDJnts43GTckeU

Requested by

Host: goo.by
URL: https://goo.by/

Protocol

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 13 Oct 2022 20:19:51 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=r1&google_push=AZmPxg85dfz2cBncP34OA7X83e94mWLBqoc1dxQeYDXdFokYNDE5Twm1XF6Azg0JAgPMQQk7rEoFsekISf73m9Wrp9ULfUdVqYhG3g&google_hm=A76HGqYXNUDJnts43GTckeU
date: Thu, 13 Oct 2022 20:19:51 GMT
p3p: CP="This is not a P3P policy! See https://www.rhythmone.com/p3p to learn why"
etag: RXbe871aa6173540c99edb38dc64dc91e5003
content-type: text/html

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame CAD0
Redirect Chain

https://secure.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=xandr_eb&google_hm=${BASE64_UID_ENC}&google_gid=CAESEHih4icOs63Ux4BloO41kLo&google_cver=1&google_push=AZmPxg8Z5EstKob1G...
https://secure.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dxandr_eb%26google_hm%3D%24%7BBASE64_UID_ENC%7D%26google_gid%3DCAESEHih4icOs63Ux4BloO41kLo%26goo...
https://cm.g.doubleclick.net/pixel?google_nid=xandr_eb&google_hm=Mjg3MTU3ODgwMjYzNTI0NDQ5MA%3D%3D&google_gid=CAESEHih4icOs63Ux4BloO41kLo&google_cver=1&google_push=AZmPxg8Z5EstKob1GUYYtdTz17cDN9m0Hw...

170 B
188 B

19ms
18ms

Image
image/png

142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=xandr_eb&google_hm=Mjg3MTU3ODgwMjYzNTI0NDQ5MA%3D%3D&google_gid=CAESEHih4icOs63Ux4BloO41kLo&google_cver=1&google_push=AZmPxg8Z5EstKob1GUYYtdTz17cDN9m0Hw7aOzL1jmzuAu2Uop4bnhdTgQEC8FBm0hmoWiCypwk7gX0y1Q8DlOtZYuH0eSGoDCKX_9uy

Requested by

Host: goo.by
URL: https://goo.by/

Protocol

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 13 Oct 2022 20:19:51 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Thu, 13 Oct 2022 20:19:51 GMT
AN-X-Request-Uuid: a4e1772b-8571-48f1-b050-454026547f37
Server: nginx/1.21.3
Content-Type: text/html; charset=utf-8
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Location: https://cm.g.doubleclick.net/pixel?google_nid=xandr_eb&google_hm=Mjg3MTU3ODgwMjYzNTI0NDQ5MA%3D%3D&google_gid=CAESEHih4icOs63Ux4BloO41kLo&google_cver=1&google_push=AZmPxg8Z5EstKob1GUYYtdTz17cDN9m0Hw7aOzL1jmzuAu2Uop4bnhdTgQEC8FBm0hmoWiCypwk7gX0y1Q8DlOtZYuH0eSGoDCKX_9uy
Connection: keep-alive
X-Proxy-Origin: 138.199.38.132; 138.199.38.132; 961.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame CAD0 0
12 B 32ms
15ms Image
text/html 142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13JyuBMkEbtnw4iWG_Td4Ms7TvUItvquQU-KdV1pKW2DGL2sukHo3zZbCaiQwdosb9Z2c8H2YQ

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Thu, 13 Oct 2022 20:19:51 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame E581
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

0
17 B

27ms
27ms

Document
text/html

2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 13 Oct 2022 20:19:51 GMT
expires: Thu, 13 Oct 2022 20:19:51 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
x-content-type-options: nosniff
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 13 Oct 2022 20:19:51 GMT
location: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 cfKUDseLxMX_VMI_uao_rq0MKOaeCrg8GZjSFxmotG8.js Show response
pagead2.googlesyndication.com/bg/ Frame DAF0 36 KB
16 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/cfKUDseLxMX_VMI_uao_rq0MKOaeCrg8GZjSFxmotG8.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

71f2940ec78bc4c5ff54c23fb9aa3faead0c28e69e0ab83c1998d21719a8b46f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Wed, 12 Oct 2022 19:21:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 89875
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 16112
x-xss-protection: 0
last-modified: Tue, 11 Oct 2022 09:38:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 12 Oct 2023 19:21:56 GMT

GET
H3 200 4UasrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RPjIUvQ.woff2
fonts.gstatic.com/s/googlesans/v45/ Frame 5C07 28 KB
28 KB 7ms
7ms Font
font/woff2 2a00:1450:4001:811::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/googlesans/v45/4UasrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RPjIUvQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4a6fab14bfe7b33fe5dc5349a2bb3720037e0ed7ebe621b352340f9514d83c08

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://googleads.g.doubleclick.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Wed, 12 Oct 2022 08:44:44 GMT
x-content-type-options: nosniff
age: 128107
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 28288
x-xss-protection: 0
last-modified: Wed, 01 Jun 2022 19:05:56 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 12 Oct 2023 08:44:44 GMT

GET
H3 200 cfKUDseLxMX_VMI_uao_rq0MKOaeCrg8GZjSFxmotG8.js Show response
pagead2.googlesyndication.com/bg/ Frame 163B 36 KB
16 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/cfKUDseLxMX_VMI_uao_rq0MKOaeCrg8GZjSFxmotG8.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

71f2940ec78bc4c5ff54c23fb9aa3faead0c28e69e0ab83c1998d21719a8b46f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Wed, 12 Oct 2022 19:21:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 89875
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 16112
x-xss-protection: 0
last-modified: Tue, 11 Oct 2022 09:38:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 12 Oct 2023 19:21:56 GMT

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 14 KB
11 KB 40ms
25ms XHR
application/json 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20221012&st=env

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e1bf759294037f19762b2edf27d8bf526a7cd5121b10c996eebf0be8ea8e1f8f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://goo.by/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Thu, 13 Oct 2022 20:19:51 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11270
x-xss-protection: 0

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 9984 42 B
64 B 54ms
45ms Fetch
image/gif 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjstOD-INN4lZDq-MK66ViVH6UOQe4YHZXiFffjI_otnYY-1H4X_5oR7-0kWGUSWezpKsbA5MMylhq6NtguDkvmc-uByhZyH6SaTnRRSM8uzDbs1O9ai_jb1Q4HoKaOJ2cnkZdtI16Q&sai=AMfl-YRCi2NHZJmY6Waa_VNe-zNaCTxKgTKMSMf2wylFDPSHl1Hq1vrlPNnvTnW7BEhXmprDB2LSKx6LqRUfsPw&sig=Cg0ArKJSzOAZdqJCMMxbEAE&id=lidar2&mcvt=1045&p=0,0,280,1140&mtos=1045,1045,1045,1045,1045&tos=1045,0,0,0,0&v=20221012&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=22&adk=2348938529&rs=2&la=1&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&vs=4&r=v&rst=1665692389958&rpt=776&met=mue&wmsd=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 13 Oct 2022 20:19:51 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
6 KB 20ms
19ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://goo.by/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Thu, 13 Oct 2022 20:19:51 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Thu, 13 Oct 2022 20:19:51 GMT

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame CE24 13 KB
5 KB 10ms
7ms Document
text/html 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://goo.by/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 5464
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Thu, 13 Oct 2022 18:48:47 GMT
expires: Fri, 13 Oct 2023 18:48:47 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 aframe Show response
www.google.com/recaptcha/api2/ Frame E8C7 783 B
535 B 20ms
19ms Document
text/html 2a00:1450:4001:830::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

fc4bb854da484940c2bd4bf06fdaa1053bb9a89d2c755c780bd7e14137eda9a2

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-XRbwSGVQp-Q1pLpEDO_U-Q' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://goo.by/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private, max-age=300
content-encoding: gzip
content-length: 513
content-security-policy: script-src 'report-sample' 'nonce-XRbwSGVQp-Q1pLpEDO_U-Q' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Thu, 13 Oct 2022 20:19:51 GMT
expires: Thu, 13 Oct 2022 20:19:51 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame E8C7 0
0 41ms
41ms Image
text/html 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gda_r20221012&jk=3116651609360576&rc=05AHtfOcg-tDGnh82MDJmclAm7pSM6vDNV70PbQNTxjjFwrVfoZ_S_pl8uDQPcOfuInRPj6TsmhhYvm0Gck_XqmMyyBj0Bnm6BjwFGRXB4COK_Jfn0BX70FlJ1ZeYTXHnRcMWYe79azk3q4ewPT_IMQWJgm9QkhaaRQrgWo1_PZOmg11k
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

GET
H3 200 cfKUDseLxMX_VMI_uao_rq0MKOaeCrg8GZjSFxmotG8.js Show response
pagead2.googlesyndication.com/bg/ Frame CE24 36 KB
16 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/cfKUDseLxMX_VMI_uao_rq0MKOaeCrg8GZjSFxmotG8.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

71f2940ec78bc4c5ff54c23fb9aa3faead0c28e69e0ab83c1998d21719a8b46f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Wed, 12 Oct 2022 19:21:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 89875
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 16112
x-xss-protection: 0
last-modified: Tue, 11 Oct 2022 09:38:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 12 Oct 2023 19:21:56 GMT

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame CE24 0
12 B 8ms
7ms Image
text/plain 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?H7KpMg
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Thu, 13 Oct 2022 20:19:52 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ 0
0 45ms
44ms Image
text/html 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gda_r20221012&jk=3116651609360576&bg=!6eql6q7NAAYeOJy_Pjg7ACkAdvg8WnQwTU_2wPdWUoHx8s8uiEiSiI9G9fuq_vUz0QGqjrqLTHCLnAIAAABSUgAAAAdoAQcKAHMhoOkPPY7cCZNdeCrShhdXyCATJui3Luh92GV1aZLIvwxSnnEnC3AObQFXZXqGNbsA-jYNeYCS8qoigGqTEisI4fP8fyZu085StDAaMZLV90WNGfMkXBkiOq9TJx_JQJe2o4o7aUm7pU3ItfGBekwQZF3pmQKNC4Ew1oHW5vLalK5z7dZUksj0JDp9JA88L5ByzUOICVqrNzHeSAjoEWU0MlFmnZh4emW3IkEeVcYgN0UDsl6u1ILswQbcHFZA8vp9aI3ytkeCHf8jFZP955iYtS2LTy1RLdepffpwCGUMeL8ZnkkkWw7lfPhOzTsGT4obBcy8fa3pbrBkswbxLFnEokVSEsTIb1XL9HL5zQz5WU15P32RupptYnSkv3hmywuPHVmgbhk3AAtvwhbypjdOOJyxPF0xFx4Ta6iNqa1iFrefqRC3DmUEmyjjBVjcOs5OU80_Cwt8Ri_1WYUI-kc8VmxJEaWavsBeoxDa3o9x77eQxK02K1bBT73ZS4rReGdw_XWqcy80b3_NM3uLaHwBRfNCf2s3CkLj825Msqi8D85wyQ0jRT7-p-NmQ1S3N2PiiOTmwcKwnWjkNyjRJdt8R03Am5rvjSMJJyKNqqlvbh3HIJ_xlH045tatb1QJzdM4OGa05FR_IdTXT9z6pDdkcpdlGsAEYAyXDZuFpXBaHy78ZU4pwkafsiUCC6yGspBQ6chLjizto2VMIQSr4m4q4lkoQGbLvBVOGTXMG4Amb_MdR5dMK_zlI5iq6sywJNbv0nPpZeg9XEP8ZAP18IBpwTIAnYOsPVlJnru7BNWxIWkVjHgJwJ0fMKQ4tlsSk7vUgHKh_keqMmqcX_9mT9UE4Nw0oThXFqp-H2-ZoQPbQY_Vc_54mQ6Mfp9vFzm9ds7GUkbToH7VP15MeCfiOjnqxE2L_bvm-PBcIybQ7wA5XqbiAnhMjWJu7zMEUMw1fuXtqntsPiyGiO5-KUArl2fdgTfDGHOoPypD98bBgT-3AWlWF6GB3lPId2pmUOwsIU7se6w
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://goo.by/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

Verdicts & Comments Add Verdict or Comment

89 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

29 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
www.google.com/recaptcha	1970-01-20 11:00:44	Name: _GRECAPTCHA Value: 09AHtfOciWpl8Xl8fplK5FFh-8VhBaoj9dprsP7K38wbs9kCtUlQ-Xywd9rGWHJJqICl5R8FSNnw4_U_KHDYkmWT0
goo.by/	1969-12-31 23:59:59	Name: PHPSESSID Value: etde9lhlhvvk9gbntf7rk1mg94
.goo.by/	1970-01-20 16:03:08	Name: __gads Value: ID=23757c34d915940f-2269111a45ce008d:T=1665692389:RT=1665692389:S=ALNI_MZuR-uRMLDLlo9t60KgQc5vnEZtPw
.goo.by/	1970-01-20 16:03:08	Name: __gpi Value: UID=000005765d427186:T=1665692389:RT=1665692389:S=ALNI_MZRhe2RxJq9B1pxF8M1w_h6jSihKQ
.goo.by/	1970-01-20 15:27:08	Name: _ym_uid Value: 16656923908899944
.goo.by/	1970-01-20 15:27:08	Name: _ym_d Value: 1665692390
.mc.yandex.com/	1970-01-20 06:41:32	Name: sync_cookie_csrf Value: 4193174239fake
.goo.by/	1970-01-20 06:42:44	Name: _ym_isad Value: 2
.mc.yandex.by/	1970-01-20 06:41:32	Name: sync_cookie_csrf Value: 1530286267fake
.yandex.com/	1970-01-20 15:27:08	Name: yandexuid Value: 9796936491665692390
.yandex.com/	1970-01-20 15:27:08	Name: yuidss Value: 9796936491665692390
mc.yandex.com/	1969-12-31 23:59:59	Name: yabs-sid Value: 2373101481665692390
.yandex.com/	1970-01-20 16:17:32	Name: i Value: CKs1V49ZJmwZTKBflbhgiXl25Cp073iCSjXMWigEVEAOYk2NRxb77eergD7tl/kWq5V+Hy1XXE1lAM5MPLkunEol1w8=
.yandex.com/	1970-01-20 15:27:08	Name: ymex Value: 1697228390.yrts.1665692390#1697228390.yrtsi.1665692390
.mc.yandex.ru/	1970-01-20 06:41:32	Name: sync_cookie_csrf Value: 3100023101fake
.doubleclick.net/	1970-01-20 16:03:08	Name: IDE Value: AHWqTUntYsfuaiSC84TDtTttn6DFtJ2STJ7GTgIFVINb-QyMhtuMGTfvkrIdqS_y8JY
.doubleclick.net/	1970-01-20 06:41:35	Name: DSID Value: NO_DATA
.adform.net/	1970-01-20 07:26:10	Name: C Value: 1
.bidswitch.net/	1970-01-20 15:27:08	Name: tuuid Value: 5b664787-5d75-41fd-a566-8526e8c7e740
.bidswitch.net/	1970-01-20 15:27:08	Name: c Value: 1665692391
.bidswitch.net/	1970-01-20 15:27:08	Name: tuuid_lu Value: 1665692391
.simpli.fi/	1970-01-20 15:28:34	Name: suid Value: 3BED495F62C04426876779B3D9227160
.adform.net/	1970-01-20 08:07:56	Name: uid Value: 68468166538402493
.bidswitch.net/	1970-01-20 06:41:32	Name: google_push Value: AZmPxg8c1Hc0qVWy4wTtVWcJC0buOZ6V8VBv_tuklpWHsKj165doht6hQUMVHWghnsv0ZTw3SitllurWyu18HGIkwr-cgCWGKK8XPy0
.adnxs.com/	1970-01-20 08:51:08	Name: uuid2 Value: 2871578802635244490
.lijit.com/	1970-01-20 15:27:08	Name: ljt_reader Value: FedDsGZHm3uzx7XHQ6Sb30U7
.1rx.io/	1970-01-20 15:27:08	Name: _rxuuid Value: %7B%22rx_uuid%22%3A%22RX-be871aa6-1735-40c9-9edb-38dc64dc91e5-003%22%7D
.targeting.unrulymedia.com/	1970-01-20 15:27:08	Name: _rxuuid Value: %7B%22rx_uuid%22%3A%22RX-be871aa6-1735-40c9-9edb-38dc64dc91e5-003%22%7D
.tribalfusion.com/	1970-01-20 08:51:08	Name: ANON_ID Value: aInseFqkaHbBykt9ZbxaXJHYef1v9u5Vv984EBIaHdZaOhY3XpehVDDkjjnYNtdMAgQAWRnbV0Yj2Obs4kQmZdd

3 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://mc.yandex.com/sync_cookie_image_decide?token=9790.L7CG3MUSWvvNyvCjuKTUdNdiRSvkWXokoTv5bZiJo7ACUveHjm1z5McSvPKdaia6p73B2qABaDxAwZD-p44eDQ%2C%2C.QK-J5r5vsWMWbS7Z-DcigaQUz7A%2C Message: Failed to load resource: the server responded with a status of 400 ()
network	error	URL: https://mc.yandex.by/sync_cookie_image_decide?token=9790.SiT6sm2JgrGDGj0ndVfhzUxQ2LOQPPN_xPvnFYTP4Vrc0VShU6dZ7W5gAsMSw9_N_iMzlzrOLQBU3IY_E8hWgQ%2C%2C.0Wf6gJyVfJyWhWkWFJVdqOjAyPY%2C Message: Failed to load resource: the server responded with a status of 400 ()
security	error	URL: https://googleads.g.doubleclick.net/pagead/html/r20221012/r20110914/zrt_lookup.html?fsb=1(Line 21) Message: The Content Security Policy 'child-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/4143637017896669729/index.html?v=b208246486;frame-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/4143637017896669729/index.html?v=b208246486' was delivered via a <meta> element outside the document's <head>, which is disallowed. The policy has been ignored.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

a.tribalfusion.com
adservice.google.com
adservice.google.de
ap.lijit.com
c1.adform.net
cdnjs.cloudflare.com
cm.g.doubleclick.net
dclk-match.dotomi.com
fonts.googleapis.com
fonts.gstatic.com
goo.by
googleads.g.doubleclick.net
mc.yandex.by
mc.yandex.com
mc.yandex.ru
odr.mookie1.com
onetag-sys.com
pagead2.googlesyndication.com
partner.googleadservices.com
pixel.rubiconproject.com
rtb.openx.net
s.ad.smaato.net
s.tribalfusion.com
secure.adnxs.com
sync.1rx.io
sync.targeting.unrulymedia.com
tpc.googlesyndication.com
um.simpli.fi
www.google.com
www.googletagservices.com
www.gstatic.com
x.bidswitch.net
142.250.181.226
18.185.225.77
185.89.211.132
213.19.147.45
216.52.2.19
2600:9000:223f:4a00:1b:5138:8a40:93a1
2606:4700:3030::6815:56e9
2606:4700:4400::ac40:98f5
2606:4700::6811:180e
2a00:1450:4001:809::2002
2a00:1450:4001:80b::2002
2a00:1450:4001:80b::2003
2a00:1450:4001:811::2003
2a00:1450:4001:827::2002
2a00:1450:4001:829::2002
2a00:1450:4001:82b::200a
2a00:1450:4001:82f::2001
2a00:1450:4001:82f::2002
2a00:1450:4001:830::2004
2a02:6b8::1:119
2a02:fa8:8806:20::2010
34.98.67.61
35.186.253.211
35.204.74.118
37.157.3.30
51.89.9.254
69.173.144.165
02ebc319500d29d704855de3d846bbb2479434953bb7b34f533122f432ce33bf
08832c05cbaf935f4b7dc84fb285261ac6b1ece4964ccb7cf49d980408b3d2f2
08e5970dcee7ecf02ab04df2d6be02568a71594f4923491e9f3e8ae3306a853f
08ec63812b5c543fbc24b98cf05328d849347f0dc0b2cbdf9bc463435b5ad1f6
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
1402b02d5c31a5b0237379e4359dec18c29a3376a8ce09b0bec89bdc069ade70
171ca22825d9d3284a7e20e85120854bc2bf6fb15b821ce6bed382f14ff51c29
18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421
18ffb82a05bcd7e430f57b9428d2a6990f127948e7ff14d66c3784a84f4330ee
1912ec9329c898b56073a8120eb94e72e0bb858b390443cbc65d18a494572215
195ffe64f7501043f3700fdf9fbf2012d0b66fa26dcad328db4d5e8430fb520b
1a79fc5174eb45401f75aea52e27876fb16ce72615826c2844ef3bf209c9751f
1b9efb22c938500971aac2b2130a475fa23684dd69e43103894968df83145b8a
205c46f1fb8423ef2a7c970ed7539d5cfd08267541e32e126ececdea08adfd2d
2a8cc1e0c19d3037aa6965782325e206417c6849ddd456cb743abf82f7542446
2d52560a0b97222a18a95c89256d89765d3d821699eebc14213d531c2a93adb5
311d6e0a623475d73c35b2a61232ef0621db876a120cf7069721cb04f06ad003
32bb949f43d67ad140c8fd2c13d9adf6bb9a9d6783f2d9b43d55e58b2579e81c
396c964c85a9b2e9a380bb18b1f6d51960f2bc7f7d4fd2bcf4754fc0ac443cd0
399c2d0825b648973425959b19238ce03385a8bec33cdea50e76011dbb30dde0
39ea310e86ee5d4b745f48121268b8848ebbc92d2b9a1a791c36c7a03512b101
3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc
3e86250780a5aa52bcbceec8988230c96440f6f61d0681a0cdd72446bcc0d96e
43df0eac8cd04fe4184d857d79cb2b72f9c636dfbc7d3bc6555ce0aacf2f2c47
456ab1a71507ed91abae14c9d08faffb373a7bc711a66e44341b7b8b7bb72ab4
4a59bb42cb945084820cd1eb370a22a68fa9451b9e57abb1daada408d2ff64e1
4a6fab14bfe7b33fe5dc5349a2bb3720037e0ed7ebe621b352340f9514d83c08
4d45982f2dc34f36c9045ee46a75a1943666bb7fd64e103cac8c7429e7012840
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
4f609f77dd82a1c5e6882d3328fb76e95988fb3162a39af8122a7ca2da2420c2
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
577560a51a44836c637574cdcf5e6cacd9c7a856c7b13703c7da1421593f4949
57ac8c2732a2627d8f7ab7c6e6118f4be010969eab1ec86d1208f336b6efed65
5a8c1e7681318caa29e9f44e8a6e271f6a4067a2703e9916dfd4fe9099241db7
5c4a713ee4250851232be9f9f68d41586be39b299528cfc7266e0b0e7e582e1b
5c7e07dfb2d7437793e8b1ed577739a8bd55558df14aa7234714675ba53f71ee
5e52411b1c6792f37cea7b7b89d8cb415a5c1984aa8adfd1f9f96b2a8cb03e07
6102d725c22f9bf27ef542ceae070843153f3e0926b89820a75f29b107e33cb2
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
6461e3d621bb44222b85c04e787c3a1bc2c296316d77bc175e682c177557fa76
68decb9b04351770373306a7d4eef2a677b9f2541d790a42fc6f72e8cdcc7bd0
6c785dee6ed2b248070e51f80868e1b938665681c17188c4e579c9c509ae05d8
6d0f9faf185c1f43001f2508f80abf686cfb1c00f58c6bf0fa807791b5fc65e2
700bd90555a9ea21d008a040b5179624af7cc6d3cbca1d63ebd7fbf48013927a
70f6708e30e1bb5340b9f9b95ce1e81f4decf4d4229e06a39a2d54bd8d345419
71f2940ec78bc4c5ff54c23fb9aa3faead0c28e69e0ab83c1998d21719a8b46f
733b81ca611521c0c5664701f060df9d5486014c1dba79acb22269bfc9e06d0a
760e58dce6e635d971f0dff16948bc6d9c6a4cca266f93e629259a1b468eb74b
7b651349384f4c5552c83fcaf3eeef5161f117bce771f003b2303c92353a219f
7bebe6dd8ae38880eac7a58f78af8d67c1cc62cb760f85a90d7ba8452fcd0084
8031bbadabdcef3a5e41801f6d92e2c9af17871bc84e95ea658fc3ae3f03a7ec
8398a026313c016324f186d1c9b24a46813109d4bc5477d910a683079cbf1434
877de2ffab95719d6ff1f1048fa912e70ee31879a2a31f868eb5b1770252d8fb
8aa048082094d36080fc028ab1584264596c64fb5b362038c4761ac9838d6b14
93a1bbc4047eee67ad987ded9d6f4fbd54947e4630bd18198de6d5f1e899a3db
981c0bff12cb03203363a70e8ffe9b7fdf4af3b0b10c7a02a639eb13327574c0
9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062
9ee982094d7f02c20981d08d8613c54aaeeac2f11b375c6f20da71dd919e1b54
9f51730811a340f97e64bb16ca0ed08cd2fad7f65d0ac9e46615cdc1e51a51e3
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a57b5242b9a9adc4c1ef846c365147b89c472b9cd770face331efcb965346b25
a7c3e55eaa9ecaa4ca4a2ebffc199b1d3b5c4c568e832a107811ca61db66bcbb
a7f11eeb407fa3a042ce0ea82bb3523d7a425cb693099175c3b6ab103cc4f28f
a84fb0803620acdf77c0f41d652eb5538002ed610424bd0be051203ee50cf940
a898f00aabf0e5632b47a59e092c4662c8cbda0c33ea6d0d424cbced57e3ee72
ad29bf1ba40a0d91f2fc0b2a0f6775e96e87c67cf0f64790825d05e9770de9bc
af4c6683814aa527caf53bde3d021e6aafe00833b45f2dead043c87ed7864674
b5b7440eb01b4db530c8b12650e39b4a3bfb1b49b7518c76b08bb6e8b8434a2f
b7e54c08be2d3028420666e9aca9074537fb351e2ece4e32b925ffca1840ce12
c052364ed865136f66ec36de2a0d240a6585634ea4031e7e35f0d17735552090
c2777526a216d9692dd29697ebee7836fe8ae65f3a290faa20b75b64c0625205
c44313430f757e3a44c796394ad431ad413d363d4467dfbc6cf1867e560969c3
c6ff6d4624a5c8140cbc19107aa372a233907f8e6e4d55d002d20cae682a575f
c9232affad46b9ddd1239711acc6ff257591d759fd4197035f3fbc7bf511d036
c9b46437d7418e1712daaad6d73fa17c2c6afb5681770c90339c25428415b7fd
d16af2c2522b621bff5b557b00bb78a179d375d7c2fad2bdf051592da7356c99
d69ba2a3cb603ff3aba5f081ad98b683d0b0788524d62f5b4df4f240658b4c90
dd6b65900e1f3d1fbee576ac727ffe264631ad8eddd272479ba72304a7d68660
e0be1d222e2e367ac5106f4aee4830c3de18af1d266f8cde53915e11e8b01bfd
e1bf759294037f19762b2edf27d8bf526a7cd5121b10c996eebf0be8ea8e1f8f
e266631265f177732c5baea8ec8a83536e21326117163fd1dc275554d732cad2
e337c98d5ed7ed7e852c87ee65bf108bd1cf6377d585c9f7b595a9e54ad41fa5
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
f7408c25067cd0a9d9fe835cb4c05e394a50751d3fcde0c461db19a309abb02a
f75911313e1c7802c23345ab57e754d87801581706780c993fb23ff4e0fe62ef
fbe4f2f2b2f382a97524e4b3c2346605f89b47e98ef8a95fe6de1cac8fbe8f68
fc4bb854da484940c2bd4bf06fdaa1053bb9a89d2c755c780bd7e14137eda9a2
fc969dc1c6ff531abcf368089dcbaf5775133b0626ff56b52301a059fc0f9e1e
fee86fd46a67912ffd9ae2997c583f59abe6e11c532496c52759e94136837d48

goo.by Open in urlscan Pro 2606:4700:3030::6815:56e9 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

159 Requests

92 %HTTPS

59 %IPv6

27 Domains

32 Subdomains

19 IPs

7 Countries

1831 kBTransfer

4729 kBSize

29 Cookies

0 Outgoing links

Page URL History

Redirected requests

159 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 3 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

goo.by Open in urlscan Pro
2606:4700:3030::6815:56e9 Public Scan

Screenshot
Live screenshot

Full Image

159
Requests

92 %
HTTPS

59 %
IPv6

27
Domains

32
Subdomains

19
IPs

7
Countries

1831 kB
Transfer

4729 kB
Size

29
Cookies

159 HTTP transactions
3 data transactions